[22217] in bugtraq
Sample implementation of new WEP weakness
daemon@ATHENA.MIT.EDU (Anton Rager)
Sun Aug 12 13:05:29 2001
Message-ID: <20010812162343.33961.qmail@web13407.mail.yahoo.com>
Date: Sun, 12 Aug 2001 09:23:43 -0700 (PDT)
From: Anton Rager <a_rager@yahoo.com>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1929715732-997633423=:32477"
--0-1929715732-997633423=:32477
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hello,
This is my demo implementation of a specific WEP
weakness outlined in the paper "Weaknesses in the Key
Scheduling Algorithm of RC4" by Fluhrer, Mantin, and
Shamir.
A draft copy of their paper can be found at:
http://www.eyetap.org/~rguerra/toronto2001/rc4_ksaproc.pdf
My implementation only produces and attacks IVs that
match the pattern [A+3, N-1, X] and does not attack
other IVs that might produce weak keys. This is rather
limiting in the real world, but works well with a
static demo for validating the basic weakness.
The tools are Perl based and composed of two parts:
1 - WeakIVGen.pl <aa:bb:cc:dd:ee>
Simulates some of the output data you might see from
an access point. It's actually designed to produce
IV's within a specific range [3, 255, 0-255 to 7, 255,
0-255 for 40bit WEP] with a single corresponding
encrypted byte for each IV set.
2 - WEPCrack.pl
Takes the output from WeakIVGen.pl and tries to
determine each byte of the secret key by the method
outlined in section 7.1 of the Fluhrer, Mantin, Shamir
paper.
(Note: I'm a Perl hack, so don't criticize the code)
To use:
1 - run WeakIVGen.pl <aa:bb:cc:dd:ee>
aa:bb....:ee is the secret key in decimal format,
delimited with a ":". This will create a output file.
example - if your key is "abcde" [97 98 99 100 101]
then run "WeakIVGen.pl 97:98:99:100:101"
2 - run WEPCrack.pl
This will read the output file from step 1 to
determine the key
Also available at Sourceforge:
http://sourceforge.net/projects/wepcrack/
Enjoy,
Anton Rager
a_rager@yahoo.com
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
--0-1929715732-997633423=:32477
Content-Type: application/x-tar; name="WEPCrack-beta.tar.gz"
Content-Transfer-Encoding: base64
Content-Description: WEPCrack-beta.tar.gz
Content-Disposition: attachment; filename="WEPCrack-beta.tar.gz"
H4sICPqldjsAA1dFUENyYWNrLWJldGEudGFyAO1YbW8bNxLOV+2vmEo6QD69
WCtZTmJZhu0gzbnO5QI7dQzYvsNqRVm0VlyVy4XtXv3fb2ZIriTHTa5F06Ko
CGNFDueNwyH5jD++fv9KR/G0NU+efa0WttvPez14BtTaj34BtrbC5wDPu91e
r9PZ3toGCLFtP4P2V/NoqeWZiTTAM52m5nN8X5r/k7bKN5t5pjeHUm3OhU6C
