There was a chip shortage during the pandemic that has resulted in increased Raspberry Pi prices. Other world events have also skyrocketed the price of Raspberry Pis, and the manufacturing of a few models has even been stopped. You can read more about it here.

Because of this, I felt that switching to a Raspberry Pi alternative would be a good option for a project I wanted to work on.

Le Potato is similar to Raspberry Pi in terms of appearance, configuration, and so on. It also has the ability to run numerous operating systems such as Ubuntu, Debian, Raspbian, Android, and others.

But unfortunately, it does not come with a pre-installed wifi module, whereas Raspberry Pi has the wifi module pre-installed.

In this article, I'll give you clear step-by-step instructions to install an external wifi adapter driver in Le Potato running Ubuntu OS. For those who are running other operating systems, you can try the following steps, but I cannot assure you that it'll definitely work.

Let's have a quick look at my accessories.

Here's my Le Potato device:

Le Potato Device

And here's my Zebronics External Wifi Adapter:

Zebronics External Wifi Adapter

Trial and Error – What Didn't Work

Before I found my final solution and ended up installing the wifi driver and being able to access the internet with my wifi adapter, I tried many approaches. But none of them worked out.

Here's what I tried along the way:

1. I tried to install the driver given on the CD that was delivered along with the wifi adapter. But, I couldn't understand the steps they asked me to follow and finally ended up with a lot of errors.
2. I downloaded the exact driver for this device from the Zebronics official site. Again that did not pay off well.
3. I tried to install some open source drivers from GitHub forked by many people from the Realtek source. This also did not work out as expected.

Finally, I found an answer from the Ubuntu Q&A forum and I was able to install it on the first try. Though the steps were not so clear initially, I managed to figure them out. So I'll explain how to do it here.

How to Install the Wifi Adapter Driver for Le Potato in Ubuntu

Follow the below steps to install the driver on your device:

Install the dependencies

The first step is to install the required software.

You need to install git, dkms, build-essential, and linux-headers for your system architecture.

You can install them all together in a single command:

sudo apt-get install -y build-essential git dkms linux-headers-$(uname -r)

If you have been prompted (yes/no) while running the above command, just hit y (which is basically agreeing to install the software in your system).

Download the driver source

Drivers for some devices will not be available in any installable/executable formats. In such cases, you should download, compile, and install the source code on the machine directly. Unfortunately, this driver also falls under this category.

We can download the source of this driver from GitHub. Run the following command in your terminal to download the source code:

git clone https://github.com/kelebek333/rtl8188fu

Build and install the driver

Before building and installing the driver, you need to know about the dkms command in Linux. If you know about dkms, you can skip this paragraph and move on to the next paragraph.

DKMS stands for Dynamic Kernel Module Support. It's a program/framework that lets you install the supplementary versions of kernel modules. A package can be compiled and installed into the kernel tree. DKMS is called automatically upon installation of new Ubuntu kernel-image packages, and so modules added to DKMS will be automatically carried across updates.

This is the source package that we downloaded in the previous step. We need to add, compile, and install the source package into our kernel tree.

Run the following commands sequentially to add, compile and install the driver package:

Add Source to Kernel

sudo dkms add ./rtl8188fu

Compile source package

sudo dkms build rtl8188fu/1.0

Install the package into the kernel tree

sudo dkms install rtl8188fu/1.0

Copy the firmware

The compiled binary firmware file should then be copied to the default firmware location in Linux, that is /lib/firmware .

Firmware is software that enables the communication between hardware and software. It gives the machine instructions that make the hardware function.

Run the following command to copy the compiled firmware:

sudo cp ./rtl8188fu/firmware/rtl8188fufw.bin /lib/firmware/rtlwifi/

Disable power saving and auto suspend modes on kernel

It is always a good idea to disable power saving and auto suspend modes for wifi drivers. So, you'll need to add this option by default on updating the kernel, too. You can add this configuration in the .conf file in /etc/modprobe.d/ directory.

We are creating this conf file in /etc/modprobe.d directory, because we need to load this customized module with the persistent changes.

You use the rtw_power_mgnt flag to control power saving mode:

• 0 - Disables power saving
• 1 - Power saving on with minPS
• 2 - Power saving on with maxPS

You use the rtw_enusbss flag to control auto-suspend mode:

• 0 - Disables auto suspend
• 1 - Enables auto suspend

Run the following commands to create a .conf file and store the options:

sudo mkdir -p /etc/modprobe.d/
sudo touch /etc/modprobe.d/rtl8188fu.conf
echo "options rtl8188fu rtw_power_mgnt=0 rtw_enusbss=0" | sudo tee /etc/modprobe.d/rtl8188fu.conf

Blacklist the existing module

You have to blacklist the module which you tried to install before.

Note: Blacklisting a module will not allow it to be loaded automatically, but the module may be loaded if another non-blacklisted module depends on it or if it is loaded manually.

Let's assume you have added a module named rtl8188au. Then, you need to blacklist it by adding the following line at the end of the /etc/modprobe.d/blacklist.conf file.

blacklist rtl8188au

If you haven't added any such module, you can ignore the blacklisting part.

Reload the module

You need to reload the module to make it start working.

Here's the command to reload the module we added now:

sudo modprobe -rv rtl8188fu && sudo modprobe -v rtl8188fu

And you're done! You should be able to see the wifi enabled on your Le Potato running Ubuntu OS. If you cannot see it, reboot your system and everything should be alright.

Trying to connect to a network after installing the driver

Connected to my wifi network

Conclusion

In this article, we have gone through the steps to install the driver for our external wifi adapter.

These are the exact (basic) steps you need to follow to add any external module into your kernel.

Subscribe to my newsletter to receive more such insightful articles that get delivered straight to your inbox.

In my previous article, we talked about some basic Linux skills and tricks. In this article you are going to learn a basic Wi-Fi hacking procedure using those skills.

