Title: Wireless-Detective WLAN 802.11a/b/g/n Interception System
1Wireless-DetectiveWLAN 802.11a/b/g/n
Interception System
- Decision Group
- www.edecision4u.com
2 Introduction to Wireless-Detective System
WLAN IEEE 802.11a/b/g/n Interception and
Forensics Analysis System
- Scan all WLAN 802.11a/b/g/n 2.4 and 5.0 GHz
channels for Access Points and STAs. - Captures/sniffs WLAN 802.11a/b/g/n packets.
- Real-time decryption of WEP key (WPA Optional
Module) - Real-time decoding and reconstruction of WLAN
packets - Stores data in raw and reconstructed content
- Displays reconstructed content in Web GUI
- Hashed export and backup
The Smallest, Mobile, Portable and most Complete
WLAN Lawful Interception System in the World!
All in One System!
Important Tool for Intelligent Agencies such as
Police, Military, Forensics, Legal and Lawful
Interception Agencies.
Notes Pictures and logo are property of
designated source or manufacturer
3 Wireless-Detective Implementation Diagram (1)
Wireless-Detective Standalone System - Captures
WLAN packets transmitted over the air ranging up
to 100 meters or more (by using enhanced system
with High Gain Antenna)
WLAN Lawful Interception Standalone
Architecture Wireless-Detective
Deployment (Capture a single channel, a single AP
or a single STA)
4 Wireless-Detective Implementation Diagram (2)
Wireless-Detective Distributed Extreme
Implementation Utilizing multiple/distributed
Wireless-Detective systems (Master Slave) to
conduct simultaneous capture, forbidding and
location estimation functions.
WLAN Lawful Interception Distributed Architecture
Wireless-Detective Deployment (Utilizing min. of
2 systems for simultaneous (Master Slaves)
capturing/forbidding functions. Capture a single
channel, a single AP or a single STA)
Notes For capturing multiple channels, each
Wireless-Detective (WD) can reconfigure/act as
standalone system. For example Deploy 4 WD
systems with each capturing on one single
channel.
5 Wireless-Detective AP Info Capture Mode (1)
Displaying information of Wireless Devices (AP)
in surrounding area.
Obtainable Information MAC of Wireless
AP/Router, Channel, Mbps, Key, Signal Strength,
Beacons, Packets, SSID, Number of Stations
Connected.
6 Wireless-Detective STA Info Capture Mode (2)
Displaying information of Wireless Devices (STA)
in surrounding area.
Obtainable Information Client MAC Address,
Signal Strength, Packets, AP MAC Address, Key
(Encrypted or Unencrypted), SSID.
7 Wireless-Detective Forbidder Mode
- WLAN Jammer/Forbidder Implementation in
Wireless-Detective system - Forbid connectivity of STA
- Forbid connectivity of AP
8 Wireless-Detective AP/STA Info Forbidder Mode
Forbid AP (stop any STA from connecting to the
AP) or Forbid STA (stop the STA from connecting
to any AP).
9 Cracking/Decryption of WEP/WPA Key (1)
WEP Key Cracking/Decryption can be done by
Wireless-Detective System!
Auto Cracking (System Default) or Manual Cracking
- WEP Key Cracking/Decryption-- (64, 128, 256 bit
key) - Active Crack By utilizing ARP packet injection
(possibly 5-20 minutes) - Passive Crack Silently collect Wireless LAN
packets - 64-bit key 10 HEX (100-300MB raw data
/100K-300K IVs collected) - 128-bit key 26 HEX (150-500MB raw data
/150K-500K IVs collected) - 2) WPA-PSK Key Cracking/Decryption-- (Optional
Module Available) - WPA-PSK cracking is an optional module. By using
external server with - Smart Password List and GPU Acceleration
Technology, WPA-PSK key - can be recovered/cracked.
