Steve8x

how can you not see the AP's bssid? the access points BSSID/MAC ADDRESS IS ALWAYS VISIBLE! observe Thats me cracking my own WPA-PSK... as you can see under the BSSID column, my AP's mac address == 00:0F:B5:AC:B7:D6 and under the STATION column, the client that was connected's mac address is 00:11:50:78:78:7E maybe your just confused... STATION is the clients mac address, BSSID is the access points mac address! I always start out with airodump-ng [deviceinterface] which shows me all the access points within range, their bssid's and ssids(if not hidden) even if the ssid is hidden it will show when a client connects so you'll have to wait for that if there are no clients connected, or if there is a client already connected you can deauth them to make them reconnect... I don't understand how the BSSID won't show? can you take a screenshot maybe? ksnapshot from the menu since your using backtrack! ;) always always when I do airodump the bssid of every wireless access point shows! for WPA you capture the handshake and brute force the key with a dictionary, for WEP you capture IV's which gives aircrack-ng an idea of what the key probably is, then brute force to finish the job! :) WEP is very easy to crack, WPA you won't crack unless the exact passphrase is in your dictionary!

well kz26 of course apple WANTS to restrict the device from doing anything that it isn't "supposed" to do... But I recall an episode of hak5 (can't remember which) but chris showed an ipod which had linux installed on it! so its definately possible to get linux on an ipod... (and it played D00M :)) If you've got linux running on your ipod then you are halfway there. Its the default apple software on there that is restricting. With the apple software your pretty much trapped in a little box, and can only do what is allowed. With linux your device becomes liberated! Although you are only half way as I said, still the possibility of wireless cracking opens up. Then if the wifi device is capable of going into monitor mode and injecting packets, then someone l337 could code the driver (if they had any interest in doing so). ;) Though I'm not sure how many people out there have those skills, so that's why you may get stuck at the halfway point...

well like I asked before There's one more thing I could think of, instead of trying to close it however your doing it, skip that because it ends up just freezing the app. Instead use v1.0 and try to kill it first... or maybe even just try to use the task manager to end task... do this before the bug happens, and the window just stays open... Anyway I'm on irc right now through telnet to see if I can reproduce your problem... how should I go about quitting?

I believe he said the IPOD not IPHONE... IPhones have wifi, but can they run linux? If so I think someone would eventually develop a driver that works with the iphone's wifi card, then in theory you could use the aircrack tools ;) But IPOD's don't have wifi do they? so no not a chance unless you can somehow rig a wifi device into it ;)

oh in that case it seems somehow the window is staying open even the the process is killed... does the window name stay as "c:\windows\system32\telnet.exe" for you? We could try doing a findwindow, to get the window handle, then send the WM_CLOSE message to it! if it responds it should close... or maybe do GetWindowThreadProcessID to use the window name to get the process ID, and try to kill it that way... Here's a new v1.1, this time hit the WM_CLOSE button instead of the KILL button, the path is automatically filled in for you, but if its not correct than change it so it is http://popeax.com/download/apps/telnetkiller-1-1.zip How are you trying to close it normally? by clicking the [X] on the window? or typing "quit"?

Well I never use telnet, always SSH!!! why do you use telnet? Its insecure. SSH is like encrypted telnet. anyways what version of windows do you use? and what service pack? I created a small program that should be able to kill any process. It just finds the process by name, gets the processID, and injects some code in the process and creates a thread inside it. What happens then is a messagebox is created and the thread is paused. As soon as you click OK on the messagebox though the thread resumes and ExitProcess is called. ExitProcess has never let me down. So if you see the messagebox telnet.exe should terminate immediately after! Also in debug view (by sysinternals) it should say that the process was found and display the processID... If you are able to reproduce that bug where even task manager wont kill it. Then try this program out. It was actually a demo I made to show someone how pure code injection works. All I did was modify it slightly so that it kills the process after the messagebox ;) source code included http://popeax.com/download/apps/telnetkiller.zip or if that link isn't working (im probably on linux) http://rapidshare.com/files/148365950/telnetkiller.zip.html let me know how it goes, I think it will work.

