Chinese WiFinders with built-in password-crackers

NetworkWorld reports on a hot-selling Chinese gadget: a WiFi network-locator with a built-in password cracker. These things show you which networks are available in your area and which password to use to get online with them. Alas, they're not stand-alone USB keys with a little LCD display, just WiFi cards with some specialized software. I betcha next year's model is self-contained, though:
With one of the "network-scrounging cards," or "ceng wang ka" in Chinese, a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people.

The kits are also cheap. A merchant in a Beijing bazaar sold one for 165 yuan ($24), a price that included setup help from a man at the other end of the sprawling, multistory building.

The main piece of the kits, an adapter with a six-inch antenna that plugs into a USB port, comes with a CD-ROM to install its driver and a separate live CD-ROM that boots up an operating system called BackTrack. In BackTrack, the user can run applications that try to obtain keys for two protocols used to secure Wi-Fi networks, WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). After a successful attack by the applications, called Spoonwep and Spoonwpa, a user can restart Windows and use the revealed key to access its Wi-Fi network.

Wi-Fi key-cracking kits sold in China mean free Internet (via /.


  1. So, the very existence of this basically invalidates any legal claims that IP infractions over wi-fi are are prosecutable/suable/disconnectable offense, right? Right?

    On a side note, what do you think about the ethics of using a device like this for normal surfing?

    I am not generally opposed to piracy, because of the basic idea that for theft to have ocurred, you have to deprive someone of something they would otherwise have.

    What about in this case? If you just check your email or do light surfing on a cracked all-you-can-eat broadband wi-fi, there is no way they could possibly notice a difference (running torrent is another matter).

    So, it seems to fall into the same category: not a crime, because there is no clearly identifiable victim. Their web pages loading .00001 seconds slower just doesn’t meet some undefined threshhold to me. I just can’t find a problem with it.

    Am I wrong to compare this sort of thing to file sharing?

    1. I agree with nearly everything you said and love free wifi and have no problem with someone using mine for the purposes you stated, however i can think of an exception or two. Lets say someone uses your wifi to look up something a lot less then good, howabout kiddie porn. It’s no bueno to begin with, but if someone accesses it from your connection its really no bueno. Now what if some identity theft monkey business or something else of that nature happens from your network, still not good.

      However I believe the vast majority of people who “steal” wifi do so do it for benign purposes, email, facebook, boing boing <3, youtube etc... I personally think that there should be large publicly funded wifi networks open to everyone.

      1. My wifi’s open, just because I always appreciate finding an open network when travelling. It doesn’t attract much use or I might reconsider. You can tell when you’re sharing the connection with someone. Then again, I do have almost the slowest possible DSL.

    2. Are you trying to justify your miscreant behavior? When I was younger bubble gum was only a penny. Not much value, but taking it from the corner merchant, I knew, was wrong. No, it wasn’t going to hurt the merchant much, but if he caught me, I would lose his faith in me. BTW… for 10 years I couldn’t visit our neighborhood store because I was caught stealing a 25 cent snack cake.

      Theft is taking something without permission. It doesn’t matter if it’s penny bubble gum or secured wi-fi signal. If you use the wi-fi signal without permission of the person who is transmitting the signal (if it is encrypted the signal is meant to be private) you are a thief regardless of how much is used.

      1. … and here I am sitting, absorbing/stealing all these microwaves and cellular data that I don’t want and haven’t paid for anyways.

        Or: My neighbor’s broadcasting a signal that’s seeping into MY house and is hanging in the air, but I’m not allowed to touch or do anything with it?

      2. “When I was younger bubble gum was only a penny.”

        it’s worth noting that when you were younger a penny was worth 40 times what it is now.

        “Not much value, but taking it from the corner merchant, I knew, was wrong. No, it wasn’t going to hurt the merchant much”

        ok stop right there – taking the gum deprives the merchant of that property, deprives him of the opportunity to sell that property.

        “Theft is taking something without permission.”

        True – but define ‘take’. when you use someone else’s wireless, are you taking anything from them? are you depriving them of their internet, or even some amount of bandwidth?

        if someone is barbecuing, is it wrong for me to sit downwind and derive pleasure from smelling it?

        it’s not a matter of justifying miscreant behavior – your argument is loaded from the start by declaring it as being such as a premise. the issue is, IS this miscreant behavior?

        1. As has been pointed out, stealing bubble gum is completely different from stealing wifi. It’s not even comparable in the slightest. In the gum example, you’re denying the owner of a physical item, an exclusive item. With wifi there is no exclusivity and (hypothetically) you’re denying the owner nothing.

          However, in reality, you are still breaking laws. You are not allowed to crack the password on a wifi network even if it comes into your house. It’s a felony. All this discussion of the moral implications of it ignore the fact that you’re accessing a network without permission and bypassing security features – both highly illegal.

          I don’t mind someone using my wifi when it’s not password protected, but if it has a password, I think that’s wrong. It’s like using a drinking fountain versus defeating the lock on a hose tap and using that. One implies permission, the other does not.

        2. I disagree. You are taking something from someone. The problem is one of value. Value is derived from the usage of a product or service. Penny bubble gum has value to both you and the merchant, therefore when you agree upon a price for that bubble gum you are exchanging value for value. That’s the basis of commerce.

          Recognizing that value is derived by usage of the internet, you are depriving the owner of that value, albeit very small, when you use that Wi-Fi internet connection without permission. This is not an outdated concept. When I secure my internet connection, it should be clear that I don’t give you permission to use my connection, it’s similar to a locked door.

          I have a problem with people who are gaining value at the expense of someone who has not given their permission for you to consume it. We call it theft.

      3. Your idea of theft is based on an outdated concept of ownership. It’s not your moral basis that’s in question, it’s your inability to realize our previous definition was incomplete.

