|
Example of use
For those who haven't yet succeed cracked the wep key just 2 tips:
1) First you must know if you need --fcs or not. It depends on the chipset of the card that was used to capture the packets and the drivers used. To most simple way to know if you need --fcs or not is just trying both ways with --debug key.
Supose that your real key is 00:11:22:33:44:55:66:77:88:99:00:AA.BB:CC
Then just do this:
./weplab --debug 1 --debugkey 00:11:22:33:44:55:66:77:88:99:00:AA.BB:CC: -r ./pcap.log ./pcap.log
and this:
./weplab --debug 1 --debugkey 00:11:22:33:44:55:66:77:88:99:00:AA.BB:CC: --fcs -r ./pcap.log ./pcap.log
You will see KeyCracked in the right command.
Please note that you must not write the last byte of the key in --debugkey due to a programming error.
You can try decreasing the number of bytes in --debugkey and see if the key gets cracked finally.
2) Increase the default probability for candidate bytes selection (v0.0.2-alpha). By default 40% probability is used. In the output that weplabs gives you when using --debugkey, you will see the candidate keys selected for each keybyte, together with the probability of each one.
BYTE-SELECTED (PROBAB.), BYTE-SELECTED (PROBAB.)
You can check if your real keybytes are the first ones. If in one keybyte is the second one, and the probability of the first one is greater than 40% the second one (the real one in this example) will never be tested.
Thats why if your key does not get cracked with the default probability you can increase it to 70% (for example) with --perc 70
Of course if you are doing a real test and you dont know the real key you must use the try-error method. A good tip is trying first with the default one and then trying with 65%.
If you know the key and it is not cracked with 40% you can inspect the output given by --debugkey and see what was the keybyte that failed and calculate how much do you have to increase the default probability to crack the key.
Hope that this helps.
|