Decrypt a wireless WEP key from across the country

Dean Romanelli · ‎11-14-2014

Hi All,

I recently started a new job where there is no documentation whatsoever anywhere. I have about 200 access points spread across the planet, and the majority of them have WEP keys. I have access to the APs and can see the encrypted versions of the WEP keys in the show run.

I need to decrypt these keys for documentation/standardization purposes. Are there any ways I can do it? I tried making a key-chain in a spare router I have here and dropping in the encrypted WEP keys, but the router complained that the format was invalid, so I couldn't do that trick.

R1(config)#key chain decrypt
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string 7 <Encrypted WEP key placed here>

R1(config-keychain-key)#do show key chain decrypt

All the methods online assume you are within range of the SSID physically, which is not the case for me.

Any help is much appreciated.

Thanks.

George Stefanick · ‎11-14-2014

I don't think you can pull the key from a cisco radio after it is set. However there are tools to break wep. Ive done it for customers a few times. Do you think the same key is used everywhere?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Dean Romanelli · ‎11-14-2014

Hi George,

No unfortunately I believe the keys are different everywhere. You mentioned you've used tools in the past. Do any of these tools work when the "cracker" is not physically near the wireless range/SSID? I.E. I'm on the East Coast, WAP is in California.

George Stefanick · ‎11-14-2014

Are these aps controlled by a WLC ?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________