You'll learn things such as how to:

1. Monitor Wi-Fi networks around you
2. Perform a DOS attack
3. Protect yourself against Wi-Fi attacks

Disclaimer: This is strictly for educational purposes only (and, of course, for a little fun). Do not under any circumstances, conditions, or influence of unwise friends use the hacks you learn here on organisations, individuals, or your probably annoying neighbour. You would be committing a crime and you'll either be fined, sent to jail, or just get your parents embarrassed.

And now that we have that lovely introduction out of the way, let’s proceed.🙃

What We'll Cover:

Here's a basic rundown of what this tutorial contains:

1. Introduction
2. What is a Packet?
3. How to Crack WPA2
   • Prerequisites
   • How to put the network card into monitor mode
   • How to look for the target
   • How to capture the handshake packets
   • How to perform a DOS attack
   • How to obtain the password (hopefully)
4. Mitigations Against WiFi Attacks
5. Conclusion

Introduction

A router ¦ Credit: Unsplash.com

Wireless Fidelity (Wi-Fi) is a common technology many of us use in our daily lives. Wether it's at school, home, or simply bingeing Netflix, it’s increasingly rare to see anyone carry out Internet related activities without it.

But have you ever tried to hack Wi-Fi? 🤔 (I’m sure you’ve been tempted 😏).

In order to hack something, you need to know how it works. This means you need to understand how the tech works in the first place. So let’s start from the basics: The Packet.

What is a Packet?

A Basic Packet. Credit: ResearchGate.com

A Packet is the basic unit/building block of data in a computer network. When data is transferred from one computer to another, it is broken down and sent in packets.

Think of packets like Lego building blocks. You (the computer) receive the complete set (the complete data) in pieces (packets) from the seller (another computer). You will then assemble the blocks together to build up the figure based on the instructions given in order to enjoy it (or in this case, for the whole data to make sense).

A packet, also known as a datagram, is made up of two basic parts:

1. A Header
2. The Payload/Data

The Header contains information about the packet. This helps the network and the receiving computer know what to do with it, such as the source and destination IP addresses.

The Payload is the main content the packet contains. It’s also worth mentioning that packets can be encrypted so that their data can't be read if gotten by an attacker.

In a network, packets are a requirement for packet switching. Packet switching means breaking down data into packets and sending them to various computers using different routes. When received, the computers can then assemble these packets to make sense of it all. The Internet is the largest known packet switching network on earth.

Now let's see how we can apply this knowledge to wireless networks.

How to Crack WPA2

A bunch of random code. Credit: Unsplash.com

Wi-Fi can use a number of various protocols to give you a secure internet connection. From the least to most secure, they are:

1. Open
2. WEP (Wired Equivalent Privacy)
3. WPA2 (Wi-Fi Protected Access 2)
4. WPA3 (Wi-Fi Protected Access 3)

An open network is pretty much as the name implies – open. It has no password and practically anyone can connect to it.

WEP is an old protocol, rarely in use and requires a password like its successors.

WPA2 is the most commonly used protocol around the world. WPA3 is a newest and the most secure protocol known till date. But it is rarely used and only available on newer devices.

Prerequisites

Wi-Fi works by constantly sending packets of data to your authenticated device. In order to hack it, you’ll need:

1. A Linux machine (Preferably Kali Linux)
2. A wireless adapter

To install Kali from scratch, you can follow this tutorial.

If you haven’t already, you’ll need to install a tool called Aircrack-ng on your machine. To install it, just type in the command below.

sudo apt install aircrack-ng

How to Put the Network Card into Monitor Mode

You first want to get information about the target. This is what hackers call reconnaissance.

In order to do that you need to first change your wireless card from ‘managed’ mode to ‘monitor’ mode. This will turn it from a mere network card to a wireless network reader.

First you need to find out the name of your wireless card. Plug in your adapter and run the iwconfig command to find out. It’s usually the last one on the list.

iwconfig. Credit: Daniel Iwugo

As you can see, mine is wlan1. Now run the following commands:

sudo airmon-ng check rfkillsudo
airmon-ng start <network interface>

sudo indicates the need for root privileges, check rfkill stops processes that could hinder the card from going into monitor mode, and start tells airmon-ng which network card to execute on. Replace the <network interface> with the name of your wireless card.

airmon-ng is a script that instantly changes your card to monitor mode. You actually can do this manually or make a script of your own but I personally prefer something rather simple.

How to Look for the Target

To see what networks are around you, run the following command:

sudo airodump-ng <network interface>

Airodump. Credit: Daniel Iwugo

airodump-ng is a part of the aircrack-ng suite that allows a network card to view the wireless traffic around it.

As you can see we get a lot of information. But let's take a quick look at the ESSID (Extended Service Set Identifier) column. Also known as the AP (Access Point) name, this column shows the name of the target network, which in my case will be ‘Asteroid’.

You want to concentrate on the target AP and ignore the rest. To do this, press Ctrl+C to cancel the current scan and this time, append the bssid of the network with the bssid flag as shown below.

sudo airodump-ng <network interface> --bssid <AP>

Airodump in action. Credit: Daniel Iwugo

The BSSID stands for Basic Service Set Identifier, a fancy name for the MAC address of the device. You use it to identify the device on a network, along with the ESSID (Name of the AP). Technically, you could just use the ESSID flag instead but different APs could have the same name. However, no two APs can ever have the same BSSID.

Below is a code snippet of what you would type to get info about the AP using the ESSID only.

sudo airodump-ng <network interface> --bssid <AP ESSID>

Note: If the name has a space, enclose it with quotes. For example, --bssid “Asteroid 1” .

You’ll notice I highlighted the MAC address of a client connected to the AP under the ‘Station’ column. To its left is the MAC address of the AP it is connected to.

How to Capture the Handshake Packets

The next step is to capture the handshake packets (Remember packets? 👀). Handshake packets are the first four packets sent from the AP when an authenticated device connects to an AP.

This means we have two options:

1. Wait for a device to connect to the AP
2. De-authenticate the device and then let it connect to the AP

The second one sounds a lot more fun so let’s go for it.

An LED keyboard. Credit: Unsplash.com

How to Perform a DOS Attack

You can use aireplay-ng or mdk4 to disconnect devices from APs for a time. This is called a de-authentication attack or a wireless DOS (Denial-Of-Service) attack.

