T43 cracking WEP encryption Experiment

A friend recently asked me how to crack the wireless network WEP encryption, I happen to have a TP-LINK Wireless AP, grabbed to do a cracking experiment.

I. Devices

1. Hardware:
Two IBM Thinkpad T43 laptops with Intel 2200BG wireless NICs. One is called A, and the other is called B. A is used to simulate A client computer that can access the Internet normally. B is used as our cracking machine to crack the WEP Key By eavesdropping on communication between A and wireless routes.

TP-LINK home wireless routing one (TL-WR340G +), supporting 64/128 bit WEP. The SSID is set to "wepte ".
One 1G langke USB flash disk is used as the boot disk, and subsequent operations are performed on the USB flash disk. Does not affect the system on the hard drive of the notebook.

2. Software: http://www.remote-exploit.org/

ISO download link:
Http://www.remote-exploit.org/backtrack_download.html

Because I am a USB flash drive, you only need to run bt3final_usb.iso.

BT3 help document set:
Http://wiki.remote-exploit.org/index.php/Main_Page


Then the software Spoonwep2. It is very convenient. You can scan the file first and then select it. You do not need to input MAC any more. You do not need to enter cumbersome commands in the command line. Download Spoonwep2:
Http://www.butian.org/security/software/protect/707.html


Ii. Installation and cracking

The following steps are completed in windows XP.

1. Clear the USB flash drive and unbind bt3final_usb.iso to the USB flash drive. About 780 mb. There are two directories:/BOOT/AND/BT3 /.

2. Decompress spoonwep2.lzm to the USB flash drive and put it under/BT3/modules.

3. Open the BOOT directory and run bootinst. bat. However, when I first run it, an error is reported, prompting me to add the-f parameter.

In fact, it refers to
Modify ootsyslinuxsyslinux.exe-ma-d ootsyslinux % DISK %:"
“Ootsyslinuxsyslinux.exe-fma-d ootsyslinux % DISK % :"

The reason is that the system recognizes my USB flash drive as a "Local disk" rather than a "removable disk ". Then I run bat and the installation is successful. If your system recognizes a USB flash drive as a "removable disk", you do not need to add-f.

4. Next, I plug the USB flash drive into USB port B, and choose to start the USB flash drive from the USB flash drive to enter the BT3 interface:

 

5. Click to start spoonwep2, or enter "spoonwep" in the terminal window.

 


6. Select the wireless network card. The wireless network card on machine B is ETH1, and the driver is normal. As the attack end, we do not know the password of the other WEP, so select unknown victim. Click next after the selection.

 

7. Go to "Victims Discovery ". Click LAUNCH on the right and the system starts scanning the surrounding wireless network.

 


8. When my wireless route is found, select it and click selection OK. At this time, machine A is using this route to wirelessly access the APE music on another computer and play it online.


9. Explain the cracking process through several other pictures:

 


 

 



The above is the general cracking process. Note that the WEP code is in hexadecimal format and can be used directly. You may think it is hard to remember to convert it into ASCII code.
 
In general, it takes about packets to break out. Pay attention to the value of "data", that is, the amount of data packets that can be cracked .. Abu. Comments:
The CIA provided by Tianji can be described as an expert in wireless network security. He was playing wireless cracking many years ago. He recently asked him about Nic cracking and gave me this article, let's share with you.