Home > Computer/Technology > Hacking WEP (on an Orange Livebox)

Hacking WEP (on an Orange Livebox)

Hack WEP using Backtrack 5 and gerix

So, you forgot your WEP key and you can’t recover it or you simply wanna hack into your neighbor’s WiFi :P. In short the situation is – your terminal can detect the “secured” WiFi network but it can’t connect to it because you need the key. WEP (and WPA too) has already been hacked long ago, yet people still use it! There already exists tons of ways on how to do it, just google it. I am just going to explain the way i did, which i found to be the simplest one yet. All you need is to download BackTrack 5. You can install it on your PC, but it is simpler to just create a bootable Live USB using UNetbootin. I assume you booted Backtrack 5 (from USB or otherwise) successfully at this point.

The following worked for an Orange MyT livebox that has WEP enabled.
Unfortunately i could not take screenshot in the live cd mode…

1. Launch gerix (Applications -> BackTrack -> Exploitation tools -> Wireless exploitation -> WLAN exploitation -> gerix-wif-cracker-ng)
2. Click on configuration tab, click on your interface then click on Enable/Disable monitor mode button. This will create a new interface. Select it.
3. Click on rescan networks button. The victim’s network should show up in the list. Select it.
4. Click on WEP tab. Click on start sniffing and logging. (This will open up a terminal).
5. Click on WEP Attacks (no-client). You will see 2 types: ChopChop attack and fragmentation. Fragmentation did not work for me because of poor signal strength. Chop chop is best for low signal, so i used it.
6. Click on “start false access point authentication on victim” button.
7. Click on “start ChopChop attack” button. A new terminal will show up, type y. Wait for it to become 100%.
8. Click on “Create the ARP packet to be injected …” button.
9. Click on “Inject the created packet on victim access point”. A new terminal will show up, type y. You will see ‘Sent [a number] packets’. Wait till you reach about 10,000 packets.
10. Now in gerix, click on the Cracking tab. Click on Aircrack-ng – Decrypt WEP password button.
11. You should see the WEP key! It will be something like HI:G4:I9:…. It was 38 in length for me. Actually when you enter the WEP key (i tried it on windows XP), drop all the “:”.

Voila. Now you can access the “secured” wireless network. Enjoy! ๐Ÿ™‚


Categories: Computer/Technology
  1. Afzal
    November 13, 2011 at 8:27 pm

    niiiiiceeee! ๐Ÿ˜€
    if only mo ban voisin ti ena myT! XD
    1 sans li simple selman! rofl
    gud job ๐Ÿ™‚ keep it up ๐Ÿ˜€

    • November 13, 2011 at 8:29 pm

      ty lol.. wey mari simple r sa ๐Ÿ™‚

  2. 0x1337
    November 14, 2011 at 11:39 am

    nice article ๐Ÿ˜€

  3. November 19, 2011 at 1:19 pm

    the backtrack 5 does not detect my wifi card :S too bad for me…

    Any suggestion?

  4. November 19, 2011 at 1:25 pm
  5. hackerpunk1
    December 1, 2011 at 5:15 pm

    mo p trv ena 1ta noob ki pa kne hack livebox dan sa maurice la.

    Best Regards,

  6. lol
    December 7, 2011 at 1:22 am

    filtrage mac activรฉ par dรฉfaut pour bne LB..;

    • December 7, 2011 at 2:14 am

      @lol, pas pou tro dificil contourne sa probleme la. Simple raison: Kan to sniff packet to pou truV ki MAC address la pas encrypted. Mne blier lakel command sa but li facil gagne MAC address Access Point la ek MAC tou man users ki authenticated a network la. Lerla app la pou fer 1 truk apel “MAC Spoofing” ki pou ’emulate’ MAC address 1 user dja authenticate ladan pou gagne access.

      Edit: command la sudo airodump-ng [-c] [–bssid] [-w] wifi0
      kot -c, -w etc man parametres to bizin supply, mo laisse tw al roD ki man parametres la fer ;).

      Btw, mne remarK ki man nuvo livebox la pna filtrage MAC enabled

  7. March 18, 2012 at 4:40 pm

    yo mate a real linux blog , nice stuff on bt5 indeed .. ek mo nouvo dans open source .mo trouve bien interessant ..pena personn ki pe faire reverse engineering ? on linux emmbeded device ..mais the post about grunge in the nineties was coool …punk is not dead ….take it easy ๐Ÿ™‚

    • March 18, 2012 at 4:56 pm

      Thanks for the great comment mate ๐Ÿ™‚ Reverse engineering lor linux embedded na :O mo pna knowledge lor sa, wud love to si gagne 1 leten.. i’m far from being an expert on linux lol.
      Thankksss mo pas vraiment listen punk… 1 2 kumsa xD

  8. March 18, 2012 at 9:25 pm

    Mon, 27 Jun 2011
    Unbelievable statements in GPL related case in the Supreme Court of Mauritius

    I’ve recently received some documents regarding a court case at the Supreme Court of Mauritius.

