More Update: There are new AP’s that don’t conform to this pattern. If the calculator doesn’t work on yours, maybe it is like these nonconformingwep keys
Update: A cool cool guy named Dylan Taylor wrote a java implementation of this script: http://www.fwc.dylanmtaylor.com/ if you need an offline version
Update: I wrote a bash implementation to make it easy to script, and for offline usage
In my previous post I showed a correlation between the WEP key of a Verizon FiOS install and the MAC address of the access point. This was simply a collection of experimental data that I gathered.
Thanks to Fred Williams? for pointing out the correlation between the ESSID and the WEP. With these powers combined form:
Well.. Not exactly. If there was a super hero with the phrase: “Hack the Planet” instead of “Save the Planet” I would have chosen it.
So what is the deal?
The first part of the key is a combination of the second and third part of the MAC, which is either 1801 or 1F90.
The second part of the key is this forumula.. hold on to your butts:
The 5character SSID name is a base36 number of the lower 48 bits (6 hex digits) of the WEP key. The string is reversed, with the most significant digit on the right.
Base36 numbers uses 09 followed AZ to represent 36 digits (0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ) It maps out like this:
1 2 3 4 5 6 

To go through an example, the SSID name of “E3X12″ comes out as follows.
1 2 3 4 5 

Add these up, and you get 3,448,778 decimal which is 349FCA in Hexadecimal notation. The first 4 hex digits of the WEP key are the 2nd and 3rd byte from the MAC address as indicated in the original post above.
Thanks again Fred! To math majors this is like a beam of light coming down from the heavens
So I wrote this Javascript calculator (my first javascript program actually) in order to aid the calculation of the keys! Just type in your neighbor’s ESSID and out comes the KEY! (Sorry about the iframe if that is an issue to you. Goto here if it is.) Your browser does not support iframes. Want to try it out? Here is a list of keys I’ve collected in my travels. Theres are cracked with Aircrackng, not calculated.
1 2 3 4 5 6 7 8 9 10 11 12 13 
