Wep0ff is new WEP Key Cracker that can function without access to AP, it works by mounting a fake access point attack against WEP-based wireless clients.
It uses a combination of fragmentation and evil twin attacks to generate traffic which can be used for KoreK-style WEP-key recovery.
This tool can be used to mount fake access point attack against WEP-based wireless clients.
This code tested patched madwifi-old drivers with athraw support but also works with madwifi-ng. With madwifi-ng you need to create two virtual interfaces: one in master mode (for fake AP) and second in monitor mode (to listen on).
What is WEP Cracking?
Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network.
It’s fairly easy to crack WEP due to flaws in the algorithm if you are setting up your WiFi network you should opt for WPA.
How to Use the WEP Key Cracker Tool
1. Setup fake AP with KARMA tools or iwconfig
iwpriv ath0 mode 2
iwconfig ath0 mode master essid foo enc 1122334455 channel 7
echo 1 > /proc/sys/dev/ath0/rawdev
echo 1 > /proc/sys/dev/ath0/rawdev_type
up ifconfig ath0raw up<
2. Start this program (
./wep0ff ath0raw 00:01:02:03:04:05)
3. Wait until client connect to fake access point
4. Launch airodump-ng to collect packets
5. Launch aircrack-ng to recover WEP key
You can download it here: