This is an old revision of the document!

Wesside-ng

++++++ IMPORTANT ++++++
++++++ IMPORTANT ++++++
++++++ IMPORTANT ++++++

This functionality will be available in a future release. It is NOT available currently.

++++++ IMPORTANT ++++++
++++++ IMPORTANT ++++++
++++++ IMPORTANT ++++++

Description

Wesside-ng is an auto-magic tool which incorporates a number of techniques to seamlessly obtain a WEP key in minutes. It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme, reinject ARP requests and finally determine the WEP key. All this is done without your intervention.

The original wesside tool was written by Andrea Bittau and was a proof-of-concept program to accompany two published papers. The two papers are “The Fragmentation Attack in Practice” by Andrea Bittau and “The Final Nail in WEP's Coffin” by Andrea Bittau, Mark Handley and Josua Lockey. See the the links page for these papers and more. The papers referenced provide excellent background information if you would like to understand the underlying methodologies. The concepts for the fragment attack currently incorporated in aircrack-ng came from these papers.

For you trivia buffs, who knows where the name “wesside” came from? As it turns out, it comes from tupac the rapper (2Pac / Tupac Shakur).

Wesside-ng has been updated to reflect advances in determining the WEP key. Here are the steps which wesside-ng takes:

Channel hops looking for a WEP network.
Once a network is found, it tries to authenticate. If authentication fails, then the program attempts to find a MAC address currently associated with the AP to spoof.
Once the program has successfully authenticated then it associates with the AP.
After sniffing a single data packet, it proceeds to discover at least 128 bytes of PRGA by sending out larger broadcasts and intercepting the relayed packets. This is what is known as the fragmentation attack. The PRGA is written to the prga.log file.
After it sniffs an ARP request, it decrypts the IP address by guessing the next four bytes of PRGA using multicast frames and the linear keystream expansion technique. By decrypting the ARP request, the network number scheme can be determined plus the source IP of ARP request. This is used to build the ARP request which is used for subsequent injection.
It floods the network with ARP requests for the decrypted IP address.
Launches the aircrack-ng PTW attack to determine the WEP key.

So you may be asking “What is the linear keystream expansion technique?”. The foundation is the fact that packets like an encrypted ARP request can easily be identified combined with the fact that the start of it has known plain text. So the program first obtains the PRGA from known plain text portion of the ARP request. Then it creates a new ARP request packet broken into two fragments. The first fragment is one more byte then the know PRGA and the PRGA is guessed for the extra byte. These guesses are sent and the program listens to see which one is replayed by the AP. The replayed packet has the correct PRGA and this value was included in the destination multicast address. Now that we know the correct PRGA, one more byte can be decrypted in the original ARP request. This process is repeated until the sending IP in the original ARP request is decrypted. It takes a maximum of 256 guesses to determine the correct PRGA for a particular byte and on average only 128 guesses.

There are a few known limitations:

Only open authentication is support. Shared key authentication is not supported.
Only B and G networks are supported.
Fake MAC functionality is broken if there is a lot of traffic on the network.

Please remember that this is still basically a proof-of-concept tool so you can expect to find bugs. Plus you will find features that don't quite work as expected.

Usage

Usage: wesside-ng <opts> -i <wireless interface name>

-h Displays the list of options.
-i Wireless interface name. (Mandatory)
-n Network IP as in “who has destination IP (netip) tell source IP (myip)”. Defaults to the source IP on the ARP request which is captured and decrypted. (Optional)
-m MY IP “who has destination IP (netip) tell source IP (myip)”. Defaults to the network.123 on the ARP request captured(Optional)
-a Source MAC address (Optional)
-c Do not start aircrack-ng. Simply capture the packets until control-C is hit to stop the program! (Optional)
-p Determines the minimum number of bytes of PRGA which is gathered. Defaults to 128 bytes. (Optional)
-v Wireless access point MAC address (Optional)
-t For each number of IVs specified, restart the airecrack-ng PTW engine. (Optional)
-f Allows the highest channel for scanning to be defined. Defaults to channel 11. (Optional)

When you run wesside-ng, it creates three files automatically in the current directory when run the program:

wep.cap - The packet capture file. It contains the full packet, not just the IVs.
prga.log - Contains the PRGA obtained through the fragmentation attack. The following has not been confirmed and thus may not be correct: “This can be used as input to other aircrack-ng suite tools which require PRGA as input. You can also use the PRGA from other tools for this file.”
key.log - Contains the WEP key when it is found.

