Hi,
My name is Andrés and I'm one of the guys that developed this tool. I will try to reply any question.
I have an iPad 2, if it doesn't seem too risky (I'm looking through the code), I can try it later today.
Modifying the firmware could have some risks. But at least on the devices we tested the worst thing that happend was we have te restore the firmware, the python patcher script makes a backup of the original so only a mv command is required to do this. Please look up the README for more information on this.
This patches drivers. If it screws up he has to restore.
The tool we have released doesn't modify the driver or even the kernel. We only modify the wireless card firmware, for us this was the cleaner solution to do this. You could read the paper or the slides to understand why we do this. There's a link on the end of the post.
HOLY ****ING **** it isn't. This isn't monitor for iDevices. From what I see plowing through the source code, it is a pretty hackish half way attempt at it. It uses a hex difference file generated by Ida to listen on en0. Emphasis on *hex difference file generated by Ida*. Without his methodology, there is nothing to do but wait for him to patch every device, every firmware. So don't get your hopes up. It just uses the hex difference file to allow the script monitor_mode-magic.py to listen to RF traffic. Basically, it does not interface with anything other than that script from what I see. So no, you cannot use aircrack with it. but I may be wrong. But this seems like a very risky and unstable tool, so I'd avoid it until it has garnered more support from a credible developers and reverse engineers. But note that I'm not the best coder, and I've only been looking at it for a little bit, but in my opinion this is *nothing* like what you guys expect it is.
We where able to do some hacks to execute airodump but apparently airodump doesn't work so good with the iOS terminal. Lately we haven't been working on the tool but we will try to release a fix for this some day. A workaround for this is to use monitor_mode_magic_pcap.py script to get a valid pcap file with 802.11 traffic to use it with aircrack executable.
I noticed the .py and thought WTF??!! No actual monitor mode could come from that. Pseudo monitor mode. Dang.
Some one told me tha same some time ago. But as we are patching the firmware of the wireless card, almost anything can be done (related to the functionality of the wireless card).
Well it seems like the devs fixed it up a bit. It looks like they added a help file and fixed it up, as well as added more firmwares and devices. From what it seems this has improved significantly. It seems it allows tcpdump to capture the raw 802.11 Ethernet headers. You use the script to patch your driver (depending on your device) and then tcpdump can capture the frames. You pass the output file tcpdump wrote to monitor_mode_magic_pcap.py, which then extracts the headers and writes them to a new pcap file. Now, I do not have one of the supported devices, but theoretically it should be possible to use this outputed packet capture with aircrack to begin trying to crack the password. SHOULD be able to, I am not 100% sure. If someone has a supported iDevice, it would be greatly appreciated if you would test thi out.
Maybe you could send me your firmware version and we reverse a little bit and release a patch for it.
If some one is interested on providing firmwares of unsupported devices or helping on doing the tool a bit more usable, please contact me.
For the ones that are interested on understanding how this works, the paper and slides are available on the link below.
http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=publication&name=One_firmware_to_monitor_em_allNOTE: sorry if I made some mistakes, but English is not my native language.
