Cracking WEP may be a little more difficult than you think. Yes, we’ve all seen the WHAX video of how to crack WEP in 10 minutes and said “yes I could do that if I had time to get the distro… but I have more important things to do.” Well, being a college student with no social life (during the week anyways), I have had the time to have some fun with cracking WEP. Of course, in a lab environment (using my own router to practice with…). Throughout my experimentation, being also new to Linux, I found a few things you may soon realize and should research before attempting to crack WEP that may either encourage you to continue with this activity or give up entirely (but let’s remember, that’s not how you solve problems : ).

Monitor Mode:
A lot of people new to this whole scene think that they can pickup any wireless card, pop in their super secret Linux distro they got from another “computer kid” and “crack the neighbors’ internet for downloading music!” First of all, those who are interested in WEP security and vulnerabilities for this purpose are idiotic and deserve to be caught and prosecuted. There are a lot of people who think that the term “hacker” is cool and buys them popularity points. These kids are easy to point out, and are easily exposed. Don’t get me wrong, I am on no soap box preaching to the naïve and ill informed underneath me…I don’t claim to have any extensive knowledge on this subject. I’m as lost as any other geek trying to get this security stuff figured out and trying to have a little fun with it and share my experiences.
Alright, back to the point I was trying to make before I went off rambling. Monitor mode. This is where the wireless card captures packets without associating with the AP. Monitor mode is only supported for certain cards, and I believe only certain chipsets, but I could be wrong on that one. My original card (Orinoco gold classic FCC ID#
IMRWLPCE2411R) was able to switch to this mode which was great to get started. Do a Google search and see if yours is supported by installing specific drivers or natively. If it doesn’t, you are probably out of luck. Don’t waste your time looking for a way to do it without monitor, in my opinion; you are better off spending that time finding the right card to get instead. I will talk about cards later on. This is usually the 1st issue where those new to WEP cracking get lost and trail off to their social bookmarking site instead.

Card support on OS and program:
This somewhat ties into the monitor mode issue in regards to having a working wireless card. There are a few ways to go about WEP cracking, but the fastest and most effective/popular method I have found is using the aircrack suite. With this you can do just about everything. You will need to capture the packets and use injection to make the process move along more quickly. So, you’ve got a card that supports monitor mode, great! Now is the other thing your card needs to be compatible with, aireplay (included in the aircrack suite). This is the application that will perform 802.11 packet injection. 95% of popular wireless cards are not compatible with this application. If you want to capture packets without injection, but be prepared to sit at that AP for 2 weeks to get enough IV’s for an attempt at cracking.

The other issue is OS support for your card. You may also be lucky enough to have a card that is natively supported in the distro that you choose to use for cracking. However, there are many that require patches, or special drivers. In fact, almost all of them do. Some distros are nice enough to include a patch for your (S-T-D for my Orinoco). Once again, if you are new to Linux, if you think you can figure it out go for it, but if you are running into this as well as the monitor mode and packet injection issue, head to the store, not the BackTrack2 forums for help.

Don’t know how to spoof a MAC? Learn or forget it!
Not that I encourage any illegal activities, and I DO NOT, but to be a good security expert, you need to know what the attacker will do to be able to counter-act. MAC spoofing is a great way to stay anonymous. Now this is an easy thing to learn quickly, but if it’s forgotten or disregarded, then you aren’t really doing it properly. A great simple program I found for this purpose is macchanger. I simply type “macchanger -a eth1″ in my terminal before beginning my test cracking. Simple and effective. This is just kind of a general warning that if you don’t know what you are doing then learn before doing anything. I would love to hear the story of someone who used this knowledge for the wrong purpose and got caught because they didn’t know how to spoof a MAC.

How much are you willing to spend?
Is this just a “Saturday afternoon project” sort of thing? If so, and you are lucky enough to already have a supported card, great for you! If you are like the other 99% of us who had to troubleshoot, again, you may want to consider investing in the right card. I took this route, and just got a deal on eBay for a newer proxim 8470. There are also a few prism 2.5 cards with an amazing 300mW of radio output power. If you have the budget, I would highly recommend them! Also, and antenna is almost a must! These can be relatively cheap, but none the less, adds to your cost.

Do you know Linux?
If you don’t, well this is a great project to get started. However, it’s not exactly user friendly to get started! If you run into any snags you will need to troubleshoot. Following the YouTube video never works hehe. This is a great way to get more familiar with Linux. That is what I did, and I have loved the knowledge I’ve gained from it.

The monitor mode I spoke of earlier not supported with the windows drivers. You can buy an awesome adapter called AirPcap that is said to be great, and work swiftly with Cain. The catch: this adapter is $200. Yikes!

All of the other programs I have found in windows for WEP cracking really suck, and don’t work AT ALL. Like I said, the airPcap is the only one with a reputation of working well. Airsnort has a windows version, but I have tried that too and it didn’t work. Perhaps you can get it working though. I didn’t spend much time on the windows side to find out.

So that is my rant about some common issues with WEP encryption, kind of a heads up for hobbyists, as well as an outlet of frustration with my own experience. Perhaps I will crack a WEP cracking video tutorial once I get it all working correctly with my new card (which is on its way as we speak : ).

Once again let me say that I am no credible expert on this subject, merely a hobbyist and a geek wanting a new project. I’ve spent about a month involved in this topic, and thought it was a worthy entry to write. If I’m wrong on some of my facts, please correct me! Send me an email and I will make sure to change it. Thanks for reading.