Tuesday 13 April 2010

Get passphrase from WEP key

A while ago I found a problem on the Internet that was very similar to mine but I couldn't find the solution. The case is that when you have a wireless router the WEP key is generated from a passphrase.
Usually that passphrase is anything that comes to your mind, you use it, generate the WEP key and forget it, since all you need now is the WEP key itself.

All is good until you decide to expand your network. You want to connect another wireless router and use the same settings... and there's the catch. You don't remember the passphrase used to generate your WEP key.

I have searched the Internet for a program to reverse the process, something like wep to passphrase converter. But people were saying that it's impossible and the process is one way only.

So I did some research on my own and it turns out that a bit of reverse engineering plus a bruteforce method could find the passphrase in less than few minutes.
I wrote a program that implements the method.
You can download it here.
In order to run it you'll need to run "chmod +x 64reverse".

The program can reverse the 64bit WEP key back to it's passphrase, but not exactly the same, since there are few different combinations of passphrases that can result in the same WEP key, it is very possible that youll get some rubbish like " &s7S@ " but it'll still work. 128bit keys are not supported.

The program was compiled under Ubuntu Linux so it will not run under Windows. If you want the source code and compile it yourself, you can download it here.
If you don't know how to do that, just say a word in the comments and I'll do that and post it here.

This program was based on Linksys algorithm. Example generator can be found here.