1
1

00:00:00,810  -->  00:00:01,970
<v Instructor>The first encryption</v>
2

2

00:00:01,970  -->  00:00:05,740
that we'll learn how to break is called WEP,
3

3

00:00:05,740  -->  00:00:08,043
or Wired Equivalent Privacy.
4

4

00:00:09,060  -->  00:00:13,700
This is an old encryption, that can be easily broken.
5

5

00:00:13,700  -->  00:00:16,610
The reason why I'm still covering it in this course,
6

6

00:00:16,610  -->  00:00:19,530
is first of all, because like I said, it's very simple,
7

7

00:00:19,530  -->  00:00:22,030
so it's a good starting point.
8

8

00:00:22,030  -->  00:00:25,950
Also, it's still used sometimes in some networks.
9

9

00:00:25,950  -->  00:00:29,160
Therefore, you can't really call yourself a hacker,
10

10

00:00:29,160  -->  00:00:31,860
and then if you see a network that uses WEP,
11

11

00:00:31,860  -->  00:00:32,780
you'll get stuck,
12

12

00:00:32,780  -->  00:00:35,293
and you won't even be able to break into it.
13

13

00:00:36,170  -->  00:00:40,180
So in this lecture, I'm gonna explain how WEP works,
14

14

00:00:40,180  -->  00:00:43,780
and what's the weakness that we can use to break it.
15

15

00:00:43,780  -->  00:00:45,120
And in the next lecture,
16

16

00:00:45,120  -->  00:00:47,230
you'll see how we can use this weakness
17

17

00:00:47,230  -->  00:00:50,390
in order to break WEP and get the key
18

18

00:00:50,390  -->  00:00:52,803
for any network that uses WEP.
19

19

00:00:54,450  -->  00:00:59,360
So basically, WEP uses an algorithm called RC4
20

20

00:00:59,360  -->  00:01:01,750
to encrypt its the data.
21

21

00:01:01,750  -->  00:01:04,250
So the way this works is basically,
22

22

00:01:04,250  -->  00:01:07,200
if a client wants to send something to the router,
23

23

00:01:07,200  -->  00:01:09,600
and let's say it wants to send this text,
24

24

00:01:09,600  -->  00:01:11,660
data to send to the router,
25

25

00:01:11,660  -->  00:01:15,440
it will first encrypt this using a key.
26

26

00:01:15,440  -->  00:01:19,940
Therefore this normal text will be converted into gibberish
27

27

00:01:19,940  -->  00:01:21,393
as you can see here.
28

28

00:01:22,280  -->  00:01:25,490
This encrypted packet will be sent into the air,
29

29

00:01:25,490  -->  00:01:29,070
so if a hacker captures this packet as we seen before,
30

30

00:01:29,070  -->  00:01:30,690
if we open this packet,
31

31

00:01:30,690  -->  00:01:32,720
we'll see that it's full of gibberish.
32

32

00:01:32,720  -->  00:01:35,920
Even though it actually contains useful information,
33

33

00:01:35,920  -->  00:01:39,123
we won't be able to read it because it's encrypted.
34

34

00:01:40,030  -->  00:01:42,780
The access point will receive this encrypted packet,
35

35

00:01:42,780  -->  00:01:45,990
and it will be able to transform it
36

36

00:01:45,990  -->  00:01:50,480
back to its original form because it has the key.
37

37

00:01:50,480  -->  00:01:53,590
Therefore, it'll actually be able to read the contents
38

38

00:01:53,590  -->  00:01:55,823
which is, data to send to the router.
39

39

00:01:56,960  -->  00:01:58,760
The same happens if the router
40

40

00:01:58,760  -->  00:02:00,950
wants to send something back to the client,
41

41

00:02:00,950  -->  00:02:03,140
it will first encrypt it using a key,
42

42

00:02:03,140  -->  00:02:04,300
send it to the client,
43

43

00:02:04,300  -->  00:02:06,250
the client will be able to decrypt it
44

44

00:02:06,250  -->  00:02:08,033
because it has the key.
45

45

00:02:08,900  -->  00:02:10,870
So the concept is always the same,
46

46

00:02:10,870  -->  00:02:13,900
the transmitter encrypts the data using a key,
47

47

00:02:13,900  -->  00:02:15,360
sends it to the receiver,
48

48

00:02:15,360  -->  00:02:17,760
the receiver is able to decrypt it,
49

49

00:02:17,760  -->  00:02:20,520
because it also has the key, therefore,
50

50

00:02:20,520  -->  00:02:23,120
anybody who captures the packet in the middle,
51

51

00:02:23,120  -->  00:02:24,470
they will get the packet,
52

52

00:02:24,470  -->  00:02:27,260
but they won't be able to see the contents
53

53

00:02:27,260  -->  00:02:30,380
because they do not have the key.
54

54

00:02:30,380  -->  00:02:35,120
So the algorithm and the way RC4 works is actually fine,
55