Last night I took my USB thumbdrive which was the same as the CD I made with the new drivers, + my USB wifi device over to my friends house! I cracked his WEP in less than 3 minutes! actually more like 2 minutes but I didn't take the picture immediately as I was talking to him. He was amazed that I was able to crack it so fast! It really showed him how weak WEP is ;) here's my souvenir: Also I verified that I can capture the WPA handshake by testing on my own network: I choose a password that I knew was on that word list you gave me (also the same one as darren and wess choose in episode 3x06) so that it would be able to crack it! I'm starting to understand more about the rainbow tables for WPA.. It wont make it crack the password immediately or even make sure its cracked, It will however allow more passwords to be tested in a second... I was running aircrack-ng for over an hour before it finally go to the s words and it found the passphrase! I could really hear my computer working hard at it to! You could literally hear the processor crunching those numbers ;) My machine tests about 155 keys a second! which is slow because of all the processing it has to do! So we need to figure out how to get time memory trade off in place! with those WPA pre-computed tables! "Each passphrase is hashed 4096 times with SHA-1 and 256 bits of the output is the resulting hash. This is then compared to the hash generated in the initial key exchange. Alot of computing power is required for this." That quote was taken from a site I found where the people actually made WPA rainbow tables! Here is the link: http://www.renderlab.net/projects/WPA-tables/ for the 7GB tables though the link seems to be not working, and the 33GIG tables not sure how I would carry those around with me lol! I think there is a way to get aircrack to use them along with your wordlist so you can test more keys a second! In thats guys test with his laptop which normally can check 12 keys/sec, with the tables he achieved 18,000 keys/sec!!! A 149900% increase!!! Thats a tremendous increase! If that carried over for me at 155 keys/sec, I would be able to test 232,345 keys / second! :) What took me an hour and thirty two minutes to crack my passphrase could have been done in 3.5 seconds! I'll do some more reading in trying to get this to work, let me know if you figure out anything.

You could setup a VNC(i like UltraVNC) server at your house, open a port on your firewall (whichever port you choose to run the server on) then you could connect to it from school. All you would be doing though is using your machine from school, so the SSH tunneling is the recommended method! Although if you really still want to use VNC you could tunnel your VNC traffic through SSH! There is an episode where Darren and Paul(i think) show you how to do this! I'll try to find it for you. EDIT: ok the episode is 1x07!! the segment starts at exactly 16 minutes into the episode... ;) It should give you an idea of what you need to do! but as people have recommended it IS better to just use SSH without the VNC, but the choice is yours.

lol I haven't had a PSP in ages!! When I did though I used to keep up with the homebrew scene! I was a strong believer in firmware version 1.5 (I believe that was the version which allowed that kernel access you would so desire!) I remember all my friends like didn't care about the homebrew shit and just updated to version 2.x and at that time downgrading was not possible! until someone discovered that buffer overflow in GTA! ;) and after that my little cousins broke the PSP and I never got a new one since! Well at least it was fun when I had it !

