chopchop (Experimental WEP attacks)

idea to crack WEP with chopchop

Postby bigbadbo » Wed Mar 21, 2007 7:04 am

Hi all

This is my first Post on this site so hang in their with me !.

OK ...

KOREK chopchop theory obtains the Keystream of a particular packet, Idealy from an ARP packet from the AP.

And then we can forge an ARP Packet with packetforge-ng and some other stuff !

However, if we inject our new forge ARP packet, were still only generating as much traffic, according to the size of that ARP (68bits)

How about if you apply that keystream to a much larger packet, for instance ...
a GET packets, thats 400+ bits, this will generate much more traffic leading to a quicker attack

I know packetforge-ng has a custom packet capability, but im unsure how to use it

regards
Kai
bigbadbo
Mini Stumbler
 
Posts: 3
Joined: Mon Mar 05, 2007 3:05 am

Postby Starpoint » Wed Mar 21, 2007 7:08 am

bigbadbo wrote:Hi all

This is my first Post on this site so hang in their with me !.

OK ...

KOREK chopchop theory obtains the Keystream of a particular packet, Idealy from an ARP packet from the AP.

And then we can forge an ARP Packet with packetforge-ng and some other stuff !

However, if we inject our new forge ARP packet, were still only generating as much traffic, according to the size of that ARP (68bits)

How about if you apply that keystream to a much larger packet, for instance ...
a GET packets, thats 400+ bits, this will generate much more traffic leading to a quicker attack

I know packetforge-ng has a custom packet capability, but im unsure how to use it

regards
Kai


And your goal in all this is WHAT?
Against the run of the mill, static as it seems

We break the surface tension with our wild kinetic dreams
Curves and lines -- of grand designs...


Tonight's movie "Soylent Green" has been brought to you by our sponsor - Waste Management

My mind is like a Steel trap - Rusty and Illegal in most states
User avatar
Starpoint
 
Posts: 2539
Joined: Fri Apr 18, 2003 4:47 pm
Location: Houston

Postby streaker69 » Wed Mar 21, 2007 7:21 am

Starpoint wrote:And your goal in all this is WHAT?


Zombie Revival? Discuss the blasé practice of cracking wep?

Where is Devine anyway?
Treat your gun like your genitals, only whip it out when it's absolutely necessary.
User avatar
streaker69
 
Posts: 11867
Joined: Thu Jul 08, 2004 10:09 am
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA

Postby Dutch » Wed Mar 21, 2007 7:36 am

streaker69 wrote:Zombie Revival? Discuss the blasé practice of cracking wep?

Where is Devine anyway?

Last I saw him, he was jamming with Elvis at the truckstop orbiting Betelgeuse.

Dutch
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
User avatar
Dutch
 
Posts: 6698
Joined: Fri Mar 05, 2004 12:00 pm
Location: City of Mermaids, Denmark

Postby ccie4526 » Wed Mar 21, 2007 7:44 am

streaker69 wrote:Zombie Revival? Discuss the blasé practice of cracking wep?


Well, Dutch has weighed in on the topic, so I'm guessing it's up to G8t for the two week vacation. :D
---
<#include std.disclaimer.h>
AltarThug of Wired and Unwired, The Church of WiFi
http://www.churchofwifi.org
http://www.linuxisforbitches.com
http://www.wigle.net
http://www.kismetwireless.net
User avatar
ccie4526
 
Posts: 399
Joined: Sun Jun 02, 2002 3:44 pm
Location: West BFE, Texas

Postby beakmyn » Wed Mar 21, 2007 8:12 am

Wait you can crack WEP?! How long has this been possible?
beakmyn
 
Posts: 4858
Joined: Sun Aug 03, 2003 1:53 pm

Postby ccie4526 » Wed Mar 21, 2007 8:13 am

beakmyn wrote:Wait you can crack WEP?! How long has this been possible?


Lessee, Dutch joined the NS forums in March of 2004, so I would suggest since about then. :D
---
<#include std.disclaimer.h>
AltarThug of Wired and Unwired, The Church of WiFi
http://www.churchofwifi.org
http://www.linuxisforbitches.com
http://www.wigle.net
http://www.kismetwireless.net
User avatar
ccie4526
 
Posts: 399
Joined: Sun Jun 02, 2002 3:44 pm
Location: West BFE, Texas

Postby Dutch » Wed Mar 21, 2007 8:35 am

ccie4526 wrote:Lessee, Dutch joined the NS forums in March of 2004, so I would suggest since about then. :D

How often do I have to tell you lot... I don't crack wep, I crack whips over the tards!

