Recovering Wireless Keys

A couple of weeks ago, someone asked about recovering
your own wireless keys. I got this link in a newsletter.
Hope it helps someone.

http://www.nirsoft.net/utils/wireless_key.html


Gordon Montgomery
Living Scriptures, Inc
gordon@lsi.com (anti spam - replace lsi with livingscriptures)
(801) 627-2000

On Thu, 04 Jan 2007 19:15:13 GMT, in alt.internet.wireless ,
gordon@lsi.com (Gordon Montgomery) wrote:

>A couple of weeks ago, someone asked about recovering
>your own wireless keys. I got this link in a newsletter.
>Hope it helps someone.
>
>http://www.nirsoft.net/utils/wireless_key.html

Note that this only works if you already have the key stored in your
Windows registry by WZC. It won't retrieve any key from your router,
or any key stored by a 3rd party wireless driver.

Myself I'm not sure why you would need to do this - if you have it
already stored on the PC, and you have admin rights to the box, you
already know the key...
--
Mark McIntyre

Mark McIntyre <markmcintyre@spamcop.net> hath wroth:

>On Thu, 04 Jan 2007 19:15:13 GMT, in alt.internet.wireless ,
>gordon@lsi.com (Gordon Montgomery) wrote:
>
>>A couple of weeks ago, someone asked about recovering
>>your own wireless keys. I got this link in a newsletter.
>>Hope it helps someone.
>>
>>http://www.nirsoft.net/utils/wireless_key.html
>
>Note that this only works if you already have the key stored in your
>Windows registry by WZC. It won't retrieve any key from your router,
>or any key stored by a 3rd party wireless driver.
>
>Myself I'm not sure why you would need to do this - if you have it
>already stored on the PC, and you have admin rights to the box, you
>already know the key...

Well, there are reasons, none of which are a good idea from the
security perspective. You've also discovered the reason that I detest
the concept of a shared key (WEP and WPA-PSK) as a security mechanism.
The problem is that if the shared key is compromised, the entire
network is compromised. Many corporate users have their IT people
setup laptops and PDAs with the WPA-PSK shared key under the
assumption that the owner of the laptop cannot recover the key and
therefore add unauthorized laptops to the corporate WLAN.

With such tools, an evil hacker (such as myself) can:
1. Add unauthorized wireless devices to the WLAN.
2. Decrypt captured wireless traffic.
3. Give myself a tour of the WLAN/LAN to see what other interesting
things I could find.
4. and a few other things I don't think I should mention.

I would feel somewhat better if WZC would use a better one way
encryption scheme for storing such important information. The current
scheme is barely tolerable but considerably better than what some
vendors were doing which included storing WEP/WPA keys unencrypted in
the registry or having them visible in their configuration utility.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Fri, 05 Jan 2007 09:45:06 -0800, in alt.internet.wireless , Jeff
Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:

>Mark McIntyre <markmcintyre@spamcop.net> hath wroth:
>
>>On Thu, 04 Jan 2007 19:15:13 GMT, in alt.internet.wireless ,
>>gordon@lsi.com (Gordon Montgomery) wrote:
>>
>>>A couple of weeks ago, someone asked about recovering
>>>your own wireless keys. I got this link in a newsletter.
>>>Hope it helps someone.
>>>
>>>http://www.nirsoft.net/utils/wireless_key.html
>>
>>Note that this only works if you already have the key stored in your
>>Windows registry by WZC. It won't retrieve any key from your router,
>>or any key stored by a 3rd party wireless driver.
>>
>>Myself I'm not sure why you would need to do this
>
>Well, there are reasons, none of which are a good idea from the
>security perspective.

(although they do require you to have admin rights, which most users
of corporate lappys won't. Heck, if the IT guys are dim enough to give
workers admin rights, there's no hope...
.....
>I would feel somewhat better if WZC would use a better one way
>encryption scheme for storing such important information.

Its vaguely possible that MS have heeded your words at some point. the
above can't find any keys at all on my laptop, which merrily connects
to several wireless networks using WPA and WEP.
--
Mark McIntyre

Mark McIntyre <markmcintyre@spamcop.net> hath wroth:

>Its vaguely possible that MS have heeded your words at some point. the
>above can't find any keys at all on my laptop, which merrily connects
>to several wireless networks using WPA and WEP.

It also didn't work for me on two laptops. One running XP Home SP2.
The other W2K SP4. Try this one:
<http://www.wirelessdefence.org/Contents/Aircrack-ng_WinWzcook.htm>
<http://www.aircrack-ng.org/doku.php?id=tools>
which works for me on both, for connections that were saved with
Wireless Zero Config. Installation is kinda a pain, but at least it
works.

Note that WZCOOK doesn't actually recover the WPA key, but instead
recovers the PMK (Pairwise Master Key). That's currently unusable
under Windoze for connecting to a WPA secured network, but can be done
under Linux. (I haven't tried it yet).

Also, I looked through the source tree at:
<http://trac.aircrack-ng.org/svn/trunk/>
and found source for all the Aircrack-NG applications except WZCOOK.
Hmmm...




--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558