Now here’s the game plan:

1. Setup airodump-ng to capture packets and save them
2. De-authenticate the device for some time while airodump-ng is running
3. Capture the handshake

Got all that? Good. Let’s roll. 👨‍💻👩‍💻

First, run the command to capture and save packets:

sudo airodump-ng -c <channel number> --bssid <AP BSSID> <network interface> -w <path for saved packets file>

Airodump capturing packets. Credit: Daniel Iwugo

Here, we're using the -c flag to specify the channel to search, the --bssid flag for the MAC address of the AP, and the -w flag to give a path you want to save the captured packets to.

Quick lesson: Channels reduce the chances of APs interfering with each other. When running airodump-ng, you can identify the channel number under the CH column.

While that is running, you’re going to run your de-authentication attack against the device connected to it using the command:

sudo aireplay-ng -a <BSSID of the AP> --deauth <time> <network interface>

The -a flag specifies the MAC address of the AP, --deauth specifies how long you want the attack to run in seconds, followed up by the network card.

A de-authentication attack involves using your own network card to send packets to interrupt communication between the AP and the client. It’s not perfect and sometimes the client may connect back, but only for a short time.

If your Wi-Fi is acting crazy and you seem to be disconnecting and connecting randomly back to it, you may be experiencing a de-authentication attack.

In the command above, you’re targeting the AP and running the attack. Note that you can instead attack any device connected to the AP and you should get the same result. All you need to do is to change the -a flag to the MAC address of any device connected.

While the DOS attack is underway, check on your airodump scan. You should see at the right top : WPA handshake: <mac address>. Once you have verified that, you can stop the replay attack and the airodump-ng scan.

Carrying out the replay attack to get the handshake. Credit: Daniel Iwugo

How to Obtain the Password (Hopefully)

In the final steps, you are going to run a bunch of generated Pairwise Master Keys (PMKs) against the captured packets to get the password. Let me break it down.

A PMK is basically an algorithmic combination of a word and the APs name. Our intention is to continuously generate PMKs using a wordlist against the handshake. If the PMK is valid, the word used to generate it is the password. If the PMK is not valid, it skips to the next word on the list.

I’m going to use the rockyou wordlist located in the /usr/share/wordlists directory. I think this is only found in Kali so if you have a different OS, you might make one of your own manually or generate one using crunch.

If it isn’t already extracted, just run the command:

sudo gunzip /usr/share/wordlists/rockyou.txt.gz

Quick history lesson: The rockyou wordlist is a bunch of passwords gotten from one of the most infamous cybersecurity data breaches that affected a company of the same name. It contains approximately 14 million unique passwords that were used in over 32 million accounts and as such, is one of the most dependable wordlists on the planet.

Now run the command:

sudo aircrack-ng <captured file with .cap> -w <path to wordlist>

Password cracking. Credit: Mercury

Alright, everyone – mission accomplished 😎.

The password was, well… ‘password’. Pretty disappointing from a security perspective, but I set this network up just for fun for the purposes of this tutorial. In reality, this could take minutes to hours depending on the length and strength of the password.

To clean up, simply remove the file captures, close your terminals, and run the command service NetworkManager restart to change your network card back to managed mode so you can connect to the Wi-Fi.

Mitigations Against WiFi Attacks

A basic personal workspace setup ¦ Credit: Wallpaperflare.com

Basic Wi-Fi security should cover this attack from a defensive perspective. Using WPA3 which is a newer protocol is your best bet against such an attack. To mitigate against de-authentication attacks, use an ethernet connection if possible.

Assuming that option is not on the table, you can use a strong passphrase (not a password) to minimise the attackers chances of getting it. A passphrase is a string of words simply used as a password. Passphrases tend to be longer than passwords, easier to remember, and are a rarer practice. Therefore, they will hardly be found in wordlists.

For example, ‘mercury’ is more likely to be found in a wordlist than ‘mercurylovespluto’. The later is a 15-character passphrase and as simple as it is, it would be hard for an attacker to find, guess, or generate.

Another mitigation would be to disable WPS (Wi-Fi Protected Setup) and avoid under any circumstance using a router that uses the WEP protocol. You’d just be asking for unwanted attention as it’s a lot easier to hack both of these than WPA2.

Conclusion

Let’s summarise what you’ve learned:

1. Change the wireless adaptor to monitor mode using airmon-ng
2. Scan for the target AP using airodump-ng and capture the packets
3. Perform a DOS attack on the AP to get the handshake packets
4. End the DOS once you have verified you captured the necessary packet
5. Use aircrack-ng to generate PMKs to run against the handshake packets

Sometimes, the password may not be in the wordlist. In that case, there are many other ways to get the password such as an Evil Twin Attack or variations of what you have learned here. I also encourage you to practice this and many other attacks you discover out there, as this helps make you a master hacker.

Remember, this is strictly for educational purposes. Only perform this on others with their consent, or on your own devices.

And with that, we have come to the end of this article. Hope you enjoyed it. And as I always say, Happy hacking! 🙃

Resources

1. A little more explanation on the handshake theory
2. More details on packets
3. WPA2 vs WPA3

Acknowledgements

Thanks to Anuoluwapo Victor, Chinaza Nwukwa, Holumidey Mercy, Favour Ojo, Georgina Awani, and my family for the inspiration, support and knowledge used to put this post together. You’re my unsung heroes.

Cover photo credit: Lego Gentlemen working on a router from Wallpaperflare.com

A hotspot is also a good alternative to WiFi – especially if the WiFi in your area is unbearably slow or won't connect.

Sometimes, you might experience problems connecting a device to your hotspot. This is almost always due to errors in the mobile network and internet settings, and faulty or outdated drivers on your computer.

In this guide, I will show 4 ways you can fix any error associated with a hotspot connection.

The first fix works on your Windows 10 PC, while the rest solve the problem right on your Android mobile phone.

How to Fix a Hotspot Connection Error by Updating Your Wireless Network Driver

Every device on your computer is controlled by a certain driver software. So a wireless network has a driver that controls it. If this driver is outdated or corrupt, then your hotspot and WiFi might be negatively affected.

