Decrypting the WEP Message
Decryption is the same process as encryption, but in reverse. We take the IV (which is sent in clear text) and prepend it to the secret key and plug that into the RC4 cipher to regenerate the key stream. Next, we XOR the key stream with the cipher text, which will give us the plain text value. Finally, we reperform the CRC-32 checksum on the message and ensure that it matches the integrity check value in our decrypted plain text. If the checksums do not match, the packet is assumed to have been tampered with and discarded.
Where Do IVs Come From?
One of the flaws in the implementation of the RC4 cipher in WEP is the fact that the 802.11 protocol does not specify how to generate IVs. Remember that IVs are the 24-bit values that are prepended to the secret key and used in the RC4 cipher. The reason we have IVs is to ensure that the value used as a seed for the RC4 PRNG is always different. RC4 is quite clear in its requirement that you should never, ever reuse a secret key. The problem with WEP is that there is no guidance on how to implement IVs. Do we choose IV values randomly? Do we start at 0 and increment by 1? Do we start at 16,777,215 and count backwards? Since each packet requires a unique seed for RC4, you can see that at high speeds, the entire 24-bit IV space can be used up in a matter of hours. Therefore, we are forced to repeat IVs, and violate RC4's cardinal rule of never repeating keys.
Do you remember in school when you first learned addition and subtraction? Did your kindergarten teacher cover XOR too? WEP relies heavily upon the XOR operation, so if this is the first time you've seen this calculation performed, take a moment to orient yourself with its use. XOR is a binary logic operation that works like Figure 3.3.
Figure 3.3. XOR, a binary logic operation.
The XOR operation is similar to saying “True if one value is different from the other value (i.e., one value is zero and the other value is one) and False if both values are the same (i.e., both values are zero or both values are one).”
Note that if you know two of the values in an XOR operation, you can derive the third. In other words, if you know that a number XORed with 0 equals zero, you can determine that the unknown number must be 0 (because 0 XORed with 0 equals 0). Similarly, if you know that 0 XORed with a number is equal to one, you can determine that the unknown number must be 1, because 0 XORed with 1 equals 1.