Dutch
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
User avatar
Dutch
 
Posts: 6698
Joined: Fri Mar 05, 2004 12:00 pm
Location: City of Mermaids, Denmark

Postby Barry » Wed Mar 21, 2007 8:38 am

Dutch wrote:How often do I have to tell you lot... I have Thorn's E-cupped Swedish nurse whip me!

Dutch




Fixed!! :D
Never do anything you don't want to explain to the paramedics.
User avatar
Barry
 
Posts: 5713
Joined: Sat Dec 28, 2002 11:10 pm
Location: Ohio

Postby Dutch » Wed Mar 21, 2007 8:42 am

Barry wrote:Fixed!! :D

/puts Alaska on the Universal No-Ship list.. Again...

Dutch
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
User avatar
Dutch
 
Posts: 6698
Joined: Fri Mar 05, 2004 12:00 pm
Location: City of Mermaids, Denmark

Postby Barry » Wed Mar 21, 2007 8:44 am

Dutch wrote:/puts Alaska on the Universal No-Ship list.. Again...

Dutch



I'm used to it.;)
Never do anything you don't want to explain to the paramedics.
User avatar
Barry
 
Posts: 5713
Joined: Sat Dec 28, 2002 11:10 pm
Location: Ohio

Postby ccie4526 » Wed Mar 21, 2007 9:39 am

Barry wrote:
Dutch wrote:Originally Posted by Dutch
How often do I have to tell you lot... I have Thorn's E-cupped Swedish nurse whip me!

Dutch


Fixed!!


Ok, I'd say you owe me a new keyboard on that one, but this *is* a laptop, so you *really* owe me a whole new laptop. :D
---
<#include std.disclaimer.h>
AltarThug of Wired and Unwired, The Church of WiFi
http://www.churchofwifi.org
http://www.linuxisforbitches.com
http://www.wigle.net
http://www.kismetwireless.net
User avatar
ccie4526
 
Posts: 399
Joined: Sun Jun 02, 2002 3:44 pm
Location: West BFE, Texas

Postby Barry » Wed Mar 21, 2007 10:23 am

ccie4526 wrote:Ok, I'd say you owe me a new keyboard on that one, but this *is* a laptop, so you *really* owe me a whole new laptop. :D



Naa, you can get replacement keyboards for laptops.:D
Never do anything you don't want to explain to the paramedics.
User avatar
Barry
 
Posts: 5713
Joined: Sat Dec 28, 2002 11:10 pm
Location: Ohio

The goal in my previous idea

Postby bigbadbo » Wed Mar 21, 2007 11:18 am

Hi starpoint

my the goal to my previous idea will allow you to generate weak IV's by generating more traffic quicker, so you can crack WEP quicker

if injecting a 86bit ARP Packet will generate 1,000,000 weak IVS in 4 hours ...

then injecting a 400+bit GET packet will generate 1,000,000 weak IVS in 1 - 2 hours ?

therefore breaking the WEP key, can be alot quicker ...

regards
Kai
bigbadbo
Mini Stumbler
 
Posts: 3
Joined: Mon Mar 05, 2007 3:05 am

Postby theprez98 » Wed Mar 21, 2007 11:32 am

bigbadbo wrote:Hi starpoint

my the goal to my previous idea will allow you to generate weak IV's by generating more traffic quicker, so you can crack WEP quicker

if injecting a 86bit ARP Packet will generate 1,000,000 weak IVS in 4 hours ...

then injecting a 400+bit GET packet will generate 1,000,000 weak IVS in 1 - 2 hours ?

therefore breaking the WEP key, can be alot quicker ...

regards
Kai

You should be able to crack WEP in 10-15 minutes or sometimes as few as 5.
[font="Courier New"]"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";[/font]
User avatar
theprez98
 
Posts: 3638
Joined: Tue Jan 11, 2005 8:23 pm
Location: Maryland

PreviousNext

Return to Unix/Linux

Who is online

Users browsing this forum: No registered users and 3 guests