So, updating your wireless network driver can help your computer connect to your hotspot again.

Follow the steps below to update your wireless network driver

Step 1: Right-click on Start and select Device Manager.

Step 2: Expand Network Adapters.

Step 3: Right-click on your wireless device and select "Update driver".

Step 4: Choose "Search automatically for updated driver software".

How to Fix a Hotspot Connection Error by Using an Open Network

Using a password-protected hotspot is undoubtedly secure, but it could cause issues with your connection sometimes. So switching to an open Network can give your computer a seamless connection. Just be aware of how secure it might or might not be.

Step 1: Open Settings.

Step 2: Tap Network and Internet.

Step 3: Select Hotspot and Tethering.

Step 4: Tap Security.

Step 5: Select "None".

How to Fix a Hotspot Connection Error by Changing your Access Point Band to 2.4 GHz

There are 2 AP Bands usually made available on Android devices – 5GHz and 2.4Ghz. 5GHz is faster, but some devices may not support it. 2.4GHz is widely supported, so you should make sure your hotspot AP Band is set to 2.4GHz.

Some Android devices have their default AP bands as 2.4GHz and it remains unchangeable, but yours could be 5GHz – which is always changeable.

Step 1: Open Settings.

Step 2: Tap Network and Internet.

Step 3: Select Hotspot and Tethering.

Step 4: Scroll down to AP Band and make sure it is set to 2.4GHz. If it is set to 5GHz, tap it and change it to 2.4GHz.

How to Fix a Hotspot Connection Error by Resetting Out of Box Configuration (OOB)

This will change your hotspot configuration to factory settings – which could bring things back to normal for you.

Step 1: Open Settings.

Step 2: Tap Network and Internet.

Step 3: Select Hotspot and Tethering.

Step 4: Scroll down and tap "Reset OOB".

Step 5: Choose "Reset OOB".

Final Words

This guide takes you through 3 different ways you can fix mobile hotspot connection errors on a Windows 10 PC and an Android phone.

Apart from the fixes discussed you should also make sure:

• the password you entered on the receiving device is correct

• your internet connection is turned on correctly on the device you're sharing from

• you have not exceeded a data limit you might have set

Thank you for reading this article. If you find it helpful, please share it with your friends and family.

This might be caused by various problems such as an outdated network adapter driver, outdated router software, and optimized power management in Windows 10.

If your WiFi keeps disconnecting and you're looking for a solution, you've come to the right place. In this article, I'm going to show you 3 ways you can fix your Wifi connection.

How to Stop WiFi from Disconnecting by Updating your Network Adapter Driver

It's important that you have an up-to-date driver so that your hardware performs properly, including external hardware. So if you update your WiFi adapter this might stop your WiFi from disconnecting.

Go through the following steps to update your network adapter driver:

Step 1: Click on Start (Windows logo) and search for "device manager". Click on the "Device Manager" search result.

Step 2: Expand the "Network Adapters" option.

Step 3: Look for your current adapter, right-click on it, and select "update driver".

Step 4: Select "Search automatically for drivers". Windows will now search the internet for an updated driver and install it for you.

How to Stop your WiFi from Disconnecting by Updating your Router Software

Every router has software that powers it and makes it work properly.

Different manufacturers have different UIs which you can always get to by typing your IP address into the address bar of your browser.

When you successfully log in, check if there's an update available for your router and install it.

How to Stop your WiFi from Disconnecting by Checking your Network Adapter Power Management Options

Windows 10 is optimized to save battery power. An internet connection increases power consumption, so sometimes your device might be automatically set to disconnect from time to time in order to save power.

You can check if your network adapter is configured to disconnect with the steps below:

Step 1: Right-click on Start and select "Device Manager".

Step 2: Expand Network Adapters.

Step 3: Right-click on the adapter you're experiencing the issue with and select "Properties".

Step 4: Click on the "Power Management" tab. Uncheck "Allow the computer to turn off this device to save power".

Conclusion

This article focused on 3 ways to fix your WiFi if it keeps disconnecting.

Apart from these solutions, you can also try other minor ones such as:

• Not staying too far away from your router
• Limiting connected devices
• Contacting your network service provider
• Avoiding radio interference from phones, Bluetooth devices, and others.

Thank you for reading this article. If you find the article helpful, please share it with your friends and family.

In this article, I will show you how to find out what your router IP address is on a Windows machine and Android smartphone.

What is an IP Address?

But before we jump in, let's clarify – what is an IP address?

The abbreviation IP stands for “internet protocol”. The internet protocol is a set of rules governing how computers, phones, and other devices share data over the internet or local networks.

An IP address is a special numerical identifier that allows information to be sent between various devices on a network.

How to Find your Wifi Address on a Windows Computer

To find out what the IP address of your router is (or of any other device on which you have access to its Wifi), you can either use the command prompt or gain access to it through the control panel.

How to Find your Wifi Address on a Windows Computer through the Command Prompt

Step 1: Click on Start (Windows logo) or press the WIN on your keyboard. Step 2: Search for “cmd” and hit ENTER to launch the command prompt.

Step 3: Right inside the command prompt, type in “ipconfig” and hit Enter. The number assigned to “Default Gateway” is your router’s IP address.

How to Find your Wifi Address on a Windows Computer through the Control Panel

Step 1: Click on Start and search for “Control Panel”, then click on the first search result or hit ENTER to launch the Control Panel.

Step 2: Under “Network and Internet”, click on “View network status and tasks”.

Step 3: You will see your router name on the right. Click on it and a small window will pop up.

Step 4: In the pop-up box, click on “Details”.

After clicking on the “Details” button, another small window will pop up showing various information about your router. The value assigned to IPv4 is your router's IP address.

How to Find your Wifi Address on an Android Smartphone

Android devices do not have a built-in option to check the router’s addresses out of the box. But you can use a third-party app like Wifi Analyzer.

If you have Wifi Analyzer installed on your Android smartphone, launch the app.

You will see the channel graph tab immediately.