55

00:02:35,120  -->  00:02:36,970
the problem is with the way
56

56

00:02:36,970  -->  00:02:41,280
that WEP implement this algorithm.
57

57

00:02:41,280  -->  00:02:42,710
And to understand it,
58

58

00:02:42,710  -->  00:02:46,680
let's zoom in a little bit more on each step.
59

59

00:02:46,680  -->  00:02:48,600
So going back to the first step,
60

60

00:02:48,600  -->  00:02:52,520
we have the client trying to send data to the router,
61

61

00:02:52,520  -->  00:02:54,770
and the data that wants to send is,
62

62

00:02:54,770  -->  00:02:56,623
data to send to the router.
63

63

00:02:57,620  -->  00:02:59,864
So in order to encrypt this,
64

64

00:02:59,864  -->  00:03:04,864
WEP tries to generate a unique key for each packet.
65

65

00:03:05,630  -->  00:03:08,850
So literally each packet that's sent into the air,
66

66

00:03:08,850  -->  00:03:13,850
it tries to create a new unique key for it, to do that,
67

67

00:03:14,930  -->  00:03:19,673
it generates a random 24 bit initialization vector.
68

68

00:03:20,680  -->  00:03:24,370
The initialization vector is then added to the password
69

69

00:03:24,370  -->  00:03:26,300
of the network to the actual key
70

70

00:03:26,300  -->  00:03:29,130
that people use to connect to the network.
71

71

00:03:29,130  -->  00:03:31,300
This generates a key stream,
72

72

00:03:31,300  -->  00:03:35,450
and then this key stream is used to encrypt this packet
73

73

00:03:35,450  -->  00:03:38,633
and transform it into gibberish.
74

74

00:03:40,980  -->  00:03:43,210
So basically, we have the key stream
75

75

00:03:43,210  -->  00:03:45,610
plus the data that we need to encrypt,
76

76

00:03:45,610  -->  00:03:46,990
gives us the gibberish,
77

77

00:03:46,990  -->  00:03:49,953
and then the gibberish is sent into the air.
78

78

00:03:51,340  -->  00:03:54,140
But before sending this into the air,
79

79

00:03:54,140  -->  00:03:59,130
WEP will also append the initialization vector.
80

80

00:03:59,130  -->  00:04:03,830
This is the 24 bit random number that I said it creates
81

81

00:04:03,830  -->  00:04:08,830
in order to make sure that each packet has a unique key.
82

82

00:04:08,890  -->  00:04:11,820
The reason why it adds the initialization vector
83

83

00:04:11,820  -->  00:04:14,150
to the packet is because
84

84

00:04:14,150  -->  00:04:16,630
once the router receives this packet,
85

85

00:04:16,630  -->  00:04:19,420
it needs to be able to decrypt it,
86

86

00:04:19,420  -->  00:04:23,240
and to decrypt it, it needs the key and the IV.
87

87

00:04:23,240  -->  00:04:25,180
But the router already has the key,
88

88

00:04:25,180  -->  00:04:27,070
so there is no need to send that.
89

89

00:04:27,070  -->  00:04:29,813
Therefore we just need to send it the IV.
90

90

00:04:31,530  -->  00:04:35,380
So when the router receives the packet, it has the IV,
91

91

00:04:35,380  -->  00:04:37,350
it has the password or the key,
92

92

00:04:37,350  -->  00:04:39,340
so it can generate a key stream
93

93

00:04:39,340  -->  00:04:43,160
and then use that key stream to transform this gibberish
94

94

00:04:43,160  -->  00:04:46,163
into its original form and read the packet.
95

95

00:04:48,120  -->  00:04:50,430
So if you think about what I said,
96

96

00:04:50,430  -->  00:04:53,420
you can probably guess what the weakness is.
97

97

00:04:53,420  -->  00:04:57,240
Basically, the IV is sent in plain text,
98

98

00:04:57,240  -->  00:04:58,480
so if you look at this,
99

99

00:04:58,480  -->  00:05:01,330
you can see the packet content is encrypted,
100

100

00:05:01,330  -->  00:05:03,460
so if someone captures this packet,
101

101

00:05:03,460  -->  00:05:05,780
they won't be able to read this,
102

102

00:05:05,780  -->  00:05:09,363
but they will be able to read the IV in plain text.
103

103

00:05:10,230  -->  00:05:15,230
Also, the size of the IV is only 24 bits.
104

104

00:05:15,350  -->  00:05:17,940
Now considering the huge amount of traffic
105

105

00:05:17,940  -->  00:05:21,250
that can be generated on a Wi-Fi network,
106

106

00:05:21,250  -->  00:05:23,260
this number is not big enough,
107

107

00:05:23,260  -->  00:05:28,260
and the IVs will start getting repeated in a busy network.
108

108

00:05:28,960  -->  00:05:33,340
This makes WEP vulnerable to statistical attacks,
109

109

00:05:33,340  -->  00:05:36,440
so we can use a tool called Aircrack-ng
110

110

00:05:36,440  -->  00:05:38,100
to determine the key stream,
111

111

00:05:38,100  -->  00:05:40,500
once we have enough repeated IVs.
112

112

00:05:40,500  -->  00:05:44,830
And from that it will also be able to crack WEP,
113

113

00:05:44,830  -->  00:05:47,143
and give us the key to the network.