WepDecrypt Manual

===============================================
1. What is wepdecrypt.
2. What you need to install wepdecrypt.
3. Short explanation about dumpfiles.
4. Wepdecrypt usage.
5. Config files.
6. Graphic interface
7. How to help the project.
===============================================

1. What is wepdecrypt.
Wepdecrypt is a Wireless LAN Tool written in c which guesses WEP Keys based
on a active dictionary attack, key generator, distributed network attack
and some other methods, it's based on wepattack and GPL licensed

2. What you need to install wepdecrypt.

To install wepdecrypt you need these libraries:
- libpcap (http://www.tcpdump.org/)
- libz (http://www.zlib.net/)
- openssl (http://www.openssl.org/)
- fltk (Optional used to compile the grafic interface needs to be >= 1.1.6)

Libz comes with almost every distro so you have to worry to install the two
others, besides that in some distros you also have to install package
headers (usually -dev packages).

Once you have installed these libraries just type:

./configure; make

To Install without the gui type

./configure --disable-gui; make

You also can specify dest directory with

./configure --with-dest-dir=destdir; make

To disable wkeygen tool

./configure --disable-keygentool; make

(and as root)
make install

Other options are available for make:

make clean - cleans the installation enviroment.
make purge - similar to clean option but you will need to rerun
./configure.
make uninstall - uninstalls the package (needs root privileges).

Installing john the ripper is also highly recommended but it's not
mandatory. Wepdecrypt will only work in little endian linux enviroments
don't try in others actually x86 and mips archs have been successfuly
tested.

3. Short explanation about dumpfiles.

Dumpfiles are the main piece to make wepdecrypt work, these files contain
the encrypted packets that wepdecrypt must obtain the key, wepdecrypt
 itself didn't generates such kind of files so you need another program to
generate them, I suggest you to use kismet (http://www.kismetwireless.net/)
in any way any program that generate libpcap dumps will work.
The dumpfile needs to have at least one encrypted packet in order to get
wepdecrypt working (one encrypted packet is all that wepdecrypt needs to
work so you don't have to generate huge dumpfiles).

4. Wepdecrypt usage.
At this stage you should have wepdecrypt installed and a fresh dumpfile
available in your system so it's the time to show wepdecrypt in action.

First of all the options:

-f dumpfile
Network dumpfile to read in PCAP format (as TCPDUMP, ETHEREAL or
KISMET uses)

-s Server mode, it's used to use wepdecrypt as a server daemon to

manage a distributed network attack (doesn't work in windows)

-w wordfile
Take keys from a file to perform a dicctionary attack (not valid
with 64 or 128 mode)

-b mac_address
Filter an address from the dump file this is done to decrypt
only the keys from one access point (referenced by mac), if the
provided ap mac isn't found the program will try to decrypt all
networks found in dumpfile

-m mode
Specifies the decrypting mode (default all) values: 64, 128,
n64, n128, nall

-i Key This option is for the internal key generator (used with 64 or
128 mode) it specifies the start key

-e Key This option is for the internal key generator (used with 64 or
128 mode) it specifies the last key

-c server:port
Client mode, server is the host where wepdecrypt is running in
server mode and port it's the number port where the server is
listening

-n network
Network is a number and specifies the maximum number of keys to
decrypt by default wepdecrypt will try to decrypt all packets
with diferent keys found

-d mode
Mode can be all, alpha, alphanumeric, numeric, random or print-
able this option is used to set the mode for the new key genera-
tor. For example "-m 64 -d numeric" will try keys from "00000"
to "99999"

-g Used with client mode to get the file to decrypt from the server

-l num_blocks
 Used with client mode to set the number blocks to decrypt if
num_blocks is 0 the client will decrypt blocks while server has
blocks to assign

-v Shows current version

-?|-h Shows help menu

As a first approach I suggest you to use wepdecrypt_inc script or a

dicctionary to try common used keys.
wepdecrypt_inc dumpfile
wepdecrypt -f dumpfile -w dictionary_file

Now lets going to see some other methods:

wepdecrypt -f dumpfile -m64 -i 00:00:00:00:00 -e FF:FF:FF:FF:FF:FF
wepdecrypt -f dumpfile -m128 -i 11:22:33:44:55:66:77:88:99:0A:0B:0C:0D
wepdecrtpt -f dumpfile -m64 -d alpha
wepdecrtpt -f dumpfile -m128 -d all

This uses the internal key generator to try all specified keys, you can
stop wepdecrypt at any time and resume the session later. Take a look at
the logfile and use the last key as init key to continue the cracking
session. If init key is not specified 00:..:00 will be used and if last key
is not specified FF:..:FF will be used.

At last the most powerful mode the distributed network attack, first of all
start wepdecrypt in server mode
wepdecrypt -s -f local.dump -m 64&

In server mode also init key can be specified with -i flag.

Now execute wepdecrypt as a client. First get the dumpfile from the server
and start wepdecrypt in client mode
wepdecrypt -c example.com:3657 -g
(ip number can be used instead hostname)
wepdecrypt -c example.com:3657 -l 0

Short explanation about packet filters:

-b flag deserves to select an ap (the mac of the ap must be used to select it)
-n flag deserves to select the number of packets this is independent from -b

Now wordfile can contain hex keys which will be used as keys. To use
this feature the first line of the word file should be HEXKEY_FILE.

5. Config files.
$HOME/.wepdecrypt
#Wepdecrypt configuration file
#Server listening port
Port=3617

#Blocksize can be set up to 1099511627775

Blocksize=4294967296 (01:00:00:00:00)

#Full path to server logfile

Logfile=/var/tmp/wepdecrypt_s.log

#Verbosity levels: 1 - LOW 2 - MEDIUM 3 - HIGH

Verbosity=2
 I think that this is self explanatory it handles server configuration all
datafields must be in the file.

/etc/wedecrypt.conf
# /etc/wedecrypt.conf
#
# Configuration for WEPDECRYPT
# Fernando Tarin

JOHNDIR=/usr/sbin/ (usual place)

WORDLIST=/usr/src/john-1.6/run/wordlist

This is used for wepdecrypt_inc and wepdecrypt_word which uses john the
ripper to generate keys.

In the windows version all files should be in the same directory as

wepdecrypt.

6. Graphic interface
This is the graphic interface for wepdecrypt. The gui is pretty self
explanatory, every input box has a flag name, just change it with your
desired values and hit the check button next to the input box, besides
now, there is a new help option in the help menu (can also be accessed
pressing "Ctrl+h") that explains every option. To start wepdecrypt
press the start button. The default directory for wepdecrypt output
logs is /tmp/ (in windows version is the same directory in which
gwepdecrypt is running) it can be changed through the gui or
$HOME/.wepdecrypt file.

7. Wkeygen
Wkeygen is a tool that generates WEP keys. Provided to allow the creation
of wordfiles that contains hex keys easily. Usage is pretty simple just use
-? flag to see its options (linux version only).

8. How to help the project.

Well to help me with the project anything is wellcome.
- a patch
- rpm or deb versions of wepdecrypt
- reporting a bug

If you have any suggestion a question or something like this.

http://wepdecrypt.sourceforge.net/forum/
[email protected]