Help Wanted: What is the pattern in these new WEP Keys?

Can you see the pattern? ESSID ESSID in Hex BSSID KEY MCFVC 23CB158 0021636A7177 F8AA1AABA2 H47MD 1B6B095 001D19E2A557 BFD896F9D4 Q36G7 29C9D67 0021632D31E3 BCD77B3755 UX78G 31880E0 0024d2682944 18DD3AB249 These key pairs were graciously provided by Eric Betts. They do not conform to my existing WEP key calculator. Maybe Verizon wised up and made them random? The previous correlation was dead obvious, but this one I can’t see. Of course, I am only a wannabe cryptologist :)

My Wireless Cracking Tool

I’ve become a semi-expert on wireless networking and their security features.. and how to get around them. Before I continue I want to emphasize: The act of cracking encryption is not illegal just like picking a lock is not illegal. It is the unauthorized access of that network which is illegal, just like breaking and entering is illegal. So. To sum it up, there are two types of encryption.

Verizon FiOS Wireless Key Calculator!

More Update: There are new AP’s that don’t conform to this pattern. If the calculator doesn’t work on yours, maybe it is like these non-conforming-wep keys Update: A cool cool guy named Dylan Taylor wrote a java implementation of this script: if you need an offline version Update: I wrote a bash implementation to make it easy to script, and for offline usage In my previous post I showed a correlation between the WEP key of a Verizon FiOS install and the MAC address of the access point.

Verizon FiOS Wireless Security Analysis

Take a look at some wireless keys that I’ve collected from some Verizon FiOS installs around Tampa: 00-18-01-EA-3D-99,E3X12,6,WEP,1801349FCA 00-18-01-F0-6D-C4,NAMX2,1,WEP,18014B311F 00-18-01-F0-95-78,MWXV2,11,WEP,180149FF66 00-18-01-FD-4F-0E,R0LC7,1,WEP,1801BC5C6B 00-18-01-FE-15-46,JE2K7,1,WEP,1801C1B02B 00-18-01-FF-DF-DD,HH150,1,WEP,1F900396C5 00-1F-90-E0-B1-F8,3RA18,6,WEP,1801CDF4AF 00-1F-90-E0-B5-AC,OQ838,6,WEP,1801CF5700 00-1F-90-E2-7E-61,7WY20,6,WEP,1F90021D27 00-1F-90-E3-1E-90,C7WA0,6,WEP,1F9007C188 00-1F-90-E3-2E-07,DJP80,6,WEP,1F90063349 00-1F-90-E6-A7-D5,BJ2Z0,11,WEP,1F9018F797 00-1F-90-E6-D4-E3,RSHZ0,4,WEP,1F901944DB What you are looking at here is MAC, SSID, Channel, Encryption, Key. Notice that they are all WEP, 64bit, with 5 Alpha numeric SSID’s. I want to emphasize that these are the defaults, and only geeks, nerds and the like change the defaults.