Weyz.net

Guide to recover WEP key in 10 minutes

I will show you the simplest way to recover a 64bit or 128bit wireless WEP key in just 10 to 15 minutes. Below is the router i tried to recover the WEP key.

Netgear DG834G 64bit WEP - 6 mins
D-Link G-Wireless Router 64bit WEP (forgot the model) - 8 mins
Linksys Wireless Router 64bit WEP - 11 mins

From the above information, you can see that Linksys is much more better than the other 2 brand.

First of all, you have to know that in order to get the WEP key you must have a large number of encrypted packets to work with. This is an unavoidable requirement if you wish to be successful.

The hardware and software im using is:-

Linux Based OS: BackTrack v2.0 Live CD (message me for the installer)
Software: Aircrack-ng (it had been install in BackTrack v2.0) Click here to download
Hardware: Netgear WG511T Wireless PC card

1. Plug in the Netgear WG511T Wireless PC Card and boot up computer with BackTrack v2.0 Live CD
2. Go to the terminal and type the command below:-
i. wlanconfig ath0 destroy (stop the wireless card)
ii. wlaconfig ath0 create wlandev wifi0 wlanmode monitor (set wireless card mode to monitor)
3. Edit the airoscript.sh that in the folder aircrack-ng e.g. In BackTrack v2.0 you can found this file in /pentest/wireless/aircrack-ng-0.6.2/
i. change the line WIFI=”rausb0″ to WIFI=”ath0″ then save and close it.
4. Now goes to the most interesting part, run the Airoscript and you will see 10 options

1 - Scan
2 - Select
3 - Attack
4 - Crack
5 - Configure
6 - Associate
7 - Deauth
8 - Reset
9 - Monitor
10 - Quit

i. Type 1 to Scan then type 1 again for Channel Hoping. A new terminal will pop out to scan all the nearby AP. Let it run for 1 or 2 mins then press CTRL + C to terminate scanning.

ii. Now type 2 to Select desired target. You will see 2 options again, 1) WEP and 2)WEP?, now type 1 to continue. Now you will see 3 options that ask you “Do you want to select a client now?” 1) Yes , 2) No, 3) Try to detect associated client. Type 1) if there are more than 1 user are currently connect to the AP you are willing to get else type 2) No

iii. After selected host and client, now you are ready to perfrom an attack. I will recommend to choose either option 3 or 4. Choose 3 if you had selected a client. You will see 3 terminal pop out.

iv. Now wait for enough data to be capture. For 64bit WEP, you probably need 250k Data to recover it and 128bit WEP need 500k Data to recover.

v. Once you got enough Data, go to the menu and type 4 to start.

vi. You will probably take 10 mins to get the key.

PS. please leave me a comment after reading it. Thanks

This entry was posted on Thursday, May 24th, 2007 at 1:23 am and is filed under Mods. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.