gencases man page

gencases — 802.11b weak IV generation tool

Synopsis

gencases (-s pw | -h key) -f file [-n num]

Description

gencases is used to generate test 802.11b packets that are encrypted with weak initialization vectors as described by Fluhrer, Mantin, and Shamir (FMS). The packets are saved to a user specified file in libpcap compatible format for later use with the airsnort(1) program. The intent is to provide airsnort with the packets required to demonstrate the FMS attack. Arguments to gencases allow the user to specify the WEP key that will be used to encrypt the packets as well as the number of packets to be generated for each byte of the wep key. The generated packets represent UDP echo requests from host 192.168.0.2 (on a wired net) to host 192.168.0.10 (on a wireless net) and the corresponding replies. The wireless client has MAC 00:02:2d:01:23:45, the wired host has MAC 00:04:5A:AB:CD:EF, and the access point has BSSID 00:02:2D:98:76:54. The generated packet file can be examined with standard packet analysis tools such as tcpdump or ethereal. It can also be loaded into airsnort(1) which, given that a sufficient number of cases were generated for each key byte, will produce a cracked WEP key. Running the generated file through the decrypt(1) utility will produce the decrypted versions of the packets which should reflect the echo request/reply traffic described above, and which can be verified using tcpdump or ethereal.

Options

-s pw
Password as an ASCII string. 5 or 13 characters for 40 and 128 bit WEP cases respectively.
-h key
Password as a colon separated list of 2 digit hex values. 5 or 13 hex values for 40 and 128 bit WEP cases respectively.
-f file
Output file for generated cases.
-n num
Number of sample cases to generate for each key byte (1-256). Default is 100.

Examples

Generate 100 cases per key byte with the ASCII password "hello" to file "test"

gencases -s hello -f test

Generate 200 cases per key byte with the hex key "23:56:89:ab:de" to file "test"

gencases -h 23:56:89:ab:de -f test -n 200

See Also

airsnort(1) decrypt(1)

Authors

Jeremy Bruestle <melvin@melvin.net>


Blake Hegerle <blake@melvin.net>


Snax <snax@shmoo.com>

Referenced By

airsnort(1), decrypt(1).

August 18, 2002