LOGIN TOP STORIES MOST POPULAR

ASK LIFEHACKER How Do I Get Out of an Argument with an Irrational Person?

625

WI-FI

How to Crack a Wi-Fi Networks WEP Password with BackTrack

You already know that if you want to lock down your Wi-Fi network, you should opt for WPA encryption because WEP is easy to crack. But did you know how easy? Take a look. Our old guide to cracking Wi-Fi WEP passwords is a perennial Evil Week favorite. Alternatively, if you're not in a reading mood, check out the video version. Today we're going to run down, step-by-step, how to crack a Wi-Fi network with WEP security turned on. But first, a word: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise. Dozens of tutorials on how to crack WEP are already all over the internet using this method. SeriouslyGoogle it. This ain't what you'd call "news." But what is surprising is that someone like me, with minimal networking experience, can get this done with free software and a cheap Wi-Fi adapter. Here's how it goes.

BY GINA TRAPANI

OCT 28, 2011 9:30 AM 3,524,881 466

TETHERING 391 ClockworkMod Tether Tethers Your Android Phone for Free, No Root Required HEALTH 315 A Half-Hour Walk Can Make a Big Difference, Even If Its Your Only Activity RESOLUTIONS 247 The Science Behind New Years Resolutions (and How to Use It to Achieve Yours) MORE STORIES...

Share

What You'll Need

FOLLOW LIFEHACKER

LOGIN MOST POPULAR

Unless you're a computer security and

Like

344,876 people like this.

ASK LIFEHACKER networking ninja, chances are you don't have all the tools on hand to 625 How Do I Get Out this job done. Here's what you'll need: get of an Argument with an Irrational Person? compatible wireless adapterThis is the biggest requirement. A TETHERING 391 chances are ClockworkMod Tether Tethersthe one in your computer is not. After consulting with my friendly neighborhood security expert, I purchased an Alfa Your Android Phone for Free, No Root Required AWUS050NH USB adapter, pictured here, and it set me back about

You'll need a wireless adapter that's capable of packet injection, and

$50 on Amazon. Update: Don't do what I did. Get the Alfa AWUS036H, not the US050NH, HEALTH 315 instead. The guy in this video below a using a $12 model he bought on Ebay (and is even A Half-Hour Walk Can Make is selling his router of choice). There are plenty of resources on getting aircrack-compatible Big Difference, Even If Its Your adapters Onlythere. out Activity A BackTrack 3 Live CD. We already took you on a full screenshot tour of how to install and RESOLUTIONS 247 The Science Linux Live CD that use BackTrack 3, theBehind New Years lets you do all sorts of security testing and tasks.
Resolutions copy of the CD It Download yourself a(and How to Use and burn it, or load it up in VMware to get started. (I tried to Achieve Yours) MORE STORIES... the BackTrack 4 pre-release, and it didn't work as well as BT3. Do yourself a favor and stick with BackTrack 3 for now.)

A nearby WEP-enabled Wi-Fi network. The signal should be strong and ideally people are using it, connecting and disconnecting their devices from it. The more use it gets while you collect the data you need to run your crack, the better your chances of success. Patience with the command line. This is an ten-step process that requires typing in long, arcane commands and waiting around for your Wi-Fi card to collect data in order to crack the password. Like the doctor said to the short person, be a little patient.

Crack That WEP

To crack WEP, you'll need to launch Konsole, BackTrack's built-in command line. It's right there on the taskbar in the lower left corner, second button to the right. Now, the commands. First run the following to get a list of your network interfaces: airmon-ng The only one I've got there is labeled ra0. Yours may be different; take note of the label and write it down. From here on in, substitute it in everywhere a command includes (interface). Now, run the following four commands. See the output that I got for them in the screenshot below.

airmon-ng stop (interface) ifconfig (interface) down macchanger --mac 00:11:22:33:44:55 (interface)

airmon-ng start (interface) LOGIN

MOST POPULAR

If you don't get the same results from these commands as pictured here, most likely your network adapter won't work with this particular crack. If you do, you've successfully "faked" a new MAC address on your network interface, 00:11:22:33:44:55.

Now it's time to pick your network. Run:

ASK LIFEHACKER 625 How Do I Get Out of an Argument with an airodump-ng (interface) Irrational Person?

391 To see a list ofTETHERING wireless networks around you. When you see the one you want, hit Ctrl+C to stop ClockworkMod Tether Tethers the list. Highlight the row pertaining to the network of interest, and take note of two things: its Your Android Phone for Free, BSSID and its channel (in the column labeled CH), as pictured below. Obviously the network you No Root Required want to crack should have WEP encryption (in the ENC) column, not WPA or anything else. HEALTH 315 A Half-Hour Walk Can Make a Big Difference, Even If Its Your Only Activity RESOLUTIONS 247 The Science Behind New Years Resolutions (and How to Use It MORE STORIES...

Like I said, hit Ctrl+C to stop this listing. (I had to do this once or twice to find the network I was looking for.) Once you've got it, highlight the BSSID and copy it to your clipboard for reuse in the upcoming commands.

