Comment

WiFi security: a cautionary tale about hex for Halloween

by Guy J Kewney | posted on 30 October 2006

I couldn't get online. All I needed to know, in order to get online, was how to get a Hex key out of an Ascii string. Is that possible?

I'm now in a position to assure you that it is possible. You may think this is a daft observation. Apparently, not, and I'm not the only person who found the problem taxing. It all stems from the simple fact that most of us don't do Ascii lookups often enough to know how to convert hex to ascii and back.

But - why would anybody want to?

Answer: wireless networking security

The basic facts of wireless networking are that if someone has an access point, and gives you permission to use it, you still can't get online. They have to tell you what sort of security they use, and the security code.

Best is WPA. Not only is that pretty robust, but also it accepts a plain language passphrase, from which it generates the computer code. If you want even better, learn about authentication.

But some people don't use WPA. Either, their ISP doesn't think it's necessary, or they have an old router. BT, for example, provides its Voyager routers with a WEP code printed on the bottom, and expects most users just to type that code in. WEP stands for Wired Equivalent Privacy, and it's not watertight, but it's good enough to discourage casual snooping; so a lot of people install it by default. And you have a rather less simple problem to deal with: there are many variants of WEP.

It can be 48-bit, or 64-bit (that's the same thing, confusingly!) or it can be 128 bit.

  • One ASCII Character is eight bits
  • One HEX Character is four bits
  • 40- or 64-bit ASCII WEP code has five characters
  • 40- or 64-bit HEX WEP code has 10 characters
  • 128-bit ASCII WEP code has 13 characters1
  • 28-bit HEX WEP code has 26 characters

    • OK, I have a wireless laptop, and it has a plug-in Linksys card. For reasons which I could explain, but don't want to get into, this requires me to use the Linksys card's own config utility. Which means turning off Windows XP's Wireless Zero Config.

    And that works just fine! - and I don't want any advice on why actually, I need to switch from the Linksys utility to use WZC, or on how to make it work on troublesome LANs of the sort that make me want to use the Linksys utility.

    However, when I go visiting my daughter, I find a problem. She has a BT Voyager 2901 with a WEP key written on the bottom.

    It's a 128-bit WEP key, in Ascii: type in 13 characters and that key works, and she's set up her Mac to use it. The trouble is, it only works if you have a config utility that accepts Ascii. Her Mac does.

    But my Linksys config utility doesn't accept Ascii. It requires HEX. I don't carry a converter. I suppose, given time, I could work it out on my fingers! - but...

    So, in order to use the Internet when I visit my daughter, I have to disable the Linksys utility, then re-enable WZC, enter the Ascii string, and surf away. Which I can do, and routinely do, as they say, do. And it's a right royal pain, usually ending up with me having to reboot the system when I go home.

    BUT (for reasons which I could explain, but don't want to get into) I would like to be able to set up a profile on the Linksys card, which would allow me to connect here without all that re-config stuff.

    In theory, that's easy. All I need, is the WEP code. And to get that, all I need is a way of looking at the Ascii 13-character string, and saying: "Ah! - in HEX, that would be ..." and enter that HEX string into the config.

    There's a perfectly simple converter online - http://www.mikezilla.com/exp0012.html - and (to pre-empt the long debate) in the end, it works: I fed in the appropriate Ascii key, and converted it to HEX. And (apart from a small problem with the Linksys utility, which we don't have to discuss here) it is still working.

    But in advance, I wasn't sure it would, because a Knowledgeable Friend said it wouldn't. So, not wanting to screw up my daughter's network, I rang BT broadband tech support.

    "Can you tell me whether I can take the Ascii key, and convert it to a HEX key?" says I.

    "Here's what you do!" said techsupp. And he explained that all he had to do was to take over my computer, and extract the information from the router, and bingo. And what he did (and it took us the best part of 45 minutes) was to disable the Linksys utility, and re-instate Wireless Zero Config! "There!" he said triumphantly. "You're online!"

    "No, no," said I. "That's not what I asked you. I know how to disable the Linksys utility, and re-instate WZC, and get online. What I want, is a way of avoiding that. I like using the Linksys utility. All I want, is to know whether it's OK to take the Ascii key, and work out what the HEX equivalent is, and whether that will work!"

    The supervisor came online.

    He said he'd sort it, and once again, he took over my computer, and logged onto the router. Interesting! and so engrossed was I in watching, that I failed to spot that he'd also avoided answering the actual question.

    "Get an Ethernet cable, connect it to the router, connect the other end to the PC..." and he talked me through it. Took an hour. At the end, I came out of my obedient trance only just in time to prevent a family war.

    We came to the brink of a family war, because the tech support people actually never listened to the question. They decided rather to set about solving the problem we were too stupid to realise we should be asking about. I KNOW that 99 times out of 100, they probably do know what to do, and should "cut through the crap" so to speak! - but when it's a very simple question, a simple answer will do.

    The correct answer to "can I convert Ascii to HEX?" is not "Let me take over your computer!" but a simple: "Yes, you can."

    The next question I'd have asked was: "Do you have a converter?"

    I suspect the problem was that the techsupp guy didn't actually have a converter, but didn't want to admit it. The correct answer, then, would be "No, I don't."

    So, rather than say: "No" he decided to use lateral thinking, and use the software in the router, to solve the problem that he perceived.

    He was ---><--- this close to generating a brand-new WEP key, in HEX which would, of course, have worked for me, but would have completely changed the network config for my daughter. And while I presume she has a way of entering a HEX key for the Mac she doesn't know where to look for it, and I certainly don't!


    "Do not do that!" said I quickly.

    "It's all right," said they. "It will connect you to the wireless LAN, which is our job. We aren't concerned with your requirements for the Linksys data card. If you have a problem with the Linksys device, you must discuss it with Linksys."

    Just in time, I disconnected them.

    I've made a note of the HEX equivalent of my daughter's router, and it's saved on a big piece of paper on her desk. And I've created a new profile, and, in the end, all is well.

    I sort of feel it must be possible to do this with Windows Calculator... but "help" doesn't recognise "ascii" as a search term... and I'm pretty sure the software doesn't have an Ascii table in it.

    And all the Ascii tables I know of, are online. And of course, getting online is the problem we started out with...

    Technorati tags:       
    Answer the question! - You can discuss this article on our discussion board.

    Related Articles

    • [in News]
      Cracking WiFi security: "How we did it to WEP" - complete with instruction kit[more...]
    • [in News]
      Security crunch for WiFi as standard looms; but will it work?[more...]
    • [in News]
      WiFi Alliance scores pass marks for new security standard[more...]
    • [in News]
      Linksys security for home office - but not WiFi - users[more...]
    • [in News]
      Wireless security - yet another proprietary solution to WEP vulnerability[more...]
    • [in News]
      WiFi web-cam gets harnessed to home security - unless you have a cat[more...]