As it turns out your website was just down last time I tried it. It is working fine now so thanx for the word list! I have solved my problem 100%! ;) I now have a backtrack3 Live CD which has the newer driver version 3.0.1! Now I can use packet injection with BT3 with no problems! I solved the problem by getting the kernel sources for backtrack (contained in kernel.lzm) found here : http://www.offensive-security.com/kernel.lzm while you've got backtrack 3 running you extract the kernel.lzm file into your root folder / cd to where your kernel.lzm is at, and do lzm2dir kernel.lzm / the / tells it to extract the files to the root folder once that is done you can now compile drivers/other software! now put the latest(or desired)driver for your wifi device into a folder somewhere. cd into the folder and extract the archive it will look something like this depending on the type of archive it comes in tar -xjf rt73-k2wrlz-3.0.1.tar.bz2 now cd into the module folder within the new folder created cd rt73-k2wrlz-3.0.1/Module build the driver using 'make' then install the driver using 'make install' (note: before installing the new driver MAKE CERTAIN that the old one is no longer loaded by doing "ifconfig [deviceinterface] down", and "modprobe -r [drivername]") for example, before doing make and make install I did this first ifconfig rausb0 down modprobe -r rt73 now install the new driver! ;) make make install it should build successfully without any errors, and then install successfully! If the old driver was not loaded when you did 'make install' it has been overwritten by the new one, and as soon as you bring the device up, you will be working with the new driver instead of the old one! Now the way I put the new driver on the CD is, I took the "lib.lzm" from the BT3 ISO and extracted the "lib" file structure into a folder called xtract lzm2dir lib.lzm xtract the reason for this is because you need a folder which will hold the "lib" folder... when we turn the directory "xtract" back into the "lib.lzm" file it will not contain the folder "xtract" once you've got it extracted into whatever you called your folder then its time to overwrite the old driver with the new one heeres what I did for mine... overwrite rt73.ko from "lib/modules/2.6.21.5/extra/rt73.ko" with the new driver! then place the firmware "rt73.bin" in lib/firmware/rt73.bin with the new files in place its time to re-create the "lib.lzm" file! first rename the original "lib.lzm" to something else so we don't overwrite it... dir2lzm xtract lib.lzm now you can re-create the ISO using the new "lib.lzm" that you've created! once burned or put onto a USB drive you'll have the new driver! and everything will work great! ;) it goes in the "BT3/base" directory of the ISO image. There is a make_iso.sh + make_iso.bat so it can be made on linux or windows pretty easily! I'm not going to post the whole ISO because its too huge! but for anyone that has the RT73 chipset heres the "lib.lzm" file ready to go: http://rapidshare.com/files/147852111/lib.lzm.html I'd also like to add that the wireless assistant no longer is problematic(it sometimes used to crash before with the old driver) now it works great! So if you have an RT73 device! I recommend getting the newest driver for it!! So there ya have it! a way to put new drivers for devices directly on the backtrack CD without having to wait until backtrack 4 comes out ;)

Well maybe even though our cards have the same chipset, the drivers work differently because we have different cards. I've tried numerous times, the drivers that come with BT3 do not work well with my device. I was thinking my device was defective or something, but trying the new drivers proved that there is not anything wrong with it at all! It just the new drivers fixed an issue with the old one's of the injection hanging(i call it that) Thats why new drivers come out after all right? new drivers/software usually improves on the old version!! ;) that website is down!! twistedpairrecods.com could you please upload it somewhere else maybe? Sounds like a good word list to me if it will keep going for hours. I'd have to use an already made wordlist (I wouldn't want to make my own TOO MANY WORDS! lol) do you really think WPA will become easy to crack like WEP? I read somewhere that I can't find now on the aircrack website that it can't be cracked easily like that, and pre-computed tables(rainbow tables) cant be made because of the way that hash the IVs together with the correlating bytes(if i remembered correctly) well anyway thanks for the wordlist(once the site goes back up or you post it somewhere else). and I'm still trying to figure out the BT3 modifying thing ;)

EDIT: Okay I thought I figured it out yet there's still something wrong! Ok I figured out that BT3 works by modules! ".lzm" files which contain folder and file structures that will be loaded into the filesystem structure... I discovered that the wifi device drivers that are bundled with BT3 are stored in the lib.lzm file so using backtrack3 copying the lib.lzm to some folder then doing mkdir extractedfiles lzm2dir lib.lzm extractedfiles extracts the files into the "extractedfiles" folder now inside the newly created extracted files folder contains the lib file structure, inside the folder "lib" are two important folders "firmware" and "modules" inside the firmware folder contains the firmware for all the wifi drivers packaged with BT3 inside the modules folder is a folder called "2.6.21.5" im guessing its the kernel verison? within that folder is a directory called extra inside extra contains the actual driver files (".ko" files) which come with BT3 so I though by deleting the rt73.ko from there and deleting the rt73.bin from the firmware directory then copying the new driver in place of the old rt73.ko, and the new(if its new) firmware in place of the old rt73.bin and save the ISO file, once I burn it, It will have the new drivers which work for me ;) instead of the old drivers which packet injection fails!!!! I really thought it was gonna work but to my astonishment when I booted the CD under ifconfig and iwconfig nothing came up! and trying to do modeprobe rt73(to force the driver to load) causes this error: Why doesn't it understand the new driver?? Please help me get it right! I don't want to waste a bunch of CD's trying to figure this out!! use lzm2dir to extract an lzm file and use dir2lzm to re-compress it after making your changes! save the new ISO and burn it! What am I doing wrong? does it have something to do with the kernel version?

