Anavrin

There was still stuff in the wiki that weren't explained in Pineap University though.

The wiki at http://wiki.wifipineapple.com/ seems to be down with an "Fatal exception of type MWException" I've been having this error since at least Sept 9 around 17:00 EDT.

I for one, cannot get this working even after following instructions on that page. Keeps saying "No compatible devices found" even though I've installed the drivers with ZADIG...

I was talking about WEP keys, not WPA, I though my quote from your post would've been self-explanatory, oh well... Let me re-phrase my question; If we force a station to try and authenticate with us via Karma or something, we send him a challenge, the station encrypt it with the WEP keys, we then try to decrypt the ciphertext with a dictionnary file until the result equals the plaintext challenge which we already know since we created it. I was asking if this concept was somewhat practicable, or is there some hidden trickery that would prevent this attack. It is less convenient than AP-targeted WEP cracking, but it would be a very effective and decentralized way to mass harvest a lot potential weak WEP keys for multiple AP, 4-ways handshake style, but better.

May be a dumb question, but couldn't we conduct a bruteforce / dictionary attack with that? I mean we made the challenge, so we know the paintext of the encrypted challenge response. Wouldn't it be possible to retrieve the key by taking the plaintext, encrypting it with a bunch of keys listed in a dictionary and compare it to the challenge response? It sure not as convenient as classical WEP cracking, although more convenient than WPA cracking since you don't need the client to explicitly (re)connect to the target AP.