airdecloak-ng -- 移除遮隱訊框的工具

從 pcap 檔案移除 wep 遮隱(cloaking)用訊框，有些 WIPS會傳送一些假造的wep訊框用以愚弄 aircrack-ng，此工具就是為濾掉這假的訊框

基本語法：airdecloak-ng [options]

參數	說明
-i <input_file>	之前擷取封包存檔的檔案路徑(必要)
--bssid <BSSID>	指定過濾來源 AP 的 Mac address  (--bssid  與 --ssid 二擇一使用)
--ssid <ESSID>	指定過濾來源 AP 的 ESSID (代碼) (本項功能尚未實做)
底下參數為選用參數，主要做為過濾用
--filters <filters>	指定過濾元素，可用元素如下：(如用多個，用 , 分隔) signal Try to filter based on signal duplicate_sn Remove all duplicate sequence numbers for both the AP and the client duplicate_sn_ap Remove duplicate sequence number for the AP only duplicate_sn_client Remove duplicate sequence number for the client only consecutive_sn Filter based on the fact that IV should be consecutive (only for AP) duplicate_iv Remove all duplicate IV signal_dup_consec_sn Use signal (if available), duplicate and consecutive sequence number (filtering is much more precise than using all these filters one by one)
--null-packets	Assume that null packets can be cloaked (本項尚未實做).
--disable-base_filter	Disable the base filter.
--drop-frag	Drop all fragmented packets. In most networks, fragmentation is not needed.

應用範例

airmon-ng start wifi0 6                                                                     開啟監聽模式

tcpdump -n 65535 -i ath0 -w wep_cloaking_full_speed_dl.pcap     擷取網路封包

aircrack-ng wep_cloaking_full_speed_dl.pcap -b 00:12:BF:12:32:29 -K -n 64 -d 1F:1F:1F     嘗試破解 WEP 密碼

airdecloak-ng --bssid 00:12:BF:12:32:29 --filters signal -i wep_cloaking.pcap         移除 cloak訊框

airdecap-ng -w 1F:1F:1F:1F:1F wep_cloaking.pcap                進行封包檔解碼