DESCRIPTION airuncloak-ng is a tool that removes wep cloaking from a pcap file. Some WIPS (actually one) can actively "prevent" cracking a WEP key by inserting chaff (fake wep frames) in the air to fool aircrack-ng. In some rare cases, cloaking fails and the key can be
recovered without removing this chaff. In the cases where the key cannot be recovered, use this tool to filter out chaff.
The program works by reading the input file and selecting packets from a specific network. Each selected packet is put into a list and classified (default status is "unknown"). Filters are then applied (in the order specified by the user) on this list.
They will change the status of the packets (unknown, uncloaked, potentially cloaked or cloaked). The order of the filters is really important since each filter will base its analysis amongst other things on the status of the packets and different orders
will give different results.
Important requirement: The pcap file needs to have all packets (including beacons and all other "useless" packets) for the analysis (and if possible, prism/radiotap headers).