This is part one in a two part paper on kracking WEP with Windows XP. This first part covers sniffing wireless traffic and obtaining the WEP key. Part Two will cover associating with a Wireless AP, spoofing your MAC address, trying to log on administratively to the AP and further things you can carry out on the WLAN once authenticated successfully.
What is WEP:
Wired Equivalent Privacy (WEP) is often mistakenly thought of as a protocol designed to 100% protect wireless traffic, when this is not the case.
As its name suggests it was designed to give wireless traffic the same level of protection as a wired LAN, which when you think about it is a very hard thing to set out to do.
LAN’s are inherently more secure than Wireless LAN’s (WLAN) due to physical and geographical constraints. For an attacker to sniff data on a LAN they must have physical access to it – which is obviously easier to prevent than to prevent access to traffic on a WLAN.
WEP works at the lower layers of the OSI model, layers One and Two to be exact, so it therefore does not provide total end to end security for the data transmission.
WEP can provide a level of security between a Wireless Client and an Access Point or between two wireless clients.
WEP Standards:
WEP is commonly implemented as a 64 bit or 128 bit encryption. These encryption strengths can sometimes be referred to as 40 bit or 104 bit due to the fact that each data packet is encrypted with an RC4 cipher stream which gets generated by an RC4 key. This RC4 key for say a 64 but WEP implementation is composed of a 40 bit WEP key and a 24 bit Initialization Vector (IV) – hence the 64 bit RC4 key, however the actual WEP part of it is only 40 bits long, the IV taking up the other 24 bits, which is why a 64 bit WEP key is sometime referred to as a 40 bit WEP key.
This resultant cipher is ‘XOR’d’ with the plain text data to encrypt the whole packet. To decrypt the packet the WEP key is used to generate an identical ‘key stream’ at the other end to decrypt the whole packet but more about this later on, I will also go over the IV’s in more detail later on as well.
Failures of WEP:
We have heard everyone say WEP is easy to krack and should not be used, can be kracked in 10 minutes etc but why is this?
Well in my opinion WEP is seriously flawed for the following reasons:
1) Initialization Vectors are reused with encrypted packets. As an IV is only 24 bits long it is only a matter of time before it is reused. Couple this with the fact you may have 50 + wireless clients using the same WEP key and the chances of it being reused improve even further.
An IV is sent in clear along with the encrypted part of the packet. The reuse of any encryption element is always a fundamental flaw to that particular encryption and as an IV is sent in clear this further exposes a significant weakness in WEP.
As more RC4 cipher steams are found and more IV’s are deciphered and the closer we get to discovering the WEP key.
This is what forms the foundation of WEP kracking.
2) The algorithm used to encrypt a WEP ‘hash’ is not intended for encryption purposes. The original purpose of the Cyclic Redundancy Check (CRC-32) was to detect errors in transmission, not to encrypt data.
3) The most significant flaw in my opinion is the mass use of the WEP key. Everything using that particular AP will need the same WEP key hence all the resultant traffic will be using the exact same WEP key as well.
The one not so obvious side-affect of this is when it comes to administering the network. If you have 60 wireless clients all using the same WEP key, do you really want to go and periodially change them all…..it is easier to leave it as it is. I am guilty of doing this on a network I used to administer a few years ago as I am sure others are who still use WEP.
Wireless Standards:
The Institute of Electrical and Electronic Engineers (IEEE) defined specifications for wireless traffic back in 1997. The protocol they came up with is the 802.11 standard.
Nowadays 802.11 has many different implementations for wireless traffic. The most common ones are:
1) 802.11 – this specifies that the wireless traffic will use the 2.4GHz frequency band utilizing either Frequency Hoping Spread Spectrum (FHSS) or Direct Sequence Spread Spectrum (DSSS). The FHSS is a protocol whereby the traffic ‘hops’ to pre-defined frequencies and is commonly used to reduce the effects of noise or interference in the transmission. DSSS is also a protocol used to reduce noise interference by combining the signal with a higher data rate bit sequence (commonly called a chipping code) which separates the data up in to a logical sequence and attaches a form of CRC to the packet before transmitting.