- Notes
- The time taken to decrypt the WEP key by passive
mode depends on amount network activity. - The time to crack WPA-PSK key depends on the
length and complexity of the key. Besides, it is - compulsory to have the WPA-PSK handshakes packets
captured.
10Automatic System auto crack/decrypt WEP key
(default)Manual Capture raw data and
crack/decrypt WEP key manually
- Cracking/Decryption of WEP Key (2)
Automatic Cracking Key Obtained
11Automatic System auto crack/decrypt WEP key
(default)Manual Capture raw data and
crack/decrypt WEP key manually
- Cracking/Decryption of WEP Key (3)
Cracking Manually
12- Cracking/Decryption of WEP Key (4)
WEP Key Cracked!
Select wireless network manually for cracking. If
raw data contains enough IVs, WEP key can be
cracked almost instantly.
13 Wireless-Detective WPA-PSK Cracking Sol. (1)
WPA-PSK Cracking Solution WPA Handshake packets
need to be captured for cracking WPA key. Utilize
Single Server or Distributed Servers (multiple
smart password list attack simultaneously) to
crack WPA key. Acceleration technology GPU
Acceleration
Note WPA handshakes packet can be captured by
Standalone Wireless-Detective system or
Distributed Wireless-Detective systems.
14 Wireless-Detective WPA-PSK Cracking Sol. (2)
WPA/WPA2-PSK cracking module is optional
(dedicated server). Application Utilizing
Password List attack and GPU technology (Graphic
Card Processors) to recover or crack the
WPA/WPA2-PSK Key. Supported WPA WPA-PSK (TKIP)
and WPA2-PSK (AES). Speed up to 30 times faster
than normal CPU. GPU supported NVIDIA and ATI
Notes Pictures and logo are property of
designated source or manufacturer
15Internet Protocols Supported
16Reconstruction Sample Email POP3
Date/Time, From, To, CC, Subject, Account,
Password
17Reconstruction Sample Email SMTP
Date/Time, From, To, CC, BCC, Subject, Size
18Reconstruction Sample Email IMAP
Date/Time, From, To, CC, Subject, Account,
Password
19 Reconstruction Sample Web Mail (Read)
Date/Time, Content, Web Mail Type
20 Reconstruction Sample Web Mail (Sent)
Date/Time, Form, To, CC, BCC, Subject, Webmail
Type
21 Reconstruction Sample IM/Chat MSN
Date/Time, User Handle, Participant,
Conversation, Count
Including Text Chat Messages, File Transfer and
Webcam sessions reconstruction and
playback. Supports Client and Web MSN.
22 Reconstruction Sample IM/Chat Yahoo
Date/Time, Screen Name, Participant,
Conversation, Count
Including Text Chat Messages, File Transfer, VOIP
and Webcam sessions reconstruction and
playback Supports Client and Web Yahoo.
23 Reconstruction Sample IM/Chat Skype Log
Date/Time, Screen Name, Participant,
Conversation, Count
Skype Text, VoIP and Webcam sessions are
encrypted. However, Skype VoIP Call duration log
can be obtained and source destination IP can
be obtained.
24 Reconstruction Sample File Transfer - FTP
Date/Time, Account, Password, Action, FTP Server
IP, File Name
25 Reconstruction Sample Peer to Peer P2P
Date/Time, Tool, File Name, Last Activated,
Send/Receive Throughput, Details
Including Action (Download/Upload), Peer IP,
Port, Peer Port Throughput
26 Reconstruction Sample HTTP Link (URL)
Date/Time, Link/URL
27 Reconstruction Sample HTTP Content
Date/Time, Link/URL
28 Reconstruction Sample HTTP Reconstruct
Date/Time, HTTP Content
29 Reconstruction Sample HTTP Upload/Download
Date/Time, Action, File Name, HTTP
Download/Upload URL, Size
30Reconstruction Sample HTTP Video Streaming
Date/Time, Host, File Name, HTTP Content, File
Size
Play back reconstructed FLV video file
31 Reconstruction Sample Telnet
Date/Time, Account, Password, Server IP, File Name
Support play back of Telnet sessions
32 Reconstruction Sample VoIP
33 Reconstruction Sample Incomplete Sessions
34Data Search Conditions Free Text Search
Search by Parameters/Conditions (Date-Time, IP,
MAC, Account, Subject etc.)
