Sprayfly

Goodbye WEP!

I decided I would try to break my wireless network today using a few handy network tools. It is a D-Link Wireless network with 128 bit WEP encryption. To perform the crack I was using my Windows XP computer, a Netgear WG111 USB Wireless dongle and the popular aircrack-ng set of tools.

Data Capture

The first part of the hack involves capturing ‘IV’ packets from your wireless network. Using airodump.exe, you select the wireless adapter you wish to use and the wireless channel you are targeting. You then tell the program where to save the captured packets and leave things running for a while. To break a 128 bit WEP key you need around 1,000,000 packets to be safe although it can be done with fewer.

Too Slow…

The unfortunate truth is that a wireless access point with nobody connected doesn’t send out many packets at all. After half an hour, you will be lucky to have 300!! To speed things up a little, I connected with another computer and started transferring some big files wirelessly across the network. Within about 15 minutes, I had enough ‘IV’ packets captured.

The Crack

All that is left to do is to feed the captured data file to aircrack-ng.exe through a command line. Within a matter of seconds, it should figure out your wireless key and display the message “Key Found!”. I have blurred out some of the characters below to protect my key

The Point

The point is, don’t rely on WEP encryption. I certainly don’t, my access point normally runs WPA-PSK encryption which while not entirely secure, offers better protection. This attack was done from a Windows computer but using the Linux version of the same tool, cracks can be performed within a few minutes!

Disclaimer:
Please remember that it is illegal to access other peoples wireless networks without their permission. This hack was done on my own wireless network to prove a point. I do not encourage people to break wireless networks.