Re: Wireless wep crackin on windows

["Andrew A. Vladimirov" <mlists () arhont com>]

Aaron Drew wrote:
> Airsnort on windows is limited. You need a card that can be put into monitor
> mode under windows to capture the WEP packets. 

Snax has sorted it out by using a demo version driver coming from 
AiroPeek. I wonder what AiroPeek guys think about it...

Linux drivers make this much easier.

And allow to do many other things with injecting custom frames, 
encrypted traffic etc. Windows drivers are eons away from that, even 
though you can deauth undesirable hosts using AirMagnet running on 
Windows CE.


> As for other tools, the package wep-tools contains a utility for brute
> forcing ASCII based WEP keys.

Mentioned it in my previous post, nice to see I am not alone :)
> These keys are generated using a simple algorithm that is unfortunately
> flawed. It essentially reduces the keylength of WEP from 64/128 down to
> around 21 bits in length. Given just a couple of encrypted data packets, an
> offline exhaustive brute-force attack can be done in about 10-15 seconds on
> such keys.

That flaw applies only to 40-bit keys and was fixed ages ago. In fact, 
some vendors did not have that flaw at all, e.g. 3Com. What would be 
more interesting is porting WEPAttack to Windows, but I don't know what 
would be the equivalents of ZLib and libCrypto for it. Don't know much 
about Windows anyway, no source - no fun.

Cheers,
Andrew

--
Dr. Andrew A. Vladimirov
CISSP #34081, CWNA, CCNP/CCDP, TIA Linux+
CSO
Arhont Ltd - Information Security.

Web: http://www.arhont.com
     http://www.wi-foo.com
Tel: +44 (0)870 44 31337
Fax: +44 (0)117 969 0141
GPG: Key ID - 0x1D312310
GPG: Server - gpg.arhont.com