How to crack WEP encryption on Windows

Adrian October 19, 2010 23

First i want to say one thing: don’t use WEP encryption for your wireless router. It is too easy to crack. Try to use WPA/WPA2 encryption. It is not bulletproof, but it is harder to crack. How easy you can crack a WEP encryption? Harder is to find a compatible wireless adapter :) There are many ways to crack WEP. But now i will tell how to do it on Windows. For that you will need a packet sniffing program (we will use Commview for WiFi) and a program called AirCrack.

Download and install Commview for WiFi. Commview will install also some drivers, so you will have to accept the security warning. Go to Logging tab and set the Directory size to 50000 and the average log size to 100. After that push the Play button and choose from the next window Start Scanning. now we have to wait until the network we want to crack appears. Select the network and click on Capture. Wait until the packet reached 5000 or more, click Stop and then go to the folder where the log is saved. Open the log file and export it as Wireshark format.

To decrypt the log file we will use AirCrack, an all in one tool which contains the following tools:

  • airmon-ng – use this tool to switch the wireless adapter into monitor mode
  • airodump-ng – you will use this tool for WLAN discovery and packet capture
  • aireplay-ng – for traffic generation
  • aircrack-ng – for recovering the WEP key

Start Aircrack-ng GUI and select the log file from above. Also select the encryption(WEP) and Key size (64). Press launch and the WEP key will be revealed.

23 Comments »

  1. playa May 24, 2011 at 10:14 pm - Reply

    HOW DO I ?

    Start Aircrack-ng GUI and select the log file from above. Also select the encryption(WEP) and Key size (64). Press launch and the WEP key will be revealed.

  2. Alex June 9, 2011 at 5:35 am - Reply

    Hi Adrian.
    This is about the last step: …”key will be revealed”. I set the size to 64, then 128. Each time a command prompt would open and go through a couple thousands of lines of data for a certain number of SSID’s, “handshakes” and “IV’s, and something that looked like a key but wasn’t one, apparently. The list ends with “do you want to index…?” Maybe I should do something at that point?

    • jason August 16, 2011 at 6:57 am - Reply

      I found that when the command prompt comes up for indexing, I typed the corresponding number for the network in the list. If you only have one, it shouldn’t say that in the prompt. I can get it to work now, but I’m not patient enough yet to get all the packets I need. Hope this helps…

  3. Brian August 27, 2011 at 2:42 am - Reply

    This application/article isn’t as easy as it’s made out to be. I’m certified in just about every IT area there is. I think in their labs or just plain luck this thing works. WEP is fine to use so you know.

    • cyborg00101 September 4, 2011 at 1:31 am - Reply

      Brian you obviously don’t have a CISSP cert… This is kids play… if you think WEP is fine to use you might wanna take all those ITT Tech certs again… every area there is haha ya right sorry I couldn’t let that one slide

      • markus September 5, 2011 at 12:49 am - Reply

        He obviously doesn’t have the kind of certs he says he has. Ive never used commview for this, but just slapping the Back Track 3 disk (I think v 4 is out now) in the laptop and driving around using aircrack-ng, I’ve cracked quite a few WEP keys. Ive cracked 128 bit WEP keys in under 10 minutes. You need a good card that supports injection to use aireplay (I use cisco card with atheros chipset. Using WEP for encryption is using “password” for your passwords.

    • Synik January 21, 2012 at 10:43 pm - Reply

      Kid you are not certified in anything IT related trust me, if you were you would never had said WEP is fine, and if you are certified, I am sad.

  4. markus September 5, 2011 at 12:58 am - Reply

    Another thing… for people that are really wanting to try this. The linux version of aircrack-ng is all you need. It supports less wifi chipsets than commview, although the linux version supports more than the windows version.
    If you don/t have linux installed, backtrack is a very good tool (pentesting boot disk) and easy to use.
    If you cant figure out how to use linux… you’re not going to get far hacking anyway.

  5. rangdaa December 17, 2011 at 11:04 am - Reply

    I have read several sugestions for cracking WEP but this was the most easy to understand. I succeeded after capturing 25,000 IVs.

    Thank you very much!

