How-To: Hack NetStumbler 0.4.0 to Enable Wireless Zero Configuration

Israel Torres, http://www.chroniclesofawardriver.org/How-To_Hack_NSv0.4.0_Enable_WZC.html
Oct 10/24/2005 - Updated 10/27/05 Download NetCrumbler

Source Application File Installer:
NetStumbler 0.4.0
(1) http://www.stumbler.net/download.php?site=1&filename=NetStumblerInstaller_0_4_0.exe
(2) http://www.netstumbler.com/downloads/netstumblerinstaller_0_4_0.exe

Disclaimer: All information herein is intended for responsible parties only. Do not attempt at any cost.

Introduction
I recently downloaded NetStumbler 0.4.0 to use an alternative wardriving tool when restricted to my Windows laptop.
It is a known fact that NetStumbler disables Microsoft Windows Wireless Zero Configuration Utility when starting up NetStumbler. This is purposeful as wardriving has nothing to do with connecting to foreign Access Points at any time during the wardrive. The author of NetStumbler Marius Milner enabled this restriction with good intention. However Marius did not provide an option for those that used their machines for more than wardriving while NetStumbler is active. Such projects may be remote systems running wardriving systems where foreign APs and authorized APs may mix. Marius constructed a wall so that no one may accidentally connect to a legal access point while NetStumbler is running. After a few hours of tinkering with NetStumbler a flaw was located in how this "wall" was being devised during NetStumbler startup. Using the modified version as depicted below disables this wall. In essence we are disabling the disabler from loading correctly. It is transparent to the user other than just plain not seeing the "Please Wait (While WZC is being disabled) Screen". In the future Marius may provide an integral module where this particular technique no longer works. I have provided the MD5 hashes of the tested versions that work fine in a Windows XP SP2 wardriving system.Verify the hashes are the exact same otherwise there is greater chance that this modification will no longer work as described.

The tutorial below explains to the user how to modify a copy of their installed NetStumbler executable and not the NetStumbler executable itself. Someone may easily create an excutable that modifies this minute piece of data on the fly, but that is not the intention of this tutorial. This tutorial is for parties that are working on projects that may require more functionality than the product allows.

Do not send flames or non-constructive information, if you think this is a bad thing something is wrong with you. Yes, Marius has been notified of this issue.

updated: 10/26/2005
Ok I got bored and wrote up the tool to automate this process in case you aren't savvy in hex editing. I present you with NetCrumbler!

NetCrumbler Instructions:

  1. Download NetStumbler 0.4.0
  2. Verify Installer MD5 Checksum [ 86E7586E4E45444F23EF2B71E2A93BFB ]
  3. Install NetStumbler 0.4.0 (Default Directory - "\Program Files\Network Stumbler")
  4. Open or Browse to NetStumbler Directory "\Program Files\Network Stumbler"
  5. Verify NetStumbler.exe MD5 Checksum [ 5EF079E5D178CB4CA7F2C904465EDF36 ]
  6. Copy NetCrumbler.exe to your NetStumbler directory "\Program Files\Network Stumbler"
  7. Execute NetCrumbler.exe to generate NetStumbler-WZC.exe
  8. Verify NetStumbler-WZC.exe MD5 Checksum [ 2F753FD1D69B5C4138AEDB572F2D58FD ]
NetCrumbler
Download   Description   MD5
NetCrumbler.zip   All of the files listed below in one zip file   4DBCCC088CA5B45F03AC06C77D35561A
NetCrumbler.cpp   NetCrumbler Source Code   95C90A0522BD711C44FD5278E8EF23CB
NetCrumbler.txt   NetCrumbler Read Me Text   85D1EBD904BE55F7B82FBAA325F88FFF
NetCrumbler.exe   NetCrumbler Compiled Executable   B71AFAE1D5E9509A3DFA7793635CA475
NetCrumbler_check_mod.bat   NetCrumbler MD5 Batch Check   FC3237CDBFE852276468A428114F5FEA

Installer MD5 Checksum   86E7586E4E45444F23EF2B71E2A93BFB   netstumblerinstaller_0_4_0.exe
Original MD5 Checksum:   5EF079E5D178CB4CA7F2C904465EDF36   NetStumbler.exe
Modified MD5 Checksum:   2F753FD1D69B5C4138AEDB572F2D58FD   Copy of NetStumbler.exe

-- If you choose not to use NetCrumbler you may do it the original "old school way" using manual hex-editing described below --

Simple Manual Instructions:

  1. Download NetStumbler 0.4.0
  2. Verify Installer MD5 Checksum [ 86E7586E4E45444F23EF2B71E2A93BFB ]
  3. Install NetStumbler 0.4.0 (Default Directory - "\Program Files\Network Stumbler")
  4. Open or Browse to NetStumbler Directory "\Program Files\Network Stumbler"
  5. Verify NetStumbler.exe MD5 Checksum [ 5EF079E5D178CB4CA7F2C904465EDF36 ]
  6. Drag NetStumbler.exe to your favorite hex editor (Suggested Hex Editor UltraEdit-32)
  7. Find 000387b0h:63
  8. Replace with 000387b0h:61
  9. Save as a Copy
  10. Verify Modified NetStumbler.exe MD5 Checksum [ 2F753FD1D69B5C4138AEDB572F2D58FD ]

Original NetStumbler Screenshot in hex editor (Step 1):

Expected Wireless Zero Configuration Behavior (Before modification while NetStumbler is running):

Modified NetStumbler Screenshot in hex editor (Step 2):

Enabled Wireless Zero Configuration Behavior (After modification while NetStumbler is running):

Animated NetStumbler Original:Modified Screenshots in hex editor:

Disclaimer: All information herein is intended for responsible parties only. Do not attempt at any cost.

Israel Torres

Israel Torres - Chronicles of a Wardriver - www.chroniclesofawardriver.org