WEP: IV Collision Attack
WEP prepends a 24-bit Initialisation Vector to the secret key before handing both to RC4. Only 2²⁴ ≈ 16.7 million IVs exist. The birthday paradox guarantees a collision — two packets sharing an IV — after roughly 4 900 packets. Once an IV repeats, the keystream repeats: same vulnerability, same crib-drag attack.
Packet capture simulation
Each simulated packet picks a random 24-bit IV. The birthday paradox says collisions arrive far sooner than the full IV space is exhausted.
Expected first collision ≈ 4 900 packets (√(2 × 2²⁴) × 1.18)
IV collision detected!
Two packets share the same IV — meaning they were encrypted with the same RC4 keystream. XORing their ciphertexts cancels the keystream and leaves the XOR of their plaintexts.
Known-plaintext recovery
Every 802.11 data frame starts with the 6-byte LLC/SNAP header
AA AA 03 00 00 00. Standard network traffic —
ARP, DHCP, DNS, HTTP — is highly predictable, so an attacker can
often reconstruct the full plaintext of packet A. XOR-ing that
known plaintext with PA ⊕ PB
directly yields packet B's complete payload.
Bytes 0–5 are the LLC/SNAP header — non-printable, shown as ·.
Bytes 6+ are the recovered payload — compare with Ground truth below.
Ground truth
The actual plaintexts — verify that the recovered payload matches packet B exactly.
How it works
WEP (Wired Equivalent Privacy, IEEE 802.11, 1997) tried to add per-packet key diversity by prepending a fresh 24-bit IV to the shared secret before initialising RC4. The assumption was that with 16.7 million possible IVs, repetition would be rare enough to be safe.
The birthday paradox demolished that assumption. After only ~4 900 packets — a few seconds on a busy network — there is a 50% chance of an IV collision. After ~9 700 packets the probability exceeds 99.9%. Many consumer access points simply incremented the IV by one for each packet, guaranteeing a full wrap every 16.7 million frames and cycling through all IVs in minutes on a saturated link.
A collision means two packets share a keystream. Their ciphertexts XOR together to give PA ⊕ PB, and the attack becomes straightforward crib-dragging, amplified by the predictable LLC/SNAP and IP/ARP headers that begin almost every Wi-Fi frame.
A separate, more powerful attack — Fluhrer–Mantin–Shamir (FMS, 2001) — exploits weak RC4 IVs to recover the secret key byte-by-byte from a few million packets. WEP was formally deprecated in 2004 and replaced by WPA/WPA2 (TKIP, then AES-CCMP).