WEP Exploits

Wired Equivalent Privacy, (frequently mistakenly called Wireless Encryption Protocol) was invented to do exactly what its name suggested, provide wireless access to the internet with the same amount of privacy that a wired connection offered. But unfortunately WEP was not without its flaws, which over time, made WEP as secure a 3 digit number lock.

How WEP works

Lets look first at the WEP algorithm. WEP relies on a secret key that is shared between computers connected to the network and the network access point. Originally the pre-shared key was 10 hexadecimal decimals, which was later increased to 26 hexadecimal digits. This pre-shared key along with 24 pseudo-randomly generated bits (called Initialization Vectors) forms what is known as a keystream. Don’t worry if some of the terms seem unfamiliar. A separate post explaining such terms and their significance will be up asap. This pre-shared key then becomes a seed value for the RC4 algorithm which then outputs a pseudo-randomly generated keystream. This keystream is XORed with the plaintext (data that is to be encrypted) to give the encrypted output.


When a device connects to the access point, it must already know the pre-shared key, since the Initialization Vector is required to de-crypt this message, the initialization vector is sent as plaintext, which along with the preshared key, XORs the ciphertext with the keystream to give the plaintext.

How the attack takes place

Ever since the WEP was discovered to be a weak algorithm, progressively faster attacks have been developed. We will be looking at three attacks FMS (Fluhrer,Mantin & Shamir), KoreK and PTW  (Pyshkin, Tews & Weinmann).


This attack is at heart a crypto-analysis attack. It exploits a weakness in the RC4 algorithm. We already know the IV vector is accessible to every device trying to connect to the access point. This itself is 3 bytes, and if this IV satisfies certain conditions, it is possible with 5% probability to guess another byte of the key correctly. Then one can test it to check whether the access point responds with a positive reply or a error message. If the key is not correct, another likely key is tried. But this method requires a large number of packets to collect Initialization Vectors.

KoreK ChopChop Attack & PTW Attack

This attack is not based on the weakness of RC4 algorithm but on the design flaws of WEP itself: the weakness of the checksum and the lack of replay protection (which allows the hacker to send the same packet modified slightly again and again). What the ChopChop attack does is flip a bit in the ciphertext and calculate which bit in the CRC32 must be flipped so that the packet is still valid. The attack works by taking away the last byte of a packet and bruteforcing its value(thanks to no replay protection).  The ChopChop Attack aims at giving the attacker the ability to de-crypt the packet without knowing the key (with which the key can be found anyway, since XOR-ing the encryted text and the plaintext will return the keyphrase containing the password and Initialization vector). Nevertheless due to its lack of speed, its practical use is limited to eavesdropping a packet, decrypting it, modifying it and re-injecting it back to generate more traffic and therefore get more information to perform a full key recovery attack. This is nothing but the PTW attack.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s