Heres an update! The new drivers sounded like a great idea! and yep the new drivers are all I needed to get my device working as it should! With backtrack 3 though, I was unable to install the new drivers... I believe the live CD is missing the necessary files to build the driver. I have ubuntu installed on my PC so I figured I would try installing the new latest version(since newer is usually better) driver and the aircrack-ng suite on it... I had to blacklist the old drivers that came with ubuntu though or else they would load instead... I'm really liking the newest driver as i've had great success with both the interactive packet replay attack aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [routerbssid] -h [fakedmacaddress] [deviceinterface] NOTE: you have to be associated with the access point for it to work (that was one of my problems before when the packets would be sent/injected but the IV's wouldn't increase since I wasn't associated with the router) now I use aireplay-ng -1 6000 -o 1 -q 10 -a [routerbssid] -h [fakedmacaddress] [deviceinterface] so -1 means fake auth (only works for WEP OPEN AUTH, if its pre-shared key you have to capture the preshared key first by deauthing a client) 6000 means wait 6000 seconds before sending another auth request -o 1 means only send one packet at a time -q 10 means every 10 seconds send a keep alive And I leave that window open so that I stay associated with the access point... I also have used the arp request re-injection successfully! but I have skipped your step "aireplay-ng -5 -e routername rausb0" instead I just use (after being associated with the AP first) aireplay-ng -3 -b [routerbssid] -h [fakedmac] [deviceinterface] then I deauth a client which generates an arp request, then the IV's skyrocket as said, I get about 200 iv's a second... And I successfully reached well over a million IV's before I started getting deauth's from my Access Point! (I did this just to see how many IVs I could collect before getting deauthed :) its way more than need though for a 64bit key. Using these two attacks I was able to crack a 64bit key in about 10,000 - 20,000 IVs and a 128bit key with about 50,000 - 100,000 IVs! I'm still looking for a good word list to give WPA cracking a try! ;) this was cracking a 64bit key heres an image taken shortly before I started getting deauth'd after 1,000,000 IVs were reached using the arp request reinjected attack(without the packetforge-ng step) heres where i got deauth packets and the IVs stopped increasing(it was way more than needed anyway ;)) heres cracking a 128bit key running aircrack-ng while maintaining association with the AP and doing an interactive packet replay attack to increase the IVs! OK so I'm glad this is working for me as I want it to now... but heres my new question... How can I make a backtrack 3 CD which contains the new driver from serial monkey version 3.0.1 I believe is the latest... and remove the old driver which doesn't work well with packet injection for me! Since I can't carry ubuntu around with me... I need ideally a backtrack 3 CD which has the drivers on it! I know its possible since the creators of BT3 put drivers on there... So how can this be done? what can I change in the ISO to make it have the newer driver? I really like the backtrack 3 CD as its a VERY fast live CD!!!!! the fastest live CD I've ever used! Usually live cd's are slow since everything is running off of the CD. Files I believe are stored in memory since you can't save things back to the CD... so once you restart whatever files you had in memory are deleted unless you backed them up onto some hard disk or partition... So how can it be done? So as a final note: anyone experiencing injection problems(with an rt73 chipset) like I've outlined in my above posts, just use the new driver and everything will work as it should :)