It is very important to delete these files prior to starting the program when you change target access point.

Scenarios

Standard Usage Example

Be sure to use airmon-ng to put your card into monitor mode.

Then you enter:

 wesside-ng -i wlan0

Where:

-i wlan0 is the wireless interface.

The program responds:

 [13:51:32] Using mac 00:C0:CA:17:DB:6A
 [13:51:32] Looking for a victim...
 [13:51:32] Found SSID(teddy) BSS=(00:14:6C:7E:40:80) chan=9
 [13:51:32] Authenticated
 [13:51:32] Associated (ID=5)
 [13:51:37] Got ARP request from (00:D0:CF:03:34:8C)
 [13:51:37] Datalen 54 Known clear 22
 [13:51:37] Got 22 bytes of prga IV=(0e:4e:02) PRGA=A5 DC C3 AF 43 34 17 0D 0D 7E 2A C1 44 8A DA 51 A4 DF BB C6 4F 3C 
 [13:51:37] Got 102 bytes of prga IV=(0f:4e:02) PRGA=17 03 74 98 9F CC FB AA A1 B3 5B 00 53 EC 8F C3 BB F7 56 21 09 95 12 70 24 8C C0 16 40 9F A8 BD BA C4 CC 18 04 A1 41 47 B3 22 8B D2 42 DC 71 54 CE AD FE D0 C3 15 7E EB D1 E2 BB 69 7F 11 8A 99 40 FC 75 EC 12 BF 3B C8 2A 32 88 8A DC E8 35 7C EE DA A3 E3 6B 0C 45 21 DC BD 23 59 28 85 24 49 18 49 1C 24 6D E2 
 [13:51:37] Got 342 bytes of prga IV=(10:4e:02) PRGA=5C EC 18 24 F3 21 B2 74 2A 86 97 C7 4C 22 EC 42 00 3A C6 07 0C 02 AA D6 B6 D8 FF B1 16 F8 40 31 B7 95 3B F8 1B BD 94 8B 3B 7A 98 DE C6 72 FD F8 A5 FC E7 81 A0 9E 01 76 44 57 C4 EB AE D7 AB EB 2F 40 C8 E5 5F EF 13 DB F4 F7 F2 91 D9 36 77 C1 F0 9C E4 8C BA F9 50 C0 B0 E7 23 75 85 41 82 54 F5 22 3C A9 45 0C 1F AE DA 3B F7 AA 41 30 23 63 97 B1 42 4C A8 0E C0 5A 7E A2 58 C2 02 B8 7F DB C7 CC 66 4D 86 53 30 E0 A0 81 52 13 14 08 5F 45 C5 AC 21 C3 90 86 A1 8D 45 CC 7C A2 F2 95 34 EF 38 59 FA 21 0F CC 63 81 05 26 8D B8 84 A1 D3 DF 5D E0 CA 23 52 85 4F 61 5B E3 83 4B 2A 10 0A 14 94 FA 90 D4 FC 3F 7B CD A9 C3 E3 4D B7 99 BD 21 D4 FC DB 60 0C 92 8D 76 87 EF F7 45 C6 D7 0B 96 A4 18 41 63 48 79 E0 4E 3A 9F 1B 8D 17 F5 B0 FE 30 F3 27 55 E1 EA 8A 60 FA 9E CB CE D9 1D EE 94 20 20 EB 58 F8 55 38 4F C9 E7 53 55 94 6C 6A 6D F0 D5 4E DB 78 D6 52 A3 34 68 2C 8B 7A EA C8 DA 3B D9 CB 4C 65 E6 CE B8 EE CD 58 DD C1 C8 F8 08 1B 27 EC 74 7E AD A0 0E 1E 85 79 F4 C0 54 D9 99 51 CA 96 02 73 93 33 6F E6 D5 F1 55 81 2B AA C4 3A B2 0A C6 04 FE 
 [13:51:39] Guessing PRGA 8e (IP byte=230)    
 [13:51:39] Got clear-text byte: 192
 [13:51:40] Guessing PRGA be (IP byte=198)    
 [13:51:40] Got clear-text byte: 168
 [13:51:40] Guessing PRGA 8d (IP byte=47)     
 [13:51:40] Got clear-text byte: 1
 [13:51:40] Guessing PRGA 12 (IP byte=240)    
 [13:51:40] Got clear-text byte: 200
 [13:51:40] Got IP=(192.168.1.200)
 [13:51:40] My IP=(192.168.1.123)
 [13:51:40] Sending arp request for: 192.168.1.200
 [13:51:40] Got arp reply from (00:D0:CF:03:34:8C)
 [13:52:25] WEP=000009991 (next crack at 10000) IV=60:62:02 (rate=115)            
 [13:52:36] WEP=000012839 (next crack at 20000) IV=21:68:02 (rate=204)            
 [13:52:25] Starting crack PID=2413
 [13:52:27] WEP=000010324 (next crack at 20000) IV=0d:63:02 (rate=183)            
 [13:54:03] Starting crack PID=2415
 [13:53:28] WEP=000023769 (next crack at 30000) IV=79:32:00 (rate=252)            
 [13:53:11] Starting crack PID=2414
 [13:53:13] WEP=000020320 (next crack at 30000) IV=7d:2b:00 (rate=158)            
 [13:54:21] WEP=000034005 (next crack at 40000) IV=53:47:00 (rate=244)            
 