Swipe to the Access Points tab and you will see the IP address of your router.

Conclusion

In this article, you learned how to find the IP address of your router on a Windows computer and Android smartphone.

You can use your router without knowing what the IP address is, but knowing it gives you more control over it and you can personalize it.

Thank you for reading. If you find this article helpful, please share it with your friends and family.

A password is a password, so what’s the difference? About 60 seconds to billions of years, as it turns out.

All Wi-Fi encryption is not created equal. Let’s explore what makes these four acronyms so different, and how you can best protect your home and organization Wi-Fi.

Wired Equivalent Privacy (WEP)

In the beginning, there was WEP.

Wired Equivalent Privacy is a deprecated security algorithm from 1997 that was intended to provide equivalent security to a wired connection. “Deprecated” means, “Let’s not do that anymore.”

Even when it was first introduced, it was known not to be as strong as it could have been, for two reasons:

• its underlying encryption mechanism, and
• World War II.

During World War II, the impact of code breaking (or cryptanalysis) was huge. Governments reacted by attempting to keep their best secret-sauce recipes at home.

Around the time of WEP, U.S. Government restrictions on the export of cryptographic technology caused access point manufacturers to limit their devices to 64-bit encryption. Though this was later lifted to 128-bit, even this form of encryption offered a very limited possible key size.

This proved problematic for WEP. The small key size resulted in being easier to brute-force, especially when that key doesn’t often change.

WEP’s underlying encryption mechanism is the RC4 stream cipher. This cipher gained popularity due to its speed and simplicity, but that came at a cost.

It’s not the most robust algorithm. WEP employs a single shared key among its users that must be manually entered on an access point device. (When’s the last time you changed your Wi-Fi password? Right.)

WEP didn’t help matters either by simply concatenating the key with the initialization vector – which is to say, it sort of mashed its secret-sauce bits together and hoped for the best.

Initialization Vector (IV): fixed-size input to a low-level cryptographic algorithm, usually random.

Combined with the use of RC4, this left WEP particularly susceptible to related-key attack. In the case of 128-bit WEP, your Wi-Fi password can be cracked by publicly-available tools in a matter of around 60 seconds to three minutes.

While some devices came to offer 152-bit or 256-bit WEP variants, this failed to solve the fundamental problems of WEP’s underlying encryption mechanism.

So, yeah. Let’s not do that anymore.

Wi-Fi Protected Access (WPA)

A new, interim standard sought to temporarily “patch” the problem of WEP’s (lack of) security. The name Wi-Fi Protected Access (WPA) certainly sounds more secure, so that’s a good start. However, WPA first started out with another, more descriptive name.

Ratified in a 2004 IEEE standard, Temporal Key Integrity Protocol (TKIP) uses a dynamically-generated, per-packet key. Each packet sent has a unique temporal 128-bit key, (See? Descriptive!) that solves the susceptibility to related-key attacks brought on by WEP’s shared key mashing.

TKIP also implements other measures, such as a message authentication code (MAC). Sometimes known as a checksum, a MAC provides a cryptographic way to verify that messages haven’t been changed.

In TKIP, an invalid MAC can also trigger rekeying of the session key. If the access point receives an invalid MAC twice within a minute, the attempted intrusion can be countered by changing the key an attacker is trying to crack.

Unfortunately, in order to preserve compatibility with the existing hardware that WPA was meant to “patch,” TKIP retained the use of the same underlying encryption mechanism as WEP – the RC4 stream cipher.

While it certainly improved on the weaknesses of WEP, TKIP eventually proved vulnerable to new attacks that extended previous attacks on WEP.

These attacks take a little longer to execute by comparison: for example, twelve minutes in the case of one, and 52 hours in another. This is more than sufficient, however, to deem TKIP no longer secure.

WPA, or TKIP, has since been deprecated as well. So let’s also not do that anymore.

Which brings us to…

Wi-Fi Protected Access II (WPA2)

Rather than spend the effort to come up with an entirely new name, the improved Wi-Fi Protected Access II (WPA2) standard instead focuses on using a new underlying cipher.

Instead of the RC4 stream cipher, WPA2 employs a block cipher called Advanced Encryption Standard (AES) to form the basis of its encryption protocol.

The protocol itself, abbreviated CCMP, draws most of its security from the length of its rather long name (I’m kidding): Counter Mode Cipher Block Chaining Message Authentication Code Protocol, which shortens to Counter Mode CBC-MAC Protocol, or CCM mode Protocol, or CCMP. ?

CCM mode is essentially a combination of a few good ideas. It provides data confidentiality through CTR mode, or counter mode. To vastly oversimplify, this adds complexity to plaintext data by encrypting the successive values of a count sequence that does not repeat.

CCM also integrates CBC-MAC, a block cipher method for constructing a MAC.

AES itself is on good footing. The AES specification was established in 2001 by the U.S. National Institute of Standards and Technology (NIST). They made their choice after a five-year competitive selection process during which fifteen proposals for algorithm designs were evaluated.

As a result of this process, a family of ciphers called Rijndael (Dutch) was selected, and a subset of these became AES.

For the better part of two decades, AES has been used to protect every-day Internet traffic as well as certain levels of classified information in the U.S. Government.

While possible attacks on AES have been described, none have yet been proven to be practical in real-world use. The fastest attack on AES in public knowledge is a key-recovery attack that improved on brute-forcing AES by a factor of about four. How long would it take? Some billions of years.

Wi-Fi Protected Access III (WPA3)

The next installment of the WPA trilogy has been required for new devices since July 1, 2020. Expected to further enhance the security of WPA2, the WPA3 standard seeks to improve password security by being more resilient to word list or dictionary attacks.

Unlike its predecessors, WPA3 will also offer forward secrecy. This adds the considerable benefit of protecting previously exchanged information even if a long-term secret key is compromised.

Forward secrecy is already provided by protocols like TLS by using asymmetric keys to establish shared keys. You can learn more about TLS in this post.

As WPA2 has not been deprecated, so both WPA2 and WPA3 remain your top choices for Wi-Fi security.

