WEP Brute forcer

This project came forth from my use of Johnny Cache's jc-wepcrack I really liked the software, and even got it compiled and running on some of my sun sparc servers. But I ended up getting false positives instead of real keys.

I had always wanted play with the pcap library, so I made an app in C++ to go through my log files and find the APs and make a list based off of their settings. Another problem I had faced with jc-wepcrack was it identifing wpa/wpa2 networks as wep networks. So I tried to account for those as well.I'm sure I may have a problem with some of the new N routers.Also this only tries to crack 64bit wep keys.

What I ended up with in a c++ server application, that will read in all the access points and their data from a pcap file. Determine if they are WEP access points. Then list them so the user can choose which one to crack. I have also created a seperate application that will go through all the WEP based APs on its own, so you can let it run through the whole pcap file.

The server app listens for a client to connect and when it does, sends it the iv, the data, and the section of the wep key it should try to crack.

If the client does not find a key, the same info is sent, but the section of the key to check is incremented. If a possible key is found it is checked against the remaining data packets to make sure it is valid. If the key is valid, when the client connects it is sent a packet stating that the key has been found and that it can shut down.

The client currently is written in C++, but its only requirements are tcp/ip sockets and ssl for doing the RC4(I tried my own RC4 code but it slowed down the process significatly. If you have some faster code, please let me know!) So a client could easily be written in Java,python,etc. This also allows for a Windows client, which is something I have wanted for a long time, since my work laptop is always my fastest machine.
I have successfully gotten the client to run on the following systems.
-> Dual p3 running ubuntu
-> Dual Ultra 60 Sparc running debian
-> Sun Netra Sparc server running solaris 10
-> Dual p2 running freebsd
-> Dual p2 running openbsd
-> Core 2 Duo runnning Vista, client running in Cygwin

I have yet to try it on a PPC apple machine, or on a newer mac. But I don't foresee any problems.


The number to enter is the number on the far left.
IE: for Legend enter 0
for l0phty enter 1
etc

Server source code v0.1
Client source code v0.1
Win32 command line Client v0.1



If you have any clients to add, and problems, questions etc, please let me know!

code@bergera.com

Home