I downloaded the BackTrack 4 LiveCD and ran it on my own router using the instructions in a couple Youtube videos and online guides.<p>I understand the basic principles:
* find interface and AP info
* dump all packets sniffed from target AP
* run fake authentication attack
* use ARP request replay to generate IVs for cracking
* crack collected packets once you have enough<p>I understand HOW to do it, but not how it works. I don't understand why I have to do a fake authentication attack, or what kind of packets aireplay-ng -3 generates and why they're useful, or how the crack itself works at the end.<p>Can anyone shed a little light on the process? The pages I've found only detail how to do it, not why they work, and the Wiki pages I've found are too in-depth to be grokable.
WEP uses the RC4 cipher. The RC4 cipher generates pseudorandom bytes to XOR (mix) with your data to create the encrypted data. It generates these using an algorithm that "shuffles" the numbers 0-255 around in an array.<p>The initial arrangement of this array is derived from the key, by what is called a Key Scheduling Algorithm. In certain cases, this key scheduling algorithm can be worked backwards from the output of RC4 (the pseudorandom data) (if you can figure out enough about what the state of the array is) to get the key.<p>It is not secure to use the same key twice when doing symmetric crypto, so an Initialization Vector (just some extra data that is different for each message) is usually combined with the "key" to create a new key for each message. The IV is not a secret and usually sent along with the message in plaintext since you have to know the rest of the key anyway. However, in RC4, certain IVs cause working the Key Scheduling Algorithm backwards to be much easier.<p>All of the fake-auth attacks, deauths, and whatnot that aircrack does are for forcing machines on the network to generate more packets, because that increases the chance a packet will have a "weak" IV.<p><a href="http://en.wikipedia.org/wiki/Fluhrer,_Mantin_and_Shamir_attack" rel="nofollow">http://en.wikipedia.org/wiki/Fluhrer,_Mantin_and_Shamir_atta...</a>
This appears to be a good read on the topic:
<a href="http://www.wifiplanet.com/tutorials/article.php/1368661/80211-WEP-Concepts-and-Vulnerability.htm" rel="nofollow">http://www.wifiplanet.com/tutorials/article.php/1368661/8021...</a><p>Hope that helps
DaemoXI , I knew you were a new user just by reading your question. This is called hacker news, NOT cracker news. You should read the Guidelines or look around (front page) to see what the site is about.