Quote:
|
Originally Posted by KoreK
But it sent around 78000 (my guess) 802.11 frames over the air, all of them with a different dst-mac. If I guessed right, it's a pretty good performance.
|
Right, I've noticed MAC-change on every byte it decrypts. But I did not sniff the network. I sniffed with another notebook, unassociated and not part of my WLAN.
Quote:
|
Originally Posted by KoreK
What type of packets did you use for testing?
|
It's a single UDP DHCP request (one packet) I'm currently playing with...
Quote:
|
Originally Posted by KoreK
There's a variation I have to finish implementing/testing. If the station is not associated, the AP will still drop invalid packets, but it will respond with a deauth frame to a valid packet. In that case, chopchop uses a varying src-mac to encode the search and the guess.
|
I can tell you that it works with -n and without beeing associated. Used the UDP DHCP Request and it decodes the packet in no time (about 20-30 sec). Nice work!
Hardware:
AP = Netgear FVM318 802.11b AP / VPN-Router with MAC filter active
NIC= 8003 Prism2 Card with Prim-fw: 0.3.0 and Sec.fw: 1.7.1
cheers,
c0rnholio