1 / 16

WEP 破解大公開

WEP 破解大公開. 陳小龍. Outline. Introduction to WEP Problems with WEP Introduction to Kismet Use Airodump 破解 wep . Introduction to WEP. “Wired Equivalent Privacy” Designed to provide security equivalent to a wired network.

issac
Download Presentation

WEP 破解大公開

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WEP 破解大公開 陳小龍

  2. Outline • Introduction to WEP • Problems with WEP • Introduction to Kismet • Use Airodump • 破解wep

  3. Introduction to WEP • “Wired Equivalent Privacy” • Designed to provide securityequivalent to a wired network. • WEP is the security protocol for wireless LANs operating under the 802.11 standard

  4. Features of WEP • Uses RC4 algorithm for encryption. • Uses shared WEP key of 40 or 104 bits. • Uses an Initial Vector (IV) of 24 bits. • Packet includes a Integrity Check Vector (ICV) ─ basically a CRC check.

  5. Sender’s Movement • (1) Use CRC-32 to compute a checksum ICV appended to plaintext. • (2) Generate a random number IV concatenated with the shared key to form a keystream. • (3) XOR plaintext with the keystream to get the ciphertext. • (4) Transmit IV and ciphertext to receiver

  6. Receiver’s Movement • (1) Use transmitted IV and the shared key to generate the keystream. • (2) XOR the ciphertext with keystream to get plaintext and ICV. • (3) Check ICV

  7. Flow of WEP Processing

  8. Problems with WEP • Use of WEP is optional. • 24-bit IVs are too short. • The Integrity Check Value (ICV) is insecure. • Integrity protection for Header is not provided.

  9. 實驗環境 偷聽 WEP User

  10. Kismet進行網路探測 (1/2) • Kismet是一個基於Linux的無線網路掃描程式,這是一個相當方便的工具,透過測量周遭的無線信號來找到目標WLAN。 • 雖說Kismet也可以捕獲網路上的數據通信,但在還有其他更好的工具使用(如Airodump),在這裡我們只使用它來確認無線網卡是否正常工作和用來掃描無線網路。

  11. Kismet進行網路探測(2/2) • 除掃描無線網路之外,Kismet還可以捕獲網路中的數據包到一個文件中以方便以後加以分析使用,因此Kismet會詢問用來存放捕獲數據包的文件的位置 • 我想把這些文件保存到root\desktop下,則單擊“Desktop”,然後選擇“OK”即可

  12. Airodump來捕獲數據包(1/2) • Airodump的主要工作是捕獲數據包並為Aircrack建立一個包含捕獲數據的文件。在用來攻擊與破解的兩台計算機中的任一一台上,筆者是使用的是Attack計算機,打開一個shell窗口並輸入以下的命令: • Iwconfig wifi0 essid “ANT-AP” • iwconfig wifi0 mode monitor

  13. Airodump來捕獲數據包(2/2) • Adultor  wireless  scamer /analysis kismet tool  kismet • Airodump wifi0 cap1 • 等待時間

  14. 破解WEP(1/2) • 在這兒,我們對Packet 的值不感興趣,因為它並不能夠有助于破解WEP,IV 值則是個很重要的數字,因為如果要破解一個64bit的WEP密鑰,需要捕獲大約50000到200000個IV,而破解一個128bit的WEP密鑰,則需要大約200000到700000個IV。

  15. 破解WEP(2/2) • Aircrack –f 6 –m (mac of AP) –n 64or128 –q 3 cap1.cap

  16. 結論 • WEP 並非安全 • 以時間換最空間,就可以破解WEP • 目前的無線網路,大還多是使用WEP,學會之後,應該有70%,可以偷偷上別人的無線網路

More Related