|
|
|||||||
| Register | Search | Today's Posts | Mark Forums Read |
 |
|
|
LinkBack | Thread Tools | Display Modes |
09-23-2005
|
#1 (permalink) |
|
Registered Member
Join Date: Oct 2004
Posts: 4
|
WEP fragmentation attack
It is possible to send arbitrary data [any length and content] on a WEP network after having eavesdropped a single data packet.
http://darkircop.org/frag-0.1.tgz The idea is: Sniff first 8 bytes of cipher-text on packet with IV X. XOR cipher-text with 8 bytes of clear-text: AA AA 03 00 00 00 08 {00/06} depending if IP/ARP. Send data in 802.11 fragments of 4 data bytes + 4 CRC32 bytes all encrypted using the PRGA recovered and with IV X. |
|
|
|
09-23-2005
|
#2 (permalink) | |
|
Drunken Stumbler
Join Date: Jun 2002
Location: Anywhere but Utah
Posts: 1,794
|
Quote:
__________________
Never drink anything larger than your head! Scaramental Wine Taster for the Church Of WiFi Buy our book: RFID Security "I reject your reality, and substitute my own!" – Adam Savage CoWF WPA Hash Tables |
|
|
|
|
|
09-23-2005
|
#3 (permalink) |
|
Drunken Stumbler
Join Date: Jun 2002
Location: Anywhere but Utah
Posts: 1,794
|
Great, now your going to make me buy an atheros card
 Intriguing method. Any reason it could'nt be ported to a MIPS platform?
__________________
Never drink anything larger than your head! Scaramental Wine Taster for the Church Of WiFi Buy our book: RFID Security "I reject your reality, and substitute my own!" – Adam Savage CoWF WPA Hash Tables |
|
|
|
|
09-23-2005
|
#4 (permalink) | |
|
Humourless EuroMod.
Join Date: Mar 2004
Location: City of Mermaids, Denmark
Posts: 6,813
|
Quote:
And damn you too - I want to play with this, but have to little time for new projects. Could somebody please invent a TimeAddingMachine. Just 1 additional hour a day would be helpfull  Dutch
__________________
All your answers are belong to Google. SEARCH DAMMIT! Warning. Warning. Low C8H10N4O2 level detected. Operator halted.... |
|
|
|
|
Linear Mode
