WEP KEY DECRYPTION OF WINDOWS (XP OR 2000) By Sebastian Maisse Document dated November 10, 2005 Decrypting a WEP key in Windows

by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 Contents Preamble: ................................................ ..................... ............................. ........................................ 3 Downloa d Winaircrack :............................................. ................... ............................... ......... 3 Launch Winaircrack :................ .................... .................................................. ........ ................. 4 Decrypting WPA-PSK, a key :............... ................. ................................. .................................... 28 Conclu sion :........... .................................................. ........... ....................................... ......................... 36 Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 Preamble Welcome to this document is intended to introduce you to the manipulation to cra ck a WEP key in a Windows environment (XP or 2000 see 98). In this document, I w ill use the program Winaircrack which is actually a graphical interface for prog rams airodump, aircrack. WARNING, THIS DOCUMENT IS PROVIDED AS EDUCATIONAL. IN NO EVENT, YOU ARE AUTHORIZ ED TO PUT IN PRACTICE THIS TECHNIQUE ON A NETWORK WHICH YOU WILL NOT OBTAINED PR IOR TO THE AGREEMENT, THE OWNER. In my case, I performed the test on my wireless network staff, it is up to an ac cess point, Linksys brand. Regarding the material used to listen to the wireless network, I used a key brand Sagem WL5061S model (a key supplied with the livebo x wanadoo home). Before beginning the test, if you want to perform this action, you can use the live CD (Linux) named WHAX. In addition, a tutorial on the manip is available at the following URL: http://www.tuto-fr.com/tutoriaux/tutorial-cr ack-wep-aircrack.php Download Winaircrack: In terms of Winaircrack, which I recall is a GUI for aircrack and airodump progr ams, which the author is Hexanium is available at the following URL: http://www. subagora.com/subagora/navigate . php? cmd = soft_detail & ret = 1 & soft_id = 13 2 In this case, we will download the full version of Winaircrack (the complete p ackage), it will not need to download Aircrack extra. http://www.subagora.com/Wi nAircrack/download/WinAircrackPack.zip Moreover, one can also download the progr am WlanDrv the same author: http://www.subagora.com/WinAircrack/download/WlanDrv .zip Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Updated 11-11-2005 Launch Winaircrack: Before Winaircrack launched, it decompresses the file "WlanDrv.zip" which will p rovide information on the USB adapter or wireless network card that we will use. Information about the usb wifi WL5061S Sagem model.

If you have an adapter / wireless network card using a Prism, there is a strong chance that you had to go your way. The information about a usb adapter model WUSB54G Linksys brand. Note: The adapt er has been tested without success, during a second test ... Decrypting a WEP ke y in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-1 1-2005 Once the card information or your network adapter retrieved, you can now decompr ess the file contents "WinAircrackPack.zip" then you run the main program "WinAi rcrack.exe. You will get a window similar to below: General tab window. Here are the windows of tabs WEP, Advanced, and About ... Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 Wep tab window (above), the Advanced tab window (below). Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 Window tab About. The visit made the tabs, we start by listening to our wireless network. To do th is go to the General tab. Then click on the link "click here to get a capture fi le. What effect will display the following: Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 As you can see,€there are various links available on a case that presents itsel f to you. In theory, you should follow the steps in the following order: 1. Gett ing a drivers 'WildPackets' which are available at the following URL: http://www .wildpackets.com/support/downloads/drivers 2. Install the driver "WildPackets' o n its windows. 3. Launch the utility Airodump 4. Return to the Treaty for Winair crack capture file. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 In this case, I have no worries do not concern me in steps 1 and 2. So I went di rectly to Step 3 which is "captured" data packets through the program Airodump. Here I therefore takes into consideration that you have completed the necessary steps 1 and 2 ... before proceeding further in this document. If this is the cas e, we can continue. First, I choose the network interface that I use for listeni ng to the network realized. Select the network interface by the USB key Sagem (choice number 13). I press the Enter key to confirm my choice. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 I chose this type of interface, namely the pilots 'generic' catch that will be u sed.