Now we're going to watch what's going on with that network you chose and capture that information to a file. Run: airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface) Where (channel) is your network's channel, and (bssid) is the BSSID you just copied to clipboard. You can use the Shift+Insert key combination to paste it into the command. Enter anything descriptive for (file name). I chose "yoyo," which is the network's name I'm cracking.

You'll get output like what's in the window in the background pictured below. Leave that one be. Open a new Konsole window in the foreground, and enter this command:

LOGIN aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) MOST POPULAR

Here the ESSID is the access point's SSID name, which in my case is yoyo. What you want to get after this command is the reassuring "Association successful" message with that smiley face. You're almost there. Now it's time for: aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface) Here we're creating router traffic to capture more throughput faster to speed up our crack.
ASK LIFEHACKER How Do I Get Out of an Argument with an Irrational Person? TETHERING

After a few minutes, that front window will

625

start going crazy with read/write packets. (Also, I was unable to surf the web with the yoyo network on a separate computer while

this was going on.) Here's the part where you might have to grab yourself a cup of coffee or take a walk. Basically you want to wait until enough data has been collected to run your crack. Watch the ClockworkMod Tether Tethers number in theYour Android Phone for Free, it to go above 10,000. (Pictured below it's only at 854.) "#Data" columnyou want
No Root Required 391

Depending on the power of your network (mine is inexplicably low at -32 in that screenshot, even
HEALTH 315 though the yoyo AP was in the same room as my adapter), this process could take some time. Wait

until that #Data goes over 10k, thoughbecause the crack won't work if it doesn't. In fact, you may Big Difference, Even If Its Your need more than 10k, though that seems to be a working threshold for many. Only Activity
RESOLUTIONS 247 The Science Behind New Years Resolutions (and How to Use It MORE STORIES...

A Half-Hour Walk Can Make a

Once you've collected enough data, it's the moment of truth. Launch a third Konsole window and run the following to crack that data you've collected: aircrack-ng -b (bssid) (file name-01.cap) Here the filename should be whatever you entered above for (file name). You can browse to your Home directory to see it; it's the one with .cap as the extension. If you didn't get enough data, aircrack will fail and tell you to try again with more. If it succeeds, it will look like this:

LOGIN MOST POPULAR

The WEP key appears next to "KEY FOUND." Drop the colons and enter it to log onto the network.

Problems Along the Way

With this article I set out to prove that cracking WEP is a relatively "easy" process for someone determined and willing to get the hardware and software going. I still think that's true, but unlike the guy in the ASK LIFEHACKER video below, I had several difficulties along the way. In fact, you'll notice that the last 625 How Do I Get Out screenshot upof an Argumentlook like the othersit's because it's not mine. Even though the AP there doesn't with an which I was cracking was my own and in the same room as my Alfa, the power reading on the Irrational Person? signal was always around -30, and so the data collection was very slow, and BackTrack would

TETHERING 391 consistently crash before it was complete. After about half a dozen attempts (and trying BackTrack ClockworkMod Tether Tethers on both my Mac and PC, as a live CD and a virtual machine), I still haven't captured enough data Your Android Phone for Free, for aircrack toNo Root Required decrypt the key.

So while this process is easy in theory, 315 mileage may vary depending on your hardware, your HEALTH proximity to theHalf-Hour Walk the way the planets are aligned. Oh yeah, and if you're on deadline A AP point, and Can Make a Big Difference, Even If it Your Murphy's Law almost guaranteesItswon't work if you're on deadline.
Only Activity

To see the video version of these exact 247 instructions, check out this dude's YouTube video. RESOLUTIONS
The Science Behind New Years Resolutions (and How to Use It MORE STORIES...

Got any experience with the WEP cracking courtesy of BackTrack? What do you have to say about it? Give it up in the comments. Contact Gina Trapani:
RELATED STORIES COMMENT

Skype's Giving Manhattan Free Wi-Fi For New Year's GIZMODO This 1940s Hollywood Actress Made Wi-Fi Happen GIZMODO Kindle Fire Wi-Fi Issues? You're Not Alone. GIZMODO

About

Help

Forums

Jobs

Legal

Privacy

Permissions

Advertising

Subscribe

Send a tip

LOGIN MOST POPULAR

ASK LIFEHACKER How Do I Get Out of an Argument with an Irrational Person? DISCUSSION THREADS

625

FEATURED

ALL START A NEW THREAD

TETHERING 391 ClockworkMod Tether Tethers 25 Oct 2010 1:09 PM evilegg2000 Your Android Phone for Free, No Root open. It My wi-fi is completelyRequired makes my life easier and I figure I would notice the guy sitting on

my lawn.

HEALTH 315 A Half-Hour Walk Can Make a Big Difference, Even If Its Your Only Activity freedomweasel @evilegg2000

promoted by freedomweasel

RESOLUTIONS 247 @evilegg2000: You computer can save your wifi passwords. You only need to type it in once. The Science Behind New Years Resolutions (and How to Use It MORE STORIES...