    3. While I feel that you are generally correct that “stealing” wifi to check email or some other such low bandwidth use doesn’t really deprive someone of something they would notice. You would still be technically depriving someone of bandwidth of a quantifiable amount. The fact that it’s essentially unnoticeable is largely irrelevant to the question of it being theft. This said, I maintain 2 networks on my property an open wifi and a closed wifi. I largely don’t care about the bandwidth usage, but prefer not to have people hopping onto the network my private data is maintained on.

    4. This is great. So I break into your home and read your mail and learn a bunch of neat personal thigns about you. Find some nude pictures of your wife/daughter/you and scan these into my computer that I handily have with me.
      Then I post these on some porn site or other place that lets me easily post porn/r-rated stuff.
      And you are ok with that?
      Or I reveil some personal information on the web
      Oh even better I find your passwords or family passwords taped tp the bottom of a keyboard or wherever and then I log into your accounts and mess with your information.
      I have not stolen anything but your definition so this is all ok.
      Wonderful. I like your ethics.

  2. As far as I know some networks work like that: you can access others’ wifi when you travel and in return your own wifi is accessible (to members).

    Worse is the absence of access points for mobiles or laptop as soon as you leave home. My neighbours use my wifi and I don’t care as it is unlimited.

    I guess that file sharing is quite different: p2p is not used anymore (or shouldn’t) except in tv streaming applications. All you have to do is fetch a file which was intentionally stored in some database and which you found because you were told about it.

  3. This isn’t anything special – seems like it’s just the Backtrack “offensive security” LiveCD (which is freely available from the backtrack-linux site), probably packaged with an aircrack-ng compatible USB wifi adaptor (which are likely widely available in the US). AFAIK, the only reason you’d need more than just the backtrack liveCD, is that not all wifi chipsets can be used for things like packet-injection, that make cracking wifi passwords much easier.

    So, you could probably put this kit together yourself, very easily, without a trip to China.

  4. One one hand, using someones network without their approval is at very least rude, and in some cases illegal.

    On the other hand by doing this you’d get a somewhat encrypted connection which is theoretically much safer than an unencrypted connection. So that’s good.

    On the other other hand accessing an unknown network and thinking it’s at all secure is a good way to learn a lesson in identity theft.

    1. On the other other other hand, if cracking WiFi networks were only *slightly* easier, it’d be a viable alternative to having to ask your tech-illiterate friends what their bloody WEP or WPA password is…only to have them then spend 15mins turning their house upside down looking for that little piece of paper where they just KNOW they wrote it down, which has to be around here SOMEWHERE… *sigh* :/

    1. “Circuit of Different batches of the product maybe slight changes, including various version IC replacement.”

      That line is the kicker, right there, in the device you link to. They reserve the right to drop in a completely different 802.11G chipset, requiring different drivers, quite possibly with different capabilities(basic send/receive are always pretty much the same; but things like passive mode, packet injection, and other details differ a lot. As does quality of linux driver support).

      Frankly, what interests me about this Chinese kit is not the cracking part(which is blatantly derivative of what Backtrack has been doing for some years); but the “cheap, linux and Backtrack capable wifi adapters being sold as such” part.

      It is hardly impossible to find adapters well supported under Linux, sometimes including the crack-friendly stuff; but most major vendors(ie. just about any brand you’ve heard of in the US/West generally) make it unnecessarily difficult. They have a “model number”, which corresponds to a broad set of specs; but need not correspond to any particular chipset. Indeed, the chipset is generally not identified on the package at all, and is subject to change.

  5. I run BackTrack from time to time to crack neighbors wifi. It’s a cool little OS…

  6. I did this myself a couple of years ago. Found a Backtrack tutorial on Youtube, downloaded Backtrack for free, bought the USB wireless dongle the kid in the tutorial recommended for $12 on ebay and was cracking keys ten minutes after it came in the mail. WEP is astonishingly easy to crack. WPA not as much, but it’s still doable.

  7. 13tales is correct. There is nothing special with the wifi card.

    The important thing is the software. It is not compatible with all wifi chipsets and all the chinese did is to package the CD with an appropriate wifi card

    yes you can just download the software for free and if you happen to have a compatible wifi chipset, you’re good to go

    but personally, the software is not that easy to use if you dont have a step by step tutorial

  8. This is not anything new. As has been pointed out, this has been available for a while, and the wifi card does not have a built-in password cracker. The password cracker is part of the Backtrack live cd distro.

    There was talk for a while of “hostileWRT” and the “Hadopi router” that was supposed to have the password cracking software built into the router so that you could create your own network with the router by mooching wifi connections. Anyone know what happened to that?

  9. BackTrack is free and the pre-existing wireless in most computers can already do this. I would consider myself scammed if I paid for that

  10. There are a few multi-antenna, wep/wap crackers appliance / kits out. Not sure really what China really has todo without it.

  11. “BackTrack is free and the pre-existing wireless in most computers can already do this. I would consider myself scammed if I paid for that”

    Not true. For a card to work with Backtrack it needs to be able to go into “monitor mode”, and that’s pretty rare actually, and pretty much unheard of for built in wifi cards. The card in that ebay link posted above looks like a rebranded Alfa card, which is considered far and away the best for the purpose, and has the nice perc of being about the strongest signal card you can buy.

    What I wonder is how much work they put into the version of Backtrack that they’re including with the “kit”. Did they write any custom startup scripts that will bring the card up and put it into monitor mode? Are there links on the desktop to scripts that scan available networks, and maybe even start injecting packets to networks with connected clients? At a minimum, did they clean out the non-wep cracking utilities from the start menu? If not, its a shame, since it would be so easy to do and would make it much easier to crack a wifi network for people who aren’t comfy with a command prompt.

Comments are closed.