1

I've been reading a lot about WEP cracking on online resources very recently, however there is one question that no website gives answer to I believe.
I would like to first understand the theory very well.

I understand how RC4 stream cipher works:

enter image description here

The IV being very short, with an high enough number of packets (ARP replay attack would be one way to get a lot of packets quickly), it should be possible to get 2 packets with the same IVs. Consequently, the two packets (P1 and P20 would have the same cipher Key (K).
Once you have these 2 packets, you just need to XOR them to obtain such result:

P1 XOR P2 = K XOR M1 XOR K XOR M2 = M1 XOR M2

So, you end up having a XOR of the two clear messages. That makes perfect sense.
However, how can you from there obtain the actual encryption Key ?
I did not find any resource online that would answer this question. They all assume that at that point, when you got a repetition of the IV, you got the key.

Thank you in advance for your help

KB303
  • 443
  • 2
  • 6
  • 15
  • I see. I went through the article. The answer raised one question. You can indeed with know plaintext attack potentially extract some key stream. However, how long does your extract key stream have to be so that you can decrypt any traffic? With know plain text attack based on 802.11 packets, you can alreay extract 7 bytes of key stream immediately, but it does not see to be enough as attacker tried to get more. How much would you need ? – KB303 Oct 20 '19 at 19:51

1 Answers1

0

I actually got my answer.
Once you get M1 XOR M2, you can derivate the actual keystream. Moreover, as the IV is sent in clear with every packet, you can now associate this IV with the KeyStream you found.

Using this technique on enough packet, you can construct a IV - Keystream dictionary.After a certain number of packets captured (not that many considering the "Birthday paradox"), you'll be able to construct a pretty exchaustive KeyStream dictionary which then allow to decrypt incoming messages.

This is how it would work:

  1. You intercept a packet
  2. You look at the IV coming with this packet in clear
  3. You check in your dictionary to see if you have the corresponding Keystream for this IV
  4. If yes, you use the keystream to decrypt the message. If not, you keep the IV and wait for another encrypted packet with the same IV, which would allow to get Keystream for this IV (by XORing the two packets) and add it to your dictionary
KB303
  • 443
  • 2
  • 6
  • 15