My choice is a key for that I will use. This is valid only if your hardware is working with its drivers "generic", other wise you will have taken care to install the driver "WildPackets' appropriate fo r your card / adapter. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 Here, we choose the channel that will listen .. it goes 1-14. 0 to listen to all available channels automatically. 0 to listen to all channels. If you know the channel that is used by the network ... In this case, you can sp ecify it directly instead of 0. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 We determine the name of the output file that will be used for recorded data cap ture. Here, I set the output file name "nomdufichierdesortie. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 I decide if my file is intended only in the context of cracking a WEP key. In th is case, it is the case so I answered Y (yes = yes) I answered it and I press the Enter key. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 If all went well you should Airodump throwing wave listening ... BSSID: MAC address of access point (known as XX: XX: XX: XX: XX: XX). CH: Channe l used (example: 11). DATA: Number of packages that have been circulating on the network. ENC: Type of encryption used (in this case WEP). ESSID: Wireless Netwo rk Name (eg WIFIDEMO). Remember: 3 BSSID information are needed, CH, ESSID. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 If instead Airodump posted a screen similar to the one below: I got error with the USB adapter Linksys. This means that the adapter or the wireless card used is not compatible with the PEEK protocol. So, you are advised to install a driver to correct this. Go ahea d, we have our catch which is being shown as our capture below: As you can see here, I have a little more than 400,000 packets recovered. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005

That said, I am still far short of what is to crack a key with a size of 128 bit s. To decrypt a key to 64bit, I need about 300,000 packets (or IVs). To decrypt a 128-bit encryption, I need about 1 million packets (or IVs). That said, if you have a wireless network that will not generate as much traffic it can take a wh ile before reaching the proper amount of package. To this solution, either you'r e patient ... and you let it. Whether you use software that allows packet inject ion on the network. Under windows, there are 2 software available depending on w hether you use a card / adapter Atheros chipset or Prism. For cards with Atheros chipset: CommView for WiFi Tamos society. Website: http://www.tamos.com / produ cts / commwifi / For cards with a Prism: Packet Generator AirGobbler Tucasoftwar e society. Official website: http://www.tuca-software.com/transmit.php For my pa rt, given the fact that I was on my home network, I made some file transfers to allow me to reach the minimum of one million IVs captured. 1 million packets captured. That said, I have started to launch the calculation of the key while continuing to capture new package. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 So while on my window open Airodump, I went back Winaircrack. To do this, click on the link "Click here to return to Winaircrack" in the "Capture Files". This has the advantage of allowing the return to the program while leaving the w indow open Airodump. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 Once back in Winaircrack, and wish to begin unraveling the WEP key. I have provi ded the following information in the General tab window: Type key encryption: WEP (default). Name of the AP (ESSID): here, I put WIFIDEMO . AP MAC Address (BSSID): XX: XX: XX: XX: XX: XX I also have to provide the file or files that are harvest to use for cracking the key. To do this, I click on t he button is then selected the file with the extension. Ivs we will use, attenti on, by default, the extension. Headland is selected. And you click on Open. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 And finally you click on the button to add our file to the list of capture files . You should have a result similar to this: If you want to delete from the list of files capture a file, you press this in m ind, we now launched the Aircrack will allow us to discover the WEP key. To do t his you click on the button Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 What effect will launch a window like this: As we can see, the capture file contains 1,021,950 IVs. Airodump top of captured spirits, aircrack right spirit to unscramble. Decryptin g a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Up dated 11-11-2005

