The first few hours of every Hackathon typically starts with limited to no internet. As I notice everyone around me beginning to tether their phones, I always think of doing the same. I realized that my phone hotspot key was just my phone number, which would be extremely easy to crack. Everyone's packets are easily available to be sniffed, and enough data packet collection would allow for cracking on a distant machine. So it got me thinking...

What it does

If I ever forgot my password and needed a way to get back into my system, I would be pretty stuck. This web application allows me to wisely crack (I like to say recover) my WiFi keys using Aircrack-ng after I have sniffed sufficient amounts of data packets. The problem that would occur is that I only really have my phone to sniff packets or my laptop. Performing "recovery" would drain the battery easily, and everyone knows the computing power to perform "recovery" is just not there. That's where the cloud comes in. Why use up your resources when you can allow supercomputer clusters to do your bidding? I mean... uh, help you get back in your systems.

WiseCrack is a titularly sarcastic approach to packet sniffing and cracking.

How I built it

Android PCAP allows your phone to sniff packets in monitor mode without any need to root your phone using a wireless card (I have the Alfa Long-Range Adapter) and USB developer mode. Aircrack-ng provides a suite of tools for cracking WEP and WPA-PSK keys. But they're not widely used because brute forcing or even dictionary methods take forever. You have to have your computer on the entire time and if something faulty happens, say goodbye to ever recovering your passwords. However, some may say that this can be used as malicious activity. I don't possibly see why anyone would do such a thing; however, to avoid potentially "stepping over ethical boundaries" I did not deploy this on any clouds, just my localhost. I did this using the Meteor Javascript framework. I'm not too fond of web dev, but hey, it's a hackathon; this is the perfect time to pick up something new.

The process was simply sniffing for packets in monitor mode with PCAP, uploading them into the WiseCrack web application, then deploying Aircrack-ng to do it's thing.

Challenges I ran into

Before deciding to create a web app, it was going to be an Android App. This made a lot of things difficult because the App would do it's own packet sniffing (without PCAP). It would then connect to my laptop's local server as a proof of concept and run Aircrack. After the key is extracted it would be sent back and logged into the App. There were just so many different moving parts and at one point I was going to use Cordova to just let web apps become available to Android, but even that was not for sure going to work. I pivoted way more times than just this instance, so the final product left much to be desired.

Accomplishments that I'm proud of

I have an app that works. I got better at web development.

What I learned

A ton of Javascript. A bunch of server configuration protocol and scripting that I didn't end up using at all. Special thanks to Wynne Tran for the logo, artwork, and some of the front-end design, David Buff for mentoring me on Meteor, Steven Sairafian for the project idea, and Ashley Barton and John Chen for making sure I stayed safe over the weekend.

What's next for WiseCrack

Potentially create this into a standalone Android app. Less moving parts (no more PCAP, Meteor shenanigans, web dev, less application servers) tends to make a more robust product.

Built With

Share this project: