Question Defense Tools Frequently Asked Questions
Answer for the previous letter I would like to ask You crack my cap. After that please tell me that the is successfull. Than I upload the CAP file to the WPA cracker page and I will pay for the crack. Can we come to an agreement? Thank You!
Feb. 17, 2011 by Forest Arpad, Hung.
Thats not how it works. If you want to use our service upload the cap file via the site and pay before the process begins.
Can your MD5 cracker process hashes in the format MD5(Unicode($pass)) ? In other words, the password has been converted to Unicode before hashing.
Jun. 1, 2010
We brute force MD5 hashes that have not been hashed with a unicode and password combination.
Dear Question and Defense Community, Firstly, thank you very much for a generous service, I started to love your service and low prices. Secondly, I have some confusion in my mind about WPA cracking with rainbow tables. As I skimmed, Cracking Passwords Version 1.1 by: J. Dravet (Amazingly helpful document, thanks to him) There is one part about rainbow tables which says, "A set of tables that use the loweralpha-numeric-symbol14 character set for a maximum of 8 character password and a 99.6972% probability of success will take 120 tables and 175GB of disk space. I used winrtgen to get these figures." So, does this mean, if I apply those tables to some .cap file that I upload your web-site, whether if the password is 8 character long, those table will definitely find it in a short time? My main concern is about, are those rainbow tables efficient than aircrack-ng using with Unix or on Windows? So, we don't need to create word list actually but rainbowtables, which is(wordlist) very very difficult for only words 8 char long, even numbers? The reason I think we could apply those tables to WPA are those words, "Rainbow tables can be used to crack the Pre-Shared Keys of WPA..." So, if you please give me a brief information about applying rainbowtables to WPA or even WPA2, I heard very small difference, with BackTrack? And my final question, I guess I need to install BackTrack to my computer in order to use those huge tables, since if I boot only BackTrack from CD or flashdisk, I'll lose all data once I restart the system, right? I hope, I made myself clear, and don't bother you with some unprofessional questions. Thank you very much for your service, effort and tutorials. Best Regards, Faruk TURKEY
Jul. 22, 2010 by Faruk Can Ustaoglu, Turkey/Istanbul
Hi Faruk,
Rainbow tables are technical for the software rainbow crack. The term is commonly misused when referring to wpa lookup tables. Rainbow tables have a .rt extension and only work with rainbow crack software.
A table for WPA is pretty much the same thing. Lookup tables for wpa are pretty much infective because no matter what the word must still be in the dictionary. The other probelm with wpa lookup tables is that they must be made for the essid with which you are testing.
So let me try to spell it out better. The average CPU based computer can generate about 2000-3000 wpa keys per second so a table of 8 characters only lowercase a-z would be 208,827,064,576 keys so if you could do 3000 keys per second that would be:
208,827,064,576/3000/60/60/24
or 805 days to complete the table
So as you can see doing a bruteforce look up table for wpa is really not possible.
As far as I know we have the fastest service around with the most comprehensive wordlist.
Rainbow tables are technical for the software rainbow crack. The term is commonly misused when referring to wpa lookup tables. Rainbow tables have a .rt extension and only work with rainbow crack software.
A table for WPA is pretty much the same thing. Lookup tables for wpa are pretty much infective because no matter what the word must still be in the dictionary. The other probelm with wpa lookup tables is that they must be made for the essid with which you are testing.
So let me try to spell it out better. The average CPU based computer can generate about 2000-3000 wpa keys per second so a table of 8 characters only lowercase a-z would be 208,827,064,576 keys so if you could do 3000 keys per second that would be:
208,827,064,576/3000/60/60/24
or 805 days to complete the table
So as you can see doing a bruteforce look up table for wpa is really not possible.
As far as I know we have the fastest service around with the most comprehensive wordlist.
Dear Sir, Let me know what is Alias/Nick name for WPA Crackers.
