weplab ascii option

mdelatorre · 02-15-2005

Can you explain me how does the --ascii option works in weplab?.

As I understand the option reduces the key space to keys from 00:00:00:... to 3F:3F:3F:...

But I have convert a plaintext using MD5 to get a 128 key, but I see there are some bytes larger than the 3F.

BTW, how do you get the 3F limit?

Manuel.

--ascii : If you are using bruteforce (-b) to crack the key, you can reduce the search to ascii bytes. By specifing --ascii each key byte can be in the range 0 - 0x3F.

sylvain · 02-15-2005

Quote:

Originally Posted by mdelatorre

Can you explain me how does the --ascii option works in weplab?.

As I understand the option reduces the key space to keys from 00:00:00:... to 3F:3F:3F:...

But I have convert a plaintext using MD5 to get a 128 key, but I see there are some bytes larger than the 3F.

BTW, how do you get the 3F limit?

Manuel.

--ascii : If you are using bruteforce (-b) to crack the key, you can reduce the search to ascii bytes. By specifing --ascii each key byte can be in the range 0 - 0x3F.

what kind of plaintext did you convert ?

mdelatorre · 02-15-2005

Quote:

Originally Posted by sylvain

what kind of plaintext did you convert ?

For example in 128 bits mode, to get a 104 key you have to extend the plain text (ASCII string) to 64 bytes and the use MD5.

Plaintext: sylviansylviansylviansylviansylviansylviansylvians ylviansylvians

MD5 = WEP key (104) = F3:4C:19:30:9F:1D:F2:AE:AA:75:65:37:31:FE:7F:20

As I see there are bytes higher that 3F...

Manuel.

sylvain · 02-16-2005

Quote:

Originally Posted by mdelatorre

For example in 128 bits mode, to get a 104 key you have to extend the plain text (ASCII string) to 64 bytes and the use MD5.

Plaintext: sylviansylviansylviansylviansylviansylviansylvians ylviansylvians

MD5 = WEP key (104) = F3:4C:19:30:9F:1D:F2:AE:AA:75:65:37:31:FE:7F:20

As I see there are bytes higher that 3F...

Manuel.

hum I'm not sure 0-0x3F means the key space of from 00:00:00 ... to 3F:3F:3F

topolb · 03-04-2005

Quote:

Originally Posted by sylvain

hum I'm not sure 0-0x3F means the key space of from 00:00:00 ... to 3F:3F:3F

Hi,

Actually yes. --ascii no not work with MD5, only for direct mapping.

I think you can use dictionary attack instead and make john generate words with -i:alpha

Remember to set --attacks 2 to select md5 mode.

Cheers,

sylvain · 03-04-2005

thanks for the info topolb and congratulations for the new version of weplab (good improvement for brute force and dictionnary attacks)

02-15-2005	#1 (permalink)
mdelatorre 313373 W@rdr1\/3r Join Date: Mar 2003 Location: The world! Posts: 17	weplab ascii option Can you explain me how does the --ascii option works in weplab?. As I understand the option reduces the key space to keys from 00:00:00:... to 3F:3F:3F:... But I have convert a plaintext using MD5 to get a 128 key, but I see there are some bytes larger than the 3F. BTW, how do you get the 3F limit? Manuel. --ascii : If you are using bruteforce (-b) to crack the key, you can reduce the search to ascii bytes. By specifing --ascii each key byte can be in the range 0 - 0x3F.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

03-04-2005	#6 (permalink)
sylvain Wireless Auditor Join Date: Jun 2004 Location: Paris, France Posts: 175	thanks for the info topolb and congratulations for the new version of weplab (good improvement for brute force and dictionnary attacks)