Q: is this really a man in the middle or is it just arp tricks?

A: yes its really in the middle, at layer one, no arp tricks...


Q: what cards does this work with?

A: at present on most prism2 based cards 100%, and many modes for 
   lucent cards, play with the modes and see what results you get with 
   lucent cards...


Q: does it work with cisco cards?

A: no, there is little reason why it couldnt, the cards are very similar
   in fact i have privately writen a version for the cisco, but i am under
   NDA with aironet so i cant open any code up or discuss their cards 
   (which are very good cards btw)...


Q: could your man in the middle work against ssl?

A: yes in much the same way that Doug Soung's DSniff works to do a man in
   the middle attack against ssl on wired networks, this same technieque 
   could be used to attack ssl


Q: does this package crack ssl

A: no it does not, but that is only because no-one has writen the code 
   (publicly at least)...but there is nothing stoping people from doing
   so...


Q: im trying to send a data frame but for some reason the frame comes out
   crazy?...btw i am using the real 4 address field in the header...

A: the prism2 card doesnt know what to do with that 4th address, to send out
   data frames just use the 3 address field and pad the fourth address onto
   the payload (i think that works), in the future i need to have the driver
   handle this little detail for you, but for now, play along...


Q: can i transmit while in monitor mode?

A: contrary to popular belief you _can_ transmit during monitor mode, there
   are however a few catches....when in monitor mode you are telling the 
   card to not bother with things like frame acknowledgements and the like
   as a result you can send frames but it will not notice the acknowledgements
   to those frames (as you asked it to do), the bad part is that the card 
   doesnt take this into account when it waits for itself to be acknowledged
   so you will get alot of retransmits....one solution is to set the retransmit
   max to 0 and ignore retry tx-exceptions from the card (i do ignore them at
   present, but i dont have the retry's set to 0, something i need to do in
   future releases...)


Q: i cant send XXXXXXX type of frame, without it doing something strange?...

A: the firmware is a little quirky in this area because it wasnt made to do 
   this sort of thing...the solution is to play with modes, my favorite are
   5 and 6...i can tell you that i have successfully, and reliably been able 
   to generate all types of frames except smaller control frames with this 
   driver...


Q: im trying to do an mitm on my lucent/prism2/cisco card and its not working
   the way i thought it would...i cant seem to get in the middle...

A: this is really a timing issue, see the airjack card has to dos you off the
   channel and before you get to the other channel we have to be there waiting
   with beacons in hand to get in the middle...
   with lucents and prism2's this can be hard because they are so easily 
   tricked into changing channels that we arnt ready for them when they pass
   by...with cisco's its easier because they take longer to kick off a channel
   the way to fix this is to varry the number of deauths and dissassociates
   and to try to get the channels (real and fake) far enough apart in the cards
   scanning sequence...if all else fails you can have one card simply wlan-jack
   him (presumably from another laptop) and then just set the deauths and 
   disassoc.'s to 0 on the monkey-jack machine...this works for me every time
   ...for some examples check out the mjack.sh script (thats the one i used 
   against a cisco at blackhat and it works every time for me without fail)...



Q: I've found a bug in the tools, and i dont have a fix for it...

A: good for you, no one cares about you, go eat worms...


Q: I've found a bug in the tools, and btw here is a patch...

A: cool, email it to bugs@802.11ninja.net be sure to mention how you want
   credit for your fix listed...


Q: I've found a bug in the driver and i may or maynot have a fix...

A: cool, if you know its a bug, then fix or no id like to hear about it
   ive already got a number of known issues, but if you pretty sure it a
   new bug, then please email bugs@802.11ninja.net and ill see what i can
   do...


Q: do i really need to install the orinoco patch to make this work...

A: actually with the drivers that are coming out these days you probably
   dont have to, the only thing that patch adds is support for the ioctl
   SIOCSIFHWADDR (for changing the mac address), new drivers already have
   this...and as for other cards, all you need is wireless extensions
   support and that ioctl and ill work with it fine...(please note you 
   will _still_ need a prism2 to make this work for the other card)...


Q: will you be giving another talk at blackhat this year (2003)...

A: probably not this year, while ive alot of things ive worked on that
   i could present, i doubt that my workload is going to allow me the 
   time to get any of it in a state worthy of presenting...if you really
   want to hear me speak again i get talked into speaking at a number of
   conferences in the south east (e.g. http://www.interz0ne.com)
   and http://www.phreaknic.info)... 


Q: i tried this against <insert random IPSEC implimentation here> and it
   wasnt able to crack anything, does that mean its not vulnerable...

A: no, airjack was intentionally made to only work against WaveSec VPNS
   we didnt want to make it work against any VPN in wide spread use for
   reasons of ethics and lawsuits...we thought it would be unethical to
   release a totally effective hackers tool and no fix (bitch at IEEE 
   for the fix cause even in 802.11i they still dont seem to get it) and
   also we didnt feel like getting sued over this...


Q: so could someone easily make airjack work to attack my IPSEC VPN?

A: yes, if you arent using strong two way authentication (passwords are
   are strong) then you are still vulnerable, dont think that just
   because i released a crippled proof of concept doesnt mean that i 
   didnt write a fully working version at home, and if i can do it, you
   can be sure that there are scores of others that can as well...
 

Q: can i have the above mentioned un-crippled version of kracker-jack?

A: um...no...no you cant, and if you have to ask, then i probably really
   dont want to give it to you for the above mentioned reasons...


Q: i have a question but its not in this faq

A: ok, first thing to do is make sure its not on the docs on the web page
   also that its not in the bottom section of this faq...then if you've
   exhausted all of those resources im happy to answer your questions
   via email, email airjack@802.11ninja.net...please include output from
   the following when applicable: "lsmod", "ifconfig -a", "dmesg", and 
   anything else you think i might need to get a handle on the problem...


-----------------------------------------------------------------------
Really Stupid, Yet Somehow Frequently Asked Questions:

ive been getting alot of these type of questions recently
if you email me one of these questions i swear to god im
going to hunt you down, tie you up with duct tape and
rub my balls all over your chin...you'll wash and wash and
wash, but you'll still feel dirty...

-----------------------------------------------------------------------


Q: im not seeing any of the airjack traffic on my 802.11a card...

A: <sarcasm>well i cant see why not, let me plug my gigabit ethernet card
   into my token ring network so i can get online and tell the world, 
   cause i just cant seem to understand this one...</sarcasm>...seriously
   people you cant pick up airjack on your car am/fm radio either can you
   so why would you be able to see 802.11a traffic...


Q: im having trouble building your code for windows in cygwin

A: there is a small problem in that airjack is a LINUX KERNEL DRIVER, its
   not some userspace application (although it comes with some examples)


Q: im having trouble installing your code for windows, without cygwin

A: wow, the last question was by really stupid fuckers, but you didnt
   even have the inteligence to get cygwin in there...if you are even
   thinking this one, then give up, go be a lunch lady or something,
   you remember the lunch lady right?, well when you're a lunch lady no
   one will notice or even care about how clueless or stupid you are
   you'll just have to serve sloppy joes...now go away...


Q: ive spent all the time to download, build and install airjack, but 
   why do i have to install your driver to make airjack work, i just 
   want to be able to make it work on my driver...

A: lets get something strait, AIRJACK IS THE DRIVER jackass...you just
   asked me this..."why do i have to install airjack to use airjack", 
   well i dont know...maybe because computers are still not magic boxes
   so until they are, please do us all a favor and stop using yours to
   send people email...
   




