denartha Posted January 1, 2013 Posted January 1, 2013 Obviously, nowadays cracking WEP is trivial, and recently I ran into luck, I got the right ARP packet and was able to replay it and within minutes I had about 45,000 initialisation vectors, and got the key instantly, but it can happen, on a quiet network, that you are sniffing for a long time before you get the right packet. The basic concept of the Pineapple, or the Jassager software it runs is, Client(phone, laptop, etc) says to Pineapple, "Are you my preferred network?", the Pineapple replies "Sure am!", the client says "Ok here is my WEP key, am I authenticated?", and the pineapple says, "You sure are!", and the handshake is over with the client connected. Is there a way to capture the WEP key the client supplies? If so, it could be a very nice way of gathering all the WEP keys around you, quickly and easily. Thanks! Quote
coolgeek Posted January 1, 2013 Posted January 1, 2013 (edited) The problem is that the key never gets sent in plain text. IEEE 802.11 WEP Authentication works as follows: Client sends a request AP sends client a challenge text (i.e. an arbitrary 128-bit number) The client uses the WEP Key to encrypt the challenge text and sends it to the AP The AP checks for accuracy and grants/denies access based on the result The way that WEP Key cracking works is that by capturing packets we gather samples of challenge text and cyphertext pairs to figure out what the key is. Many samples are needed to crack the key effectively. In theory a Pineapple-esque device should be able to make the client reauthenticate itself over and over until enough cyphertext has been captured to crack the key, but I don't think it would be worth the research since WEP is pretty much obsolete. The other question might be if Jasager could be modified to authenticate clients trying to connect to a WEP network; I'm not sure how much work it would be, but doubt that the practicality would pay off. Edited January 1, 2013 by coolgeek Quote
denartha Posted January 1, 2013 Author Posted January 1, 2013 There goes that idea. Thanks for the response. Quote
digininja Posted January 1, 2013 Posted January 1, 2013 coolgeek - You could have Jasager authenticate WEP clients but that wouldn't be much good as it then couldn't talk to the client as it wouldn't have the key to use to encrypt/decrypt data. Quote
digininja Posted January 1, 2013 Posted January 1, 2013 Prompted by this I've written up this intro to WiFi encryption Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.