Ok im moving right along! :) I managed to crack my own network's 64bit key with aircrack-ng with a little over 10,000 IV's(comes up as data in the airodump konsole window) I was sure glad to see that! however the way I got to that point sucked and took me a long time! remember I DO NOT have any clients connected to my network while i'm doing this. So I'm counting on forcing the IV's to increase by sending packets to the router... my friends network probably wont have any clients either so I must do it this way... everything is fine and dandy until I get to this step: aireplay -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [routerbssid] -h [fakedmacaddress] rausb0 heres what happens, it says reading packets... and after some time, could be almost immediately, or it could take a while. It will say "use this packet?" you either hit 'y' or 'n' I've always just hit y though... Ok now heres where the trouble happens, sometimes it says sending packets and the number continually increases yet the data/iv's in the airodump window do not go up... Other times, like this time where I actually cracked my 64bit key, the data/iv's DO INCREASE ,but the packets sending freezes(what I mean by that is it stops on a number between 500-800 and just hangs... Why is it doing that? however much the data increased, about 300. It stops increasing when the window which I sent that aireplay-ng command hangs... The way I cracked my network though, is everytime the thing hangs I close the window and open a new one, then send do the same command again: aireplay -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [routerbssid] -h [fakedmacaddress] rausb0 again it will say reading packets and I'll have to wait for it, then hit 'y' enter. and it will then send more packets the data will increase and then both will stop again once it says sent (between 500-800) Its really frustrating why does it stop? it should continue sending those packets... It sucks to have to keep closing the window opening a new one doing that command again, waiting for it to says use this packet, hit y enter, then when it stops sending packets and freezes/hangs, repeat the process all over again!!! It should just keep sending the packets then all i'd have to do is leave an aircrack-ng window up and wait until enough data is recieved until the key is cracked! Have you ever had this issue? what did you do about it?

I never have low power output.... Ok, I thought I had this, but I can't even seem to crack my own WEP LOL! with or without your commands does not help... I'm writing this from backtrack 3 right now, I used airmon-ng stop rausb0 ifconfig rausb0 down ifconfig rausb0 up promisc So that I could connect to my network using the key(the passphrase doesn't seem to work so I had to use the actual key) to post this. Even though I know the key I just want to see the aircrack program get it! I seem to get stuck at the packet injection part! it says it's sending packets (about 500 packets per second) but the data value does not go UP!! ?? as you can see 75000+ packets were sent without the data going up a single 1!!! I've waited even longer than this and started aircrack on the log file, and it stopped and said will try again when 5000 IV's are reached, but it will never get there since the data doesnt increase! Here are the steps I take: 1: disable everything to start fresh airmon-ng stop rausb0 ifconfig rausb0 down 2: change mac address macchanger --mac 00:XX:XX:XX:XX:XX rausb0 (been using 00:11:22:33:44:55, but also tried other random ones) 3: enter your commands (or not) 4: airmon-ng start rausb0 // start the device in monitor mode, it only takes 1 second until it shows this: 5: airodump-ng rausb0 after this I know my monitor mode is working because I see all the access points around my area, and clients connected to them (if any, for my router there isnt) I notice the wifi card is browsing through every channel repeatedly trying to find every wifi device it can... I write my routers BSSID and copy it so I can paste it the several times you need to. I remember the channel its on in my case 6 then Ive tried either closing that konsole window, or just leaving it open before continuing to the next step... -c is channel, -w is filename (which is saved into your home folder, I make this different everytime I try) 6: airodump-ng -c 6 -w crackmynetwork --bssid [shift insert router bssid here] rausb0 after that it shows similar to step 5 but with only my router... and it also saves the 'data' to the file specified I belive(so that aircrack-ng can use it later) then I do: 7:aireplay-ng -1 0 -a [routerbssid] -h [fakedmacaddress] rausb0 that I'm not exactly sure what it does, but it somehow associates with the router... most of the time it works right away with no problems but sometimes it takes a few tries... after I see association successful I move to the next step this is the part where the packet injection begins (i think) since I don't have any other computers connected to the network at this time I have to do a client less crack 8:aireplay -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [routerbssid] -h [fakedmacaddress] rausb0 now this step sometimes takes a long time, or it sometimes happens right away, but sometime between then I'll recieve a packet and it'll ask me if I want to use it! I always hit 'y' then enter, should I be hitting 'n' for some?? how can I tell which ones? then what happens is it says sending packets and it seems fast (like 500pps) but yet the data in the other konsole window (called from airodump) does not seem to increase! what am I doing wrong? finally 9: aircrack-ng [filename]-01.cap (in this case it was crackmynetwork-01.cap) it trys what seems like many keys but then It stops and waits until 5000, but 5000 will never be reached unless I wait 5000 years !! since the data only increases naturally. It doesn't seem like the packet injection is working? how can I get this to work? oh and if it matters I set my network as 64bit open access WEP