If the other ones are no good, why are they still around?

You may be wondering why your access point even allows you to choose an option other than WPA2 or WPA3. The likely reason is that you’re using legacy hardware, which is what tech people call your mom’s router.

Since the deprecation of WEP and WPA occurred rather recently, it’s possible in large organizations as well as your parent’s house to find older hardware that still uses these protocols. Even newer hardware may have a business need to support these older protocols.

While I may be able to convince you to invest in a shiny new top-of-the-line Wi-Fi appliance, most organizations are a different story. Unfortunately, many just aren’t yet cognizant of the important role cybersecurity plays in meeting customer needs and boosting that bottom line.

Additionally, switching to newer protocols may require new internal hardware or firmware upgrades. Especially on complex systems in large organizations, upgrading devices can be financially or strategically difficult.

Boost your Wi-Fi security

If it’s an option, choose WPA2 or WPA3. Cybersecurity is a field that evolves by the day, and getting stuck in the past can have dire consequences.

If you can’t use WPA2 or WPA3, do the best you can to take additional security measures.

The best bang for your buck is to use a Virtual Private Network (VPN). Using a VPN is a good idea no matter which type of Wi-Fi encryption you have. On open Wi-Fi (coffee shops) and using WEP, it’s plain irresponsible to go without a VPN.

It's kind of like shouting out your bank details as you order your second cappuccino.

Choose a VPN provider that offers a feature like a kill switch that blocks your network traffic if your VPN becomes disconnected. This prevents you from accidentally transmitting information on an insecure connection like open Wi-Fi or WEP. I wrote more about my top three considerations for choosing my VPN in this post.

When possible, ensure you only connect to known networks that you or your organization control.

Many cybersecurity attacks are executed when victims connect to an imitation public Wi-Fi access point, also called an evil twin attack, or Wi-Fi phishing.

These fake hotspots are easily created using publicly accessible programs and tools. A VPN can help mitigate damage from these attacks as well, but it’s always better not to take the risk.

If you travel often, consider purchasing a portable hotspot that uses a cellular data plan, or using data SIM cards for all your devices.

Much more than just acronyms

WEP, WPA, WPA2, and WPA3 mean a lot more than a bunch of similar letters – in some cases, it’s a difference of billions of years minus about 60 seconds.

On more of a now-ish timescale, I hope I’ve taught you something new about the security of your Wi-Fi and how you can improve it!

If you enjoyed this post, I'd love to know. Join the thousands of people who learn along with me on victoria.dev! Visit or subscribe via RSS for more programming, cybersecurity, and cartoon dad jokes.

There is no debate about how much easier WiFi has made our lives. Now we can connect to the internet at coffee shops, subway stations, and almost anywhere we go.

However, WiFi is also a vulnerable network compared to the ethernet. Unless it is properly secured, it's easy to perform man-in-the-middle attacks using tools like Wireshark.

For example, if you are connected to a Starbucks network, anyone connected to that network can look at every other person’s network traffic.

Unless you use a VPN or the website uses HTTPS, your data (including passwords and credit card details) will be visible to the entire network.

If you are working for a company, chances are they use a WiFi network, too. Have you wondered how secure it is? Do you know if someone in the parking lot is connected to your network and capturing your company’s confidential data?

With tools like Wireshark and Aircrack, you can perform security audits of your WiFi networks. While Wireshark can help you watch what is happening on your network, Aircrack is more of an offensive tool that lets you attack and gain access to WiFi networks.

Thinking like an attacker has always been the best way to defend against a network. By learning how to work with Aircrack, you will be able to understand the exact steps an attacker would take to gain access to your network. You can then perform security audits of your own network to make sure it is not vulnerable.

A quick sidenote: I am in no way encouraging the use of illegal offensive tools. This tutorial is purely educational and is meant to help you defend your networks better.

Before we look at Aircrack in detail, here are a few terms you should know.

• Access Point — The WiFi network that you want to connect to.
• SSID — The name of the access point. For example, “Starbucks”.
• Pcap file — Packet capture file. Contains captured packets on a network. The common format for tools including Wireshark and Nessus.
• Wired Equivalent Privacy (WEP) — Security algorithm for wireless networks.
• Wi-Fi Protected Access (WPA & WPA2) — Stronger security algorithm compared to WEP.
• IEEE 802.11 — Wireless Local Area Network (LAN) protocol.
• Monitor mode — Capturing the network packets in the air without connecting to a router or access point.

I recently wrote a post on the top 100 terms you should know as a penetration tester. You can check it out if you are interested.

What is Aircrack-NG?

Aircrack is a software suite that helps you attack and defend wireless networks.

Aircrack is not a single tool, but a whole collection of tools, each of which performs a specific function. These tools include a detector, packet sniffer, WEP/WPA cracker, and so on.

The main purpose of Aircrack is to capture the packets and read the hashes out of them in order to crack the passwords. Aircrack supports almost all the latest wireless interfaces.

Aircrack is open-source, and can work on Linux, FreeBSD, macOS, OpenBSD, and Windows platforms.

The ‘NG’ in Aircrack-ng stands for “new generation”. Aircrack-ng is an updated version of an older tool called Aircrack. Aircrack also comes pre-installed in Kali Linux.

WiFi Adapter

Before we start working with Aircrack, you will need a WiFi adapter. Aircrack only works with a wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b, and 802.11g traffic.

Typical wifi adapters (usually built-in with your computer) don't have the ability to monitor traffic from other networks. You can only use them to connect to a WiFi access point.

With an Aircrack compatible wifi adapter, you can enable the ‘monitor mode’ with which you can sniff traffic from networks you are not connected to. You can then use that captured data to crack the password of that network.

Check out the list of WiFi adapters that are compatible with Kali Linux here.

Aircrack Tools

Now that you know what you can do with Aircrack, let’s look at each of its tools.

Airmon-ng

Airmon-ng is a script that puts your network interface card into monitor mode. Once this is enabled, you should be able to capture network packets without needing to connect or authenticate with an access point.

You can use the command airmon-ng to list the network interfaces and airmon-ng start <interface name> to start an interface in monitor mode.

