Re: Wireless wep crackin on windows

From: Andrew A. Vladimirov (mlists@arhont.com)
Date: Fri May 21 2004 - 10:49:51 EDT


Aaron Drew wrote:
> Airsnort on windows is limited. You need a card that can be put into monitor
> mode under windows to capture the WEP packets.

Snax has sorted it out by using a demo version driver coming from
AiroPeek. I wonder what AiroPeek guys think about it...

Linux drivers make this much easier.

And allow to do many other things with injecting custom frames,
encrypted traffic etc. Windows drivers are eons away from that, even
though you can deauth undesirable hosts using AirMagnet running on
Windows CE.

>
> As for other tools, the package wep-tools contains a utility for brute
> forcing ASCII based WEP keys.

Mentioned it in my previous post, nice to see I am not alone :)
>
> These keys are generated using a simple algorithm that is unfortunately
> flawed. It essentially reduces the keylength of WEP from 64/128 down to
> around 21 bits in length. Given just a couple of encrypted data packets, an
> offline exhaustive brute-force attack can be done in about 10-15 seconds on
> such keys.

That flaw applies only to 40-bit keys and was fixed ages ago. In fact,
some vendors did not have that flaw at all, e.g. 3Com. What would be
more interesting is porting WEPAttack to Windows, but I don't know what
would be the equivalents of ZLib and libCrypto for it. Don't know much
about Windows anyway, no source - no fun.

Cheers,
Andrew

--
Dr. Andrew A. Vladimirov
CISSP #34081, CWNA, CCNP/CCDP, TIA Linux+
CSO
Arhont Ltd - Information Security.
Web: http://www.arhont.com
      http://www.wi-foo.com
Tel: +44 (0)870 44 31337
Fax: +44 (0)117 969 0141
GPG: Key ID - 0x1D312310
GPG: Server - gpg.arhont.com


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:54 EDT