Illustration of windows Wireless Network password cracking process

Since the birth of wireless networks, the term "security" has always been around "wireless. Attack and Defense are like brothers. No matter how advanced your encryption means are, there will soon be a variety of cracking methods. Not long ago, the Zhongguancun online network equipment channel provided an article titled "do you really know about the Wireless Router password setting mode", which details the current types of wireless network encryption modes, in this article, we once mentioned that WEP is the easiest to crack in the wireless network encryption mode. However, when we find that many users encrypt their wireless networks, we still use the WEP encryption mode. Today, we will share with you how the WEP encryption mode is cracked. Our starting point is to protect our network.

Currently, users who still use the WEP password encryption mode either have little knowledge about wireless networks or are lucky enough to feel that WEP encryption should be enough to protect their networks. WEP supports 64-bit and 128-bit encryption. For 64-bit encryption, the key is 10 hexadecimal characters (0-9 and A-F) or 5 ASCII characters; for 128-bit encryption, the key is a string of 26 hexadecimal or 13 ASCII characters.

Data can be sent and received over wireless networks more easily. Therefore, encryption and authentication are two essential factors for a secure and stable wireless network. WEP (Wired Equivalent Privacy: (wired peer-to-peer) Protocol to set up a dedicated Security Mechanism for business flow encryption and node authentication. It is mainly used for the confidentiality of link layer information data in Wireless LAN. WEP adopts symmetric encryption mechanism, and data encryption and decryption adopts the same key and encryption algorithm. WEP uses an encryption key (also known as the WEP Key) to encrypt the data portion of each packet exchanged on the 802.11 Network.

Because wireless networks do not require network connections, we only need to enter the wireless network. We used software to crack the WEP encryption mode in wireless networks. First, we first use the NetStumbler software to detect wireless networks.

We can see that NetStumbler found two wireless networks, and we can see a lot of information about this network. This stage is data collection. In the red box, the AP with the SSID name demonalex is determined to be of the 802.11b type, and the Encryption attribute is 'encrypted'. According to the algorithm standards supported by 802.11b, this algorithm is determined as WEP. Note that NetStumbler marks the WEP algorithm on the Encryption attribute for any STA (802.11 Wireless site) that uses Encryption algorithms, for example, the encryption algorithm used by the AP in which the SSID is gzpia is actually a WPA2-AES.

NetStumbler data collection

The purpose of this discussion is to capture appropriate data frames for IV (initialization vector) and obtain WEP keythrough brute-force cracking. Because of this, airodump.exe(capture data frame ratio and winaircrack.exe (crack wep key) are used together.

Ariodump search information

Open the ariodump program. First, the program will prompt all wireless network interface interfaces that currently exist on the local machine, and ask you to enter the ID of the wireless network card interface to capture data frames, here we choose to use the buffalo wnic-number '26' that supports general-purpose drivers, and then the program requires you to enter the chip type of the WNIC, at present, most international general-purpose chips use a subset of 'hermesi/Realtek '. Therefore, select 'O'. Then, enter the channel of the signal to be captured, the channel of the AP/wireless route to be captured is '6'. The system prompts you to enter the file name and location of the captured data frame. The file is stored in the installation directory of winaircrack by default. the cap end is 'last' in the above example. The final winaircrack prompts: 'Do you want to write only/record IV (initial vector) to the cap file? ', Select 'no/N' here. After confirming the preceding steps, the program starts to capture data packets.

Ariodump search parameter information

The following process takes a long time until the total number of 'packets 'columns in the table is 300000. When the communication data traffic of the AP/wireless route is extremely frequent and the data traffic is extremely high, the acceleration of the value corresponding to 'packets 'increases.

When the program runs to meet the requirements of 'packets '= 300000, press Ctrl + C to end the process. In the installation directory of winaircrack, you will find two files: last.capand last.txt. The last. cap indicates that the information is displayed after the packet record file token of the general sniffer.

Statistical data

The attack mainly targets last. cap. Run the winaircrack.exe file and click the folder button in the red box *. in the cap selection dialog box, select last. cap file, and then click the 'web' button on the right to switch the main interface to the Wep cracking option interface.

WinAirCrack Interface

WinAirCrack Interface

Select 'key size' as 64 (currently most users use the WEP Key of this length, so this step is entirely based on speculation to select this value), and finally click the Aircrack button at the bottom right of the main interface, A process dialog box embedded in cmd is displayed, and the wep key is displayed.

Final cracking Interface

We can see the cracked key from the cmd, which is our final goal. The rest is that we use our laptop to connect the SSID to the demonalex wireless network, then fill in the key we learned to crack Changyou network.

In fact, in addition to this, there are still a lot of software that can crack the WEP encryption mode: Kismet, a super wireless sniffer; GFI firewall ARD, a commercial network security scanner on Windows platforms; Airsnort, 802.11 WEP encryption and cracking tool. These software can be easily downloaded on the network, as long as there is enough time to capture the wireless network communication number in the communication, attackers can crack wireless network security settings, such as WEP encryption, WPA encryption, MAC filtering, and SSID hiding.

Through the above demonstration, we can see that the current wireless technology development, WEP encryption mode can not completely protect our network security, and the current cash WPA or WPA2 encryption mode, they are commonly used and are also encrypted with higher security. Therefore, to protect the security of our wireless network, you must make enough settings. Let's work together to protect our network security.