IV's
So the first major vulnerability is the IV's. If anyone here has ever done some wireless WEP cracking in the past using a program to do it for you will have heard of IV's before, basically a program from your perspective gets a lot of these then does some calculation and spits back a password. This isn't the real case. As we saw IV's are the randomized initialization vector's put into the RC4 algorithm to generate the key stream to be XOR'ed to the plain text data. Then so the AP can view the data, the secret key + IV from the packet is run through RC4 by the router and the key stream and the data and checksum are worked out. This is the vulnerability you use when your capturing IV's. What vulnerability is there you might ask, well allow me to explain.The only 2 things being kept secret in WEP is the data + secret key. Now the beauty of RC4 is every time you run that operation you will always get the same result. So if you separate the key stream from the data, you have the result of RC4. Now RC4 read in 2 items of information, the IV and the secret key and we have the IV. Using thousands of these calculation results we can begin to reverse the hash function, and thus we have our secret key, and this is exactly what is going on behind the scenes on a WEP cracking program, the key streams are being captured, then thousands of IV's are being used with their keystreams to reverse the RC4 algorithm to get the secret key, simple really.
This is the basic method used from 2001 onwards. Now i know this post was very short but as i am still unpacking from moving and trying to get a job i don't have a lot of time to spare at current, although you can still email me questions to martyncprice@gmail.com (yes my real name is Martyn Price, anybody who has decided to follow me on twitter should have found this out already @Spectr3Sec ), or you can ask in the comments section, until next week, hack well and prosper
-Spectr3
No comments:
Post a Comment