Decrypt Wireless

Packets
Traffic files: https://github.com/frankwxu/digital-forensics-lab/tree/main/Illegal_Possession_Images/lab_files/
wlan_decrypt
Overview
• Decrypt traffic
• Find the security key
• Decrypt traffics using a security key
• wlan packets saved in .pcap
• Extract files from packets
• Crack wifi password
• IEEE 802.11 and Motivation
• What is Wired Equivalent Privacy?
Decrypt traffics
Date credits: CodeGate General Capture the flag challenge (CTF) 2015
Goal: only use a secret key (IV
unknown) to decrypt encrypted payload
Problem with Stream Cipher
• Consider two packets with the same
IV ⇒ Same keystream b
• c1 = p1 ⊕ k; c2 = p2 ⊕ k
• ⇒ c1 ⊕ c2=p1 ⊕ p2
• two packets with the same IV
• ⇒ XOR = Difference in plain text
• 50% chance of using the same IV in
4823 packets.
• Recovered ICV matches ⇒ Plain text is
correct
• Possible to recover all 224 keystreams
in a few hours
Create a working space

Download a traffic file

Unzip the file
Show the encrypted traffic
 Find key

key length 40 bits

Decrypts traffic with the key
Extract files from packets
 Carving files from traffic

"Foremost" is a popular open-source

forensic tool used for data recovery on the
Linux operating system
Show extracted files
Crack wifi password
Where does 802.11 fit in the OSI
Model?

(Ethernet) and 802.11 (WiFi) data and physical layers

https://hpbn.co/wifi/
 802.11 data frame
Header Payload Trailer(ICV)

IEEE 802.11 • ICV: Integrity Check Value = cyclic

redundancy check (CRC) value
• ICV = CRC(Header+ Payload)

• 802.11 is a set of standards for wireless networking that defines how

wireless devices communicate with each other.
• The 802.11 standards define the format of data frames, which are the
units of data that are transmitted between devices.
• There are several types of 802.11 frames, including management frames,
control frames, and data frames.
• Management frames: manage the wireless network, such as establishing and
maintaining a connection, authenticating devices, and to configure the network.
• Control frames: control the flow of data on the network, such as requesting or
acknowledging the transmission of data.
• Data frames: transmit data between devices on the network.
IEEE 802.11 Supports Encryption
Protocols
• Encryption Protocols
• Wired Equivalent Privacy (WEP),
• Wi-Fi Protected Access (WPA), and
• Wi-Fi Protected Access II (WPA2).
• These protocols use various methods to encrypt the data transmitted in
802.11 frames
• symmetric key encryption,
• public key encryption, and
• message authentication codes.
• Users can choose to use encryption or not
• depends on the configuration of the network and the security needs of its users.
Wired Equivalent Privacy (WEP)
• It is an outdated security protocol used to protect wireless local area
networks (WLANs).
• It was one of the first security standards developed for wireless
networks and was intended to provide a level of security comparable
to that of a wired network.
• WEP is stream cipher using RC4 to generate a keystream
• WEP key length -64/128/256 bits
• 128-bit WEP remains one of the most common implementations
RC4 Algorithm

Plaintext

RC4 Key Keystream

RC4 Keystream
XOR
Generator

Ciphertext

RC4 Key Keystream

RC4 Keystream
XOR
Generator
Plaintext
RC4 Keystream Generator
• Initialization/key scheduling
• The key is used to initialize a 256-byte state array (S) with the values 0 to 255.
• The state array is then shuffled based on the key.
• Keystream generation
• At each step, the generator uses two index variables, i and j, to generate a
keystream byte.
• The i-th and j-th elements of the state array are swapped, and
• the sum of i and the j-th element is used to determine the next keystream byte.
• This process is repeated until enough keystream bytes have been generated
to encrypt the plaintext.
# Harry Sauers
# rc4.py
# demo of RC4 encryption algorithm

def key_scheduling(key): def stream_generation(sched):

sched = [i for i in range(0, 256)] stream = []
i=0
i=0 j=0
for j in range(0, 256): while True:
i = (i + sched[j] + key[j % len(key)]) % 256 i = (1 + i) % 256
j = (sched[i] + j) % 256
tmp = sched[j]
sched[j] = sched[i] tmp = sched[j]
sched[i] = tmp sched[j] = sched[i]
sched[i] = tmp
return sched yield sched[(sched[i] + sched[j]) % 256]
XOR stream cipher

Unencrypted 1010 1100 … … 1110 0101

802.11 data
frame

keystream 1110 0100 … … 1000 1001 RC4

=
802.11 WEP data 0100 1000 … … 0110 1100
frame
 • WEP also allows for multiple
keys to be stored and used at
the same time.
• Specifically, WEP allows
for four different keys to
be stored simultaneously,
and the user can switch
between the keys at any
time.
• This allows for greater
flexibility in managing the
security of a wireless network.

https://flylib.com/books/en/2.519.1/wep_cryptographic_operations.html
 • Generated by a cryptographically secure random
number generator
• Ensure that the same key is not used for multiple 64-bit WEP
transmissions. (WEP-40)

Initializatio Secret Key

Unencrypted n Vector (IV) (40 bits)
802.11 data Header Payload ICV (24 bits)
frame seed

Keystream RC4
generated
802.11 WEP = from password
data frame Header IV Key# Payload ICV

