chopchop (Experimental WEP attacks)

Postby mfenetre » Wed Feb 16, 2005 10:03 am

Hi sylvain,

thanks for your answer.
In fact, the patch delivered with chopchop is for linux-wlan-ng, and I don't use it (only orinoco_cs driver). Maybe I'll test with linux-wlan-ng patched whith chopchop patch.

Did anyone suceed in using orinoco drivers with chopchop ?

thx,
mfenetre.
mfenetre
Mini Stumbler
 
Posts: 2
Joined: Tue Feb 08, 2005 12:15 pm

Postby sylvain » Wed Feb 16, 2005 12:38 pm

mfenetre wrote:Hi sylvain,

thanks for your answer.
In fact, the patch delivered with chopchop is for linux-wlan-ng, and I don't use it (only orinoco_cs driver). Maybe I'll test with linux-wlan-ng patched whith chopchop patch.

Did anyone suceed in using orinoco drivers with chopchop ?

thx,
mfenetre.


ok so you have to use wlan-ng patched drivers. Otherwise it won't work (that's the case for orinoco). It can work with hostap also I think
sylvain
 
Posts: 175
Joined: Mon Jun 21, 2004 5:57 am
Location: Paris, France

Postby KoreK » Wed Feb 16, 2005 7:10 pm

sylvain wrote:ok so you have to use wlan-ng patched drivers. Otherwise it won't work (that's the case for orinoco). It can work with hostap also I think

He has to use the wlan-ng patch. I didn't manage to make hostap work.

mfenetre, just a reminder: You need an AP, an associated card, and an injection card using the wlan-ng patched module (Or just associate the wlan-ng card, yank it out, back in, inject, and hope the it hasn't been disassociated). If you don't know where to begin, have a look at the auditor CD, chopchop is included:
http://new.remote-exploit.org/index.php/Auditor_main
User avatar
KoreK
 
Posts: 102
Joined: Wed Jul 21, 2004 5:25 pm

Mathematical origin of 5% and 13% in WEP attacks

Postby Madory » Sat Mar 05, 2005 9:49 pm

Not sure if this question fits in this forum but I'm sure to be corrected if I'm wrong, so here goes...

What is the origin of the 5% and the 13% probabilities in the WEP attacks? I have read the FMS and H1kari papers and understood them (I think). Now, I know that:

Prob of success = e^(-3) = 5% (when all X, Y and Z are not swapped)
and
Prob of success = e^(-2) = 13% (when two of X, Y and Z are not swapped)

I already know that they come from modeling the remaining KSA swaps as random, but how are these stats derived?

On Pg. 9 of the FMS paper there is a reference to the following formula:
e^(-2B/N)
where B is the # of the byte of the SK being attacked and N is the length of the keystream. But this formula doesn't seem to apply to my question because there aren't any logical values of B and N that make (2B/N) equal to 2 or 3.

Is there a general form of some crypto-analytical formula that applies here?

Thanks for the help!
User avatar
Madory
Mini Stumbler
 
Posts: 3
Joined: Thu Jan 20, 2005 8:47 am

Answer to my own question: origin of 5%

Postby Madory » Sun Mar 06, 2005 8:09 am

When I now see the answer, I want to kick myself for not figuring it out sooner...

For the FMS attack to work, the first two bytes of the IV and the target byte of the secret key must survive the KSA swapping algorithm unchanged after the expected swaps occur. If we model the remaining swaps as random, then the chance that the three bytes in question are unchanged is 5%. This number comes from aggregating the probability that a byte is unchanged over each step over the three bytes.

P(1 byte is unchanged after one random swap) = (1 – 1/N)
N is the length of the resulting keystream.
P(1 byte is unchanged after N random swaps) = (1 – 1/N)^N
P(3 bytes are unchanged after N random swaps) = ((1 – 1/N)^N)^3

The expression, ((1 – 1/N)^N)^3, can be modeled as e^-3 because as N grows to be of any applicable length, the value of the expression asymptotically heads for 0.05. In the end, the value of N is irrelevant as the value is always just below 5%.

If we were to try to keep two bytes the same, P=((1 – 1/N)^N)^2 or or e^-2 or 13%.

Thanks anyway.
User avatar
Madory
Mini Stumbler
 
Posts: 3
Joined: Thu Jan 20, 2005 8:47 am

Postby KoreK » Mon Mar 07, 2005 5:15 am

It's a bit incorrect. Basic formula is (1-k/n)^n ~ exp(-k) when n is sufficiently large (mathly speaking lim of the left term when n grows to infinity is exp(-k)). In the papers, you get quantities like (253/256)^(256-p-1) (probability the (256-p-1) bytes of the KSA are different from 3 given values), with p=3,... First you approximate the exponent with 256, and you rewrite (1-3/256)^256, which then you approximate with the limit exp(-3).

cf http://mathworld.wolfram.com/ExponentialFunction.html
User avatar
KoreK
 
Posts: 102
Joined: Wed Jul 21, 2004 5:25 pm

Origin of 5%

Postby Madory » Mon Mar 07, 2005 6:43 am

This makes sense, thanks.

