How To Hack Wifi Using Kali Linux

3 min readNov 19, 2019

Most Asking Question On Google Is How to Hack Wifi Using Kali Linux , Hack wifi , How To Hack Wifi Using Kali Linux , etc. But Firstly Understand What is Wifi & its Encryption.

What Is Wi-Fi ?

Wi-Fi is the name of a popular Wireless networking technology that uses radio waves to provide wireless high-speed Internet and Network connections. A common misconception is that the term Wi-Fi is short for “wireless fidelity,” however this is not the case. Wi-Fi is simply a trademarked phrase that means IEEE 802.11x.

Wireless Encryption

WEP Encryption

Wired Equivalent Privacy (WEP) is an IEEE 802.11 wireless protocol which provides security algorithms for data confidentiality during wireless transmissions.

WEP uses a 24-bit Initialization vector(IV) to form stream cipher RC4 For confidentiality, and the CRC-32 checksum for intergrity of wireless transmission.

How WEP Works

2. A 24-bit arbitrary number known as Initialization Vector (IV) is added to WEP key; WEP key and IV are together called as WEP seed.

3. The WEP seed is used as the input to RC4 algorithm to generate a key stream (key stream is bit-wise XOred with the combination of data and ICV to produce the encrypted data).

4. The IV field (IV+PAD+KID) is added to the ciphertext to generate MAC Frame

WPA Encryption

Wi-Fi Protected Access (WPA) is a data encryption method for WLAN’s Based on 802.11 standards.

It is a snapshot of 802.11i (under development) providing stronger encryption, and enabling PSK for EAP authentication.

How WPA Works

Temporal encryption key, transmit address, and TKIP sequence counter (TSC) is used as input to RC4 Algorithm to generate keystram.

MAC Service Data Unit (MSDU) and message intergrity check (MIC) are combined using Michael algorithm.

The Combination of MSDU and MIC is fragmented to generate MAC Protocol Data Unit (MPDU).

A 32-bit Integrity Check Value (ICV) is calculated for the MPDU

The combination of MPDU and ICV is bitwise XORed with Keysteam To Produce the encrypted data

The IV is added to the encrypted data to generate MAC frame.

WPA 2 Encryption

WPA 2 provides enterprise and WI-FI user with stronger data protection and network access control

Provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140–2 compliant AES encryption algorithm.

WPA2 — Personal

WPA2 — Personal uses a set-up password (pre-shared Key) to protect unauthorized network access.

In PSK mode each wireless network device encrypts the network traffic using a 128-bit key that is derived from a passphrase of 8 to 63 ASCII characters.

WPA2 — Enterprise

It includes EAP or RADIUS for centralized client authentication using multiple authentication methods, such as token cards, Kerberos, certificates etc.

Users are assigned login credentials by a centralized server which they must present when connecting to the network.

How WPA2 Works

In the CCMP implemention of WPA2, Mac header data is used to build additonal authentication data (AAD).

A sequenced packet number (PN) is used to build nonce.

AAD, temporal key and nonce along with CCMP are used for data encryption.

A WPA2 MAC Frame is build using MAC header, CCMP header, encrypted data and encrypted MIC

Originally published at https://exploitbyte.com on November 19, 2019.