Multiple keys will be generated, Key#

specifies the key that should be used
to encrypt and decrypt the data in
the frame (8 bits)
Secret Key Management
128-bit WEP
5 ASCII characters WEP 104: 13 ASCII
• Secret keys are generated with a (0–9, a–z, A–Z) characters (0–9, a–z,
A–Z)
passphrase/password
• one passphrase generates multiple keys
• Multiple keys provide additional security
• if an attacker were to capture and crack
one key, other keys would still be in use
• Keys are manually distributed
• Every device on the network uses one
key to encrypt every transmitted packet
• an eavesdropper could intercept the WEP
encryption and find the key.
How Are WEP-40 Secret Keys
Generated? 32 bits

? 34 a4 a9 27

M y P ee 3d 7b f7
a s s p ab f6 35 59 key 1
h r a s 20 iterations
seed 32-bit PRNG 12 f3 a3 98 a4 3d f6 f3 74
e
62 74 f3 7f
Pseudo Random
Number generator
(PRNG) 6a 8e a3 59
32 bits (little endian) key 2
... key 3
key 4

Seeding: ASCII string mapped to 32-bits PRNG: Generate 32-bits key candidates

http://www.blackhat.com/presentations/bh-usa-01/TimNewsham/bh-usa-01-Tim-Newsham.ppt
How to find password
40 Bits
Wifi
Security Seed
Password
key
WEP-40 Secret Keys Generator has a
security problem
• WEP-40 security key should have 40-bits of entropy
• Key entropy is reduced in several ways
• seed entropy reduced
• PRNG entropy reduced
Seeding problem – reduced seed
entropy (32-28 bits) M y P
• XOR operation guarantees produce four zero bits a s s p
h r a s
• Input is ASCII. High bit of each character is always e
zero
• XOR of these high bits is also zero
a 32-bit seed
• Only seeds 00:00:00:00 through 7f:7f:7f:7f can occur
(entropy is reduced to 28 bits =32-4) M 0 1001101
a 0 1100001
h 0 1101000
e 0 1100101

0
PRNG problem: Reduced PRNG
Entropy (32-24 bits)
34 a4 a9 27
• PRNG is a Linear congruential generator ee 3d 7b f7
ab f6 35 59 key 1
5 iterations
32-bit PRNG 12 f3 a3 98 a4 3d f6 f3 74
62 74 f3 7f
m=224 Why not using m=232

• Because the most significant byte of the outputs is not used, which is equivalent to generating
only 24-bits words at each iteration.
• Only seeds 00:00:00:00 through 00:ff:ff:ff (24 bits) may result in unique keys!

https://en.wikipedia.org/wiki/Linear_congruential_generator
Find a seed

a4
3d
5 iterations
? 32-bit PRNG f6
x0=seed (We want to figure it out)
a=0x000343fd (how do we know, next slide) f3

c=0x269ec3 (how do we know) 74

m=0x00FFFFFF (224)

we know
Approach: Generate 5 candidate keys, x1, x2, x3, x4, x5, their second most
significant bytes must match the secret keys. The x1 is the seed
 Password Position
0 1 2 3 We know the
4 5 6 7 password =
8 9 10 11 [A-Za-z]+
12

6b 76 12 ?? 32 bits seed
32 bits (little endian)

https://raw.githubusercontent.com/frankwxu/digital-forensics-lab/main/
Illegal_Possession_Images/lab_files/wlan_decrypt/findseed.py
 Position

How 0
4
1
5
2
6
3
7

long is 8
12
9 10 11

the 6b 76 12 ??

passphr 32 bits (little endian)

ase? • 0x12=0001,0010 can

only be generated by an
even #

even number of [A-Za-z]

characters. Why?
• If generated by an odd
number of [A-Aa-z], 0 9

should be 1.
17
• Possible passphrase
char ends at (include) 9, 25
17, 25, etc,
• How about 0x76 = …

0111,0101
The length of the passphrase is 10

• We only need to brute-force 8 0 1 2 3

characters. 4 5 6 7
Can be any two
• All possibility 8 9
characters
combinations = 528

6b 76 12 ??

The hash of the 10-character

needs to match the hint provided
in the game 0xff7b948953ac.
Information for cracking passphrase
• We know the 40-bit secret key. a4 3d f6 f3 74

• It can be computed by capturing and analyzing WEP packets

• We will demonstrate it later
• We know the seed of the secret key 6b 76 12 ??

• The passphrase consists of all lowercase

• Analyzing the seed
• We know the hash code of the passphrase 0xff7b948953ac
• it is provided by CTF
0 1 2 3
4 5 6 7
8 9

6b 76 12 ??
• wget
https://raw.githubusercontent.com/
frankwxu/digital-forensics-lab/mai
n/Illegal_Possession_Images/lab_fi
les/wlan_decrypt/crackWEP40_noGPU_
Improved_v1.py

• python
crackWEP40_noGPU_Improved_v1.py
Assignment
Week 5 Lab
Deliverable
Steps: Submit your Lab Report to the Assignments dropbox
1. Ensure "File" is present in week 5 lab titled for this activity by the date specified by your
facilitator.
2. Find the wep key
3. Decrypt the capture
4. Extract the files from the capture using foremost Assessment/Grading Criteria
6. Decrypt using Wireshark? For information on how you will be evaluated, refer to
the Lab Report Rubric in the Course Resources folder.
Questions:
• What are the IP addresses of the host and server?
• What are the Mac addresses? Bonus: use Wireshark to decrypt (Hint: edit
preferences -> protocols -> 802.11)
• Can you manually extract pictures and HTML pages?
• How many
• Image files?
• How many web files
• What is the password of the router?
Bonus
It seems Wireshark can crack 40-bit secret key
Decrypt using Wireshark