Difference between revisions of "WEP Cracking"
Line 36: | Line 36: | ||
* '''Key attack''': | * '''Key attack''': | ||
# Detect reuse of Initialization Vectors (collisions), only 2^24 possibilities | # Detect reuse of Initialization Vectors (collisions), only 2^24 possibilities | ||
# Reverse XOR on first 2-bytes on all packets and 12-bytes on well-known ARP packets | # Reverse XOR on first 2-bytes on all packets (KoreK) and 12-bytes on well-known ARP packets | ||
# 12-bytes of the RC4 stream cipher is revealed for that specific frame (Initialization Vector + RC4 stream cipher) | # 12-bytes of the RC4 stream cipher is revealed for that specific frame (Initialization Vector + RC4 stream cipher) | ||
# Build table of Initialization Vectors and RC4 stream cipher pieces | # Build table of Initialization Vectors and RC4 stream cipher pieces |
Revision as of 19:22, 27 August 2009
WEP is infamously known as the totally broken wireless security protocol. Severe misapplication of cryptographic primitives were discovered in 2001 and after several cascading discoveries afterwards, it's now possible to crack a WEP protected network in under a minute. WPA is the successor to WEP and features a better but not perfect security protocol.
Background
There are now many sources that describe the vulnerability in detail and APR replay to generate traffic, but this is a short summary. For an throughout explaination on how WEP is implemented and the vulnerabilities, see the link below.
Types attacks:
- Passive attacks to decrypt traffic based on statistical analysis.
- Active attack to inject new traffic from unauthorized mobile stations, based on known plaintext.
- Active attacks to decrypt traffic, based on tricking the access point.
- Dictionary-building attack that, after analysis of about a day's worth of traffic, allows real-time automated decryption of all traffic.
Original discoveries and papers:
- 2001: (In)security of the WEP algorithm by Nikita Borisov, Ian Goldberg, and David Wagner
- 2001: Intercepting Mobile Communications:The Insecurity of 802.11 paper by Nikita Borisov,Ian Goldberg and David Wagner
- 2007: Breaking 104 bit WEP in less than 60 seconds by Erik Tews, Ralf-Philipp Weinmann, and Andrei Pyshkin
- 2008: Practical attacks against WEP and WPA (TMS, KoreK, PWTW attacks) by Martin Beck
Way of attack
The following way is current the most efficient method to crack a WEP protected network to find its key. The attack can be performed in under a minute.
- WEP encryption:
- 24-bit unencrypted Initialization Vector + 104-bit key (13 characters/bytes), 128-bit key
- Used to generate linear RC4 cipher stream, RC4(IV, Key)
- XOR the message using cipher stream
- Encrypted network frame
- ARP replay:
- On the basis that the first 12-bytes of ARP packets always stays the same
- De-authenticate clients connected to the Access Point or send a fake authentication attack, creating an ARP request
- Capture this ARP packet (encrypted)
- Continuously re-inject ARP packet back to into the network to stimulate traffic (it's a boardcast packet)
- Capture 10-30 000 ARP (and other data) packets
- Key attack:
- Detect reuse of Initialization Vectors (collisions), only 2^24 possibilities
- Reverse XOR on first 2-bytes on all packets (KoreK) and 12-bytes on well-known ARP packets
- 12-bytes of the RC4 stream cipher is revealed for that specific frame (Initialization Vector + RC4 stream cipher)
- Build table of Initialization Vectors and RC4 stream cipher pieces
- Use table to gain a statistical factor for each key byte (13 bytes, 104-bit) using the FMS RC4, KoreK, Klein, and the latest PTW attack.
- Run trails to test key decryption
References
- How to Crack a Wi-Fi Network's WEP Password with BackTrack
- SpoonWEP for Noob
- Part 10: WPA-PSK Cracking with a dictionary attack in Backtrack 3
- Cracking WEP Using Backtrack: A Beginner’s Guide
- Remote-Exploit Backtrack
- Cracking WPA FAST with video cards
- Wireless Security Gabe Rudy
- Cracking WEP and WPA Wireless Networks