    The plaintiff is a company called Linux Solutions Ltd. in Mauritius. It seems to be covering an alleged breach of an NDA between a contracted freelancing developer and a company in Mauritius. That contractor (the defendant) has apparently published some of the work he had done while contracting for the plaintiff.

    While none of that seems to be clearly connected with the GPL, what is extremely disturbing is the sworn affidavit / oath by one of the executives of the plaintiff. It says things like:

    5. Licenses of open-source software like “Linux” and “Asterisk” have no copyright restrictions which in effect puts no restrictions on their use or distribution. As a consequence, any work which is derived from the open source software as conceptualized, created, installed and managed, by the Applicant becomes the ownership of the Applicant.

    6. In the light of the above, therefore, the applications, configuration files and features so developed by the Applicant are the sole property of the Applicant, make up the knowledge base of the Applicant, make the basis of its business operations, and are highly confident in nature. The applications, configurations and features have been built and acquired by the Applicant through important capital investments and manpower over a period of time.

    So let me phrase this more clearly: Somebody, under oath is stating at the Supreme Court, that GPL-Licensed software (which the Linux kernel definitely is), has no copyright restrictions? And that any derived work is the sole property of whoever created the derivative? What kind of pot are they smoking in Mauritius?

    If there’s anyone in the Free Software legal community interested in filing some kind of legal document to the Supreme Court of Mauritius to clarify this issue, feel free to contact me for more details on the case. No matter whether the defendant has broken some NDA, I think it’s unacceptable to see such ridiculous claims being made at a Supreme Court.

    In case you don’t believe it, here are some scanned samples:

    • March 18, 2012 at 10:05 pm

      mauritian al court pou corruption dan election, scandal lier ar politik or camera ki p fer zot paye tro contravension la list la long.. lepep admirab!

  9. March 19, 2012 at 8:39 pm
    • March 21, 2012 at 1:27 am

      Nice stuff there dude. Looking forward to some posts in it ๐Ÿ˜›

  10. Joel
    May 8, 2012 at 12:09 am

    Please give me aplication livebox crack wifi

  11. May 16, 2012 at 12:15 pm

    What about wpa? Can it also be hacked? I’ve changed my key to wpa and was wandering how safe it was.
    Also what about the fact that we have to press the reg key on the livebox to be able to join a wireless network?
    ps: I didn’t try the hack

    • June 13, 2012 at 5:18 pm

      WPA has also been cracked, as well as WPA2. But WPA has a better protection than WEP for sure- In WEP the keys are not hashed, WPA rotate the key on a per-packet basis. I don’t know the complexity of cracking WPA, the gerix-wif-cracker-ng has WPA crack also, but i haven’t tried it myself.

      About pressing the key, this is not necessary if do what i said in the post ๐Ÿ˜‰

      • July 7, 2012 at 2:53 pm

        I see.
        Can BT5 work on windows? I managed to get BT5 to work using VMware Player however it doesn’t detect my network card since am on a laptop.From what I’ve read so far BT5 only supports usb adapters.If that’s the case I’ll have to give up.

  12. July 15, 2012 at 11:54 pm

    ledernierdodo :
    I see.
    Can BT5 work on windows? I managed to get BT5 to work using VMware Player however it doesnโ€™t detect my network card since am on a laptop.From what Iโ€™ve read so far BT5 only supports usb adapters.If thatโ€™s the case Iโ€™ll have to give up.

    Scratch that.
    I created a bootable usb and bt5 did detect my wireless card. Now am going to try my own network.

    • August 26, 2012 at 4:18 pm

      Okay ๐Ÿ™‚ How did it go?

  13. John Fernandes
    August 16, 2012 at 3:33 pm

    Get ready for it because your not gonna like it. Ya know..I Hate All You Computer Geek Mother Fuckers, You Post All this Misleading Useless information that You All know is not gonna do what You Claim. I guess its some kinda club, because You All do the same shit, You Assholes think this shits cute when people download all this crap and study and learn commands and use up time of their life clock that they’ll never get back not to mention the expense when you suggest purchase this and that. Well… I hope You All get Cancer and Die from All the Radiation You expose Yourselves to from all that gear you sit around day in and day out and Burn in Hell !!! Thank You for Nothing…Sorry..But Somebody Had to Say it…… (I hope this dosn’t get deleted (Tho i know it will) Just so People know Somebody’s got the Guts to Tell You M Effers about Yourselves !!!) Oh…And dont worry…You wont be the only one to get one of these …Believe Me !!!!

