WE Protect not.

November 3, 2010 Leave a comment

Yes, WEP is deprecated , proved to have some really nasty flaws , old story right ? Searching for “wep crack” in Google brings some 1 million results.A very nice explanation of why WEP is insecure can be found in this book . There is really no interest in discussing the matter anymore.

The interesting part of the story is how many people are still using WEP despite all that. Reasons vary from users ignorance to vendors’ continuing support of WEP in home routers/AP products e.t.c . Moving around the last 2 years I was always surprised by how many WEP – “protected” wireless LANs one can find  in every city/neighborhood. The days when cracking into those was a challenging process are long behind , what I find interesting is having an overview of the amount of WEP usage in any given circumstance. Hence I came up with the following python script that takes advantage of the iwlist utility from the wireless-tools package and provides an overview of the usage of WPA/WPA2 and WEP in the wireless LANs that are detected.

It needs the pyparsing module (python-parsing package in debian/ubuntu)

#!/usr/bin/env python

import subprocess
from pyparsing import Literal, SkipTo, OneOrMore

def wepPercentage(output):
    last_line_a = Literal('Group')+SkipTo(Literal('\n').suppress())
    last_line_b = Literal('Authentication')+SkipTo(Literal('\n').suppress())
    start = Literal('Cell')+SkipTo(Literal('\n').suppress())
    end =OneOrMore(Literal('IE: ')+SkipTo(Literal('\n').suppress()))+~last_line_a|(last_line_b+~Literal('IE:'))
    line = ~end + SkipTo(Literal('\n').suppress())
    expr = start+OneOrMore(line)+end
    wpa_count = 0
    wep_count = 0
    unenc_count = 0
    for l in expr.searchString(output).asList():
        li = ''.join(l)
        if 'Encryption key:on' in l:
            if 'WPA' in li:
                wpa_count += 1
            else:
                wep_count += 1
        else:
            unenc_count += 1
    tot = wpa_count+wep_count+unenc_count
    print "WPA / WPA2 :%d   Percentage : %d %% " % (wpa_count, (wpa_count*100/tot))
    print "WEP :%d   Percentage : %d %% " % (wep_count, (wep_count*100/tot))
    print "Unencrypted :%d   Percentage : %d %% " % (unenc_count, (unenc_count*100/tot))
if __name__ == '__main__':
    process = subprocess.Popen('iwlist wlan0 scan', shell=True, stdout=subprocess.PIPE)
    output = process.communicate()[0]
    wepPercentage(output)

I live in a rather densely populated student dorm in Stockholm and at the time my output is something like :

WPA / WPA2 :28   Percentage : 82 %
WEP :6   Percentage : 17 %
Unencrypted :0   Percentage : 0 %

almost 20% of all people here that use some kind of wireless router , chose WEP . Great 🙂

How about your neighborhood ? Feel free to share percentages .

ps. It would probably be easier to use python’s re module instead of pyparsing . But I needed to use pyparsing for a project so I thought i d get my hands dirty with it anyhow.

ps2. It can probably be done in 5-6 lines in a bash shell using awk too .

Categories: programming, python, wireless Tags: , ,

“Hello World” or “Oh mum, what a complex World”

March 1, 2010 7 comments

Hello World is a typical example of a small program used as an introductory tutorial for all programming languages. It has also evolved to act as an introductory act for blogs as well . WordPress creates a “Hello World” post automatically when creating a blog. Anyway you got the point. Given that one would imagine that a Hello World in any given language is a fairly simple piece of code. And it usually is. But simple to write doesn’t necessarily mean not complex.

McGraw[1] defines software complexity as one of the three factors in the trinity of trouble for software security. The other two are connectivity and extensibility.

So we have a simple HelloWorld code snippet in Java :

public class Hello {
/**
* @param args
*/
public static void main (String[] args)  {
// TODO Auto-generated method stub
System.out.println("Hello World!");
}
}

Fairly simple right ? Can you imagine how many system and library calls this program makes while executing ?

