The reason for this flaw is that WEP produces the ciphertext by merging only two variables together using XOR. Comparable Equation 1 depicts the final function of the RC4 algorithm, which encrypts the data. Comparable Equation 1Ciphertext = Plaintext XOR Keystream As you can see, the only value masking the plaintext is the keystream. If we reverse this process, we see that the only value masking the keystream is the plaintext, as depicted by Comparable Equation 2. Comparable Equation 2Keystream = Ciphertext XOR Plaintext To further illustrate this, let's set up an example using a known plaintext value of A . Creating the Ciphertext (Using Comparable Equation 1)If we assume the following: Plaintext = A (ASCII) 065 (ANSI) 10000001 (binary) Keystream = 01110001 Equation: Ciphertext = Plaintext XOR Keystream Then we can obtain the following: Plaintext 1 0 0 0 0 0 0 1 Keystream 0 1 1 1 0 0 0 1 XOR Ciphertext 1 1 1 1 0 0 0 0 Obtaining the Keystream (Comparable Equation 2)If we assume the following: Plaintext = A (ASCII) 065 (ANSI) 10000001 (binary) Ciphertext = 11110000 Equation: Keystream = Plaintext XOR Ciphertext Then we can obtain the following: Plaintext 1 0 0 0 0 0 0 1 Ciphertext 1 1 1 1 0 0 0 0 XOR Keystream 0 1 1 1 0 0 0 1 You now have the keystream used to encrypt this packet! DiscussionAs illustrated , it's a simple matter to extract a keystream from encrypted data, as long as you have both the ciphertext and the original plaintext. The ciphertext is simple to capture; all that's needed is a wireless sniffer, and you can gather gigabytes worth of encrypted data from any wireless network. However, how can you find the original data value? This can be tricky; however, hackers are tricky people. For instance, if they have access to the network on the inside of the firewall, they could install a sniffer on the inside and capture all data before it's encrypted. They would then use a wireless sniffer to capture all data after it is encrypted. However, this is redundant because the hacker has already gained unauthorized access to the internal network. The only benefit to cracking the WLAN at that point would be to gain free and anonymous Internet service, which could more easily be obtained from a myriad of wireless networks that do not use WEP. The second and more likely way a hacker could predetermine the plaintext is to trick someone into receiving or sending a predictable message. To facilitate this, a chat session or email could provide a hacker all the plaintext he needs. However, this method can also be difficult as a result of extraneous data becoming intermingled with the predictable data. For example, TCP/IP packets include IP headers and other distracting information. Checksums, proprietary data additions by the email server, and more can all obscure the predictable data. Therefore, if a hacker is going to succeed in this method of attack, she needs to send a message that increases the chances of obtaining predictable data. This can be easily accomplished using an email full of blank spaces: (" ") or a long string of the same character: ("AAAAAAAAAAAAAAAAAAAAAAAA"). The third method used to predetermine plaintext is to look for known communication headers. As previously mentioned, TCP/IP packets include required IP headers that are required to ensure proper delivery. If you can determine the IP address of the access point or client WNIC and make an educated guess about the rest of the data based on user habits, you can deduce what the plaintext should be. In fact, because of the way 802.11 is set up, almost every packet sent includes a SNAP header as its first byte. This simple fact is one of the major weaknesses through which WEP can be cracked, as you will learn later. Assuming a hacker can determine the plaintext and use this to glean the keystream, what can he do with this information? The answer to this will become apparent as you read on. You should also note that one or even a couple of keystreams by themselves are basically worthless. It's when you combine the knowledge gained in this type of wireless attack with other wireless hacking techniques that the power of knowing a keystream becomes manifest. |