Jun. 23, 2011 by Ramesh
The Alias/Nick is simply a nickname... It is what we use to address you in automated emails.
Do you accept credit card payment or only PayPal payment?
Feb. 8, 2010
All of our payments are processed using PayPal however this allows you to pay using a PayPal account, Visa, Mastercard, Discover, or American Express. During the checkout process you will be redirected to PayPal at which time you can either login or specify you don't have a PayPal account by clicking the "Continue" button below the left column section titled "Don't have a PayPal account?". Once you click the Continue button an interface will appear where you will need to put in your credit card number and address information to complete the payment process.
Do you accept payments for your services using PaySafeCard via paysafecard.com?
Jun. 1, 2010
I believe PaySafeCard was created for a way for customers to easily move money between various accounts and online gaming companies. In 2007 the United States government pushed through a bill called the Safe Port Act and like numerous other bills that pass through our Congress/Senate there was a lot of fat and this particular bill had a provision called the UIGEA (SAFE Port Act). This portion of the bill accomplished a couple goals for the US government which included making it illegal for US banks to transfer money to and from offshore gaming company accounts, also blocked all third party processors that dealt with offshore gaming accounts, and various other travesties. This is likely a first step in regulating online gaming in the United States but not only could people not vote against it because of the primary bill (Safe Port Act) but I think it was one of 1,000's of provisions that had nothing to do with US ports and the politicians rarely weed out all the details. The really negative impact comes from transactions like you are talking about which has nothing to do with gaming but makes it really hard to have anonymous transactions online for US residents regardless of their nature. Anyhow our hands are tied in the kind of processors we can use for international clients. We have however accepted cash payment or money order via mail which may not be secure but provides an anonymous alternative to PayPal. I promise we completely understand the thought here so we are open to options at any point in time regarding this scenario. I have worked in the online gaming industry in some capacity since 2003 and the UIGEA has been a thorn in my side ever since it was even thought about to begin with. There is hope on the horizon though as Barney Frank (US Congressman) is working to repeal it though doing so might take forever.
Do you have character combinations longer than 25 numbers, letters, and symbols in your dictionary word list? If not what is the maximum length of character combinations in the wordlist used to crack WPA/WPA2 passwords?
Apr. 1, 2010 by Eric
We do not have combinations at that length in our wordlist. We do have combinations up to 24 characters in length however the majority of the combinations are in the 8 to 12 character combination range. We also do not guarantee we will locate the password so please keep that in mind that we run a dictionary attack with a set list of character combinations (over 550 million combinations) against a WPA/WPA2 handshake capture.
Do you keep the money even if you aren't able to crack the wpa password?
Feb. 18, 2010
Yes we would keep the payment even if the password is not located for a WPA handshake that is uploaded. We charge for the service and do not guarantee that we will find the password. Currently we have a 25% success rate in locating WPA and WPA2 passwords uploaded to our Online WPA Password Cracking service.
Do you offer wordlists specific to languages other than English?
Feb. 8, 2010
Currently we only have one large wordlist being used with the Online WPA Password Cracker however in the near future we are going to offer numerous languages other than English so users will be able to choose between numerous different wordlists or a combination of those wordlists. The pricing will vary based on processing times which is closely tied to the wordlists selected. If you have a specific request for a language that we do not currently offer please use the contact form to let us know so we can do our best to meet your needs.
Do you offer your word-list available for download (for example as a torrent file) and if not do you plan on it any time in the future?
Sep. 3, 2010
No we do not. We have spent many years refining our wordlist and since it is the basis for our entire service we will not be making it available.
Does the dictionary that you use for BruteForcing the WPA-Key include French words? Or do you offer a dedicated French wordlist?
Nov. 20, 2010
We currently do not offer a French specific wordlist as our main wordlist includes many French words already.
Does your wpa wordlist include A-Z(CAPS) for password 8 characters long?