  6. Jonathan February 22, 2012 at 11:52 am - Reply

    I must be doing something wrong. I tested 1,727,531 keys and captured over 76,000 IVs and I’m still not getting anything. Please help.

  7. Carrot February 28, 2012 at 11:54 am - Reply

    Start Aircrack-ng GUI and select the log file from above. Also select the encryption(WEP) and Key size (64). Press launch and type 1 the WEP key will be revealed.

    ex. KEY FOUND! [AA:BB:CC:DD:EE]

  8. nikhil March 11, 2012 at 1:25 pm - Reply

    error: ACCESS DENIED in windows 7 when i launch air crack ng…
    need help…

  9. xIAMDAVEx March 28, 2012 at 9:50 am - Reply

    I got over 2700 packets and 7000 LVs but it still says failed try (insert higher number here). first it said 5000, now it says 10000.
    isnt my wifi router meant to do something?

  10. rin11 April 10, 2012 at 1:11 am - Reply

    ok I got the point where it says key found! [1A:2B:3C:4D:5E]
    Decrypted correctly! (100%)

    and now what? where exactly is the key? help! thanks.

    • blah June 1, 2012 at 6:15 pm - Reply

      Same. I tried runnign aircrack from command line and used the switch to write the key to a file and all I got was a file that said “1A2B3C4D5E”

      Something is obviously very wrong

  11. aaa April 15, 2012 at 10:46 pm - Reply

    1. run ubuntu 11.10 on vm ware

    2. open terminal

    sudo apt-get update

    3. go to software center and download

    python
    python-qt4
    macchanger
    aircrack-ng
    xterm
    subversion

    4. open terminal

    wget http://fern-wifi-cracker.googlecode.com/files/Fern-Wifi-Cracker_1.2_all.deb

    5. after download complete use in terminal

    sudo sh
    su

    dpkg -i Fern-Wifi-Cracker_1.2_all.deb

    6. run the application in terminal after

    sudo sh
    su

    sudo python /usr/local/bin/Fern-Wifi-Cracker/execute.py

    7. update to latest version
    8. reboot ubuntu
    9. run the application in terminal after

    sudo sh
    su

    sudo python /usr/local/bin/Fern-Wifi-Cracker/execute.py

  12. JORDAN May 25, 2012 at 1:47 pm - Reply

    Can anyone Please Answer this correctly for a newbie?
    1. I am using win 7 as an OS
    2. I captured packets Saved it as dump file (ex:8.cap)
    3. I run Aircrack-ng gui.exe choose dump files then lunch.
    this came out at the last part of the command prompt window: note: “x = numbers”
    key Found! [xx:xx:xx:xx:xx] (ASCII: xxxxx)
    Decrypted correctly: 100%
    Question is What to do next: how to convert this numbers to a wep key? what to do next?
    I found some sites which say this is kids play but cant really follow.

  13. Chris June 23, 2012 at 8:54 pm - Reply

    After i got the packets and all that, i started to launch aircrack, found the saved logs and chose them and clicked launch on aircrack, then “Access is Denied” shows up. any idea how to get around that? thanks.

  14. Ante July 25, 2012 at 8:59 pm - Reply

    Failed to start Aircrack-ng.
    Aircrack-ng executable

  15. Ante July 26, 2012 at 1:25 am - Reply

    This doesn’t work.I made all steps and nothing

  16. hasnat August 9, 2012 at 3:21 pm - Reply

    when i launch aircrack-ng gu by log file then in cmd it said that quitting aircarck-ng.plz tell me the problem???

  17. alex August 6, 2013 at 9:44 am - Reply

    All I want to know, is if these are legitimate programs and if this actually works. I know I can figure it out. I’m no IT tech but I sure as hell got a knack for these kinds of things. Plus I’m dedicated, just don’t want to DL more viruses/spyware/whatever… especially after just finishing making this laptop run correctly.(Self Taught & Self Proclaimed computer wiz.)
    WiFi signals all around… all protected. Wifi barely strong enough to get me on here… unprotected.
    PLEASE ANSWER HONESTLY seems like everyone out there just wants to fuck with you nowadays.
    Thank you in advance.

  18. Mike August 21, 2013 at 12:06 pm - Reply

    Worked for me Alex.

Leave A Response »