How To Crack WEP – Part 1: Setup & Network Recon

Lab Setup - Preparing the Target WLAN

Proper set up of your lab is important, because you want a controlled environment to practice in. You will also want to prevent collateral damage to neighboring APs that are not yours because some of the attacks described in Part 2 will forcibly knock clients off an AP. This could possibly wreak havoc with other wireless users in the area. So if you are in an office complex, apartment building or any other area with many wireless networks, it may be prudent to wait until night hours when the networks are less busy. Please practice safely and responsibly!

The first step is to connect and configure a "target" wireless LAN comprised of an Access Point or wireless router and a single wireless client. This WLAN will be secured with the WEP key that you will be cracking. Give your AP an SSID of your choosing - we called ours "starbucks". Configure a 64 bit WEP key on the WAP to start - after you successfully break a 64 bit key, you can try a 128 bit key.

You'll need to record the following information for later use:

  • MAC Address of the AP - This is usually displayed in the web configuration menu. It also may be found on a label on the bottom or side of the AP
  • SSID of the AP
  • Wireless channel of the AP - by default will probably be Channel 6, but make sure
  • WEP key - If your AP displays the key as 0xFFFFFFFFFF (replace the F's with whatever your key is), write down only everything past the 0x

With the AP configured, we now need to get a client associated with it. (The following example uses Windows XP.) Right-click on the My Network Places icon on your desktop, or in your Start Menu. Then left-click Properties.

Double-click the entry called Wireless Network Connection and a window similar to Figure 6 will open. Figure 6 shows that multiple WLANs are available, but your window may show only the "starbucks" AP that you just configured. Connect to your AP by double-clicking the corresponding SSID.

Connecting to your WAP

Figure 6: Connecting to your WAP
(click image to enlarge)

Because the AP has WEP enabled, Windows will ask for the network key in order to connect (Figure 7). Type in your WEP key (or cut and paste it from a Notepad or Wordpad document) and after a short wait Windows should report that you are connected to the network. Make sure that you are really connected by pinging a known computer on your wired LAN or opening your browser and checking your favorite website if your WLAN is connected to the Internet.

Entering WEP Key

Figure 7: Entering WEP Key
(click image to enlarge)

If you can't get a successful ping or browse the web, open your wireless adapter's Network properties, click on the Support tab and check that you have valid IP address information. If you don't, check that your LAN's DHCP server is enabled and also check that the wireless adapter's TCP/IP properties are set to "Obtain an IP address automatically". You may also need to run a Repair on the connection.