oAKHUSZj+Pj6/ebJqy2IKTvApGkCZhIZGIlZqjKjIyMypAiYinvI4okY5YlU
13AroqkSWYazI5HFWg7FCKRi1nmENtBC+aNj8hPHqON0oeMguU61NJMZpGNA
J8owpPnUGPg2ySda6AYcmUxO4Z+RMlI1IFIjOBhJOJ1EM6lbQQWtkPG5AS0S
ic6kCsSdxM1WsSC1Y5kIuEUjkCCVKEdnGesJcShUrO/nBl1PczPPDTpgBEYB
5jod5agBvSYTItbCcAjQ4WupoiS5hzxDOeR1SniFS0ZacKBSpGnv4QWF4+js
jVB4Cq9AUljiJB+xFrTibVJoCy9J6dNejlONs6jFqUdP0CMbk8N72EHzBqPx
oQUn0TV60YT2i832y81Oux02sRt2uIvc3KL/aGLbv48madqK01kQBFU5aPeD
6g1/5ZR/7uhL+fOi3Wl14PTdwXv4h4hGtM5JmicjGAqO7TyJpDLizrmLQcFc
w9yIp8IE+zwxgFr7Loo2SKEcQ+2b5hjKR2ff4p61kvS6vAH/DUojKWrl11rj
cncu1bsUFgx2d8dpjoFqgs4VLIeYvcCoXAslKI+Z+1KV0dwD+o/JmMkf0dfQ
Oaihx70gnQsFNTRz9PZ1Y9WhfrB/dPYWN3mwa+f3+kGcpJnw/LSW6tSqHlQt
70X7ql8K4kk6m9f8HPJl80TGouYUNqDdgJDFh9JYccf79xf9YK4xmLWyd3oA
fhIuL7wA0O/llV1iEFCC1KqHuF9QPYTdQoKG9TrFNihV4EhJA3heDPogY0w6
raP7oGSFJQtLFO70tqln5UqlKklcVOUVZUPpIWABEcUTwDWfiBj8sqyZEo4G
tF5cApQblgedREXoFMaHQkVh8pTQUsIFpWMpHaK4FwWqdDKY3EUyclISOY0g
fqB1dtmBgDP2bZpO+djMIhNP6AY6OuMxJQrdTbz7qKZkE586N75j05+6K6HZ
fRQY5DzluFSl5X7gbwUfQkzFbv34Ynj1qRLaoDp0Hym6GdSqN3Wrr87Lws4G
/I03w7IYMZtTMjBPf8m+I94sEW+YSBKWxsGSFKfQm0S+kHfj1OZsQQuZFjpt
D0HJLY1Dc740x0rPwa/IK7ZkXsu52xo/DY+bZycfQAmwPsFPPwGb8aTwqvC6
5E7Hh4lOb6Pb6J421mZUA2we2d+OOxwluwrMiXPcB6n4AqDrFi9Y/wRc441/
iolFN3OS46XPI4gy+I5Zs3yIz2NsoNar39VpbsOLHbOBIktPu6+iJKbgU77C
v2kT7oxLdwpggrcW3p8Dz9qs3jSXt9QfN8t3Va/3g4qlcybT2BHkuGZpsPfy
JcWnshIghGg2+fGljNMkEbGxz3Y1xkvUoA9G4ytqg+RE8Tk1fvAQFF/KAdx+
tMYvQslq4G5xFehITfEmIOftXvG+MnUPSNLtICthuj1rt1LhlT2wKolEFu2I
1kpD++eW5QSAt3aeZxM0iscF99xO8I3veHltfzQc+93b8rv4tWx8Cf+H7Y7D
/+F2L+wR/sc6YI3/f4/2BP4fMv4n7E+4wKJyPEN0tb0/eXMAGu9CqYQtBxC8
pIT1CZZOVXqr6KobOqxaO6h3G/CuGTbgfIMVOMRKcFxYdMUQnGuIfI44AG+d
sUaMWcFraDYjEawIBEFmj3EZ2iG6ReQdmUVtEedaC4X1idR4eaX63vmXKoNw
0zrItiKkIWs2T9WInvoFiLaXPbKJJKHfSKEbErniCBUyIFgC/ISYGFO/mqTS
1hTkx+qaKYLkLMaUUPpSGfSriiC09gvKIPTuN4P81TEGYpIivt0/OHljIRkj
82KCr2x3l36fofwOrKLuXVxguIOfDn269NmiT6/VauGP2rtUl+oj1kUcijsK
29RhLwrRSMRyFiWX6gAXuUOzI6zsZpIeJ9oaflmY+WKrjYB30KNBhti584KG
Ychj/9Db1+vhs8XMvlTogcenO+UG+MUTjkboSoUK7nan10OUTrTfuvr5XDVS
VBNZHCWRrllvUerJOuHnC4WfqxOo2qn96/sPrtrZWy13vL5CCwtZohOCR5Ps
cYIl1MJ2vdv/f+qRUsVbO3SqSoEvRZI0nYcsyz1bkoAfFnUJg7yBJfapvoGF
eKcQ76B4WAyWhQn8HpK7pUoxZqb+J0D1cYnklr0C4h3G3l0g4eqxxfFctniE
9wAiwRryMQfvNHabXccWBB51+wrFFyiL+uTz5clSdVK4x2jMOt8sSgGn0MO9
hVO2M73yZREjMuvaF0yv1jPHn9YzT5QzT1UznxYzbL0C7uyYic75DXsyTuiE
rIdLZq1fWI5YW8szpH+w8MYHr3DF9gaFH1UzqPn18dSysmMWNFbQVq6uDqCS
4NjqK0qFpSnipVl/ODgtXV3jyhrL5Iubx8fzCwKUUBjBVYhs/63hlfwFIfO6
rdu6rdu6rdu6rdu6rdu6rdu6rdu6rdufqv0P+j3s1QAoAAA=
--0-1929715732-997633423=:32477--
