Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

WEP conversion utility - online?

Posted on 2004-04-23
12
Medium Priority
?
9,545 Views
Last Modified: 2007-12-19
Anyone know of an online or lightweight conversion utility that will convert a 128bit passphrase into its actual key and back?

Maybe something online perhaps....
0
Comment
Question by:Gareth Gudger
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 10

Expert Comment

by:snerkel
ID: 10903932
The passphrase system used in Wireless routers/AP tends to be manufacturer, or even device specific. So a passphrase on one device won't be the same as another manufacturers device.
0
 
LVL 2

Expert Comment

by:beaker67
ID: 10905375
Many wireless routers probably already come with a tool to do this anyway (at least, my Linksys broadband router does).
0
 
LVL 4

Expert Comment

by:digus
ID: 10914069
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 10

Expert Comment

by:snerkel
ID: 10914129
ASCII conversion is not the same as a passphrase
0
 
LVL 4

Expert Comment

by:digus
ID: 10914247
True. But if he's asking a question like that, then maybe that is what he thinks he's looking for...OK - enough jokin around. I was just fishin for some points.

Obviously any key generated from a given "passphrase" is going to be different on every machine. That's the whole point! A 128 bit encryption gives exactly: 340,282,366,920,938,463,463,374,607,431,768,211,456   possible keys.

Quote from  book: "Content Delivery Networks" by Scot Hull:
"If you could iterate through 100 trillion keys a second, you would need something like 100 billion years to iterate through all the key combinations. By way of comparison, the sun will burn out in 8 billion years."

So to answer the question, no I don't know of one. If I did however, I would probably keep my mouth shut about it.;)

Gus
0
 
LVL 31

Author Comment

by:Gareth Gudger
ID: 10914477
>>> Obviously any key generated from a given "passphrase" is going to be different on every machine.

Every machine or manufacturer? Cos I have typed the same key in multiple Linksys devices for example and seen it create the same identical WEP key.
0
 
LVL 10

Expert Comment

by:snerkel
ID: 10914496
I believe you are right diggisaur, the passphrase tends to be the same within a brand (unless units are just being re-badged).

The machine has no bearing on key generated, nor would it make sense to. The idea of a passphrase is to make it easy to remember, hex keys tend to be a little awkward.

This tool may help:-

http://www.warewolflabs.com/portfolio/programming/wepskg/wepskg.html
0
 
LVL 10

Expert Comment

by:snerkel
ID: 10914516
Note it still is only an ASCII to hex convertor....

however another little tool that does use a passphrase is available here:- http://www.greatchief.plus.com/  see other downloads section, and select crypter.
0
 
LVL 4

Expert Comment

by:digus
ID: 10914840
I don't think either of you are right, but I've been wrong many times before.... so maybe you guys can teach me something here. As for your remark:  "I have typed the same key in multiple Linksys devices for example and seen it create the same identical WEP key."

Well that’s kind of scary. I'll have to check that out for myself, but if what you say is true then I definitely won't be buying any more of Linksys' wireless devices. I do this for a living, so that would be a good thing to know.

It IS totally possible to break a wep key by way of wireless sniffing (exploiting the known weaknesses of wep encryption), but this method is much different than just cracking a key by "brute force" like you asked for and I described earlier.

NO ONE will EVER reply to this post with a reasonable solution the second part of your request (the "and back" part). I'm not saying it is impossible... Now if you want to do some cracking by way of sniffing - that is much easier to accomplish:

http://airsnort.shmoo.com/

http://www.personaltelco.net/index.cgi/AirSnort

http://way.nu/archives/000111.html

http://securitygeeks.shmoo.com/article.php?story=20020217161039798


Gus
0
 
LVL 10

Accepted Solution

by:
snerkel earned 500 total points
ID: 10916168
digus for the whole concept of WiFi to work the key is common between devices on a wireless network, else they would never be able to transfer data.

The passphrase simply creates a hex key that then is used by the device it is created on.

Other devices using the same passphrase (and the same method of generating the key) will create the same hex key or the wireless network would not work.

In sumary the hex key is the one used to encrypt/decrypt the data. The same hex key needs to be present on all wireless machines or the data will not be decrypted correctly, and any encrypted data will be un-readable by other devices.
0
 
LVL 31

Author Comment

by:Gareth Gudger
ID: 10917689
Thanks snerkel....for that WEP key link.

From trying out my current passphrases and known WEP keys already for my network it apparently generates different ones from the Linksys utility.

However, like the Linksys one they both generate their same WEP key every time from the given passphrase. I will have to try this on other manufacturers too but I would assume it would be the same.

Countless wireless manufacturer offer the same passphrase generation to WEP key utility digus to make so you never have to enter a manual WEP key. If the passphrases generated different WEP keys on your same network they wouldn't be able to talk. You WEP keys have to all be the same.

I know this because I have been doing wireless networks for 3 years now which has included (802.11a/b/g and pre-standards that ran on 1.6Mbps, 2Mbps. etc... and have used the following manufacturers, Linksys, Cisco, 3COM, Intel, Xircom, Netgear, Belkin, D-link & Orinoco)

My question was moreso a pondering about a wireless utility that converted passphrase to WEPs online. I've never truly tested to see if all manufacturers use the same WEP generation algorithm. I guess not - I see not reason why they wouldn't use the same one either. It wouldn't be a security flaw if they did because everyone's passphrase should be as equally unique.

Therefore points to Snerkel.
0
 

Expert Comment

by:newk184515
ID: 11715518
I my case a more precise answer was needed: I couldn't access the network port of the wireless router and knew only the passphrase.  What is the key ?

The algorithm was described at http://www.lava.net/~newsham/wlan/ (the ppt at the bottom) and is different for 40/64 bit (very insecure) or 104/128 bit (better but WEP is the weakpoint...)

The key is the MD5 hash of the passphrase which is repeated to reach 64 bytes.  Here's the code in Java:

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class WEPKey {
    public static void main(String[] args) throws NoSuchAlgorithmException {
        printKeys(generateKeys("This is some passphrase; make it long"));
    }

    private static void printKeys(byte[] key) {
        for(int i=0; i < 13; i++) {
            int val = key[i] < 0 ? 256 + key[i] : key[i];
            if (val < 15)
                System.out.print('0');
            System.out.print(Integer.toHexString(val).toUpperCase());
            System.out.print("  ");
        }
        for(int i=0; i < 13; i++) {
            int val = key[i] < 0 ? 256 + key[i] : key[i];
            if (val < 15)
                System.out.print('0');
            System.out.print(Integer.toHexString(val).toUpperCase());
        }
        System.out.println();
    }

    private static byte[] generateKeys(final String passphrase) throws NoSuchAlgorithmException {
        byte[] passbytes = passphrase.getBytes();
        byte[] hasInput = new byte[64];

        int fullRepetitions = 64 / passbytes.length;
        int partialRepetitions = 64 % passbytes.length;
        for(int i = 0; i < fullRepetitions; i++)
            System.arraycopy(passbytes, 0, hasInput, i * passbytes.length, passbytes.length);
        System.arraycopy(passbytes, 0, hasInput, hasInput.length - partialRepetitions, partialRepetitions);

        MessageDigest md = MessageDigest.getInstance("MD5");
        byte[] keys = md.digest(hasInput);
        return keys;
    }
}
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally Windows/Microsoft Updates will fail to update. We have found a code that will delete all temporary files and re-register all dll's related to Windows/Microsoft Updates! This works 99% of the time to get the updates working again! The…
The article covers five tools all IT professionals should know about, as they up productivity by a great deal!
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question