Man Linux: Main Page and Category List

NAME

       weplab - Wireless WEP encryption security analyzer

SYNOPSIS

       weplab {-a | -r | -b | -y | -c} [options] {pcap file}

DESCRIPTION

       weplab  is  a tool to review the security of WEP encryption in wireless
       networks from an  educational  point  of  view.   Several  attacks  are
       available  (including  advanced  statistical  attacks)  so  it  can  be
       measured the efectiveness and minimun requirements of each one.

       On the other hand, weplab can also be saw as an advanced  Wireless  WEP
       encryption  cracker  that  aims to support a big variety of attacks. At
       the moment the attacks supported are dictionary based,  bruteforce  and
       several kind of statistical based.

OPTIONS

       -a, --analyze
              Analyzes  specific  file  and  gathers some statistics about the
              packets that are stored per detected wlan network.

       -c, --capture
              Uses a wlan interface to capture  wep  encrypted  data  packets.
              Those captured packets will be logged into a file in pcap format
              and can be used later to crack the key.

       -b, --bruteforce
              Launches a bruteforce attack to break the key. That  means  that
              weplab  will  test  all possible keys in order to find the right
              one.

              Please, that this can take lot of time depending on the key size
              and  your  processor  speed. Refer to Bruteforce method above in
              this document for futher information.

              If no BSSID was specified, those packets who belong to the  same
              network as the first one, will be used for the crack.

       -r, --heuristics
              Launches  an  statistical  attack  to break the key. This is the
              fastest method to crack the key if you own enough packets. As an
              example  a  64-bit key can be broken from 100.000 packets, and a
              128-bit key from 300.000 packets, within 1-2 hours. With  enough
              packets  (lets  say  900.000),  the  cracking  time is matter of
              seconds.

              Several statistical  attacks  will  be  used  depending  on  the
              selected  stability level (3 by default). The processor time and
              number of packets required, highly  depends  on  the  parameters
              used to launch the attack.

              This  method  is  very  advanced.  You  are  fully encouraged to
              understand it reading its section on this document. Although  it
              use  to  work  fine  with  default  options  and  having, enough
              packets, its better to understand how it works so you can  tweak
              the procedure using the apropiate parameters.

              If  no BSSID was specified, those packets who belong to the same
              network as the first one, will be used for the crack.

       -y, --dictionary
              Launches a dictionary based attack to break the key.

              Many WEP keys are derived  from  pass-phrases,  entered  by  the
              network  administrator.  When,  this happens and you do not have
              enough packets to launch a statistical attack, it is  better  to
              use a dictionary based cracking than a bruteforce aproach.

              On  dictionary  attack,  John the Ripper is used to generate the
              words that weplab will use to derive the WEP key. So,  John  the
              Ripper  must be present and executed so its output is piped into
              weplabs input. In the EXAMPLES section  you  will  find  several
              examples about that.

              If  no BSSID was specified, those packets who belong to the same
              network as the first one, will be used for the crack.

       -k, --key <key_length>
              Specify the key length. It can be either 64 or 128-bit

              This option is only usefull within a cracking method, so -y,  -r
              or -b must be used in conjuntion with it.

              Default: 64 bits.

       --keyid <key_id>
              Specify the key id for 64-bit keys.

              For  64-bit  keys the WEP standard specifies four possible keys,
              each one with a different keyid (0-3). Usually only keyid  0  is
              used, but if you hit a network with more keyids you will need to
              use this option to specify one of them, and  launch  a  separate
              cracking attack for each one.

              Default: 0

       --fcs  Specify the presence of a 1 byte FCS tail on all logged packets

              Depending  on  your  driver  and  how did you set your card into
              monitor mode , it  is  possible  than  logged  packets  have  an
              aditional tail of 1 byte length.

              Best  way to find out if your card/drivers needs this, is trying
              to break your own network. This way, as  you  already  know  the
              key, if it does not get cracked without FCS, try with it.

              This  option is only usefull within a cracking method, so -y, -r
              or -b must be used in conjuntion with it.

              Default: fcs not present.

       --prismheader
              Specify the presence of an special header called PrismHeader  on
              all logged packets

              Depending  on  your  driver  and  how did you set your card into
              monitor mode , it  is  possible  than  logged  packets  have  an
              aditional header of 144 bytes length.

