802.11 tips and threats

Links an code for "802.11 tips and threats" @ Defcon Moscow #dc4799

802.11 books

https://www.dropbox.com/sh/bqf9wv7dvsb9ya0/AABXBQ7eCgDc2LQfX0CnBn8Za?dl=0

Atheros hamradio

http://yo3iiu.ro/blog/?p=1301

My repos

https://github.com/0x90/scapy-osx

https://github.com/0x90/wifi-arsenal

https://github.com/0x90/wps-scripts

https://github.com/0x90/wifi-scripts

Hardware

[Wispi for TP-Link] (http://semaraks.blogspot.ru/2015/03/wispi-for-various-type-tp-link-router.html)

802.11 hacking @ OS X

Apple80211, CoreWLAN examples in osx folder. Also use airport utility

sudo ln -s "/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport" /usr/bin/airport

Apple80211 framework analysis

Atheros low level

Change bandwidth

echo "$chanbw" > /sys/kernel/debug/ieee80211/$phy/ath9k/chanbw

Registry list

ls /sys/kernel/debug/ieee80211/phy*/ath9k_htc/registers/

Atheros AP client firmware limit

Disable ANI

echo '1' > /sys/kernel/debug/ieee80211/phy0/ath9k/disable_ani

Debug info:

iw --debug dev wlan0

Links:

http://yo3iiu.ro/blog/?p=1301 http://blog.altermundi.net/article/playing-with-ath9k-spectral-scan/

Misc links

http://pythonwifi.tuxfamily.org/

http://blog.opensecurityresearch.com/2012/05/installing-lorcon2-on-backtrack-5-r2.html

http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=WPA_Migration_Mode_patches_for_aircrack-ng_and_Kismet

http://wifimafia.blogspot.ru/2011/03/wap-fingerprinting-wi-fi-alliance-way.html

http://wifimafia.blogspot.ru/2011/03/injecting-80211-frames-with-pylorcon2.htmln

http://www.aircrack-ng.org/doku.php?id=cracking_wpa

http://www.mathyvanhoef.com/2012/09/compat-wireless-injection-patch-for.html

http://people.cs.kuleuven.be/~mathy.vanhoef/papers/wpatkip.pdf

http://patches.aircrack-ng.org/

http://aircrack-ng.blogspot.ru/

http://www.swilliamsgroup.com/how-to-quickly-create-a-wifi-network-graph/

http://www.fruitywifi.com/index_eng.html

https://cyberarms.wordpress.com/2014/10/16/mana-tutorial-the-intelligent-rogue-wi-fi-router/

http://chimera40.wordpress.com/2012/02/01/cracking-wpa-using-pyrit-and-or-aircrack-ng/

http://raidersec.blogspot.ru/2013/01/wireless-deauth-attack-using-aireplay.html

http://danmcinerney.org/how-to-kick-everyone-around-you-off-wifi-with-python/

http://wireless.kernel.org/en/developers/Documentation/mac80211

http://wireless.kernel.org/en/users/Documentation/hostapd

http://w1.fi/security/2014-1/

http://digi.ninja/

http://www.wifikiwi.com/

WPS

https://forums.kali.org/showthread.php?24286-WPS-Pixie-Dust-Attack-(Offline-WPS-Attack)

http://k0derz.ru/%D0%B1%D0%B0%D0%B7%D0%B0-wps-pin-%D0%BA%D0%BE%D0%B4%D0%BE%D0%B2/

http://www.seguridadwirile.info/forum/7-961-1

http://lampiweb.com/foro/index.php?topic=9826.0

http://www.willhackforsushi.com/?author=2&paged=2

http://forum.antichat.ru/printthread.php?t=400848&pp=40

https://forums.hak5.org/index.php?/topic/31951-wpspinsh/

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130805-0_Vodafone_EasyBox_Default_WPS_PIN_Vulnerability_v10.txt

http://standards.ieee.org/develop/regauth/oui/oui.txt

http://uceka.com/2013/12/31/wps-pin-cracker-wpawpa2-hack-in-5-second/

Dictionaries

http://xiaopan.co/forums/community/dictionary/

http://wifi0wn.wordpress.com/wepwpawpa2-cracking-dictionary/

https://blog.g0tmi1k.com/2011/06/dictionaries-wordlists/

https://www.cloudcracker.com/dictionaries.html

https://forums.hak5.org/index.php?/topic/29308-13gb-44gb-compressed-wpa-wpa2-word-list-982963904-words/

NintendoDS Scan

https://github.com/trou/airscan