Unlock WEP Wifi password with Backtrack

You know that if you want to lock the Wifi network, you need to select the WPA key because WEP is easily cracked. But do you know how easy it is to unlock WEP? Look here.

In this article, we will gradually learn how to unlock the Wifi network using WEP security. However, the first thing to remember, knowledge is power but strength does not mean that we can do anything illegal. Knowing unlocking does not mean that you will become a thief. See this article in an educational way.

There are many tutorials on unlocking WEP on the internet using this method. This is not "news" but popular. With my little network experience, I can do this with free software and a cheap Wifi adapter. Here are the steps.

Prepare

Shop for these tools unless you're a computer expert or network ninja. Here's what you need:

1. A compatible wireless adapter : This is an important tool. You need a wireless adapter capable of transmitting packets that your computer does not have. After consulting with my dear security expert, I bought an Alfa AWUS050NH USB converter on Amazon for $ 50. But I recommend using Alfa AWUS036H. In the video below, this guy used a $ 12 version bought on Ebay. There are many types of aircrack compatible adapters in the market.
2. A BackTrack Live CD disc : Linux Live CD allows to perform all kinds of tests and security tasks. Please download a copy of the CD and write it down or upload it to VMware to get started.
3. WEP-enabled Wifi : Signal should be stable and people are using it, connecting and disconnecting from it. The more users when you collect data to run your crack the more chances of success.
4. Patience with the command line . This is a 10-step process that requires typing long, secret commands and waiting for data collection for your Wifi card to break the password. Just like a doctor tells impatient people that just wait a bit longer.

WEP unlocking

To break the WEP key, you need to enable Konsole, BackTrack is built from the command line. It is located right on the taskbar in the lower left corner, the second button from the left.

First, run the following command to get a list of your network interfaces:

airmon-ng

I get single label ra0. You may receive another label, write down the label you received. From there, change it to any position of the command.

Now, run the following four commands. See the output I got in the screenshot below.

airmon-ng stop (interface)
ifconfig (interface) down
macchanger --mac 00: 11: 22: 33: 44: 55 (interface)
airmon-ng start (interface)

If you do not get the same results from these commands as shown, chances are your network adapter is not suitable for the operation of this specific crack. If you get the result, you have successfully "forged" a new MAC address on the network interface 00: 11: 22: 33: 44: 55.

Now it's time to choose your network. Run to see a list of wireless networks around you.

airodump-ng (interface)

When you see one of the networks you want, press Ctrl + C to stop the list. Highlight the row related to the network you are interested in and note two things: the BSSID and its channel (in the column labeled CH), as shown below. Obviously, you want to crack the need to have WEP encryption (in ENC), not WPA, .

As I said, press Ctrl + C to stop the list. (I have to do this once or twice to find the network I am looking for). When you get your network, do mark the BSSID and copy it to your clipboard for reuse in the upcoming commands.

At this point, we will see what is happening to the network you have selected and save the information to a file. Run:

airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)

In it, (channel) is your network channel and (bssid) is the BSSID you just copied to the clipboard. You can use the key combination Shift + Insert button to paste it into the command. Enter any description for (file name). I named the network I broke the key as "yoyo".

You will get output like what in the window in the background image below. Open a new Konsole window, and enter this command into:

aireplay-ng -1 0 -a (bssid) -h 00: 11: 22: 33: 44: 55 -e (essid) (interface)

(essid) is the name of the access point SSID, in this case yoyo. After that, you will receive a successful "Association successful" message with a smiley icon:

Now it's time to enter:

aireplay-ng -3 -b (bssid) -h 00: 11: 22: 33: 44: 55 (interface)

Here, they generate router traffic that captures as much power as quickly to speed up cracking. After a few minutes, the previous window will start running with read / write packets (besides, I can't surf the web with yoyo networks on my own computer while doing this step). This is the stage where you can take a break. Basically, you have to wait until you collect enough data to run your crack. Track the number in the #Data column (854 in the picture below).

The processing time of this process depends on your network power (at least at -32 in the lower image, although yoyo's AP is in the same room as my adapter). Wait until #Data exceeds 10K, because crack will not work if that number is not reached.

When collecting enough data, it is the moment of truth. Start the third Konsole window and run the following program to unlock the data you have collected:

aircrack-ng -b (bssid) (file name-01.cap)

Here, the file name should be the name entered above for (file name). You can browse the Home folder to view it, it is in the extension with .cap.

If you do not have enough data, aircrack will fail and require a retry. Or successful, it will look like this:

WEP password appears next to "KEY FOUND". Type the colon and enter the password to log in to the network.

Problems that occur in the process

I wrote this article to prove that WEP cracking is a relatively easy process. It is true, but not as lucky as the guy in the video below, I have encountered some difficulties while doing. In fact, you will find that the information in the last image here will be different from others because it is not mine. Although the AP I'm breaking is mine and the same room with my Alfa, the productivity on credit is always around -30 and the data collection will be very slow and BackTrack is constantly broken before it is completed. After a dozen attempts, I still couldn't gather enough data in aircrack to decrypt the key.

Therefore, this process is easy in theory, but in fact, also depends on many other factors.