Re: Wireless wep crackin on windows
From: Andrew A. Vladimirov (mlists_at_arhont.com)
Date: Fri, 21 May 2004 15:49:51 +0100 To: Aaron Drew <email@example.com>, firstname.lastname@example.org
Aaron Drew wrote:
> Airsnort on windows is limited. You need a card that can be put into monitor
> mode under windows to capture the WEP packets.
Snax has sorted it out by using a demo version driver coming from
AiroPeek. I wonder what AiroPeek guys think about it...
Linux drivers make this much easier.
And allow to do many other things with injecting custom frames,
encrypted traffic etc. Windows drivers are eons away from that, even
though you can deauth undesirable hosts using AirMagnet running on
> As for other tools, the package wep-tools contains a utility for brute
> forcing ASCII based WEP keys.
Mentioned it in my previous post, nice to see I am not alone :)
> These keys are generated using a simple algorithm that is unfortunately
> flawed. It essentially reduces the keylength of WEP from 64/128 down to
> around 21 bits in length. Given just a couple of encrypted data packets, an
> offline exhaustive brute-force attack can be done in about 10-15 seconds on
> such keys.
That flaw applies only to 40-bit keys and was fixed ages ago. In fact,
some vendors did not have that flaw at all, e.g. 3Com. What would be
more interesting is porting WEPAttack to Windows, but I don't know what
would be the equivalents of ZLib and libCrypto for it. Don't know much
about Windows anyway, no source - no fun.
-- Dr. Andrew A. Vladimirov CISSP #34081, CWNA, CCNP/CCDP, TIA Linux+ CSO Arhont Ltd - Information Security. Web: http://www.arhont.com http://www.wi-foo.com Tel: +44 (0)870 44 31337 Fax: +44 (0)117 969 0141 GPG: Key ID - 0x1D312310 GPG: Server - gpg.arhont.com