How to convert WEP key to ASCII passphrase?

Question

Does anyone have a hex->ascii method to reverse the WEP encryption?

I have my WEP key (eg F2:E8:54:22:F3), but can't remember my passphrase. I'm not too concerned with the accuracy of the passphrase.

I found this site, which has a Linux program that seems to work with values of keys generated by this site (supposedly the same WEP encryption engine), but unfortunately, it doesn't work with the key I have.

What I'd like is a Perl/C# solution if someone has one.

Things I realize:

1. I know there will be several ascii options, since this is WEP (the more the better, to help me find my original passphrase)
2. I know that WPA/WPA2 is suggested as a better alternative to WEP
3. I know that some routers have an http admin page (192.168.0.1), which may have the ascii passphrase there

Note:

1. I guess you could say this piggybacks on this question, but it's different since that one is asking about the authentication, whereas I'm more concerned with the WEP algorithm itself.

2. This is not for illegal hacking purposes. Obtaining the WEP key would be illegal, since that is what's used in accessing a WEP-enforced network. I'm merely asking how to convert that key to it's English alternative. - I should also note that accessing another person's network and using their resources w/o proper permission may be illegal.

Answer 1

it might be easier to just reset your router to its factory settings and resetting it up than to do what you are attempting...

Answer 2

Every wireless network management interface I've ever dealt with has allowed me to enter the actual key (in hex) without requiring the English passphrase. This is going to be your best bet.

You seem to already be aware (given your "Things I Realize" #1) that there is not a one-to-one mapping of WEP keys to English passphrases. The reason for this is that the key is a non-reversible hash of the passphrase. That being the case, unless there's a major flaw in the hashing algorithm (highly unlikely, given that I've never heard that listed among the litany of WEP's weaknesses), it is mathematically impossible to reverse the hash.

Since you can't compute the passphrase from the key, there are only two possible ways to do the conversion you're asking for:

1) Google the key and see whether it appears in any public WEP key rainbow tables. However, given that there's extremely little actual value to an attacker in converting a WEP key back into a passphrase (they can just use the key directly, so why bother?), I would be mildly surprised if any such tables even exist.

2) Generate a crapload of candidate passphrases and throw them at WEP's hashing algorithm and hope that one of them generates the desired key. While this will (eventually) work, it's almost certain to take longer than generating a new key and updating all affected devices unless you can remember enough of the previous passphrase to allow you to narrow the search space considerably.