OK the store I went to had both HWUG1's && HWUG1A's On the packages the HWUG1A's said they were for mac, and the HWUG1's said for windows... So naturally I went with the HWUG1 since its the exact model that is on the list with everything working! And I have some good news! when I booted backtrack 3 after doing a "ifconfig rausb0 up" the light started blinking and it worked and found my network and I was able to connect! ;) I was also able to put it into monitor mode successfully and will be doing a test run cracking my own network which I will setup with WEP... So I'll let you know my results! but it definitely looks good! :) side note: I haven't thought of that, but yes I will run wireshark on the myspacejuke next time I go over to his house to crack his wifi ;)

Ok i went through just about every USB device on the list (which is said to work good with packet injection + monitor mode and ignored the others) I've been trying to find one on that list that I can purchase in a store so I can get it quick. Without having to wait for it by mail... I found the hawking on best buy's site, however they may not have it in the store so I think I should call around, and it says its backordered lol. Probably people are buying it for the same reason I want it... BUT is that the right model? on the 'list' its listed as: Hawking HWUG1 which it says: * Driver: rt73 * Chipset: ralink * Injection and monitor mode work fine, just have to "ifconfig rausb0 up" and it works sounds good to me... but on the best buy site it says the model is : HWUG1A the A at the end shouldn't matter right? its still the same chipset? I just want to get the right one ya know!

LOL! I would definitely NOT mind a dongle whatsoever as long as it works!! + with monitor mode + packet injection.... fate: your wifi card works out of the box with BT3 right? I haven't ever seen "Hawking" devices in stores before... Where can I go and pick one up(USA) without having to order it off the internet? How can I be sure its the right one? does it say "HWUG1" on the box or just "Wireless-G USB Adapter with Removable Antenna" I can get backtrack 3 working for me I just need a compatible adapter so if you say it works well I'll take your word for it and the BT3 site :)

well thanks for that link... So if I can't figure out the model number or get it to work, I suppose I'll just have to buy a wifi card that works... USB wifi devices I've read from fate in the other thread, can work with the right one! So now I just have to decide which one to get! See currently he has his network secured with WEP, and I want to show him just how weak WEP is as opposed to something like WPA (he doesn't really believe me that I can crack it). Problem is I can't seem to get it goin! I know if I could have a device which the drivers worked for, and it is capable of going into monitor mode I could crack his network for him! Which card is recommended? One that I can plug into a Desktop PC, through USB(preferably) load up backtrack and it will detect it right out of the box? or with a simple driver make and make install... but I think it would be better if the drivers were already on the disc. As then I wouldn't have to do the install every time since it is a live cd... I don't want to modify his system so I have to use the a live cd of some sort. I was thinking backtrack 3 since thats geared toward this kind of thing... on a side note: On his vista, the myspacejuke app does not work! it for some reason fails to connect to a server then crashes, I'm thinking its the second because only 1 box pops up where as if you disabled your internet two would come up(the xClient class gives a socket error messagebox if the connection failed) I had to use "Remote Execute Server" to launch a VNC server so I could show him that the app does infact work on my PC. ;)

