It’s been long known that WEP is a very insecure wireless encryption protocol, and this is due to weak Initialization Vectors (IV) being used within. See, the engineers that designed the WEP protocol attempted to create a stronger encryption by adding a 24 bit IV to the cypher key that changes constantly, thus “eliminates” the repeated encryption of data with the same key over an over. The problem is, these IV’s are too short, and are periodically reused… which means that if we can sniff enough data over the air, and get the AP to reuse IV’s eventually, we can figure out the key.

In this tutorial I plan to do exactly that, grabbing the WEP key of my own “public” wireless network, which I made “1234512345”. Simple.

First, we’ll start by grabbing a copy of BackTrack. BackTrack is a live Linux distro that has a (pretty big) collection of little tools that aid security professionals in penetration testing. Of course, put in the wrong hands, this distro can do some serious damage. Fortunately, we won’t be doing any of that here.

You can grab the distribution by going to http://www.remote-exploit.org/backtrack_download.html and downloading the ISO. I’ve been using the BackTrack 4 Beta lately, so i’ll be showing that one around.

Once you got the ISO cooked and ready to go, reboot your PC and watch that kernel uncompress… sweet… after a while you’ll be presented with this:

We’re going to login as root with password toor. After we’re in, we’ll type in startx to start X and KDE so we can get some GUI and multitask on command windows easily. After the GUI is loaded, you’ll see KDE which looks like this:

And that’ll be all for today. I’ll continue the guide later so we can put your wireless card to better use.