• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9554
  • Last Modified:

WEP conversion utility - online?

Anyone know of an online or lightweight conversion utility that will convert a 128bit passphrase into its actual key and back?

Maybe something online perhaps....
0
Gareth Gudger
Asked:
Gareth Gudger
  • 5
  • 3
  • 2
  • +2
1 Solution
 
snerkelCommented:
The passphrase system used in Wireless routers/AP tends to be manufacturer, or even device specific. So a passphrase on one device won't be the same as another manufacturers device.
0
 
beaker67Commented:
Many wireless routers probably already come with a tool to do this anyway (at least, my Linksys broadband router does).
0
 
digusCommented:
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
snerkelCommented:
ASCII conversion is not the same as a passphrase
0
 
digusCommented:
True. But if he's asking a question like that, then maybe that is what he thinks he's looking for...OK - enough jokin around. I was just fishin for some points.

Obviously any key generated from a given "passphrase" is going to be different on every machine. That's the whole point! A 128 bit encryption gives exactly: 340,282,366,920,938,463,463,374,607,431,768,211,456   possible keys.

Quote from  book: "Content Delivery Networks" by Scot Hull:
"If you could iterate through 100 trillion keys a second, you would need something like 100 billion years to iterate through all the key combinations. By way of comparison, the sun will burn out in 8 billion years."

So to answer the question, no I don't know of one. If I did however, I would probably keep my mouth shut about it.;)

Gus
0
 
Gareth GudgerAuthor Commented:
>>> Obviously any key generated from a given "passphrase" is going to be different on every machine.

Every machine or manufacturer? Cos I have typed the same key in multiple Linksys devices for example and seen it create the same identical WEP key.
0
 
snerkelCommented:
I believe you are right diggisaur, the passphrase tends to be the same within a brand (unless units are just being re-badged).

The machine has no bearing on key generated, nor would it make sense to. The idea of a passphrase is to make it easy to remember, hex keys tend to be a little awkward.

This tool may help:-

http://www.warewolflabs.com/portfolio/programming/wepskg/wepskg.html
0
 
snerkelCommented:
Note it still is only an ASCII to hex convertor....

however another little tool that does use a passphrase is available here:- http://www.greatchief.plus.com/  see other downloads section, and select crypter.
0
 
digusCommented:
I don't think either of you are right, but I've been wrong many times before.... so maybe you guys can teach me something here. As for your remark:  "I have typed the same key in multiple Linksys devices for example and seen it create the same identical WEP key."

Well that’s kind of scary. I'll have to check that out for myself, but if what you say is true then I definitely won't be buying any more of Linksys' wireless devices. I do this for a living, so that would be a good thing to know.

It IS totally possible to break a wep key by way of wireless sniffing (exploiting the known weaknesses of wep encryption), but this method is much different than just cracking a key by "brute force" like you asked for and I described earlier.

NO ONE will EVER reply to this post with a reasonable solution the second part of your request (the "and back" part). I'm not saying it is impossible... Now if you want to do some cracking by way of sniffing - that is much easier to accomplish:

http://airsnort.shmoo.com/

http://www.personaltelco.net/index.cgi/AirSnort

http://way.nu/archives/000111.html

http://securitygeeks.shmoo.com/article.php?story=20020217161039798


Gus
0
 
snerkelCommented:
digus for the whole concept of WiFi to work the key is common between devices on a wireless network, else they would never be able to transfer data.

The passphrase simply creates a hex key that then is used by the device it is created on.

Other devices using the same passphrase (and the same method of generating the key) will create the same hex key or the wireless network would not work.

In sumary the hex key is the one used to encrypt/decrypt the data. The same hex key needs to be present on all wireless machines or the data will not be decrypted correctly, and any encrypted data will be un-readable by other devices.
0
 
Gareth GudgerAuthor Commented:
Thanks snerkel....for that WEP key link.

From trying out my current passphrases and known WEP keys already for my network it apparently generates different ones from the Linksys utility.

However, like the Linksys one they both generate their same WEP key every time from the given passphrase. I will have to try this on other manufacturers too but I would assume it would be the same.

Countless wireless manufacturer offer the same passphrase generation to WEP key utility digus to make so you never have to enter a manual WEP key. If the passphrases generated different WEP keys on your same network they wouldn't be able to talk. You WEP keys have to all be the same.

I know this because I have been doing wireless networks for 3 years now which has included (802.11a/b/g and pre-standards that ran on 1.6Mbps, 2Mbps. etc... and have used the following manufacturers, Linksys, Cisco, 3COM, Intel, Xircom, Netgear, Belkin, D-link & Orinoco)

My question was moreso a pondering about a wireless utility that converted passphrase to WEPs online. I've never truly tested to see if all manufacturers use the same WEP generation algorithm. I guess not - I see not reason why they wouldn't use the same one either. It wouldn't be a security flaw if they did because everyone's passphrase should be as equally unique.

Therefore points to Snerkel.
0
 
newk184515Commented:
I my case a more precise answer was needed: I couldn't access the network port of the wireless router and knew only the passphrase.  What is the key ?

The algorithm was described at http://www.lava.net/~newsham/wlan/ (the ppt at the bottom) and is different for 40/64 bit (very insecure) or 104/128 bit (better but WEP is the weakpoint...)

The key is the MD5 hash of the passphrase which is repeated to reach 64 bytes.  Here's the code in Java:

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class WEPKey {
    public static void main(String[] args) throws NoSuchAlgorithmException {
        printKeys(generateKeys("This is some passphrase; make it long"));
    }

    private static void printKeys(byte[] key) {
        for(int i=0; i < 13; i++) {
            int val = key[i] < 0 ? 256 + key[i] : key[i];
            if (val < 15)
                System.out.print('0');
            System.out.print(Integer.toHexString(val).toUpperCase());
            System.out.print("  ");
        }
        for(int i=0; i < 13; i++) {
            int val = key[i] < 0 ? 256 + key[i] : key[i];
            if (val < 15)
                System.out.print('0');
            System.out.print(Integer.toHexString(val).toUpperCase());
        }
        System.out.println();
    }

    private static byte[] generateKeys(final String passphrase) throws NoSuchAlgorithmException {
        byte[] passbytes = passphrase.getBytes();
        byte[] hasInput = new byte[64];

        int fullRepetitions = 64 / passbytes.length;
        int partialRepetitions = 64 % passbytes.length;
        for(int i = 0; i < fullRepetitions; i++)
            System.arraycopy(passbytes, 0, hasInput, i * passbytes.length, passbytes.length);
        System.arraycopy(passbytes, 0, hasInput, hasInput.length - partialRepetitions, partialRepetitions);

        MessageDigest md = MessageDigest.getInstance("MD5");
        byte[] keys = md.digest(hasInput);
        return keys;
    }
}
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 5
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now