System Calls :

ilektrojohn@securebook:~$ strace -c -f -q java Hello
Hello World!
upeek: ptrace(PTRACE_PEEKUSER,19107,120,0): No such process
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
100.00    0.044222         533        83         3 futex
  0.00    0.000000           0       632           read
  0.00    0.000000           0         2           write
  0.00    0.000000           0       109        61 open
  0.00    0.000000           0        49           close
  0.00    0.000000           0        58        28 stat
  0.00    0.000000           0        44           fstat
  0.00    0.000000           0        50         1 lstat
  0.00    0.000000           0       598           lseek
  0.00    0.000000           0       125           mmap
  0.00    0.000000           0        51           mprotect
  0.00    0.000000           0        20           munmap
  0.00    0.000000           0        10           brk
  0.00    0.000000           0        27           rt_sigaction
  0.00    0.000000           0        42           rt_sigprocmask
  0.00    0.000000           0        18        16 access
  0.00    0.000000           0         2           sched_yield
  0.00    0.000000           0         2           socket
  0.00    0.000000           0         2         2 connect
  0.00    0.000000           0        11           clone
  0.00    0.000000           0         2           execve
  0.00    0.000000           0         1           uname
  0.00    0.000000           0         4           fcntl
  0.00    0.000000           0         1           ftruncate
  0.00    0.000000           0         6           getdents
  0.00    0.000000           0         1           getcwd
  0.00    0.000000           0         1         1 mkdir
  0.00    0.000000           0         1           unlink
  0.00    0.000000           0         4           readlink
  0.00    0.000000           0         4           getrlimit
  0.00    0.000000           0         3           getuid
  0.00    0.000000           0         2           getgid
  0.00    0.000000           0         3           geteuid
  0.00    0.000000           0         2           getegid
  0.00    0.000000           0         2           arch_prctl
  0.00    0.000000           0         1           setrlimit
  0.00    0.000000           0        12           gettid
  0.00    0.000000           0        24           sched_getaffinity
  0.00    0.000000           0         2           set_tid_address
  0.00    0.000000           0         1           clock_getres
  0.00    0.000000           0        13           set_robust_list
------ ----------- ----------- --------- --------- ----------------
100.00    0.044222                  2025       112 total

Library Calls

ilektrojohn@securebook:~$ ltrace -c -f java Hello

Hello World!

% time     seconds  usecs/call     calls      function

------ ----------- ----------- --------- --------------------

 91.11    0.126965      126965         1 pthread_join

  1.68    0.002335          53        44 fgets

  1.50    0.002085        2085         1 dlopen

  0.73    0.001015          59        17 JLI_MemAlloc

  0.52    0.000727          45        16 JLI_StringDup

  0.37    0.000522          43        12 strcspn

  0.37    0.000515          42        12 strspn

  0.37    0.000511          28        18 strlen

  0.36    0.000498          33        15 JLI_MemFree

  0.30    0.000422          38        11 getenv

  0.27    0.000372          46         8 sprintf

  0.25    0.000343          42         8 strrchr

  0.21    0.000295          36         8 strcat

  0.19    0.000260         130         2 fclose

  0.17    0.000233         116         2 fopen

  0.16    0.000224         112         2 readlink

  0.14    0.000196          98         2 getuid

  0.14    0.000191          95         2 access

  0.13    0.000182          91         2 __xstat

  0.12    0.000161          80         2 getgid

  0.11    0.000154          77         2 geteuid

  0.11    0.000152          76         2 getegid

  0.10    0.000136          27         5 strchr

  0.08    0.000116         116         1 pthread_create

  0.08    0.000115          57         2 memset

  0.07    0.000103          51         2 strcpy

  0.07    0.000102          51         2 strncpy

  0.07    0.000095          47         2 JLI_FreeManifest

  0.06    0.000086          43         2 fflush

  0.04    0.000059          59         1 putenv

  0.04    0.000057          57         1 pthread_attr_destroy

  0.02    0.000034          17         2 dlsym

  0.01    0.000018          18         1 pthread_attr_init

  0.01    0.000016          16         1 JLI_WildcardExpandClasspath

  0.01    0.000016          16         1 strncmp

  0.01    0.000014          14         1 pthread_attr_setstacksize

  0.01    0.000014          14         1 getpid

  0.01    0.000013          13         1 pthread_attr_setdetachstate

------ ----------- ----------- --------- --------------------

100.00    0.139352                   215 total

You can get the drill, complexity is a beast. Ah, and I almost forgot : Hello world 😉

[1] Gary McGraw (2006). Software Security, Building Security In. Crawfordsville, Indiana: Addison-Wesley Professional. p7-10.

Categories: Uncategorized