How-To: Hack NetStumbler 0.4.0 to Enable Wireless Zero Configuration
http://www.chroniclesofawardriver.org/How-To_Hack_NSv0.4.0_Enable_WZC.html
Oct 10/24/2005 - Updated 10/27/05 Download NetCrumbler
Source Application File Installer:
NetStumbler 0.4.0
(1) http://www.stumbler.net/download.php?site=1&filename=NetStumblerInstaller_0_4_0.exe
(2) http://www.netstumbler.com/downloads/netstumblerinstaller_0_4_0.exe
Disclaimer: All information herein is intended for responsible parties only. Do not attempt at any cost.
Introduction
I recently downloaded NetStumbler 0.4.0 to use an alternative wardriving tool when restricted to my Windows laptop.
It is a known fact that NetStumbler disables Microsoft Windows Wireless Zero Configuration Utility when starting up NetStumbler. This is purposeful as wardriving has nothing to do with connecting to foreign Access Points at any time during the wardrive. The author of NetStumbler Marius Milner enabled this restriction with good intention. However Marius did not provide an option for those that used their machines for more than wardriving while NetStumbler is active. Such projects may be remote systems running wardriving systems where foreign APs and authorized APs may mix. Marius constructed a wall so that no one may accidentally connect to a legal access point while NetStumbler is running. After a few hours of tinkering with NetStumbler a flaw was located in how this "wall" was being devised during NetStumbler startup. Using the modified version as depicted below disables this wall. In essence we are disabling the disabler from loading correctly. It is transparent to the user other than just plain not seeing the "Please Wait (While WZC is being disabled) Screen". In the future Marius may provide an integral module where this particular technique no longer works. I have provided the MD5 hashes of the tested versions that work fine in a Windows XP SP2 wardriving system.Verify the hashes are the exact same otherwise there is greater chance that this modification will no longer work as described.
The tutorial below explains to the user how to modify a copy of their installed NetStumbler executable and not the NetStumbler executable itself. Someone may easily create an excutable that modifies this minute piece of data on the fly, but that is not the intention of this tutorial. This tutorial is for parties that are working on projects that may require more functionality than the product allows.
Do not send flames or non-constructive information, if you think this is a bad thing something is wrong with you. Yes, Marius has been notified of this issue.
updated: 10/26/2005Ok I got bored and wrote up the tool to automate this process in case you aren't savvy in hex editing. I present you with NetCrumbler!
NetCrumbler Instructions:
- Download NetStumbler 0.4.0
- Verify Installer MD5 Checksum [ 86E7586E4E45444F23EF2B71E2A93BFB ]
- Install NetStumbler 0.4.0 (Default Directory - "\Program Files\Network Stumbler")
- Open or Browse to NetStumbler Directory "\Program Files\Network Stumbler"
- Verify NetStumbler.exe MD5 Checksum [ 5EF079E5D178CB4CA7F2C904465EDF36 ]
- Copy NetCrumbler.exe to your NetStumbler directory "\Program Files\Network Stumbler"
- Execute NetCrumbler.exe to generate NetStumbler-WZC.exe
- Verify NetStumbler-WZC.exe MD5 Checksum [ 2F753FD1D69B5C4138AEDB572F2D58FD ]
Download | Description | MD5 | ||
NetCrumbler.zip | All of the files listed below in one zip file | 4DBCCC088CA5B45F03AC06C77D35561A | ||
NetCrumbler.cpp | NetCrumbler Source Code | 95C90A0522BD711C44FD5278E8EF23CB | ||
NetCrumbler.txt | NetCrumbler Read Me Text | 85D1EBD904BE55F7B82FBAA325F88FFF | ||
NetCrumbler.exe | NetCrumbler Compiled Executable | B71AFAE1D5E9509A3DFA7793635CA475 | ||
NetCrumbler_check_mod.bat | NetCrumbler MD5 Batch Check | FC3237CDBFE852276468A428114F5FEA |
Installer MD5 Checksum | 86E7586E4E45444F23EF2B71E2A93BFB | netstumblerinstaller_0_4_0.exe | ||
Original MD5 Checksum: | 5EF079E5D178CB4CA7F2C904465EDF36 | NetStumbler.exe | ||
Modified MD5 Checksum: | 2F753FD1D69B5C4138AEDB572F2D58FD | Copy of NetStumbler.exe |
-- If you choose not to use NetCrumbler you may do it the original "old school way" using manual hex-editing described below --
Simple Manual Instructions:
- Download NetStumbler 0.4.0
- Verify Installer MD5 Checksum [ 86E7586E4E45444F23EF2B71E2A93BFB ]
- Install NetStumbler 0.4.0 (Default Directory - "\Program Files\Network Stumbler")
- Open or Browse to NetStumbler Directory "\Program Files\Network Stumbler"
- Verify NetStumbler.exe MD5 Checksum [ 5EF079E5D178CB4CA7F2C904465EDF36 ]
- Drag NetStumbler.exe to your favorite hex editor (Suggested Hex Editor UltraEdit-32)
- Find 000387b0h:63
- Replace with 000387b0h:61
- Save as a Copy
- Verify Modified NetStumbler.exe MD5 Checksum [ 2F753FD1D69B5C4138AEDB572F2D58FD ]
Original NetStumbler Screenshot in hex editor (Step 1):
Expected Wireless Zero Configuration Behavior (Before modification while NetStumbler is running):
Modified NetStumbler Screenshot in hex editor (Step 2):
Enabled Wireless Zero Configuration Behavior (After modification while NetStumbler is running):
Animated NetStumbler Original:Modified Screenshots in hex editor:
Tidak ada komentar:
Posting Komentar