              If you want to know if you need it or not, just analyze the file
              with weplab. If prismheader is not necessary it will  tell  you.
              If  it  is  neccesary,  you will see lot of bogus BSSIDs, and no
              adversice about not using prismehader

              Anyway, cracking your own WEP key is the best method to know  if
              you need it or not.

              This  option is only usefull within a cracking method, so -y, -r
              or -b must be used in conjuntion with it. From weplab 0.1.2  you
              will also need to specify it with -a in order weplab to show you
              the right BSSIDs found.

              Default: prismheader not present.

       --bssid <bssid_in_hex>
              Only use those packets that belongs to the selected BSSID.

              BSSID must be in the form of AA:BB:CC:DD:EE:FF

              If BSSID is not specified only those packets, that belong to the
              same BSSID as the first one, will be used

              Use -a with your file if you want to see all detected BSSIDs

              This  option is only usefull within a cracking method, so -y, -r
              or -b must be used in conjuntion with it.

              Default: none

       --caplen <amount>
              Specify the amount  of  bytes  that  will  be  logged  for  each
              packets.

              In  order  to launch an attack only a few number of packets (10)
              must be fully logged. For  the  statistical  attacks,  only  the
              first bytes of other packets are needed.

              In  order  to  save  diskspace  when  logging  packets  for  the
              statistical attack, ony the begining of  the  packet  should  be
              logged

              If you specify 0 here, the whole packet will be logged.

              Please, notice that you will need to capture at least 10 packets
              behind this amount (fully  logged  packets),  as  they  will  be
              needed for testing candidate keys within the cracking process.

              Default: 1500

       -i <interface>
              Specifies  the  wireless  interface that will be used to capture
              packets.

              weplab does not set the interface into monitor mode, so you must
              do it yourself before capturing packets. Read the above to learn
              how to do it.

       -m, --multiprocess <number>
              Specifies the number of threads that will be  launched  to  take
              advantage  of  multiprocessors  systems.  If your microprocessor
              supports hyperthreading please  use  the  double  of  number  of
              microprocessors.

              For example, use -m 4 if you own a dual P4 hyperthreading and -m
              2 if you own a dual processor P-II machine.

              At the moment this option does only work on bruteforce attack.

              Default: 1

       --ascii
              When launching a bruteforce attack, it is faster to search  only
              ascii bytes if you are sure that the WEP key was generating from
              a pass phrase using ascii direct-mapping.

              This way, each key byte will only be  tested  in  the  range  of
              00-3F. As the key-space is smaller the attack is faster.

       --perc <probability>
              Specify  the  desired  minimun  probability  for the statistical
              attack.  It means that at least enough candidate key bytes  will
              be tested to fit this probability.

              In  order  to fully understand this option you are encouraged to
              read carefully the "Statistical Attacks" caption, above in  this
              document.

              Please  note that the higher the minimun probability the slowest
              the attack.  For most cases 50% is fine. You can increase to  60
              or  70% if you get the KEY NOT FOUND with 50, but never increase
              it to 100% because you will be waiting for ever.

       --stability <level>
              Specify the predefined set of statistical attacks based on their
              stability  level.  Not  all  the  statistical attacks are stable
              (works fine) your every key. Some of them are more unstable than
              others.   This  options  allows you to launch only those attacks
              that meets the specified stability level.

              Level can be from 1 to 5. The highest the more stable. I do  not
              recomment  you  to  go for level 1 because it is too unstable to
              give you any results. By default level 3 is used. It is  a  good
              idea  to  change  into  level 2 if you have little unique IV and
              cracking with level 3 failed.

              In the Statistical Attack caption, you will find a detailed list
              of  the  17 attacks implemented with the stability level of each
              one.

       --attacks #attack1,#attack2,#attack2
              This is the other way to select  the  statistical  attacks  that
              will  be  launched,  without  using  --stability parameter. Only
              those attacks, whose number is selected here, will  be  used  in
              the statistical procedure.

              The  number of the attacks go from 1 to 17. Please, refer to the
              Statistical Attacks section for further information.

       --debugkey <key>
              if you want to test how a set of statistical attacks works  with
              a  known  WEP  key,  then  this  parameter  will  give  you  the
              oportunity to get the final result without going trhow  all  the
              possible branches.

