Cracking WEP encryption

teckoda

A good while ago i read up on the new advanced technique of cracking WEP that came up. And recently at the International Hacker camp (Chaos Communication Camp 2007) I attended a talk on WEP, where they mentioned the new tool again.

Aircrack-ptw

Our attack

We were able to extend Klein's attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz and can additionally be optimized for devices with slower CPUs. The same attack can be used for 40 bit keys too with an even higher success probability.

Now i havn't personally tested aircrack-ptw, but i was talking to the guy who done the speech afterwards. It seems like WEP has really hit its low. My own experience lies with aircrack-ng suite.

Has anyone tested aircrack-ptw? Or done anything fun with wifi

mayhem#

Anybody who still uses WEP and expects their data to be safe deserves to be hacked.

E.

monkey tennis

mayhem# wrote:

Anybody who still uses WEP and expects their data to be safe deserves to be hacked.

Unfortunately, that's still a significant percentage of wireless users! Seriously, have a bit of a warwalk around somewhere like Baggot St or the IFSC and it's amazing how many places have WEP-'secured' APs with broadcasted SSIDs that make it obvious what business it is. Mental.

crianp

I have played around a little with aircrack but utilizing such tools on windows produces limited results to say the least, took ages to collect enough data to crack a single wep encryption

mayhem#

monkey tennis wrote:

Unfortunately, that's still a significant percentage of wireless users! Seriously, have a bit of a warwalk around somewhere like Baggot St or the IFSC and it's amazing how many places have WEP-'secured' APs with broadcasted SSIDs that make it obvious what business it is. Mental.

But then again lots of people voted FF back in during the election. That just shows you that dumbassess are still in the majority.

E.

aidan_walsh

mayhem# wrote:

But then again lots of people voted FF back in during the election. That just shows you that dumbassess are still in the majority.

E.

Its not always the fault of the person in question, you know. Sometimes, quite popular devices require that WEP be used to get online with them. In this case, its simply the lesser of two evils.

mayhem#

aidan_walsh wrote:

Its not always the fault of the person in question, you know. Sometimes, quite popular devices require that WEP be used to get online with them. In this case, its simply the lesser of two evils.

I disagree, Most consumer end devices have had WPA (and WPAII) available for a few years now. Peopel should pay more attention to the equipment that they use. If WPA is availabel they should enable it. If it's not enabled it's their responsibility.

E.

aidan_walsh

Nintendo DS. Quite popular, no WPA.

IT Loser

mayhem# wrote:

Anybody who still uses WEP and expects their data to be safe deserves to be hacked.

E.

What sort of scumbag do you have to be to do that?

Its like saying any chick who goes braless deserves to be raped.

Come on for ****s sake.:mad:

What do you suggest??

thehomeofDob

It doesn't help that every Eircom box comes preshipped with WEP activated. I've changed my network to WEP and hacked it using a live Backtrack 2 CD in under a half hour with only one laptop and no traffic on the network. The laptop had to fake auth and then deauth itself to receive the data it needed.
It's insanely easy, and I have little to no linux/wireless experience. A few tutorials and a bit of common sense. With two laptops anyone could do their neighbours networks in a few minutes, and there you go, free broadband.

teckoda

thehomeofDob wrote:

It doesn't help that every Eircom box comes preshipped with WEP activated.

That is exactly what the problem is. How can security be enforced when those who provide us with the stuff don't even enforce good security standards.

Although i'm not complaining, because it means i nearly always have a chance of getting into a broadband connection wherever i am.

tuxy

thehomeofDob wrote:

I've changed my network to WEP and hacked it using a live Backtrack 2 CD in under a half hour with only one laptop and no traffic on the network.

The op talks about also using Aircrack-ptw. I have used this tool and can break into my WEP network in about 5 mins using it. It needs a lot less packets then the old Aircrack. (40k-60k packets, it used to be 1.5 to 2 million)

teckoda

Yes back in the aircrack days it did. Then came aircrack-ng and it was between 200,000 - 500,000.

And now we have aircrack-ptw, which can crack it in less than 1 minute.

whitelightrider

Is this just a Unix based program or can it be used on Windows?

tuxy

It's mainly designed for use on linux.But it is open source so if someone wanted to they could make a windows version.
The thing is, the best wifi drivers for injecting packets and capturing wep are for linux so that's the best operating system to be using for this job.

Frank_Leach

i was told recently of this aircrack programme you can download which provides free access to wireless networks, it cracks the wep key? i think...something like that, i am no expert. and while i have decent broadband, i thought it would be handy to have.
But...every time i type it in, or hit a link from whereer, i get directed to
the "whoops the link appears to be broken" thingy from google search.
it hardly has anything to do with google sponsoring other sites that sell this type of software?
is it around now i should be deleting internet explorer and downloading firefox? any feedback welcome...and yes, i know little about computers, the ecdl is about the height of my expertise. much thanks..

FruitLover

Frank_Leach wrote: »

i was told recently of this aircrack programme you can download which provides free access to wireless networks, it cracks the wep key? i think...something like that, i am no expert

Are you even aware that gaining unauthorized access to someone else's network is illegal? Apart from the ethical considerations, you don't sound like you would be capable (from a technological standpoint) of covering your tracks well enough not to get caught.

dub45

FruitLover wrote: »

Are you even aware that gaining unauthorized access to someone else's network is illegal? Apart from the ethical considerations, you don't sound like you would be capable (from a technological standpoint) of covering your tracks well enough not to get caught.

Amen. Thread locked.