Jump to content

Pineapple WEP key harvesting


Recommended Posts

Obviously, nowadays cracking WEP is trivial, and recently I ran into luck, I got the right ARP packet and was able to replay it and within minutes I had about 45,000 initialisation vectors, and got the key instantly, but it can happen, on a quiet network, that you are sniffing for a long time before you get the right packet.

The basic concept of the Pineapple, or the Jassager software it runs is, Client(phone, laptop, etc) says to Pineapple, "Are you my preferred network?", the Pineapple replies "Sure am!", the client says "Ok here is my WEP key, am I authenticated?", and the pineapple says, "You sure are!", and the handshake is over with the client connected.

Is there a way to capture the WEP key the client supplies? If so, it could be a very nice way of gathering all the WEP keys around you, quickly and easily.


Link to comment
Share on other sites

The problem is that the key never gets sent in plain text.

IEEE 802.11 WEP Authentication works as follows:

Client sends a request

AP sends client a challenge text (i.e. an arbitrary 128-bit number)

The client uses the WEP Key to encrypt the challenge text and sends it to the AP

The AP checks for accuracy and grants/denies access based on the result

The way that WEP Key cracking works is that by capturing packets we gather samples of challenge text and cyphertext pairs to figure out what the key is. Many samples are needed to crack the key effectively.

In theory a Pineapple-esque device should be able to make the client reauthenticate itself over and over until enough cyphertext has been captured to crack the key, but I don't think it would be worth the research since WEP is pretty much obsolete.

The other question might be if Jasager could be modified to authenticate clients trying to connect to a WEP network; I'm not sure how much work it would be, but doubt that the practicality would pay off.

Edited by coolgeek
Link to comment
Share on other sites

coolgeek - You could have Jasager authenticate WEP clients but that wouldn't be much good as it then couldn't talk to the client as it wouldn't have the key to use to encrypt/decrypt data.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...