After a moment sooner or later you'll take to other things, we can have two answ ers to decrypt the WEP key. Let first bad news ... In this case, there is not a significant number of IVs ... Therefore, we must co ntinue to listen to the network. Either the answer is positive, it is happiness ... KEY FOUND! No doubt ... Note that in my case, the initial response was negative, insufficient number of package. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 Also, I enabled an option in the tab Wep ... I put the MAC address filter. What to uncovered the WEP key in 2 minutes 06 seconds on a laptop with a Pentium IV at 2 GHz with a total of just over 1.4 million IVs. Note the WEP key in a corner office. That is, if everything went well for you as you should have discovered your WEP key. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 You can leave now and Aircrack Airodump pressing the CTRL and C simultaneously. Having now we have the WEP key of wireless network, we will wish to establish a connection on it. 1: the network that you want to connect is DHCP, in this case the IP will be provided to me and besides, there is no MAC address recognition. 2: the network that you want to connect is DHCP, but an acknowledgment of the cl ient's MAC address is enabled. 3: the network that you want to connect is in sta tic IP, in this case, it must determined the IP range used by the network. Moreo ver, there is no MAC address recognition. 4: The network to which you want to co nnect is in static IP, in this case, it must determined the IP range used by the network. Moreover, there is a MAC address recognition. To change your MAC addre ss you can use the program EtherChange which is available at the following URL: http://ntsecurity.nu/downloads/etherchange.exe EtherChange in action ... The MAC address that I created will be active but before I take off the card or adapter to accommodate the new MAC address. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 You must enter the MAC address without separation ":" that is to say like this: XXXXXXXXXXXX If you want to restore the original MAC address of the card is simp le, choose 2 Go back to the built-in ethernet address of thermal network adapter , do not forget the latter for disabled activated again the old MAC address. For my part I just had to replace the MAC address of my USB adapter for a wireless network connection in view of the fact that DHCP is enabled. The MAC address that I used was noted in the capture file while listening to the network. To do this take a look at the file with the same name as your file. Iv s.

Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 If you're in the situation where the DHCP is not enabled or there is none, and t herefore he will have determined the network address. To do this, we will need a network sniffer ... Ethereal is good in this area. Official website: Ethereal h ttp://www.ethereal.com Once installed if not already done. Launch Ethereal is go to the menu Edit / Preferences, then in the IEEE 802.11 Protocol section, there you go back the WEP key was discovered. Check first "Assume packets Have FCS" . .. then in the WEP key # 1 to return the key. Click the OK button. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 Here, go to the Capture menu / Options and configured like this: Choose the netw ork interface that will be used, here the key Sagem. Select "Capture packets in promiscuous mode" if not already done so. Uncheck "Enable MAC name resolution". Check "Enable network name resolution". Check that "Update list of packets in re al time" and "Automatic scrolling in live capture" is well checked. Then start t he capture by clicking the Start button. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 You should have a lot of motion, allowing you to identify the network address. A filter that lets you find most interesting queries in this case is (bssid == w lan.bssid of ap) & & (TCP) Request that you enter in the Filter field. In this case, the access point IP is 192.168.0.20 From there, it only remains to connect to the network equipped with a hand on th e WEP key and also a valid IP for the network. Note: In many cases the address i s either 192.168.0.x or 192.168.1.x is the address type used most frequently on the wireless network equipment. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 Decryption of WPA-PSK key: Further to decrypt the WEP key, I wanted to test the decryption key to a WPA-PSK . For a description of what a WPA key on the following link: http://fr.wikipedia .org/wiki/WPA That said, I configured a Linksys WAG54G via the web administratio n page is available the IP 192.168.1.1. SSID: WIFIDEMO - Wireless Channel: 10 Security mode: WPA Pre-shared WPA Algorithms: TKIP - WPA pre-shared key: W0I1F2I 3D4E5M6O Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 This done, I save the change and I am looking to Winaircrack to start working. F irst of all I am setting up airodump. An information exchange relative to the configuration I had done a snapshot for WEP. Here the question "Only write WEP IVs (y / n), I answered n (no = no). What effect will record all the data ... therefore my capture file will be of a size larger. In my case, at the end of the capture, the file size presented a 1.4 GB to 2.7 million packets. Furthermore, the extension is. Cap and no. Ivs as befor e with WEP.