@evilegg2000: Enjoy that kiddie porn that a random person driving by your house uploads to your computers right before they call the FBI.
kellanpan @evilegg2000

@evilegg2000: It's really easy to put a password on your router, and as freedomweasel mentioned, that's all you'll ever have to do.
paravorheim @evilegg2000

@evilegg2000: Right now, as we speak, I can access the router from 2 houses down from me. I'm fairly positive they can't see me on their lawn.
evilegg2000 @freedomweasel

@freedomweasel: I have to remember what it is when one of my friends stops by with his laptop, iPod... and wants to go online.
freedomweasel @evilegg2000

@evilegg2000: Sticky note on the router. If you give out your password to everyone who asks, it does no harm to have it written down on the router. It'll still keep the random neighbor from hogging bandwidth.
aliskaba @evilegg2000

@evilegg2000: Sweet, time to go connect and try out firesheep!

blue_solace @evilegg2000
MOST POPULAR

LOGIN

: With the right antenna, a person can be more than a mile away and steal your

bandwidth.
senshikaze @freedomweasel

@freedomweasel: also your traffic will be encrypted. the advantage to using wpa is not to keep mooches off, it is to encrypt your traffic.
promoted by freedomweasel

acutelyaware @evilegg2000

@evilegg2000: if you live on a property that has enough land for neighbours to not pick it up, then yeah id keep it open. i hate the time i waste trying to remember the password for friends.
ASK LIFEHACKER How Do I Get Out of an Argument with an tkuhl87Irrational Person? @evilegg2000 625
promoted by tchrman35

@evilegg2000: and with WPA you can391 create some easy to remember phrase like say your just TETHERING address, or lyrics or something likeTethers ClockworkMod Tether that. Simple, easy to remember and very secure. For fun I've accessed open routers and added a password, or blocked very specific websites like Google...sick sense of humor I guess, but there are far more nefarious things someone could do. HEALTH 315
A Half-Hour Walk Can Make a Big Difference, Even If Its Your guyston @evilegg2000 Only Activity Your Android Phone for Free, No Root Required

@evilegg2000: Used to take this view and it is pretty good providing you live remotely but I opted RESOLUTIONS 247 for a password recently because I was suspicious of my pesky neighbours.
The Science Behind New Years Resolutions (and How to Use It MORE STORIES...

@evilegg2000: What about the guy that is 1 mile away siffing your traffic to steal your identity. I does happen to real people. Secondly make it something easy like your phone number. [www.ihacked.com]
Salax is dealing with the redesign @evilegg2000

@evilegg2000: Just set your WPA password to "EvilEgg2000" or something. It's secure, and you'll always remember it.
tchrman35 @acutelyaware

@acutelyaware: People, if it's that much trouble to remember a short passphrase, and if sticky notes aren't your thing, buy some printable Business Cards, throw down 100 of them, and put them in a little business card holder in your kitchen junk drawer. I think you can go overboard with security, but I still throw the deadbolt when I'm away or asleep. It doesn't mean I don't trust my neighbors. It does mean I am willing to believe there might be people out there who care more about their wants/needs than about my safety/property rights. Just secure the network. Or be prepared to live with the consequences, should they bite you.
freedomweasel @senshikaze

@senshikaze: Very true. For some reason I always focus on people stealing bandwidth.
jeffeb3 @freedomweasel

@freedomweasel: I put it on my fridge. I large print that can be read from across the room. My

friends still ask for the password (because they can't read I guess). LOGIN
MOST POPULAR

@freedomweasel, et al: If you don't care about sharing internet, and just want encryption, and don't want to forget the password, make the SSID something like PWis(Insert Password Here). No stickies, no remembering, easy! And you can turn on AP isolation if you're not sharing across the router. (Sorta - draw a network graph as always, helps you figure stuff out.)
zakany001 @evilegg2000

@evilegg2000: I hope you don't mind me changing your router's settings, because I will do so to keep my children from bypassing my home network.
SmarchHare @xaronax

This comment shows up on any discussion of open wifi. Has this ever happened in the history of 625 How Do I Get Out of an Argument with an ever?
Irrational Person? 391 ClockworkMod Tether Tethers Just because my wifi is open, does not mean my router is set to the default password. In fact it is Your Android Phone for Free, not. No Root Required HEALTH 315 If you want me to block your mac addresses, just let me know and I'll do it for you. A Half-Hour Walk Can Make a Big Difference, Even If Its Your RossLHOnly Activity @evilegg2000

ASK LIFEHACKER

belch @zakany001 TETHERING

A friend showed me how to leave a network free of password protection, yet still protected from RESOLUTIONS 247 unauthorized The Science Behindup such that anyone could connect to the router, but they had no access. It was set New Years Resolutions (and How to Use It access to the internet or the other computers on the network. When someone tried to connect, the MORE STORIES... administrator would get a popup on their computer saying [computer name] is trying to connect to [network name], and from there you could give them access or deny it. Once they had access, they never had to ask again.
Astrogirl @evilegg2000

Ours is too, but since we live in the woods a quarter mile away from anyone, I figured we were safe. Alas, distance isn't a viable security strategy for everyone.
IAmMarchHare @SmarchHare

@SmarchHare [o.seattletimes.nwsource.com]
Edited by IAmMarchHare at 10/28/11 3:34 PM