Grey Hat India

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

I reside in Delhi, where Internet is still not that cheap. One has to shell out INR 800-1000 per month for a decent enough internet connection.

One day while going around the terrace I discovered that the laptop was catching somebody’s wireless connection. Alas to my surprise! I found that wireless connection so dependable and now I use it 24×7 , free
The WiFi AP admin, whom I don’t know now uses WEP, a weak encryption technique, which i could bypass without much trouble.

After arpanet, the internet evolved, wires everywhere, Now its gone wireless.

Wireless/Bluetooth are fairly new technologies and the encryption algorithms behind are fairly easy to crack (WPA2 is latest though)
this internet connection I found floating all around the air near me.
On the terrace , and the fourth storey room.

The High Speed internet was around me, but I couldn’t get onto it/surf it.
REASON: The connection was ENCRYPTED.

The laptop’s WIFI LAN card catches the singal, so the Access Point is around,
We have a transmitting point.

Normally the router here on in to be referred to as the AP.
My machine, Laptop and similar machines are the clients,,
We’ve data flowing(incoming and out) between the Access Pt. and Router (packets).

So why can’t we just jump on the connection, just as we do with cable TV, or electricity.
Well the network and its packets is encrypted.
To get on the network we need to get authorized by AP, using a passkey.

Normally in ASCII but some AP’s accept Hex keys.

[So how do we crack/discover this key]
Its simple, little fragments of this key are inside each packet.
So we need to sit in the network range.
And get us a copy of these packets. (i.e. Random data)

For that:
set the wireless card into monitor mode. (Requires special drivers)
And running a packet sniffer (Wireshark)

Once enough packets are gatherd, we can send them all off in one big go to the decryptor.
The decryptor will juice out the useful info from it

several types of encryption standards exist for WiFi.
WEP, WPA, WPA2 or WPA-PSK.
As with every encryption these can be broken by one of three methods.
Brute force (theoretically should work everytime but time consuming) , Dictionary(luck matters) or Rainbow Tables.

Each encryption standard has different qualities, you may say “Strengths”
WEP today is by far the weakest one, but 128 bit key should help.
WPA is also lame, until better length key is used.
WPA2 , you may say is one generation ahead.

Measures against getting wardriven. :Use WPA,

WPA-PSK can be broken only by trying BF combination. Just ensure your passkey is something that’s NOT on the dictionary and its 512 bit.
something like gr3yh4t1nd14i55om3th1ng_1′4m .  .  .I would love to see a dictionary with that on it.

Thats it
Thats the simple laymen style boiled down theory behind war-driving.
In my next article on WiFi we’ll get little on the black hat side and actually break and enter a network.

Notice the long pole, there’s a black box on top, I suspect this is my free AP