              Using  this  option  you  tell  weplab about the WEP key used to
              encrypt the packets. Only the real branch will be  followed  and
              you will get the candidate list for each key byte.

       -V     Outputs version information and exists.

       -h     Displays command line parameters help.

INSTALLATION

       weplab does not need any special installation. It runs in userlevel and
       only requires the libpcap libraries (>=0.8) to be  present.   For  most
       functions  weplab  can  be  executed  by  any  user, however for packet
       capture functionality it must be executed by root.

       if you are installing it from source code distribution,  the  configure
       script  should  be  able to detect your proccessor type to optimize the
       code specifically for your platform.

       At least 128 MB of free RAM memmory are required to run FMS statistical
       attack  in weplab, 64 MB of free ram for capturing packets, and nothing
       special for the other features.

       Weplab is reported to work fine under GNU/Linux  for  intel,  GNU/Linux
       for PPC and MacOSX.

       Windows  version cannot capture packets due to the lack of a opensource
       method to do it, but its other features works fine. Please read Windows
       Platform  section  under Capture Packets caption for futher information
       about how to deal with this issue under Windows.

CAPTURING PACKETS

       First you will need to capture 802.11b encrypted packets to  crack  the
       wep  key.  The way weplab cracks the key is using passive attacks to an
       already captured packet set.

       To capture encrypted packets in a wireless network, your wireless  card
       must  be  put  in  monitor  mode. The way monitor mode is set is highly
       dependant on which card do you own, and which drivers are you using.

       Explaining how to set monitor mode in your card is beyond the scope  of
       this  document, and sometimes involves patching the kernel or "hacking"
       the drivers. As an example, the following steps should be done in order
       to set monitor mode on a prism2 based card using wlan-ng drivers.

       Initialization of the card.
              prism2 and wlan-ng

              wlanctl-ng wlan0 lnxreq_ifstate ifstate=enable

              wlanctl-ng wlan0 lnxreq_autojoin ssid=any authtype=opensystem

              orinoco : nothing special

       Enable  the  interface  (wlan0  in  the example, just change to eth0 if
       using orinoco)
              ifconfig wlan0 up

       Setting monitor mode on desired channel (6 in the example).
              prism2 and wlan-ng

              wlanctl-ng  wlan0 lnxreq_wlansniff channel=06 keepwepflags=false
              prismheader=false enable=true (I dont know  why,  but  sometimes
              this step must be taken twice :) )

              orinoco and iwpriv

              iwpriv eth0 monitor 2 6

       There  are  a  few  things that must be done regardless of the card and
       drivers used.

       1. The wireless card placed in monitor  mode  should  accept  encrypted
       packets  and  mark  them as encrypted. In the example above, that’s the
       purpose of the option keepwepflags=false in third step.

       2. The interface must be enabled (up)

       3. If your card is appending prism header or fcs "tail" to the packets,
       weplab  needs  to  be  told  about  it  (with  --fcs or --prismheader).
       Determining if this is necessary for your hardware  will  be  explained
       later.

       Now,  to  capture encrypted packets you can either use weplab, tcpdump,
       or a similar sniffer that logs packets in pcap format.

       To do it with weplab, just use -c. Interface must be specified with -i

       weplab --debug 1 -c -i wlan0 ./packets.log

       There is no need to log the entire packet, just the 802.11  header  and
       the  IV,  but  to  verify  possible  canditate  keys  the  whole packet
       encrypted payload must be present. That’s  why  you  must  specify  two
       files  in  weplab  when  using  FMS  attack. One file must have just 10
       packets with the whole  payload,  and  the  other  file  contains  weak
       packets that don’t need to have payload logged.

       So,  in order to save disk space it is a good idea to log a few packets
       for key verification on one file, and then just log the first bytes  of
       all  other possible packets, to be used as possible weak packet for FMS
       attack.

       You can specify maximun captured bytes per packet with --caplen bytes

       weplab -c -i wlan0 --debug  1  ./verification_packets.logweplab  -c  -i
       wlan0 --debug 1 --caplen 100 ./weak_packets.log

       Alternately,  if  your disk space is not so critical and you don’t mind
       wasting a few extra seconds on loading the file later, these two  steps
       can be joined into one.

       weplab -c -i wlan0 --debug 1 --caplen 150 ./packets.log

       Then this file can be used both for verification and weak packets.