May. 16, 2011
We have many combinations that are all caps and 8 characters long however we do not have all 8 character long all caps A-Z combinations. The technology to crack WPA passwords is still fairly slow and including all A-Z capital letters would be 208,827,064,576. Our wordlist has been refined for years though and we have had success with all capital passwords in the past.
hello i got the.cap file but its 9.5 mb is it normal ? tnx
Oct. 11, 2010 by vladimir, london
Depending on how long you run the network dump and the amount of traffic on the network will determine the size of the cap file. Check out the QD Tutorials for a howto about filtering out only the packets needed for a successful attack on the capture file. We accept capture files up to 10MB in size however it is much easier to upload a smaller capture once you have used our tutorial to strip out the necessary packets.
Hello I'm from Hungary. I wanna try your application but I hasitate now. Have you got Hun dictionary to crack my cap file? The file protected with WPA2TKIP and I dumped with airodump-ng. Thank You!
Feb. 17, 2011 by Forest Arpad, Hungary
We have lots of hungarian words but we do not use special characters from other languages. Our word list includes words from all languages but again no special characters.
Hello my .CAP file containing the WPA handshake was 178 MB's so i had to use the tshark utility to cut out the handshake, however when i try to upload the file it says it won't accept anything but a .cap file, how so? I mean in order to crack a WPA all you need is a 4 way handshake am i correct? Well i believe extracting it with the tshark utility the 4 way handshake is still in tact correct? Well anyways sorry for the long question, i just don't want to change the file from its original state to .cap if it's not what you work with. Also, i don't know an alternate method besides the tshark method, so any insight or feedback would be great, i have plenty of WPA's i need to crack so if you could get back to me ASAP that would be wonderful. -RICK
Mar. 28, 2010 by Richard Ortiz
That is correct we do not accept file formats other than .CAP files. If the original file was a large .CAP file then you can usethis tutorial to cut the file down using tshark and just keep the .CAP ending for the output from tshark.
Hello! Which way do I have to enter the SSID into the edit box on your website if it contains special characters or spaces? Do I have to escape those character using a leading as required by the aircrack-ng suite? Or does it suffice to enter the SSID just the way it is? Thanks in advance for your answer!
May. 11, 2010
You should enter the SSID just how it is. The application will handle the spaces and special characters accordingly.
Hello, I was just wondering if I could offer my machine (ati 5970) for some work... Do you need computational power help? Best Regards, Giuseppe Barbieri
Dec. 21, 2010 by Giuseppe, Germany
We appreciate the offer but we operate all of our own hardware. The only way we would be able to use hardware that people could offer would be if they sent it to our location. Again thanks for the offer but we will respectfully have to pass.
Hey, i have here a winace 2 archive file with password protection, can you crack them ?
Mar. 20, 2010
At this time we do not crack winace files through our automated interface. If you are interested in a quote to crack this file please contact us using the QD Tools contact form located here. This not only applies to winace archive files but also any type of file that cannot be uploaded and cracked automatically on the QD Tools site.
Hi I have a RAR File with a Password. The file size is aprox 4.5 GB so is to big to upload, is posible that I send you the HASH ans you process to obtain the Password. If this is posible how I can get the HASH of the file? Kind regards, Sergio.
Apr. 27, 2011 by Sergio Handal
We would require the entire RAR file and 4.5GB is to large for us to process.
Hi! I uploaded my cap file, but after 2 minutes i got a answer that said it could not find my password. Is it not suppost to take about 3 hours? Regards Haavard
Aug. 5, 2010
The results will return immediately if there is an issue with the file. If this happens just email tools@question-defense.com and we will respond as quickly as possible. If there is an issue with the file it is likely that the capture does not have enough packets to process the dictionary attack. When this is the case we request that you perform a new capture, upload the file again without paying, and let us know via email to tools@question-defense.com. We will process the new capture without charge.
tools.question-defense.com (RSS)