2) 802.11a – this provides data transmission in the 5GHz band at a rate of anything up to 54Mbps. Unlike the original 802.11 specification this uses Orthogonal Frequency Division Multiplexing (OFDM) to encode the traffic instead of FHSS or DSSS. OFDM is a method of transmitting digital data by splitting it up in to smaller ‘chunks’ and transmitting them at the same time but on different frequencies, which is why the data transfer rate is quite good.
3) 802.11b – came along in 1999 with the intention of allowing wireless functionality to be similar to that provided by Ethernet. It transmits data in the 2.4GHz band at 11Mbps using DSSS only. Is sometimes called Wi-Fi.
4) 802.11g – this works in the 2.4 GHz band at a rate of 20Mbps or more and came along in 2003. It uses OFDM like 802.11a and transmits data in a very similar way. However unlike 802.11a it is backward compatible with 802.11b.
A point worth noting here is if you have an 802.11b Wireless Adaptor you will not be able to receive 802.11g traffic. If you do want to get in to WEP kracking it is well worth your while investing in a dual band card. I will talk about Wireless Adaptors more later on.
How do we krack WEP:
Well kracking WEP is fairly easy to understand if you have followed what I explained above. We briefly touched on IV’s and WEP encryption and how they tie in together. To put it very simply, if you can decipher the IV algorithm you can decrypt or extract the WEP key.
As I stated before WEP very kindly transmits the IV in clear, so if we can run a mathematical equation against it we can find and decipher the RC4 stream that encrypted the whole packet in the first place.
The WEP ‘key’ is the missing value [key] from this mathematical equation. Remember the AP or the client has this key to use when decrypting the packet and is what we must find by running a complicated algorithm against the encrypted packet.
If you think about it like this it may become clearer:
You have an algorithm that is produced by concatenating a randomly generated 24 bit IV with your WEP Key – You also have an RC4 Key stream - the two are then ‘hashed’ together to encrypt the packet.
The IV is the hub of the whole process as this is they only thing that has used your WEP key. If we run a statistical anyalisis against the IV to try and decrypt the packet, we can find the key used at the begining of the process.
When you try to decrypt them, every time you krack a piece of the algorithm the corresponding plain text part of the packet is revealed, once the whole packet is decrypted you know the algorithm used to encrypt that particular packet – A crude way of describing it but as simple as I can make it.
Any attacker can passively collect encrypted data, after a while due to the limitations explained earlier; two IV’s that are the same will be collected. If two packets with the same IV are XOR’d, an XOR of the plain text data can be revealed. This XOR can then be used to infer data about the contents of the data packets.
The more identical IV’s collected the more plain text data can be revealed. Once all the plain text of a data packet is known, it will also been known for all data packets using the same IV.
So before any transmission occurs WEP combines the keystream with the payload using an XOR process, which produces ciphertext (data that has been encrypted). WEP includes the IV in clear in the first few bytes of the frame. The receiving AP / Client uses this IV along with the shared secret key (Your WEP Key) to decrypt the payload of the frame.
XOR is a mathematical algorithm which I am not even going to attempt to explain. This site explains it very well though, and you can click here:
So in short – the more identical IV’s we can get the more plain text data we can reveal and the closer we get to obtaining the key used to encrypt the data in the first place.
As it is not pre-determined when we are going to receive identical IV’s it is impossible to say how many IV’s need to be collected but more about that later.
Software Used:
For this attack I am going to use airkrack-ng for Windows which can be obtained from here .
Whilst here download cygwin1.dll and paste it in to the same folder as Airkrack-ng. There is a copy of cygwin1.dll included already but the one available from the tinyshell site is a later version of it.
The peek.dll and peek5.sys files also need to be in the same directory as airkrack. They are available here:
If you download Winairkrack - which is a GUI version of what I cover in this paper - copy the peek.dll and peek5.sys files across to where you have airkrack stored. You will get a peek driver not found message if you dont do this.