ANALYZING PCAP FILE

       Before  trying  to crack the key using the already captured packets, it
       is a good idea to verify the file just to ensure that the packets  were
       logged fine, and there are enough to perform the desired attack.

       weplab --debug 1 -a ./packets.log

       You can try with --prismheader or --fcs, or both.

       weplab   --debug   1   -a   --fcs   ./packets.logweplab  --debug  1  -a
       --prismheader --fcs ./packets.log

       As explained above, prismheader is an special header  that  some  cards
       and  drivers  add  to  all captured packets, and fcs is an special tail
       added to the captured packets by some drivers.  You  can  determine  if
       your card/drivers needs --fcs or --prismheaders by using the FMS attack
       together with --debugkey and a set of  encrypted  packets  captured  by
       your  card  where  the wep key is known. This is explained later in the
       FMS attack section.

WEP KEY CRACKING.

       At the moment weplab supports 2 main cracking methods:  bruteforce  and
       FMS  statistical  attack.   Before  selecting  the cracking method, the
       keysize should be specified. By default the keysize is 64.  To crack  a
       128-bit key, you must specify --key 128

BRUTEFORCE CRACKING.

       Bruteforce  cracking  means testing all possible keys to find the right
       one.  That means that each key byte can take values from 0 to 255. So a
       quick   calculus  will  reveal  that  for  a  64  bits  key  the  total
       combinations are 2^40, so at 100.000 c/s cracking the key will take you
       4100061318 seconds maximun. 127 days working fulltime.

       With  a  128-bit  key  the total combinations possible are 2^104, so at
       100.000   c/s   the   total   maximun   amount   of   time   will    be
       6520836420927105974  YEARS!!   I  guess  you will never try to launch a
       bruteforce attack to a 128-bit  key.   Anyway,  weplab  gives  you  the
       possibility to do it ;)

       You  will  need at least 10 full wep encrypted data captured packets in
       order to launch a bruteforce attack avoiding false positives.

DICTIONNARY CRACKING

       Guess what ? Users often  use  simple  words  as  their  WEP  key.  The
       dictionnary cracking mode gives you the ability to check if the WEP key
       isn’t a  so-simple-to-guess  word.  Using  this  mode  in  addition  to
       John-the-Ripper could produce some usefull results.

       Weplab  reads  the  dictionnary  words  from  STDIN,  so  if  you  want
       statistics, you want be able  to  press  SPACE.  However,  you’ll  have
       statistics printed on STDOUT every 10 seconds.

       Dictionary cracking can use two different modes :

       By  default  the classical algorithm (MD5 for 128 bits keys or one of 4
       keys for 40 bits keys) it is used. This mode is widely used  on  Access
       Points to generate keys from a passphrase.

       Alternatively  you  can select Word to key with the "--attack 2" option
       if you want weplab to use plaintext keys with NULL bytes  appended  (if
       needed)  at  the end of each word to fit the WEP key size.  This second
       mode is used on my system when I configure the WEP key using  "iwconfig
       eth0 s:silly".

FMS STATISTICAL ATTACK

       Wireless  networks  WEP  encryption  is based on RC4 algorithm. RC4 has
       some weaknesses as Fluhrer, Mantin and Shamir described  in  2001  with
       the  paper  "Weaknesses  in  the  Key Scheduling Algorithm of RC4". The
       specific implementation of the RC4 algorithm in WEP makes possible  its
       practical  use.  The  initials  of  the authors gave it the name of FMS
       statistical cryptoanalysis.

       In order to make this attack possible for breaking  the  encryption  of
       wireless  networks, lots of specific data wep encrypted packets, called
       weak packets, must be gathered. Soon after the paper was published, two
       tools  appeared  that  implemented  the FMS attack, but the set of weak
       packets that these tools  use  is  just  asmall  subset  of  the  total
       possible  weak packets. As a result, the attack was not as practical to
       launch as it should be.

