Introduction on WEP security

As we covered in the Wep Security article , Wep is really an unsafe method of securing a wireless network. What makes wep really unsafe is the 32 bit ICV being static for each frame. This opens a wide variety of techniques to be used to crack a wep key. In this article we will try to understand how the most spread wep cracking tools work and in the end we will review them giving some practical ideas of how successfull they can be.

The idea behind passive wep cracking technique

When Wep appeared in early '99 the only technique being used to hack it was the Fluhrer-Mantin-Shamir, a statistical analysis of the so-called weak packets running through air between access points. AirSnort was capable of cracking wep keys starting from some millions (5-10 millions according to the author) of packets with weak ICV sniffed from the wireless net. Tools like Kismet did an important job recognising how many of them were "weak" by isolating and counting them. The first historical tools to implement the Fluhrer-Mantin-Shamir techniques were Airsnort itself and WepCrack).

All the so called passive techniques work on a certain number of available ("good") packets collected by sniffing the net using a tool like ethereal and then feeding some other tools like weplab or aircrack that do the final important job of cracking the wep key according to the ICV of the sniffed packets.

With the modern tools, the number of packets needed to achieve a successfull wep key recovery, varies from some hundreds thousand to half a million: much less work compared to what airsnort required. According to key length, the number of encrypted packets aircrack requires is about 200,000 for a 64 bit key and 500,000 for a 128 bit key. airodump is the packet capturing tool inside aircrack; it can be used side by side with Kismet to receive all the necessary packets for a cracking job. Of course the more encrypted packets ( with the same ICV) you have, the less time the tools will take to recover the wep key.

The most used tools nowadays are indeed aircrack and another famous package by Ignacio Sanchez: WepLab. Both them are used to crack the key while WepLab includes a dictionary/brute force cracking engine that is often successfull and time saving.
The key guessing tolerance level in tools like aircrack and weplab is essential to achieve a succesfful and time-limited key recovery. In Weplab, this tolerance level , can be set by issuing the parameter --parc XX where XX is a percentage value that indicates how wild the program should be while guessing new keys. The default value for WepLab is set to 50%. Increasing it it may result in better achievements as more keys are generated but also in a longer time needed for cracking it. Try to increase it if you do not recover the key with default settings.
Aircrack uses the fudge factor setting to set the tolerance level. Increasing it when it is feeded with more than 5 millions packets may take to satisfying results. When dealing with many millions of packets , optimal settings for aircrack and weplab are 6(or more) - 90%.

The best choice when you have more than 10 millions of packets (not easy to achieve) available is still AirSnort as we said in the first paragraph of the chapter.

Traditional attacking methods

Being wireless security still a new issue in the industry, many vendors are not yet concerned at producing secure devices with strong default keys. Many wireless access points are still set up with the vendor's default key thus allowing anyone to get into it without any sniffing or cracking effort. Moreover home and small office implementations use really weak keys and very often they can be recovererd by a simple dictionary attack. WepLab, dwepcrack and other similar tools do the dirty job for us.

Recognising the access point vendor, while trying to guess a key through a brute force attack, can lead to a great time saving. From vendor to vendor the construction of the key may vary. The most common method is the MD5 hashed passphrases that can be attacked by dwepcrack through an intelligent and optimised brute force engine resulting in a less time consuming cracking task.

Active attacks and chopchop

As we have seen passive attacks are completely stealth on the net avoiding "noise" on the net traffic.
Active attacks are those taken by issuing certain packets over the net and waiting for a valid response from the access point.
There are different kind of techniques that can be used to achieve this. The most common is the Replay technique implemented by aireplay tool. It consists of sending a lot of encrypted packet to the AP in order to receive enough response packets from it to start a cracking job.
This can be achieved by issuing ARP packet that usually involve a response from the receiver. This method can generate the few hundreds thousands or even million of packets that aircrack needs to discover the wep key and all this into really few minutes. Note that the packets being received are encrypted using different IV.

By studying how a given plaintext is crypted using a certain IV opens a new breach into wep security. Tools like wepwedgie are capable of inecting packets well-encrypted and recognized by the access point as if the sender knew the correct wep key, allowing full scan and any kind of attack to the net.
The only thing wepwedgie needs is some ciphertexts that corresponds to known plaintexts. Then by reversing the ciphertext formula
C = (M+c(M))+RC4(IV +k) (taken from Adam Stubblefield's paper , where "+" means cuncatenation") it is possible to retrieve the keystream that generated from a particular IV. Refer here for more infos on how to retrieve known ciphertexts from shared key authentication mode.

But the most revolutionary tool released to decrypt wep is chopchop. It's author is KoreK the same who worked out the algorith behind aircrack. Chopchop is an open source small active tool that decrypts packets byte by byte sending them to the AP and then acting according to its response. Once a recognized response is received the byte n.0 is decrypted and the program starts guessing for the byte n.1 and so on. It can generate thousands (multicast) packets per seconds and at the time I write chophop is only capable of decypting IP/ARP packets. For more infos on chopchop please refer to netstumbler forum where KoreK released the tool.