# airmon-ng start wlan0

  PID Name
  718 NetworkManager
  870 dhclient
 1104 avahi-daemon
 1105 avahi-daemon
 1115 wpa_supplicant

PHY    Interface    Driver        Chipset

phy0    wlan0        ath9k_htc    Atheros Communications, Inc. AR9271 802.11n
        (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
        (mac80211 station mode vif disabled for [phy0]wlan0

In the above example, you can see that the network interface wlan0 has been turned into wlan0mon — meaning the monitor mode has been enabled for it.

Airodump-ng

Airodump-ng is a packet capture utility that captures and saves raw data packets for further analysis. If you have a GPS receiver connected to your computer, airodump-ng can fetch the coordinates of the access points as well.

After enabling monitor mode using airmon-ng, you can start capturing packets using airodump. Running the command airodump-ng will list the available access points. The ESSID (or SSID) is the name of the wireless network.

# airodump-ng
CH  9 ][ Elapsed: 1 min ][ 2007-04-26 17:41 ][ WPA handshake: 00:14:6C:7E:40:80

 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

 00:09:5B:1C:AA:1D   11  16       10        0    0  11  54.  OPN              NETGEAR                         
 00:14:6C:7A:41:81   34 100       57       14    1   9  11e  WEP  WEP         bigbear 
 00:14:6C:7E:40:80   32 100      752       73    2   9  54   WPA  TKIP   PSK  teddy                             

 BSSID              STATION            PWR   Rate   Lost  Packets  Notes  Probes

 00:14:6C:7A:41:81  00:0F:B5:32:31:31   51   36-24    2       14
 (not associated)   00:14:A4:3F:8D:13   19    0-0     0        4           mossy 
 00:14:6C:7A:41:81  00:0C:41:52:D1:D1   -1   36-36    0        5
 00:14:6C:7E:40:80  00:0F:B5:FD:FB:C2   35   54-54    0       99           teddy

Aircrack-ng

Once you have captured enough packets using airodump-ng, you can crack the key using aircrack-ng. Aircrack uses statistical, brute force, and dictionary attacks to break the WEP / WPA key.

Aircrack-ng 1.4


                 [00:00:03] 230 keys tested (73.41 k/s)


                         KEY FOUND! [ biscotte ]


    Master Key     : CD D7 9A 5A CF B0 70 C7 E9 D1 02 3B 87 02 85 D6 
                     39 E4 30 B3 2F 31 AA 37 AC 82 5A 55 B5 55 24 EE 

    Transcient Key : 33 55 0B FC 4F 24 84 F4 9A 38 B3 D0 89 83 D2 49 
                     73 F9 DE 89 67 A6 6D 2B 8E 46 2C 07 47 6A CE 08 
                     AD FB 65 D6 13 A9 9F 2C 65 E4 A6 08 F2 5A 67 97 
                     D9 6F 76 5B 8C D3 DF 13 2F BC DA 6A 6E D9 62 CD 

    EAPOL HMAC     : 52 27 B8 3F 73 7C 45 A0 05 97 69 5C 30 78 60 BD

It is important to note that you need enough packets in order to crack the key. Also, aircrack-ng uses sophisticated algorithms to crack the keys from the network packets.

If you are interested in learning more about how Aircrack does this, this would be a good starting point.

Aireplay-ng

Aireplay-ng is used to create artificial traffic on a wireless network. Aireplay can either capture traffic from a live network or use the packets from an existing Pcap file to inject it into a network.

With aireplay-ng, you can perform attacks such as fake authentication, packet injection, caffe-latte attack, and so on.

The Cafe Latte attack allows you to obtain a WEP key from a client device. You can do this by capturing an ARP packet from the client, manipulating it, and then sending it back to the client.

The client will then generate a packet that can be captured by airodump-ng. Finally, aircrack-ng can be used to crack the WEP key form that modified packet.

Airbase-ng

Airbase-ng is used to convert an attacker’s computer into a rogue access point for others to connect to.

Using Airbase, you can pretend to be a legitimate access point and perform man-in-the-middle attacks on devices that connect to your system.

This attack is also called the “Evil Twin Attack”. Assuming you are in Starbucks trying to connect to their Wifi, an attacker can create another access point with the same name (usually with better signal strength) making you think that the access point belongs to Starbucks.

It is hard for regular users to differentiate between a legitimate access point and a rogue access point. So the evil twin attack remains one of the most dangerous wireless attacks we encounter today.

In addition to these, there are a few more tools for you to use in the Aircrack arsenal.

• Packetforge-ng — Used to create encrypted packets for injection.
• Airdecap-ng —  Decrypts WEP/WPA encrypted capture files after you crack the key with aircrack-ng. This will give you access to usernames, passwords, and other sensitive data.
• Airolib-ng —  Stores pre-computed WPA/WPA2 passphrases in a database. Used with aircrack-ng while cracking passwords.
• Airtun-ng —  Creates virtual tunnel interfaces.

Summary

The world is a more connected place, thanks to WiFi. We enjoy the benefits of WiFi almost every single day. With all its benefits, it is also a vulnerable network capable of exposing our private information, if we are not careful.

Hope this article helped you understand WiFi security and Aircrack in detail. To learn more about Aircrack, check out their official wiki.

Loved this article? Join my Newsletter and get a summary of my articles and videos sent to your email every Monday. You can also find my blog here.

Recently, I purchased a NodeMCU from AliExpress for about $4. The reason I did this was to find out what all the fuss is about with ESP8266.

NodeMCU is an open source IoT platform. It includes firmware which runs on the ESP8266 Wi-Fi SoC from Espressif Systems, and hardware which is based on the ESP-12 module.

Source: ESP8266 Datasheet

Compared to the Arduino UNO, my ESP8266 totally knocks it out of the park when it comes to CPU power and price.

The ESP8266 is 500% faster and 82% cheaper than the Arduino. The ESP8266 also has WiFi connectivity.