       In February 2002, h1kari released the paper "Practical Exploitation  of
       RC4  Weaknesses  in  WEP Environments". This describes the problem with
       the set of weak packets used by  existing  tools  and  suggest  several
       optimization in the attack like attacking other bytes besides the first
       one. H1kari created a tool called dwepcrack that implements a  part  of
       these  optimizations,  and  runs  under  *BSD.  Weplab  uses FMS attack
       supporting the whole set of weak packets for attacking both  the  first
       and  the second byte of the encrypted payload. Also some bruteforce and
       smart probabilistic based decisions  are  implemented  within  the  FMS
       attack  to  make it more powerful, especially when you dont have enough
       packets to launch a straight-forward attack.

       But apart from that, the main purpose of weplab is to be an educational
       tool  to  help  users understand the existing weaknesses in WEP and how
       can the be used to break  the  encryption  key.  Several  command  line
       parameters are implemented with this purpose.

       Also,  if  you  plan  to  test  weplab  cracking capacity with your own
       wireless lan, you can use --debugkey. By using  this  option  you  tell
       weplab  what your WEP key is (or at least a part of it), so weplab will
       skip all other branches when  searching  candidate  key  bytes  in  FMS
       attack.

NEW STATISTICAL ATTACKS

       New  statistical attacks published on Netstumbler forum by Korek. These
       new attacks make possible to crack the key with even less than 500k.

       Many thanks to Korek for this information. All the credit goes to  you.

EXAMPLES

       Example 1. Cracking using FMS attack

       You  want  to  test  the tool so you collect 1.5M packets from your own
       wireless LAN.  You just want to know if weplab would be able  to  crack
       it.   You  can use first --debugkey. If you are using a 128-bit key the
       right sintax would be:

       weplab                    -r./packets.log                    --debugkey
       01:02:03:04:05:06:07:08:09:10:11:12:13     --debug    1    --key    128
       ./packets.log

       You should see the statistics and guesses for each byte of the  key  so
       you can see the viability of the attack. At the end you should see "key
       succesfully cracked". If you do not  see  such  message,  perhaps  your
       captured  packets  have  the  FCS tail so it will be neccesary to issue
       --fcs

       weplab                    -r./packets.log                    --debugkey
       01:02:03:04:05:06:07:08:09:10:11:12:13   --fcs   --debug  1  --key  128
       ./packets.log

       Now can try with just a part of the key in  debugkey.  If  the  FMS  is
       possible  with  these  packets,  weplab should be able to crack the key
       using just these bytes.

       weplab -r./packets.log --debugkey  01:02:03:04:05:06  --fcs  --debug  1
       --key 128 ./packets.log

       If  it works you can try reducing the debugkey more. At the end you can
       try with no debugkey at all, as if it were a real attack.

       You can push ENTER key in any moment to  get  statistics  of  the  work
       done.

       Example 2. Cracking using bruteforce

       To  crack a 64-bit key using normal bruteforce just issue the following
       command.

       weplab --debug 1 --key 64 ./packets.log

       If you suspect that the key may be in plain ascii, do this:

       weplab --debug 1 --key 64 --ascii ./packets.log

       You can push ENTER key at any moment to  get  statistics  of  the  work
       done.

       Example 3. Capturing packets.

       In  order  to  capture  packets  you  have to put your wireless card in
       monitor mode in the right channel.  Be carefull  to  configure  monitor
       mode  to  ignore WEP bit.  Once you have your card in monitor mode, you
       can capture packets using tcpdump or weplab -c -i interface

       weplab -c -i wlan0 --debug 1 --caplen 150 ./packets.log

       You can push ENTER key at any moment to  get  statistics  of  the  work
       done.

       Example 4. Analyze an existing pcap file.

       Weplab  can also analyze a pcap file to the some statistics. Use -a for
       this purpose.  --prismheader --fcs can also be used.

       weplab -a --debug 1 ./pcap.log

       Example 5. Cracking a 64 WEP key using a dictionnary file with John the
       Ripper

       john -w:/path/to/my/big/dictionnaryfile -rules -stdout | weplab -y -d 1
       --key 64 capt.dump

VERSION

       This man page is correct for version 0.1.3 of weplab

AUTHOR

       weplab was created by Jose Ignacio Sanchez - Topo[LB].

       However other people have made contributions to  the  project.  In  the
       AUTHORS file within the distribution package, you will find them.

       Any  new contribution in form of documentation translation, new feature
       development, bug fixing, and so on, will be welcome

                                                                     weplab(1)