 
                              [328385:55:08] Tested 5/70000 keys
 
 KB    depth   byte(vote)
  0    0/  1   01( 206) 3B( 198) 5F( 190) 77( 188) 3D( 187) D2( 187) 60( 186) 6F( 186) A1( 185) 48( 184) 
  1    0/  1   23( 232) 82( 190) BF( 187) 4E( 184) 0D( 183) 90( 181) B9( 181) 08( 180) 1A( 180) 8A( 180) 
  2    0/  1   45( 200) F0( 186) 52( 184) AE( 184) 75( 183) 48( 181) A1( 180) 71( 179) DE( 179) 21( 178) 
  3    0/  1   67( 221) AE( 202) B2( 193) 14( 191) 51( 184) 6D( 184) 64( 183) 65( 183) 5B( 182) 17( 181) 
  4    0/  5   89( 182) DB( 182) 74( 181) C2( 181) CC( 181) 64( 180) CD( 180) 5F( 179) A6( 179) 1A( 178) 
 
 Key: 01:23:45:67:89
 
 
 
 [13:54:51] WEP=000040387 (next crack at 50000) IV=0d:a0:02 (rate=180)            
 [13:55:08] WEP=000043621 (next crack at 50000) IV=da:5a:00 (rate=136)            
 [13:55:08] Stopping crack PID=2416
 [13:55:08] KEY=(01:23:45:67:89)
 
 Owned in 3.60 minutes
 
 [13:55:08] Dying...

Usage Tips

None at this time.

Usage Troubleshooting

Make sure your card is in monitor mode.

Make sure your card can inject by testing it with the aireplay-ng injection test. Also specifically ensure you can communicate with the AP in question.

Make sure your card supports the fragmentation attack. Again, this can be confirmed with the aireplay-ng injection test.

Make sure to delete wep.cap, prga.log and key.log files if you are changing access points or if you want to restart cleanly. In general, if you have problems, it is a good idea to delete them.