SourceForge Logo

HOW-TO WepAttack

 

Introduction

WepAttack is a WLAN open source Linux tool for breaking 802.11 WEP keys. This tool is based on an active dictionary attack that tests millions of words to find the right key. Only one packet is required to start an attack.

 

Our SourceForge development area is at http://sourceforge.net/projects/wepattack/.

 

The full documentation of our diploma thesis in german is available there too.

 

 

Requirements

The network data has been captured by a WLAN card in monitor mode. A network sniffer captures the data to a dumpfile. The use of a Lucent Orinoco Gold Card in combination with Kismet seems to work without any problems.

A working WLAN card is required to work with WepAttack.

WepAttack accepts every dumpfile of pcap structure. Every Tool that can handle dumpfiles in pcap format, as Kismet, Tcpdump or Ethereal does, can be used for sniffing data. Kismet is highly recommended because it offers lots of convenience.

The Following libraries are required to install WepAttack:

 

ZLib - http://www.gzip.org/zlib/

ZLib is usually present in most Linux distributions. No installation is required.

 

LibPcap http://www.tcpdump.org

Recent Release is proposed. PrismII Patch is required for WLAN Capturing.

http://www.shaftnet.org/~pizza/software/libpcap-0.7.1-prism.diff

 

# tar xvzf libpcap-0.7.1.tar.gz

# cd libpcap-0.7.1

# patch –p0 < libpcap-0.7.1-prism.diff

# ./configure

# make

# make install

 

libCrypto - http://www.openssl.org

libcrypto is part of OpenSSL project.

 

Kismet

Kismet is available at http://www.kismetwireless.net. Full capturing is enabled by Kismet CRC Patch:

kismet-2.6.1_crc_patch.diff

 

# tar xvfz kismet-2.6.1.tar.gz

# cd kismet-2.6.1

# ./configure

# make dep

# patch pcapsource.cc kismet-2.6.1_crc_patch.diff

# make

# make install

 

Kismet is using a hopper function, passing through all WLAN channels. Manually switching is not necessary. With „kismet_monitor –H“ the card will be put in monitor mode and the hopper function will be activated.

# kismet_monitor –H

# kismet

 

WepAttack

If all installations are passed without any problems, WepAttack can be installed. With this the installation is finished.

 

Download it here.

 

# tar WepAttack-0.1.3.tar.gz

# cd WepAttack-0.1.3/src

# make

# make install

 

 

Using WepAttack

WepAttack needs a dumpfile for attacking networks. If the network data is captured by kismet a dumpfile is generated automatically. This file is in format „Kismet-[date]-[no].dump“ and can be passed to WepAttack.

 

usage: wepattack -f dumpfile [-m mode] [-w wordlist] [-n network]

 

-f dumpfile        network dumpfile to read from

-m mode                run WepAttack in different modes. If this option is empty, all modes are executed sequentially (default)

               64              WEP 64, ASCII mapping

               128            WEP128, ASCII mapping

               n64            WEP64, KEYGEN function

               n128          WEP128, KEYGEN function

-w wordlist        wordlist to use, without any wordlist stdin is used

-n network          network number, can be passed to attack only one network. Default is attacking all available networks (recommended)

                       

example:          wepattack –f Kismet-Oct-21-2002-3.dump –w wordlist.txt

 

The attack can be improved by using John the Ripper (http://www.openwall.com/john). John generates the words and writes them to the standard output. WepAttack reads them back over standard input. In this case the wordfile is used by John not WepAttack. For both John modes (see John documentation) wordfile and incremental, two shell scripts are available. The scripts are using /etc/wepattack.conf for configuration.

 

usage:      wepattack_word dumpfile

            Wepattack_inc dumpfile

 

 

A 30MB wordlist is used for the attack. The decryption of WEP keys is only possible if the key is contained in the dictionary (or at least part of).

Get a wordlist created by us at https://sourceforge.net/projects/wepattack/.

 

 

Have fun!

 

 

 

For comments and questions, please contact:

Dominik Blunk dominik@blunk.ch

Alain Girardet alain@girardet.net

 

 

CVS web interface:

http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/wepattack

 

 

 

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See http://www.fsf.org/copyleft/gpl.txt.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.