Your leaking thatched hut during the restoration of a pre-Enlightenment state.


Hello, my name is Judas Gutenberg and this is my blaag (pronounced as you would the vomit noise "hyroop-bleuach").


decay & ruin
Biosphere II
dead malls
Irving housing

got that wrong

appropriate tech
Arduino μcontrollers
Backwoods Home
Fractal antenna

fun social media stuff

(nobody does!)

Like my brownhouse:
   bad mortar and worse WiFi security
Sunday, June 19 2011

I hadn't used much mortar to put together the four tiny "foundations" for the northwest water "tower," but I'd made the mistake of using old mortar to do so. I don't know what it is about mortar, but it never seems to last more than about a year before going bad. By bad, I mean that it retains most of its superficial sandy appearance (usually with a few lumps), but when mixed with water and applied, it never solidifies. It just dries out, leaving a mass with the solidity of clump of dirt. By contrast, Portland cement seems to stay usable indefinitely even if the bag isn't sealed. It gets lumpy, which can make it hard to work with, but mix it with water and let it sit and it reliably transforms into limestone.
To fix the tiny foundations, I chipped away all the bad mortar, swept it up, and put it in the garden (where the calcium and sand will improve the soil, which tends to be a little clay-rich and mildly acidic). I then blasted the foundations with water (from the water tower, which had sufficient pressure to do "blast) to get rid of most of the remaing mortar. Then I trowelled in freshly-mixed cement, which had the consistency of peanut butter. It's the closest thing to molten rock that can be handled with bare hands (though, due to the high alkalinity, such exposure should be brief).

Five years ago, in the early days of WiFi, wireless routers were shipped with convenient default settings allowing them to be plugged in with little or no configuration. Installed this way, the routers were "open," and provided a de facto free internet for passers by to use. Routers configured this way were usually named "linksys," "dlink," or "default." And if they weren't working correctly, their admin passwords probably hadn't been set either, and if you knew where to go, you could get in there and make them reboot (or even, as "happened" once, install open source firmware). I've benefitted from such routers all over the world: New York, Quito, Jerusalem, Istanbul, Portland, and, most recently, Rome.
Sadly, though, this golden age of effortless roaming internet wasn't to last. At some point beginning in 2007, routers began to ship that came with easy systems for setting up security so as to ensure that data passing through the air between computers and routers would be encrypted. From then on, even the most boneheaded installation of a wireless router would be "secure." One actually had to do extra work to make a wireless router open.
I put quotes around the word "secure," because I remember reading something about vulnerabilities in WEP, the most widespread WiFi security protocol. If WEP is actually easy to crack, then perhaps the golden age of effortless roaming internet can go on for a few more years. So today I began running some experiments in an effort to crack a known instance of WEP, just to get a handle on how easy it is. The method I chose was to download a live Linux CD called Backtrack and install it on a bootable thumb drive. Then I booted my laptop from that and followed a procedure outlined on this web page. For me it was like cooking with a recipe and I didn't know what I was actually doing. But because I was having trouble finding a usable WiFi USB dongle and because of the distance to the WEP-protected router, I kept having to follow the procedure over and over again, and I gradually got a sense of what was going on.
The overview of the procedure for cracking WEP is as follows:

  1. Using a command-line Linux tool called airodump-ng, you begin logging information coming from a specific router on a specific WiFi channel. The most important information is something called an "IV" packet. Nobody in the WEP cracking world bothers to define what an "IV" is, but it has something to do with the encryption of the data, and the idea is to collect a lot of them. 10,000 IVs is often sufficient.
  2. Since IVs aren't frequently sent by a router, you need to fool it into generating lots of them. The best way to do this to listen for and then record the contents of a packet that specifically requests an IV so you can repeatedly rebroadcast it. This is all done automatically by a clever command-line Linux tool called aireplay-ng.
  3. After you've collected a sufficient number of IVs, you run a command-line tool called aircrack-ng that crawls through the IVs and performs fancy statistical mathematics to eventually generate a key. It can do so after only a minute if you have the IVs, which means you're either close to the WEP-enabled router or have a good antenna. But in my case, I was having technical difficulties and reception issues, so nothing actually ended up being cracked today, and I wasn't yet sure how useable WEP cracking techniques would be on the road.

For the record, by the way, I keep our household WiFi router ("cockroach") open for anyone to use, and the only use I'd ever personally have for WEP would be as a deliberate victim for the testing of my elite cracking skills.

For linking purposes this article's URL is:

previous | next