Breaking any encryption involves knowing a few things. First, you
have to know that there is an encryption scheme. Secondly, you must know
how encryption works. Breaking any code manually is near impossible;
luckily, you can break the WEP encryption if you use a packet-sniffing
program.
Steps
-
1Use Linux. Windows cannot sniff WEP packets, but you can use a bootable CD of Linux
-
2Get a packet-sniffing program. Backtrack is a commonly-used option. Download the iso image and burn it on a bootable CD/DVD.
-
3Boot Linux and Backtrack. Use your bootable CD/DVDs.
- Note that this operating system is not required to be installed on hard drive. That means whenever you shutdown the Backtrack, all your data will be lost.
-
4Select a start-up option. The following Backtrack screen will show after booting. Change the option with the up and down arrow keys and select one. This tutorial will use the first option.
-
5Load the graphical interface via command base. In this option, Backtrack is started on command base. Type command: startx to continue.
-
6Click on terminal button at the bottom left. It’ll be the fifth option.
-
7Wait for the Linux command terminal to open.
-
8View your WLAN type. Enter the following command: “airmon-ng” (without quotes). You should see something like wlan0 beneath Interface.
-
9Get all the required information for the access point. Enter the following command: “airodump-ng wlan0″ (without quotes). You should get three things:
- BSSID
- Channel
- ESSID (AP Name)
- Here’s what the tutorial case turned up:
- BSSID 00:17:3F:76:36:6E
- Channel number 1
- ESSID(AP Name)Suleman
-
10Enter the following command. This one will use the example information above, but you should plug in your own. Command: “airodump-ng -w wep -c 1 — bssid 00:17:3F:76:36:6E wlan0″ (without quotes).
-
11Allow setup to start.
-
12Open a new terminal window. Type the following command, substituting the values for your own BSSID, Channel and ESSID. Command: “aireplay-ng -1 0 –a 00:17:3f:76:36:6E wlan0″ (without quotes).
-
13Open another new terminal window. Type the following command: “aireplay-ng -3 –b 00:17:3f:76:36:6e wlan0″ (without quotes).
-
14Allow setup to start.
-
15Go back to the first terminal window.
-
16Allow the data in this window to reach to 30000 or above. It will take 15 to 60 minutes (or more) depending on wireless signal, hardware and load on access point.
-
17Go to the third terminal window and press Ctrl + c.
-
18Pull up the directories. Type the following command: “dir” (without quotes). This will show the directories saved on it during decrypting.
-
19Use a cap file. For the example, it would be the following: “aircrack-ng web-02.cap” (without quotes). The setup shown below will start.
-
20Break the WEP encrypted key. After this setup completes, you’ll be able to break the key. In this example, it was {ADA2D18D2E}.