Bruteforce wep cracker

[Berger]

Hopefully this is the right area (I lurk a lot)

I built a client/server bruteforce wep cracker. I had been using Johnny Cache's jc-wepcrack and had been getting false positives, so I decided to make my own.

The server currently runs under linux, while the client works under linux,solaris,bsds, and cygwin.

Hopefully someone else will find this useful as well.

http://www.bergera.com/code/wep.html

-Berger

[XDS]

Hopefully this is the right area (I lurk a lot)

I built a client/server bruteforce wep cracker. I had been using Johnny Cache's jc-wepcrack and had been getting false positives, so I decided to make my own.

The server currently runs under linux, while the client works under linux,solaris,bsds, and cygwin.

Hopefully someone else will find this useful as well.

http://www.bergera.com/code/wep.html

-Berger

Nice. Can you provide some very basic instructions on how to get it working under win32?

[Berger]

Nice. Can you provide some very basic instructions on how to get it working under win32?

For the client you'll want to download cygwin from http://www.cygwin.com/

when installing you can install packages, I'd suggested

gcc

libgcc

libstdc++

make

as well as the openssl-dev

I believe that should be it

after installed you should have a home directory in the folder where cygwin was installed, you can extract the client code there and then compile it.

I do have a w32 native exe, but the rc4 I was doing was slower than the openssl one. I'll see if I can speed that up quick.

Edit: I finished the command line win32 client and posted it on my site

[The Game]

Is there a reason why you have made a windows version? I mean you cant capture the file unless your on linux.

[digip]

Is there a reason why you have made a windows version? I mean you cant capture the file unless your on linux.

I woudl agree with you for the most part, but in recent years, there are a few cards with custom drivers that can do the sniffing like monitor mode in linux. The average user isnt going to be buying a linksys wifi card from the store to do this though, but would instead need the custom drivers for specific chipsets in the cards, or buy a hardware capable device, like the CaceTech AirPcap cards.

[Berger]

Is there a reason why you have made a windows version? I mean you cant capture the file unless your on linux.

I'll give a better explanation as to what the code is doing.

The server portion is a linux based app that uses the pcap library to read in a pcap dump file(from airodump-ng for example) and look for the different access points and the data from them. It then looks for which ones are WEP and displays those for the user to choose which one to attempt cracking.

It then loads up the IV and the DATA from the packet and waits for a client to connect.

The client connects, receives the IV, what portion of the wep key to try, as well as the DATA section of the packet. It then runs RC4 on the data packet with the key, checks to see if the CRC is correct. If it is it sends the key back to the server for it to check the rest of the collected packets to make sure it is not a false positive. If it is not correct, it continues on cracking.

Therefore it is possible to have a client run under windows,linux,etc. because it does not rely on libpcap, it just needs to be able to do RC4.

So really its just a big distributed system for cracking 64bit wep keys.

Hopefully that explains things better.

-Berger