Weplab
Encyclopedia
Weplab is a tool designed to teach how the Wired Equivalent Privacy
(WEP) wireless encryption protocol works, explain the security vulnerabilities in the protocol, and demonstrate attacks that can be used to compromise a WEP
protected wireless network
. Weplab is designed not only to crack WEP keys but to analyze the wireless security of a network from an educational point of view. The author has attempted to make the source code as clear as possible, instead of implementing optimizations that would obfuscate it.
Weplab works on Unix-like
systems like GNU/Linux
, *BSD
or Mac OS X
and with Cygwin
layer also on Windows
.
Wired Equivalent Privacy
Wired Equivalent Privacy is a weak security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network...
(WEP) wireless encryption protocol works, explain the security vulnerabilities in the protocol, and demonstrate attacks that can be used to compromise a WEP
Wired Equivalent Privacy
Wired Equivalent Privacy is a weak security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network...
protected wireless network
Wireless LAN
A wireless local area network links two or more devices using some wireless distribution method , and usually providing a connection through an access point to the wider internet. This gives users the mobility to move around within a local coverage area and still be connected to the network...
. Weplab is designed not only to crack WEP keys but to analyze the wireless security of a network from an educational point of view. The author has attempted to make the source code as clear as possible, instead of implementing optimizations that would obfuscate it.
Weplab works on Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
systems like GNU/Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
, *BSD
Berkeley Software Distribution
Berkeley Software Distribution is a Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995...
or Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
and with Cygwin
Cygwin
Cygwin is a Unix-like environment and command-line interface for Microsoft Windows. Cygwin provides native integration of Windows-based applications, data, and other system resources with applications, software tools, and data of the Unix-like environment...
layer also on Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
.
Features
Weplab tries to break the WEP key using several known attacks:- attempting to brute forceBrute force attackIn cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier...
the key - loading a list of words or passphrasePassphraseA passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs...
s and trying each one in plain or MD5MD5The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
form. Weplab relies on John the RipperJohn the RipperJohn the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms...
to generate the word list. - using the FMS attack, but with some differences. Unlike traditional implementations of the FMS attack, Weplab tests all initialization vectorInitialization vectorIn cryptography, an initialization vector is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom...
s to determine whether they are weak, and it attacks both the first and the second byteByteThe byte is a unit of digital information in computing and telecommunications that most commonly consists of eight bits. Historically, a byte was the number of bits used to encode a single character of text in a computer and for this reason it is the basic addressable element in many computer...
s. More recent versions of Weplab also include the newer Korek's attacks; with these attacks it is possible to crack a 64-bit key after collecting only 100,000 packets, or crack a 128-bit key after collecting 300,000 packets.