Hello again,
Well, I was able to get 128bit WEP key with pgt(4) card. It did have
some weird behaviour though.
While capturing ivs with airodump-ng, lots of unexisiting APs were
popping up all over the screen, overflowing it.
EC:CF:58:C7:84:0D 0 7 0 53 0 1 -1 OPN <length: 0>
C7:E3:0A:2C:B8:2C 0 0 0 2 0 1 -1 OPN <length: 0>
7E:CD:1F:D4:49:BA 0 0 0 23 0 1 -1 OPN <length: 0>
.....
I'm pretty sure something is wrong, since kismet on the other box
doesn't see any of these.
Aircrack-ng 1.0 rc1
[00:00:00] Tested 787 keys (got 48175 IVs)
KB depth byte(vote)
0 0/ 34 28(60160) 11(56320) DA(56064) 61(55552) 02(55552)
C9(55296) D4(55040)
1 1/ 1 93(58880) 31(57088) 06(55808) BD(55808) 91(55808)
D5(55552) 2A(55296)
2 0/ 1 1D(76032) 60(57088) F7(55808) 3F(55808) 63(55296)
FE(55296) 0F(54784)
3 13/ 3 BB(53760) 1C(53504) CE(53504) E3(53248) 2A(53248)
5A(52992) D4(52992)
4 0/ 1 03(71680) 13(57344) 30(57344) 23(56064) E8(55552)
BE(55040) 64(55040)
KEY FOUND! [ 28:71:84:21:C5:79:0C:C3:91:E4:8D:41:95 ]
Decrypted correctly: 100%
All this was done on OpenBSD/amd64 box and pgt(4) card. Capturing and
injecting the packets were done concurrently. It's now time to try
ath(4) and maybe ural(4), iwn(4) -- that's all i got.
