WiFi Cracks

The theory behind FMS-type attacks is described in the classic article that started the world of WEP cracking: “Weaknesses in the Key Scheduling Algorithm of RC4” by Scott Fluhrer, Itsik Mantin, and Adi Shamir, which is available via Web search. Utilities that break WEP encryption by taking advantage of weak IVs are called “FMS utilities” . For a quick hop, see www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf.

Airsnort is available from The Schmoo Group (airsnort.shmoo.com/). AirCrack (www.cr0.net:8040/code/network/) is the latest and greatest WEP cracking package. Weplab (weplab.sourceforge.net/) combines brute force, dictionary attacks, and statistical methods to find the WEP key. These products support the new KoreK methodology, which can be seen in program chopper (www.netstumbler.org/showthread.php?t=11878&page=2; you must register to get the download). A packet-by-packet decryption technique has also been created and implemented in the program chopchop (www.netstumbler.org/showthread.php?t=12489; you must register to get the download).

WEPwedgie (sourceforge.net/projects/wepwedgie/) allows traffic generation on an encrypted wireless network through either the Internet or a wireless client.

WPA crackers will gain popularity and influence as WPA grabs more of the market but for now, here are some tools: WPA Cracker (www.tinypeap.com/html/wpa_cracker.html), and coWPAtty (new.remote-exploit.org/index.php/Codes_main).

LEAP crackers: leap (packetstormsecurity.nl/0310-exploits/leap.tgz), anwrap (www.securiteam.com/tools/6O00P2060I.html), THC-LEAPcracker (www.thc.org/download.php?t=r&f=thc-leapcracker-0.1.tar.gz), and asleap (asleap.sourceforge.net).

To create a dictionary for dictionary attacks, John the Ripper is state of the art (www.openwall.com/john/).

For further reading on wireless insecurities, check out Wi-Foo (www.wi-foo.com). A book that was just released is Network Security Tools by Nitesh Dhanjani and Justin Clarke; the later chapters provide some useful technical information on WiFi hacking.

For anyone seriously interested in this topic, the best resource is the hands-on SANS course on Auditing Wireless Networks (www.sans.org) written, and occasionally taught, by Joshua Wright. Attendees have the opportunity to work with many of the tools and techniques mentioned here.

More interesting technical details on this topic you can find at magazine: Communications of the ACM, Volume 48, Number 8 (2005), Pages 21-28. (www.acm.org).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.