Recovering Wireless Keys

A couple of weeks ago, someone asked about recovering your own wireless keys. I got this link in a newsletter. Hope it helps someone.

formatting link

Gordon Montgomery Living Scriptures, Inc (anti spam - replace lsi with livingscriptures) (801) 627-2000

Reply to
Gordon Montgomery
Loading thread data ...

Note that this only works if you already have the key stored in your Windows registry by WZC. It won't retrieve any key from your router, or any key stored by a 3rd party wireless driver.

Myself I'm not sure why you would need to do this - if you have it already stored on the PC, and you have admin rights to the box, you already know the key...

Reply to
Mark McIntyre

Mark McIntyre hath wroth:

Well, there are reasons, none of which are a good idea from the security perspective. You've also discovered the reason that I detest the concept of a shared key (WEP and WPA-PSK) as a security mechanism. The problem is that if the shared key is compromised, the entire network is compromised. Many corporate users have their IT people setup laptops and PDAs with the WPA-PSK shared key under the assumption that the owner of the laptop cannot recover the key and therefore add unauthorized laptops to the corporate WLAN.

With such tools, an evil hacker (such as myself) can:

  1. Add unauthorized wireless devices to the WLAN.
  2. Decrypt captured wireless traffic.
  3. Give myself a tour of the WLAN/LAN to see what other interesting things I could find.
  4. and a few other things I don't think I should mention.

I would feel somewhat better if WZC would use a better one way encryption scheme for storing such important information. The current scheme is barely tolerable but considerably better than what some vendors were doing which included storing WEP/WPA keys unencrypted in the registry or having them visible in their configuration utility.

Reply to
Jeff Liebermann

(although they do require you to have admin rights, which most users of corporate lappys won't. Heck, if the IT guys are dim enough to give workers admin rights, there's no hope... ....

Its vaguely possible that MS have heeded your words at some point. the above can't find any keys at all on my laptop, which merrily connects to several wireless networks using WPA and WEP.

Reply to
Mark McIntyre

Mark McIntyre hath wroth:

It also didn't work for me on two laptops. One running XP Home SP2. The other W2K SP4. Try this one:

which works for me on both, for connections that were saved with Wireless Zero Config. Installation is kinda a pain, but at least it works.

Note that WZCOOK doesn't actually recover the WPA key, but instead recovers the PMK (Pairwise Master Key). That's currently unusable under Windoze for connecting to a WPA secured network, but can be done under Linux. (I haven't tried it yet).

Also, I looked through the source tree at:

and found source for all the Aircrack-NG applications except WZCOOK. Hmmm...

Reply to
Jeff Liebermann Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.