Penetration Testing mailing list archives
Re: WEP attacks based on IV Collisions
From: Aaron Drew <ripper () internode on net>
Date: Sat, 1 May 2004 11:14:39 +1000
First, correct me if I am wrong, but it seems like a non-trivial task to actually determine the WEP key if you have zero knowledge about the target network, i.e. IP addressing, AND can't readily inject 802.11b frames into the target network just because you have a usable keystream? Has anyone found differently?
Well in this case you essentially have: Random WEP bitstream XOR Random data Good luck. Statistical methods might work if you have LOTS of data for each possible IV (of which there are 16 million). I don't know of anyone that has bothered to look into this seriously.
follows directly, since all the pairwise XORs are known." But that's just my confusion - if you have the keystream (IV + Secret key run through RC4) and you have the original plaintext, then why can't you determine the secret key as well?
The (40 or 104 bit) WEP key is merged with the IV (stored in plaintext int he packet) to give a 64 or 128bit number. This is used to seed a pseudo-random number generator built around RC4. All you get when you know the plaintext is a section of the pseudo-random number sequence. Going from that sequence back to the secret key is non-trivial. That said, the CRC at the end of the wep packet can be used to verify decryption (check out the wep_tools.tgz package) and/or to do an offline brute-force crack.
Last, what types of traffic or methods are used to determine a plaintext? I've seen one method mentioned: inject an ARP packet to the AP encrypted with the known keystream. But this seems to be based on having information such as IP addressing on the target network, which isn't known in this case.
I've used ping packets of known length to a known IP (WEP doesn't pad packets so its easy to determine your traffic). Its fairly trivial to pick out your traffic if you know a valid IP address on the network. For something off-the-wall that I have always wanted to try - There are various fields in IP/ethernet traffic that are always constant or can be calculated easily (Protocol IDs, length fields, etc). It should therefore be trivial to find the WEP PRN sequence for these parts of the packets - even if their content is unknown. It might be possible to use that information to launch an offline brute-force attack that is faster than using the CRC attack (less processing).
[1] "Security of the WEP algorithm" http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html --------------------------------------------------------------------------- --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html --------------------------------------------------------------------------- ----
------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Re: WEP attacks based on IV Collisions Aaron Drew (May 01)
- <Possible follow-ups>
- Re: WEP attacks based on IV Collisions Ivan Arce (May 11)