Thread: New tool to crack WEP keys under GNU/Linux
View Single Post
Old 06-24-2004   #64 (permalink)
r00t3hell
Registered Member
 
Join Date: Jun 2004
Posts: 2
hi,
first of all @topolb:
thanks a lot for your work...
i though have a few questions:
i captured about 90(!!) MB traffic off my Wlan using ethereal - according to you, that should by far
enough to do a successful attack using FMS...
i tried the following:
Code:
./weplab --debug 1 --prismheader -r /root/capture/capture_1.pcap --debugkey 13:1f:02:34:8a: /root/capture/capture_1.pcap
...

Total valid packets read: 115306
Total packets read: 131438
Total unique IV read: 55693
 55693 Weak packets gathered:

...
Key parece que verifica paquete. Probando con el resto....
Key: 13:1f:02:34:8a
Key correcta!
so this seems to work...

one question:
do i really have 55693 weak packages here?
because the following fails to break my key:
Code:
./weplab --debug 1 --prismheader -r /root/capture/capture_1.pcap --debugkey 13:1f: /root/capture/capture_1.pcap
----
Opening packet file for loading all the IV

Total valid packets read: 115306
Total packets read: 131438
Total unique IV read: 55693
 55693 Weak packets gathered:
Compressing IV table...
Total number of Weak packets for byte 0 is 0 (byte 1) and 0 (byte 2)
00(0), 00(0), 00(0), 00(0), 00(0), 00(0), 00(0), 00(0), 00(0), 00(0),  --> breath 10 (40% requested)

Total number of Weak packets for byte 1 is 0 (byte 1) and 0 (byte 2)
00(0), 00(0), 00(0), 00(0), 00(0), 00(0), 00(0), 00(0), 00(0), 00(0),  --> breath 10 (40% requested)

Total number of Weak packets for byte 2 is 218 (byte 1) and 0 (byte 2)
09(76), 75(6), 02(2), 83(2), a2(2), ab(2), b6(2), b8(2), c4(2), 04(0),  --> breath 1 (40% requested)

Key NOT found
one question:
why fails weplab to find the key here?
of course, completely without --debugkey it fails also...
weplab says, it found 55693 Weak packets...
if a pcap - dumpfile gives me _weak_packages_ in weplab - is it possible to break the key with FMS in principle?
so do i simply have to capture more traffic here in my case?
(as i already said - this is a ~90MB capture file - you said, that 3MB should be fine to launch a FMS attack...)
finally one general question:
is the key-length of a wepped packet predictable?
i guess not, am i right?

thanks again for your work - this program is great...

regards
flo
r00t3hell is offline