I was very surprised when I visited the Espressif website for the ESP8266. There’s lots of documentation and resources that you can use. For example, there’s an Android application which tells your ESP8266 to connect to your WiFi. The app sends the SSID and password as packets, the ESP8266 sniffs them, and then it connects to your WiFi. This is called SmartConfig, and was invented by Texas Instruments.

In this article, I will guide you to setup and run the Smart Config example from the Espressif RTOS SDK.

Here’s the things you’ll need:

• A modern computer.
• A NodeMCU board with ESP12-E
• VirtualBox (https://www.virtualbox.org/wiki/Downloads)
• Ubuntu Server LTS (https://www.ubuntu.com/download/server)

Configuring VirtualBox for development

1. Download VirtualBox and install Ubuntu Server. This should be easy to do, but if you don’t know how, Google it or have a look at this graphic step by step guide. Installing an OS is a nice skill to have. (Tip: When VirtualBox prompts you to select the disk, make it dynamically allocated and at least 50GB in size. This will save you some headaches further down the line.)
2. Make sure that you can access the internet from within the virtual machine and configure the DNS server:

Right click the machine then Settings -> Network

To configure the DNS server, have a look at this example.

Example: dns-nameservers 8.8.8.8 8.8.4.4 If you can ping Google, then you’re good to go!

3. (Optional) Install OpenSSH and Samba server. This will make your life much easier.

4. (Optional) Enable port forwarding. In order to SSH directly into your virtual machine, you need to enable port forwarding. For example, to map the port 2222 on your host machine to the port 22 of your virtual machine.

Enable Port forwarding: Settings -> Network -> Port Forwarding

If you have enabled port forwarding, you can now SSH into your virtual machine from your Host machine as in the figure below.

FIG1: ssh -p 2020 denis@localhost

Note: If you’re on Windows, you need Putty in order to SSH into the virtual machine.

5. Plug in your NodeMCU and execute the following command:

tail -f /var/log/kern.log

This should reveal to you that the device has been identified as /dev/ttyUSB0. If nothing happens, then you need to add the USB to the virtual machine. After adding the USB, unplug and plug your device in again.

Adding USB: Settings -> Ports -> USB

If you’ve reached this point and every thing is working, congratulations! You’re now ready to compile the SDK and run the SmartConfig example. You can even shoot me a tweet at https://twitter.com/metonymyqt

Compiling the SDK and flashing the board

1. Install the required packages (as below). This info is also available on the SDK’s readme.md.

sudo apt-get install make unrar-free autoconf automake libtool gcc g++ gperf flex bison texinfo gawk ncurses-dev libexpat-dev python-dev python python-serial sed git unzip bash help2man wget bzip2 libtool-bin

2. Create a new folder and navigate into it: mkdir Development && cd Development

3. Clone the Open SDK: https://github.com/pfalcon/esp-open-sdk

git clone --recursive https://github.com/pfalcon/esp-open-sdk.git

3. Run make: make

Warning: This step will take a while to finish so please be patient. On my virtual machine it completed after 50 minutes. On yours it might take more or less, but before you run, make make sure that you’re connected to the internet and DNS is properly configured. The best way to check this is to execute a ping to Google or some other site if Google is blocked in your region.

Successful ping command: $ ping medium.com

If your ping is successful, you can minimize the windows and watch an episode of your favorite TV show. Come back after about 40 minutes (but make sure your computer doesn’t go to sleep).

After the SDK has been built successfully, you’ll see a message telling you to put something in your path. To do so, execute the following:

echo 'export PATH=/home/denis/Development/esp-open-sdk/xtensa-lx106-elf/bin:$PATH' >> ~/.profile

The command will append the string to the ~/.profile file. Now please run the following command:

xtensa-lx106-elf-gcc --version

If the command executes successfully, then you’re good to go!

4. Test your board

Plug your NodeMCU and run lsusb to verify that your device is connected. After that, run esptool.py chip_id. You should now see the board’s chip id.

_esptool.py chipid

5. Clone ESP8266_RTOS_SDK

git clone https://github.com/espressif/ESP8266_RTOS_SDK.git

6. Export the SDK path and SDK/BIN path using the commands below.

echo 'export SDK_PATH=/home/denis/Development/ESP8266_RTOS_SDK' >> ~/.profile

echo 'export BIN_PATH=/home/denis/Development/ESP8266_RTOS_SDK/bin' >> ~/.profile

7. Compile the SmartConfig example

cd /home/denis/Development/ESP8266_RTOS_SDK/examples/smart_config/

chmod +x ./gen_misc.sh

./gen_misc.sh

Now accept the default values until you’re asked for SPI_SIZE_MAP. This is where you select 4 because the NodeMCU has a flash size of 32Mbit and this translates to 4MB. _You can also select SPISPEED 3=80Mhz

You’ll see something like this:

!!!SDK_PATH: /home/denis/Development/ESP8266_RTOS_SDKBIN_PATH: /home/denis/Development/ESP8266_RTOS_SDK/bin

No boot needed.Generate eagle.flash.bin and eagle.irom0text.bin successully in BIN_PATHeagle.flash.bin — — — →0x00000eagle.irom0text.bin — →0x20000!!!

8. Flash the board

cd $BIN_PATH

esptool.py erase_flash

esptool.py write_flash 0x00000 $BIN_PATH/eagle.flash.bin 0x20000 $BIN_PATH/eagle.irom0text.bin 0x3FC000 $BIN_PATH/esp_init_data_default.bin

Now, if you reset the board, you should see no LED blinking.

9. Use the Phone Application

10. Android Application

11. iPhone Application

ScreenShot from my Android Device

Open the Application, make sure that you’re connected to a WiFi AP, enter your password, and press confirm. After a few seconds the ESP8266 should connect to your AP. That’s it. Congratulations for reaching the end!

If you want to develop more using the ESP8266-RTOS-SDK, please visit the official websites. You’ll find a lot of resources and documentation there. Also, please take a look at the other examples found in the SDK folder.

Thank you very much for your time reading this. If you want to reach out to me, you can do so on Twitter: MetonymyQT

Resources

• ESP8266 Overview
• ESP8266 Resources
• FreeRTOS Website