|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Anton Rager (a_rager
yahoo.com)Date: Sun Aug 12 2001 - 11:23:43 CDT
Hello,
This is my demo implementation of a specific WEP
weakness outlined in the paper "Weaknesses in the Key
Scheduling Algorithm of RC4" by Fluhrer, Mantin, and
Shamir.
A draft copy of their paper can be found at:
http://www.eyetap.org/~rguerra/toronto2001/rc4_ksaproc.pdf
My implementation only produces and attacks IVs that
match the pattern [A+3, N-1, X] and does not attack
other IVs that might produce weak keys. This is rather
limiting in the real world, but works well with a
static demo for validating the basic weakness.
The tools are Perl based and composed of two parts:
1 - WeakIVGen.pl <aa:bb:cc:dd:ee>
Simulates some of the output data you might see from
an access point. It's actually designed to produce
IV's within a specific range [3, 255, 0-255 to 7, 255,
0-255 for 40bit WEP] with a single corresponding
encrypted byte for each IV set.
2 - WEPCrack.pl
Takes the output from WeakIVGen.pl and tries to
determine each byte of the secret key by the method
outlined in section 7.1 of the Fluhrer, Mantin, Shamir
paper.
(Note: I'm a Perl hack, so don't criticize the code)
To use:
1 - run WeakIVGen.pl <aa:bb:cc:dd:ee>
aa:bb....:ee is the secret key in decimal format,
delimited with a ":". This will create a output file.
example - if your key is "abcde" [97 98 99 100 101]
then run "WeakIVGen.pl 97:98:99:100:101"
2 - run WEPCrack.pl
This will read the output file from step 1 to
determine the key
Also available at Sourceforge:
http://sourceforge.net/projects/wepcrack/
Enjoy,
Anton Rager
a_rageryahoo.com
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
- application/x-tar attachment: WEPCrack-beta.tar.gz
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]