The Korek's WEP Attack is a statistical cracking method for the recovery of a WEP Key. The attack is based on some weakness of the RC4 encryption algorithm well documented in the paper "Weaknesses in the Key Scheduling Algorithm of RC4" from Scott Fluhrer, Itsik Mantin and Adi Shamir.
This feature covers the same functionality of the software Aircrack from Christophe Devine and can quickly recover 64-bit and 128-bit WEP keys if enough unique WEP IVs are available. Accordingly to Aircrack's documentation the minimum number of unique WEP IVs needed to successfully crack a WEP Key using the Korek's Attack is: 250.000 for 64-bit WEP keys and 1.000.000 or more for 128-bit keys.
Can also support the newly discovered PTW cracking method which is able to extend Klein's attack and optimize it for usage against WEP. Using this method it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition.
The attack can fails for different reasons:
- more WEP IVs needed (you have to capture more WEP IVs).
- the network is using a dynamic WEP key.
- the capture file is corrupted ( equal or negative votes ).
- false positives (try to disable some Korek's attack unchecking the relative checkbox and raise the attack's "Fudge Factor").
- wrong key length set ( there is no way to know the key length from wireless network packets so try the attack twice, first set a 64-bit key and then longer ).