Free Text Search Search by Key Words (Supports
Boolean Search)
35Data Export Backup Reconstructed Data
Backup the reconstructed content (various
application) to ISO file report format.
36Data Backup Captured Raw Data Backup
Backup captured raw data (known) and raw data
(unknown unclassified). Export to external PC
or backup through CD/DVD Burner.
37Conditional Alert Alert through Email
Alert Administrator by Parameters/Conditions
38Online IP List IP Information
Status, IP, PC Name, Last Seen Time, ISP,
Categorized Group
39Location Estimation - Wireless Equipment Locator
Utilizes Wireless Sensors and Triangulation
Calculation/Training methodology to estimate the
location of the targeted wireless devices (AP or
STA). Plane Regression 1 WD as Master system
min. 3 WD as Slave systems (sensors)
Allow finding of approximate location of targeted
wireless device in X-Y plane. Estimation error
depending on surrounding environment (ex
blockage etc.). Normally a few meters.
40 Exporting Raw Data Captured for Further Analysis
(1)
Raw data captured can be hashed exported out from
WD system for further analysis.
Known Raw Data Raw data that can be classified
and reconstructed. Unknown Raw Data Raw data
that cannot be classified and reconstructed.
41 Exporting Raw Data Captured for Further Analysis
(2)
Analyze the raw data files using packet analyzer
tool such as Packet Browser, Wireshark and
Ethereal etc.
42 Exporting Raw Data Captured for Further Analysis
(3)
Analyze the raw data files using packet analyzer
tool such as Packet Browser, Wireshark and
Ethereal etc.
43 Exporting Raw Data Captured for Further Analysis
(4)
Analyze the raw data files by using offline
parsing and reconstruction tool, EDDC (product of
Decision Computer Group)
44 Wireless-Detective Unique Advantages/Benefits
- Smallest, portable, mobile and light weight WLAN
legal interception system. This allows easy
tracking and capturing of suspects Internet
activities especially suspect moves from one
place to another. Suspect wont notice WD
existence as it looks like normal laptop. - Detects unauthorized WLAN access/intruders (IDS).
- Provides detailed information of AP, Wireless
Routers and Wireless Stations (such as channel,
Mbps, security (encryption), IP, signal strength,
manufacturer, MAC) - Provides capturing of WLAN packets from single
channel, AP, STA or multiple channels by
deploying distributed/multiple systems. That also
means flexibility and scalability of deployment
solution. - Provides decryption of Wireless key, WEP key (WPA
cracking is optional module) - Provides decoding and reconstruction of different
Internet services/protocols on the fly,
reconstructed data is displayed in original
content format on local system Web GUI. - Supports reserving of raw data captured (for
further analysis if required) and archiving of
reconstructed at with hashed export functions. - Supports condition/parameter search and free text
search. - Supports alert by condition/parameter.
- Provides Wireless forbidding/jamming function
- Provides Wireless Equipment Locator function.
- The All-in-One Mobile WLAN Interception System
45References Implementation Sites and Customers
- Criminal Investigation Bureau
- The Bureau of Investigation Ministry of Justice
- National Security Agency (Bureau) in various
countries - Intelligence Agency in various countries
- Ministry of Defense in various countries
- Counter/Anti Terrorism Department
- National Police, Royal Police in various
countries - Government Ministries in various countries
- Federal Investigation Bureau in various countries
- Telco/Internet Service Provider in various
countries - Banking and Finance organizations in various
countries - Others
- Notes Due to confidentiality of this
information, the exact name and countries of the
various organizations cannot be revealed.
46Thank You !
Decision Group decision_at_decision.com.tw
www.edecision4u.com