Perhaps it is a case of 6 and one-half-dozen. I got my explanation from "Attacks On RC4 and WEP" by FMS:

"The probability that three locations will not be pointed to by a pseudo random index during the
remaining N - 1 - x rounds is better than ((1-1/N)^N)^3 ~ e^-3 ~ 5%."

((1-1/N)^N)^3
can be reduced to
(e^-1)^3
and finally
e^-3

-OR-

(1-3/N)^N
reduced directly to
e^-3

Anyway, thanks for the general formula - crystal clear now.
User avatar
Madory
Mini Stumbler
 
Posts: 3
Joined: Thu Jan 20, 2005 8:47 am

half dozen is six

Postby noise_gaining » Tue Mar 15, 2005 10:58 am

It's the same. Let M = 3N, then

((1-1/N)^N)^3 = (1-3/M)^M




Madory wrote:This makes sense, thanks.

Perhaps it is a case of 6 and one-half-dozen. I got my explanation from "Attacks On RC4 and WEP" by FMS:

"The probability that three locations will not be pointed to by a pseudo random index during the
remaining N - 1 - x rounds is better than ((1-1/N)^N)^3 ~ e^-3 ~ 5%."

((1-1/N)^N)^3
can be reduced to
(e^-1)^3
and finally
e^-3

-OR-

(1-3/N)^N
reduced directly to
e^-3

Anyway, thanks for the general formula - crystal clear now.
noise_gaining
Mini Stumbler
 
Posts: 1
Joined: Wed Mar 09, 2005 9:13 pm

Postby Beep » Thu Mar 17, 2005 7:11 am

KoreK wrote:He has to use the wlan-ng patch. I didn't manage to make hostap work.

mfenetre, just a reminder: You need an AP, an associated card, and an injection card using the wlan-ng patched module (Or just associate the wlan-ng card, yank it out, back in, inject, and hope the it hasn't been disassociated). If you don't know where to begin, have a look at the auditor CD, chopchop is included:
http://new.remote-exploit.org/index.php/Auditor_main


Hi KoreK

I use the new Auditor (120305-01) on my HP OmniBook XE2 Laptop. I also use the Orinoco Silver WiFi card.
Is the necessary chopchop patch already installed on the Auditor CD? Must i apply any patches?

I've got the same problem like mfenetre few posts over me.

Thanks

-Beep

PS: Please dont flame me for my (maybe stupid) question... I searched a answer in google, readme's and this forum several hours/days.

PPS: R.E.S.P.E.C.T. to Korek and Devine for her great tools!
User avatar
Beep
Mini Stumbler
 
Posts: 1
Joined: Wed Mar 16, 2005 11:56 pm
Location: Basel - Switzerland

Postby sylvain » Thu Mar 17, 2005 8:14 am

drivers are already patched in new auditor version..and there is an auditor forum...maybe it's a better place to ask...not sure you really search...probably too lazy
sylvain
 
Posts: 175
Joined: Mon Jun 21, 2004 5:57 am
Location: Paris, France

Postby G8tK33per » Thu Mar 17, 2005 8:15 am

Beep wrote:Hi KoreK

I use the new Auditor (120305-01) on my HP OmniBook XE2 Laptop. I also use the Orinoco Silver WiFi card.
Is the necessary chopchop patch already installed on the Auditor CD? Must i apply any patches?

I've got the same problem like mfenetre few posts over me.

Thanks

-Beep

PS: Please dont flame me for my (maybe stupid) question... I searched a answer in google, readme's and this forum several hours/days.

PPS: R.E.S.P.E.C.T. to Korek and Devine for her great tools!

OK, which one of you is the chick?
"Make yourselves sheep and the wolves will eat you." ~ Benjamin Franklin

Sons of Confederate Veterans
User avatar
G8tK33per
 
Posts: 6078
Joined: Fri May 09, 2003 4:00 am
Location: Goomba's Booty Boardwalk

Postby sylvain » Thu Mar 17, 2005 8:19 am

I can say it is not Devine, I already met him :cool:
sylvain
 
Posts: 175
Joined: Mon Jun 21, 2004 5:57 am
Location: Paris, France

Postby KoreK » Thu Mar 17, 2005 3:00 pm

G8tK33per wrote:OK, which one of you is the chick?

You need a new pair of stockings , cabin boy?

As for Beep, if you bothered reading my previous posts... And while I am at it, noise_gaining why don't you take a math class...
User avatar
KoreK
 
Posts: 102
Joined: Wed Jul 21, 2004 5:25 pm

Postby Grant » Fri Dec 30, 2005 5:35 am

Anyone know why my version won't compile even though the header file it says is missing isn't?
Grant
Mini Stumbler
 
Posts: 1
Joined: Tue Dec 06, 2005 3:10 am

Postby Thorn » Fri Dec 30, 2005 6:29 am

Probably the header file isn't in the path. Most often this type of thing occurs because the code's author assumes one particular path, and your system is slightly different.

Try using an explicit path, for example, change:

#include stdio.h

to:

#include /usr/src/stdio.h

(of course the path preceding the header file name would be the required one for your system.)
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

PreviousNext

Return to Unix/Linux

Who is online

Users browsing this forum: No registered users and 3 guests