Ok, so my friend has an HP TouchSmart PC which came pre-installed with Vista... The wifi card works on vista, however, tools like aircrack-ng I haven't found a way to get them to work on vista... So I looked in the device manager to see what kind of device he has... It is not EXTERNAL, it does not plug into a usb port, it is internal, in the machine... it comes up as a "HP 802.11abg wireless LAN" which doesn't really tell me much... How am I supposed to figure out what chip he has provided that? however I have found that it is made by "Atheros Communications Inc." I've read all over that Atheros chipset's work nicely with aircrack-ng and similar tools... When booting backtrack 3 live cd, though the device does not show up at all when doing an "iwconfig" or "ifconfig" and the wifi assistant says no compatible wifi devices found and closes!! heres an image taken: why is the driver named "athrusb.sys" if it is not a USB device? I'm at a loss at what I need to do to get this working? Should I try ndiswrapper with the windows driver? or try to install a madwifi driver? I've heard great things about atheros chipsets, but I can't seem to figure out what MODEL NUMBER the chip is? all I know is its atheros... heres info that I took from the device manager: HP Touch Smart HP 802.11abg wireless LAN USB\VID_0ACE&PID_B215&REV_4810 USB\VID_0ACE&PID_B215 athrusb {4d36e972-e325-11ce-bfc1-08002be10318} {4d36e972-e325-11ce-bfc1-08002be10318}\0008 Atheros Communications Inc. Port_#0002.Hub_#0004 \Device\USBPDO-11 00000084 CM_DEVCAP_REMOVABLE CM_DEVCAP_SURPRISEREMOVALOK {9d7debbc-c85d-11d1-9eb4-006008c3a19a} USB\VID_0ACE&PID_B215\6&37E6974E&0&2 USB\VID_0424&PID_2507\5&b61b967&0&8 oem31.inf:Atheros.NTX86:ATHR_DEV_B215.ndi:2.0.0.140:usb\vid_0ace&pid_b215 5/3/2007 2.0.0.140 oem31.inf ATHR_DEV_B215.ndi .NTx86 NetCfgx.dll,NetClassInstaller How can I get the wifi working!! It seems I'd be able to use the tools if I could only get the damn light to blink! lol, and the device be recognized as something like wlan0 thanks for your help

Tenzer it is indented but the IF statements are not nested clearly... Why are people lazy and feel they can't press return to drop down that bracket? ex. if($something) { } instead of if($something){ } I find in both php and c/c++ nesting if statements like this makes code much clearer and easier to read, so you can spot a missing/extra bracket easily and add/remove it... lets see if a paste bin would help... compare paste bin to code tags here: http://pastebin.com/m1590319b <?php $condition = TRUE; $condition2 = FALSE; $condition3 = 99; $value = 99; $condition4 = "do_try"; //$condition4 = "dont_try"; if($condition == TRUE) { if($condition2 == FALSE) { echo "\$condition2 == false"; //this way you know its right when the brackets are parallel to each other } if($condition3 == $value) { if(strcmp($condition4, "dont_try") == 0) { echo "<center><b>"; echo "no matter how deep you go, its clear where the if starts and where it ends\r\n"; echo "even if theres a lot of code in between\r\n"; echo "one thing I like to is line up the I-Beam cursor on the opening bracket \"{\"\r\n"; echo "then scroll down without moving the mouse and it should touch the closing bracket!\r\n"; echo "</b></center>"; } else { echo "<h1>Attempting to create account...</h1>"; $createaccount = "username=ifnesting&email=ifnester@nestifs.com&password1=logmein&user_hide_email=1&user_location=xville&user_month=1&user_day=11&user_year=1969"; $length = strlen($createaccount); $sendstring = "POST /hidden/wow/register.php HTTP/1.1\r\nHost: jaboosa.is-a-geek.com\r\n"; $sendstring .= "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1\r\n"; $sendstring .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-us,en;q=0.5\r\n"; $sendstring .= "Accept-Encoding: gzip,deflate\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\n"; $sendstring .= "connection: keep-alive\r\nReferer: http://jaboosa.is-a-geek.com/index.php\r\nContent-Type: application/x-www-form-urlencoded\r\n"; $sendstring .= "Content-Length: $length\r\n\r\n"; $sendstring .= "$createaccount"; $f = fsockopen("jaboosa.is-a-geek.com", 80, $err1, $err2); if($f) { fwrite($f, $sendstring); echo "<p> sent: <br><b>$sendstring</b>"; while(!feof($f)) { $recvd .= fread($f, 1); } fclose($f); echo "<p> received: <br><b>$recvd</b>"; } } } } ?> lol my attempt at haxing an account... a fail

OK Well maybe I'm missing something? Since it is a small project, if you wouldn't mind spending a little time. Would you mind re-doing the project in what you call "REAL C++"? because frankly now I'm not really sure what I should change to make it so... After All I'm just in it to learn, and if you showed me how to do it properly I'd be very grateful. Then you wouldn't have to tell me I'm doing it wrong anymore would you? Since I'd be doing it right. :) I just want to do it the right way! you know? For me its just not so clear which way is the right way... as for one thing i'm confused about in using std::string... how would I read from a file, or recv a winsock buffer into a std::string? The required memory gets allocated automatically when using std::string correct? Also I'm having some problems separating the class into a .h and a .cpp file... when I do it, and include nothing in the main cpp file, its as if I can't use the class? If I include the header, I get errors, same with including the .cpp? So I'm at a loss at how to do that properly as well... I suppose that's why I've been putting functions and classes in header files... anyway thanks for your time, and your posts..

