Undocumented WEP keys

Mr. Bash · ‎01-31-2007

Is there a way to find out what WEP key was entered on an aironet AP?

For instance, this is a statement on an AP that I have:

encryption key 1 size 128bit 7 28E70FD9203EA78469931F6EC8E1 transmit-key

The key there is encrypted, is there a way to decrypt it so that I can document what WEP key was used?

choywy · ‎02-08-2007

Download the utilitiy "GetPass" (think from Boson)...Or do a search in Google.

Cut-paste the string "28E70FD9203EA78469931F6EC8E1" into it and it will show you the clear text..

Thanks.

Mr. Bash · ‎02-09-2007

I tried this already with two different decryption tools, one of them being Getpass. They both give errors when trying to decrypt the string. I have a cisco decrypter that complains about a "hash point" being between 00 and 15.

I think the string is too long or something.

Tim Glen · ‎02-09-2007

This isnt the standard #7 encryption. I tried to setup a key pair on my router to decrypt the string and that didnt work either.

I use

!

key chain labtest

key 1

key-string 7 0000160516421B12423544471A

!

RasBox#sh key chain labtest

Key-chain labtest:

key 1 -- text "decrypt-this"

accept lifetime (always valid) - (always valid) [valid now]

send lifetime (always valid) - (always valid) [valid now]

RasBox#

csannedhi · ‎02-11-2007

I guess the option is to use one of the WEP cracking tools. A procedure is outlined at http://www.governmentsecurity.org/archive/t15149.html

As every body is pointing out, this is not standard type 7 type of decoding to be able to uncover the password using Get Pass.