More Update: There are new AP’s that don’t conform to this pattern. If the calculator doesn’t work on yours, maybe it is like these non-conforming-wep keys
Update: A cool cool guy named Dylan Taylor wrote a java implementation of this script: http://www.fwc.dylanmtaylor.com/ if you need an offline version
Update: I wrote a bash implementation to make it easy to script, and for offline usage
In my previous post I showed a correlation between the WEP key of a Verizon FiOS install and the MAC address of the access point. This was simply a collection of experimental data that I gathered.
Thanks to Fred Williams? for pointing out the correlation between the ESSID and the WEP. With these powers combined form:
Well.. Not exactly. If there was a super hero with the phrase: “Hack the Planet” instead of “Save the Planet” I would have chosen it.
So what is the deal?
The first part of the key is a combination of the second and third part of the MAC, which is either 1801 or 1F90.
The second part of the key is this forumula.. hold on to your butts:
The 5-character SSID name is a base-36 number of the lower 48 bits (6 hex digits) of the WEP key. The string is reversed, with the most significant digit on the right.
Base-36 numbers uses 0-9 followed A-Z to represent 36 digits (0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ) It maps out like this:
1 2 3 4 5 6
To go through an example, the SSID name of “E3X12″ comes out as follows.
1 2 3 4 5
Add these up, and you get 3,448,778 decimal which is 349FCA in Hexadecimal notation. The first 4 hex digits of the WEP key are the 2nd and 3rd byte from the MAC address as indicated in the original post above.
Thanks again Fred! To math majors this is like a beam of light coming down from the heavens
1 2 3 4 5 6 7 8 9 10 11 12 13