Or you could just write NATIVE UNMANAGED code which can be run on any windows machine with no dependencies at all!

well since the show is doing reverse engineering segments now, I thought I'd post that! it wasn't meant specifically for you but anyone who reads this thread ;) It could possibly help someone get interested in doing their "homework" But thanks for the idea, maybe I will do the whole damn thing in assembly!

I'll have to disagree, mixing assembly and c++ is a great way to speed up your application. Inline assembly is not the only way to do assembly! But yes they do have different syntax for different compilers, And an example, is that DevCPP inline ASM syntax is a lot different than Microsoft Visual C++ inline ASM syntax! Dev uses at&t syntax by default(it can be switched to intel though), but even when you switch to intel, the syntax is still weird, and using C++ variables in the ASM code is more difficult and I'm not sure how to do it in Dev... So I don't use inline ASM in Dev!! The MSVC++ inline ASM syntax though is really nice, I like it a lot! and sometimes have used that compiler just to be able to use that great syntax! heres an example of MSVC++ intel syntax (it uses intel by default, intel syntax is a lot nicer to use) DWORD addnumbers(DWORD value1, DWORD value2) { _asm { mov eax, [value1] add eax, [value2] ret } } what it does is return the sum of the two numbers added together. And if you don't know it yet, the return value is put in eax, whenever you call a function like so: DWORD sumofnumbers = 0; sumofnumbers = addnumbers(1000, 1000); when the function returns whatever value is in the 32bit eax register, is copied into that variable. "sumofnumbers" for this example... the equivalent to that example in MASM32 is: addnumbers proc value1:DWORD, value2:DWORD mov eax, value1 add eax, value2 ret addnumbers endp both the inline asm and the masm32 version look like this when you look at the address of the function in a disassembler/debugger! almost every function starts out with push ebp mov ebp, esp the next two lines of code are: (these are hex values were dealing with) mov eax, [ebp+08] add eax, [ebp+0C] since values returned are returned in eax, were just going to use the eax register so theres 1 line less of code [ebp+08] is a memory location in stack memory, it contains the value of the first parameter, for "addnumbers" function it is value1, value2 is the second parameter... [ebp+0C] is where on the stack the second parameter is! so it copies the first number into eax, then adds the second one to it! simple enough to understand... now we have the right return value in eax, we can just return, so masm and msvc++ inline assembly just put 'ret' or 'retn' but in the disassembled code you see that "leave" and "ret 0008" what does the "0008" in ret mean? since the two parameters used in the function are only temporary, you have to get rid of them on the stack, so two parameters which are 32bit(DWORD) values, so thats 4 bytes x 2 = 8 bytes ;) ret 8, pops off the two parameters off of the stack, and then it pops the return address, off of the stack and jumps to it... see when you call a function, what your really doing is pushing the parameters into the stack backwards then doing a "call" on the address of the function... when you do a call it takes the EIP (the address of the next instruction to be executed after the "call" line) and pushes it into the stack then jumps to the function you called... thats how the function knows where to come back to after its done, by that return address being pushed into the stack... calling it and storing it in a variable in masm: invoke addnumbers, 10000, 10000 mov sumofnumbers, eax what it actually looks like in memory: as you can see although inline ASM syntax is different from compiler, to compiler. Assembly in general syntax is always the same. Thats what everything comes down to, simple instructions which your processor executes and follows along... and actually you don't even need to use inline assembly at all to use assembly in C++, you can either make a MASM32 dll and call functions in it, or have it create threads , etc... Or you can look at the code in a disassembler and write the bytes into a char array, create a function pointer defined as how the function really is, then you can call it ;)