WEP keystream extraction



  • After having captured multiple packets with repeated IVs you can perform cipher1 XOR cipher2 which is the same as having cleartext1 XOR cleartext2, and performing cipher1 XOR cleartext1 gives you the keystream... but how can you separate those XORed clear text messages (cleartext1 XOR cleartext2)?



  • It's not always obvious how to extract the cleartext messages from an XOR. However, in many cases, this is quite obvious. For example, if a message is a 40-byte packets, it's probably an ARP packet, and you already know a bunch of the message from the format of the data on the wire. Or, if you know this is part of an HTTP request, you're already going to know the format of that request, and determining the other message will be easy.

    It may also be possible to determine whether two messages differ in a certain way. For example, if the XOR of the two values is 0, then you know they're the same byte. Similarly, if you know one of the messaages is an ASCII-based protocol (e.g., HTTP/1.1 headers), you can determine whether the other message is as well by looking at the top bit, which may lead you to other, more interesting discoveries.

    Moreover, many of the insecurities of RC4 let you recover the key in this situation, since RC4 is vulnerable to related-key attacks and WEP uses it in exactly such an insecure way. In that situation, the XOR of the data isn't as necessary.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2