Once it has downloaded you have to option of pasting the directory path of it in to your Command Prompt path so you can start the application straight from the command line without having to ‘CD’ to the correct directory.
For example I copied this in to my path: C:\Documents and Settings\Nokia\Desktop\airkrack-ng-0.3-win\airkrack-ng-0.3-win\bin
In the bin folder is airodump and airkrack-ng – so now I can just type airodump straight in to the command prompt to run the application.
To add something to your path:
Right click My Computer > Properties > Advanced > Environment Variables > Under System Variables highlight PATH > Edit > enter the directory path using a ; to separate it from any existing entries.
You also need to go to Wild Packets to pick up a new driver for your card.
I have found that the most common cause of stress when trying to krack WEP is incompatible hardware. The Airopeek driver from Wild Packets is not compatible with all types of hardware. There is a list of supported adaptors and the relevant driver you need to use on the web site.
For this krack I am using an Atheros based NETGEAR WAG511 DUAL BAND adaptor which you can get from HERE for £35.99.
This card works with Whax, Auditor and BackTrack pretty much straight out of the box. It is also a dual band so you don’t have to worry about sniffing traffic on a ‘g’ WLAN when you have a ‘b’ wireless adaptor. It is my preferred Wireless Adaptor and has not let me down yet.
Most cards that are Atheros based will have the Atheros logo on the side of the box, use one of these if possible.
**Some people I know have confused the NETGEAR WG511 which does not work, with the NETGEAR WG511T which does work so try not to fall in to this trap**
Cards that I can 100% say to stay away from are ones that use the PrisimGT chipset. Connexant cards are also a complete waste of time (which I found out the hardway) so please do not even think about buying one of these if you want to krack WEP.
See this list to check what chipset your card uses click here
So you should now have:
Airkrack-ng
Cygwin1.dll – in the same directory as Airkrack
Peek.dll and Peek5.sys in the same directory as Airkrack
Relevant Drivers from Wild Packets for your Adaptor
Added airkrack-ng to your PATH
Got an Adaptor that works with all of the above!
So what’s next?
Now we need to install the driver you have downloaded.
**Warning – the next procedure will overwrite your existing Windows driver, so make sure you have the disc or a backup of it before carrying on.**
The peek driver will not let you use your Wireless Adaptor in the conventional way. You won’t be able to associate to an AP with it or browse the internet etc.
99% of Windows drivers a designed to make your Wireless Adaptor reject any 802.11 traffic not destined for it. The Peek driver puts your Adaptor in to a promiscuous mode to allow it to sniff all 802.11 traffic that is compatible with your adaptor.
To install the driver open up your Device Manager and right click on your wireless adaptor > Update Driver > Install from a Specific Location > Don’t Search, I will chose the driver to install > Have Disk > Browse to where you have downloaded the driver > Double Click.
Windows may display a prompt warning you that the driver is not digitally signed, if ths happens click continue anyway.
Once the driver is installed we are ready to krack WEP.
**If you get an error message saying ‘The specified destination contains no information about your device’, you have either downloaded the wrong driver or more likely your Wireless Adaptor is not compatible with what we need it to do.**
kracking WEP:
kracking WEP is by now means a skilful thing to do, as all the hard work was done by Chris Devine who is the excellent coder of Airkrack, all we need to do is collect the data and start the program. If you have questions about Airkrack a good place to post them is on the Netstumbler Linux Forums as I believe the author checks here quite often. Alternatively you can email the author at devine [at] iie [dot] cnam [dot] fr – whether he will reply or not I don’t know but I wouldn’t have thought he will appreciate you emailing him with stupid questions – use the forum for these!
Airodump
So open a command prompt and type Airodump – or if you have not added it to your PATH you will need to CD to the right directory.
A new window opens now which will search for all installed wireless adaptors, give it a numerical signature and display the following:
Code:
usage: airodump
No comments:
Post a Comment