airmong

Hello, In every WEP documentation it is explained that the Cypherstream is calculated by: RC4(k||IV). Where || is the concatenation operator. But RC4 is a function which takes as arguments a plaintext and a key. RC4(M,k). So does anybody know how is it done exactly in WEP? RC4(k||IV, k)? Thanks so much! Carlos

Hello again, In the article you are providing it is described how to decrypt messages, modify messages, inject messages, spoof messages, spoof authentication but no description whatsoever on how to obtain the key. Perhaps what I am missing is how to retrieve the key once you have obtained the WEP cyphertext: RC4(K || IV) First of all I think I am missing something important which probably is the key of it. In every WEP documentation it is explained that the Cypherstream is calculated: RC4(k||IV). Where || is the concatenation operator. But RC4 is a function which takes as arguments a plaintext and a key. RC4(M,k). So hoy is it done exactly? RC4(k||IV, k)? In this case obtaining the cyphertex RC4(k||IV, k) will be impossible to obtain the key from it! I am a bit lost with this! Thanks so much! Carlos

Thanks so much. I will have a look at it. Cheers C.

>>>Since the plaintext is XORed with the key, wouldn't having the plaintext and the encrypted plaintext mean you als have the key? >>>Based on my admittedly very limited understanding of the math here, what you're doing is trying to statistically determine IV so that RC4 (K || IV ) actually becomes RC4( X ) which is apparently a much less difficult problem to solve once >>>you've looked at sufficient amounts of data. Having the plaintex means that you calculate its integrity ICV(M) and then calculate: C1 + (M1 || ICV(M1)) = [ M1 || ICV(M1) ] + [ RC4(K || IV) ] + M1 = RC4(K || IV) So you have at the end RC4(K || IV). In order to find the key you still need to test with all the different possible K's to obtain RC4(K || IV). >>>I think the point they're also making is that during the connection phase between a client and an AP, the packets being transmitted are in part protocol-specified and, thus either constant or predictable. That means that if you were to >>>deauth everybody you'd see a lot of traffic between the AP and its clients trying to reconnect. And all this traffic is predictable in nature so it can tell you a lot about the key used since the IV has a high reuse potential. What do you mean with "you a lot about the key". How exactly? Thanks so much! >>>>Again though, this is not my field so don't go by my description here alone. There's ample opportunity for me to have gotten this completely wrong. Thanks so much again for you reply!! I really apreciate it!! Perhaps someone else could help me with the math here! C.

Thanks so much, Cooper. In the link you are providing says: >"This allows an attacker to collect two ciphertexts that are encrypted with the same key stream and perform statistical attacks to recover the plaintext." I would like to know which are these "statistical attacks". Additionally, these techiniques seem to be to recover plaintexts but I am interested in knowing how the key is recovered, not how the plaintexts are recovered! If I know the plaintext I could xor the plaintext and its text encrypted: C1 + M1 || ICV(M1) = [ M1 || ICV(M1) ] + [ RC4(K || IV) ] + M1 = RC4(K || IV) I can not infer K from RC4(K || IV), right? I am missing something? Thanks so much Carlos

Hello, I have a technical question concerning WEP cracking. When tools like aircrack scan the wireless WEP networks and gather thousands of messages from the network, how do they actually find the WEP key. Do they just use pairs of messages encrypted with the same initialisation vectors (IV). What is exactly the logical operation they are doing? As far as I know an encrypted message will be: C = [ M || ICV(M) ] + [ RC4(K || IV) ] where M is a message, ICV(M) an integrity check, k the WEP key and IV an initialisation vector which is transmitted also in clear. If I get two messages encrypted with the same IV but with different contents I will have: C1 = [ M1 || ICV(M1) ] + [ RC4(K || IV) ] C2 = [ M2 || ICV(M2) ] + [ RC4(K || IV) ] What are these tools doing exactly to recover K? Thanks very much! c.