The setup made, I started catching ... Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 Here is my access point I set all-and-by (WIFIDEMO). We see that it uses WPA enc ryption and it communicates on channel 10. Being in a wireless network running for the event and therefore may not generate much traffic, I used all the software first AirGobbler Packet Generator Tucasof tware society that I discussed in the part concerning WEP. This software allowed me to generate traffic, but minutes later I had the idea to use the software th at usually iperf can test the usable bandwidth on a network. Iperf is available at the following URL: http://www.noc.ucf.edu/Tools/Iperf/ So I used both as a se rver on a workstation and as a client on the another position. iperf server side : iperf-s client-side iperf: iperf-c 192.168.1.100-t 1000 t = 1000-MB or 1 GB of data transfer This can then be quickly generate a substantial number of packets a few minutes after transfer. A little more than 400,000 packages .. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 After 20-30 minutes, I reached the minimum number package for a key of this type . A little more than 1 million packets. What in the Absolute was a good start to begin in WPA-PSK. So I went back to Winaircrack. There, I n key, in this case WPA-PSK, I returned the ESSID XX: XX: XX: XX). Furthermore, I chose the capture To add the catch: you click on the button then click the button . Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 From there I went to the window tab WPA to add a dictionary that will be used to crack the passphrase I made when configuring my Linksys. The dictionaries are not supplied with Winaircrack cons but share the link "Clic k here for an online dictionary is available. One of the url's where you find di ctionaries is: http://ftp.se.kde.org/pub/security/tools/net/Openwall/wordlists/ For my part, I downloaded the complete dictionary ( 11 MB) bearing the name "all .tgz", so the content is a file all.lst (42MB) and this will give you a dictiona ry for multiple languages and specific dictionaries. Once chosen my dictionary, I have started Aircrack ... By clicking on the button Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 For information, the passphrase may have a size between 8-63 characters. The dic tionary contains over all.lst 4 million words. Aircrack Loading ... parallel decryption of the key selected the type of encryptio (WIFIDEMO) and BSSID (XX: XX: file that I used.

We see the time spent and the number of key tested. Furthermore, we have the pas sphrase (current passphrase) that is currently being tested. Note that the passp hrase to decrypt the encryption type WPA-PSK ... this is very random, or the pas saphrase is not a word about the life of every day, or a name of a person, there will be little chance that the latter is in a dictionary. This could cause seve ral hours of computing time for nothing. Conversely, if the passphrase is of typ e name or word used frequently, you'll have great chance to discover it. For my part, even with the dictionary of 4 million words, after 2:30, I dropped the exe rcise, since the passphrase was not generic type (word or name, etc. ...). I rec all that in this case I had to put W0I1F2I3D4E5M6O passphrase, which was not, I presume in the dictionary that I downloaded. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 As usual, I did work together and Airodump Aircrack simultaneously. For information, when I stopped the calculation of the passphrase, I got 2.7 mil lion packages. Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 If I put a passphrase might be in one of the dictionaries that are available, we would get a screen similar to the one below: KEY FOUND! What happiness ... Hence, it remains only to do as the WEP key, once you get past that, it integrates the network. For the record, I got KEY FOUND ma king a dictionary file with a few words "bogus" and the passphrase I configured the Linksys. Note that a Linux program (WPA cracker) for decryption of WPA-PSK p assphrase is available at the following URL: http://www.tinypeap.com / pdf / wpa _cracker.html Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005 Conclusion Here, I hope that this document has enabled you to apply the decryption key wep see the WPA-PSK key for your wireless network. As you probably noticed, WEP is e asily deciphered, to the contrary, WPA-PSK passphrase that if properly configure d (a65g8hD9j2d style) can take more time before being discovered. If you have qu estions / suggestions about this document, I encourage you to contact me either by e-mail to thecyberseb@hotmail.com or by leaving a message on the forum which is at the following URL: http:// forum.monserveurperso.com For more papers on va rious subjects, made a trip to the url below ... http://tutorial.monserveurperso .com Thank you for taking the time to read this :-) Thanks to the author of this tutorial (Link below) that inspired my tutorial. http://www.tuto-fr.com/tutoria ux/tutorial-crack-wep-aircrack.php Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-11-2005