    • August 26, 2012 at 4:25 pm

      Cool story, bro. Guess what.. i did not thrash your comment. Thank u for the lulz! If you think all this is just waste of time then good for you, its not for me. All these is one of my passion. And this one, which empowers one to the pwn most of the “secure” wifi in existence lol. Everyone has stuff they like… if you think just using the Internet for facebook, trolling, chat, etc then good for you.. and if you reflect on what you do on the Internet (eg. the comment itself) you will notice you are wasting you own time of your life. FYI, i don’t just sit behind my PC all day.. i am probably more active than you are. ๐Ÿ™‚

  14. kevinviper
    September 18, 2012 at 4:42 pm

    My neighbour have an unsecured wifi livebox, Im unable to connect his wifi. I think that I must assaciate his wifi by pressing the ‘reg’ key in his livebox. Is there any method to by-pass it and connect (associate) automatically with bt5 or win7? Roshans89 or anyone can you please help me to solve that issue?

    • September 25, 2012 at 2:06 am

      Well i looked into this.. probably when i carried my experiment, my neighbor livebox was already in pairing mode or it was always on i don’t really know..
      check this out http://assistance.orange.fr/put-your-livebox-in-pairing-mode-4729.php. Not all liveboxes need the pairing (REG) button pressed. Try fiddling with BT5, i think it can be bypassed with some sort of MAC Spoofing (?) ..
      This link will also be interesting – http://en.kioskea.net/forum/affich-28541-wifi-to-livebox-problem

      • kevinviper
        September 28, 2012 at 10:20 pm

        Thanks for ur reply bro. U r right, maybe u have been lucky enough to crack ur neighbours livebox, cause livebox (orange) is the most difficult to crack. Unfortunatly we have only livebox orange in Mauritius. I have so many friends who have abandon the project of wep/wpa cracking.

      • October 19, 2012 at 4:40 pm

        Yeah that is probably true ๐Ÿ™‚ It’s not easy i admit, u need lot of time and patience to be able to discover something people haven’t really done before (livebox hacking).
        Maybe also the MAC Filter was not activated on that livebox… That livebox did really have poor security config lol. And now i see more and more of WPA2 being used!

  15. Leena
    September 24, 2012 at 1:35 pm

    What if you want to crack a WEP key ( ur neighbor’s ๐Ÿ˜€ ) using ur Android phone?

    • September 25, 2012 at 2:09 am

      ..Then you will need a method other than what i explained. A notebook will be fine ๐Ÿ˜€
      If you absolutely need an Android app then google “android app to crack wep” you will see lots of results, even youtube tutorials. Good luck! ๐Ÿ™‚

  16. tibaba
    November 12, 2012 at 10:13 pm

    Someone has any info on “uncapping Cable Modem”…….

  17. Jah Rasta
    March 28, 2013 at 8:42 pm

    how to hack wifi on android mobile

  18. revX
    May 18, 2013 at 11:52 pm

    what i can tell you all, this did not work for me, as i did all the above, booted it from my usb from the iso file, results in some command program like linux, didnt have option such as scan or air cracking or anything related to that. theres not GENIX OR APPLICATION WHATSOEVER, next time explain us step by step what needs to be done. this tutorial isnt very helpful, if you can’t take screenshot take them with a camera! cheers.

    • May 19, 2013 at 1:47 pm

      The default root name for Backtrack is โ€œrootโ€ and the password is โ€œtoorโ€. After typing in the root username and password, you will come back to the Backtrack shell. Type โ€œstartxโ€ to enter the GUI desktop.
      The shell is started by default and you need type startx, it even says so in the console… can’t you read what’s written on the console? Its a guide on cracking WEP, not a guide on basic linux usage! But as i am a good guy guide here is a head start for you: http://backtracktutorials.com/how-to-install-backtrack-5/
      Cheers! ๐Ÿ™‚

      • revX
        May 20, 2013 at 6:15 pm

        Redownloading now, will tell you how it went, ty.

      • revX
        May 21, 2013 at 4:32 pm

        Okayy! so here i am with the results, i tried the following and yes i finally got into the gui desktop, and manage to do what u told, but with no luck it did not work whenever i try to “Inject the created packet on victim access point” i get the error saying “Open Failed: no such file or directory” … so yeh thats basically it, got any tips for me on that?

  19. BABA
    June 5, 2013 at 7:22 pm

    pou gagne myT so ban chaine…..obliger ena sa smartcard la ceki activer…mo fin essaye ene smartcard desactivรฉe (mais ene message paret: re-inserer la carte)…. kiso role sa smartcard la…??? repond mwa svp

  20. jean91
    September 25, 2014 at 1:25 pm

    hi, please can someone tell me how can i disable my mac address filter on H108N/ZTE modem of orange my-t

  21. emmanuel
    January 11, 2015 at 11:30 pm

    how to hack mt decoder to play all channel and more

  22. Bilal
    February 1, 2015 at 5:53 pm

    Hello, is there a way to hack an orange livebox? Backtrack5 is no longer available. Thanks

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: