WiFi Hacking: Part - 2

For Educational Purposes Only

Today we’ll perform our first practical demonstration of WiFi Hacking

WEP Cracking:

WEP, the first security protocol introduced for WiFi technology in 1997. WEP’s ma1in purpose was to prevent wirelessly transmitted information from unauthorized access and modification.
  • Working of WEP protocol
  • Hacking WEP WiFi
In this blog let's see :

Working of WEP :

WEP uses 40 bits (8 bytes/characters) or 104 bits (13 bytes/characters) shared keys. This shared key is something you know the password of the network. The shared key is concatenated (or joined) with 24 bit (3 bytes/characters) initialization vector or IVs. The IV is just a random string.

The IV just randomizes the shared key. It prevents encryption with the same key of subsequent packets.

After this concatenation, the RC4 algorithm encrypts the resultant combination (IV + Shared key) generating a keystream. This keystream encrypts or decrypts the traffic. The network packets are then encrypted by XORing (an operation) the message and this encryption key.

The Catch:

Here’s the catch. All you have to do is to again XOR the encrypted message with the same keystream to decrypt. Consider, we get two packets encrypted with the same encryption key/keystream. We can decrypt the message as well as the keystream by these packets. Now if you remember, in the keystream there are two things. The preshared key and the initial vector. 

Still, sounds a lot? We also do something known as probing or flooding the AP which causes it to send more and more packets which reduces the time frame to minutes for key repetition because of more packets. After that when we get another packet with the same keystream (or same IV), we can use statistical attacks to extract the WEP key from the packet because the IV is the same and the preshared key was always the same.

The preshared key is the same for every packet but the initial vector is random. As the size of the initial vector is 24 bit, it means that there can be (2^24 = ) 16,777,216 unique combinations represented in 24 bit. It means that an IV will be repeated after a maximum of 16,777,215 packets. It may sound a lot but when you are connected with any AP, the packet transfer rate is very high. This ensures the IV repeats itself in a few-hour time frame.


If you are still alive to make it here. You know more than script kiddies now and will be more confident while performing the attack. Don’t worry! You don’t have to do all of this stuff manually. We have tools that would make our life easier. I would just recommend reading this section one more time just to clear things more. After that, let’s jump right into practical stuff.

Now it's time to get our Hands Dirty.

Cracking WEP:

          Now let's see how things are done in cracking WEP


  • WiFi adapter with monitor Mode
  • Linux OS
  • Aircrack-ng Suite
  • Wifi nearby to Crack

1. Install Aircrack-ng Suite:

            Make sure that you have the aircrack-ng suite installed. Aircrack-ng is a suite (collection of tools) for Wireless Pentesting. Open up a terminal and type:-

sudo apt-get update ipconfig
sudo apt-get install aircrack-ng

2. Enable Monitor:

            Wifi Adapters generally work in Managed Mode, to capture the data packet that is sent in air, We need to enable Monitor Mode.
First, identify the Interface to which your wifi adapter is connected.


It is wlan0 in my case. Now enable monitor mode in that interface

sudo ifconfig <Interface> down
sudo iwconfig <Interface> mode monitor
sudo ifconfig <Interface> up

Now you have your adapter in monitor mode, It's time to start the attack. 

airodump-ng <MonitorModeInterface>

Now, this command list's all the nearby Networks and some additional data needed to Hack that Network. Now that we have all the nearby networks we can sniff data packets from a specific access point.

airodump-ng -d <Target bssid> -w test wlan0 

Now with this command airodump-ng captures all network packets and handshake and stores them in a directory called "test", we can then crack the CSV file containing all the captured information to find the pre-shared key and use it to access the wifi network.

aircrack-ng  test.cap 

Finally, Aircrack-ng cracks the pre-shared key

Hurray! Congratulations on hacking WEP Encryption. If you haven’t checked out my previous blog on WEP hacking part-1, do check it out (Part-1) and read this blog for better understanding.
 With this note, let us meet again in another interesting hacking blog!
Connect to me on LinkedIn!