chopchop (Experimental WEP attacks)

Postby Dutch » Wed Mar 21, 2007 12:49 pm

bigbadbo wrote:Hi starpoint

my the goal to my previous idea will allow you to generate weak IV's by generating more traffic quicker, so you can crack WEP quicker

if injecting a 86bit ARP Packet will generate 1,000,000 weak IVS in 4 hours ...

then injecting a 400+bit GET packet will generate 1,000,000 weak IVS in 1 - 2 hours ?

therefore breaking the WEP key, can be alot quicker ...

regards
Kai


So how would larger packets generate more IV's ? Hint : The IV's are a fixed length of the complete packet. Read up on the specs.

Also, you aren't generating weak IV's. You are generating IV's where some of them might be deemed "weak", but the KoreK attack is not dependant on the socalled "weak" IV's. You need to study and research the subject more, since you appearently don't grasp the concept.

Dutch
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
User avatar
Dutch
 
Posts: 6698
Joined: Fri Mar 05, 2004 12:00 pm
Location: City of Mermaids, Denmark

Postby wrzwaldo » Wed Mar 21, 2007 12:53 pm

bigbadbo wrote:Hi starpoint

my the goal to my previous idea will allow you to generate weak IV's by generating more traffic quicker, so you can crack WEP quicker

if injecting a 86bit ARP Packet will generate 1,000,000 weak IVS in 4 hours ...

then injecting a 400+bit GET packet will generate 1,000,000 weak IVS in 1 - 2 hours ?

therefore breaking the WEP key, can be alot quicker ...

regards
Kai


Hey are you wearing any underpants?
wrzwaldo
 
Posts: 8995
Joined: Sun Dec 14, 2003 12:43 pm

Help needed then

Postby bigbadbo » Wed Mar 21, 2007 3:19 pm

Hi guys

Thanks for quick responces

could you possibly explain a few concepts about chopchop to me then please?

as i have read it here: (along with this forum)

http://www.aircrack-ng.org/doku.php?id=korek_chopchop

http://www.informit.com/guides/printerfriendly.asp?g=security&seqNum=196&rl=1

http://www.informit.com/guides/printerfriendly.asp?g=security&seqNum=197&rl=1

I have come to understand that chopchop decrypt's a WEP data packet without discovering the WEP key, so it reveles the keystream / PRGA to that packet.

that keystream can then be forged to other packets, these are then injected to the AP to force the AP to re-encrypt the packet and generate traffic

please correct me where im wrong.

regards
Kai
bigbadbo
Mini Stumbler
 
Posts: 3
Joined: Mon Mar 05, 2007 3:05 am

Postby streaker69 » Wed Mar 21, 2007 3:35 pm

bigbadbo wrote:Hi guys

Thanks for quick responces

could you possibly explain a few concepts about chopchop to me then please?

as i have read it here: (along with this forum)

http://www.aircrack-ng.org/doku.php?id=korek_chopchop

http://www.informit.com/guides/printerfriendly.asp?g=security&seqNum=196&rl=1

http://www.informit.com/guides/printerfriendly.asp?g=security&seqNum=197&rl=1

I have come to understand that chopchop decrypt's a WEP data packet without discovering the WEP key, so it reveles the keystream / PRGA to that packet.

that keystream can then be forged to other packets, these are then injected to the AP to force the AP to re-encrypt the packet and generate traffic

please correct me where im wrong.

regards
Kai


I have bolded all the areas where you went wrong, as well as this is not the chopchop support forum, so you should probably be asking this question at which ever forums supports this software.
Treat your gun like your genitals, only whip it out when it's absolutely necessary.
User avatar
streaker69
 
Posts: 11867
Joined: Thu Jul 08, 2004 10:09 am
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA

Postby Dutch » Wed Mar 21, 2007 4:57 pm

bigbadbo wrote:Hi guys

Thanks for quick responces

could you possibly explain a few concepts about chopchop to me then please?

as i have read it here: (along with this forum)

http://www.aircrack-ng.org/doku.php?id=korek_chopchop

http://www.informit.com/guides/printerfriendly.asp?g=security&seqNum=196&rl=1

http://www.informit.com/guides/printerfriendly.asp?g=security&seqNum=197&rl=1

I have come to understand that chopchop decrypt's a WEP data packet without discovering the WEP key, so it reveles the keystream / PRGA to that packet.

that keystream can then be forged to other packets, these are then injected to the AP to force the AP to re-encrypt the packet and generate traffic

please correct me where im wrong.

regards
Kai

When you've learned to do the following :
1) Read the Forum rules and guidelines (ALL of them) as posted in the Welcome Desk Section, and adhere to those rules and guidelines in your posts on the forums.
2) Retaken Reading & Comprehension 101 class.
3) Actually read and understood the thread you are posting in.

Then, and ONLY then you might have a chance of understanding something about how the KoreK attack works, and how his ChopChop tool functions. Untill you have done the 3 items outlined above, you should refrain from posting anything on the subject of breaking wep encryption.

Disregard the advice given to you in this post at your own peril.

Oh and in case you haven't heard it yet :
Cracking WEP is SO yester-year!!

WEP is insecure, it's a fact, proven long time ago! No need to crack it. Use WPA or other measures, even if it means you need to upgrade equipment.

This thread is hereby officially closed, and can only be opened on request from KoreK if he feels there is something new to report.

Dutch
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
User avatar
Dutch
 
Posts: 6698
Joined: Fri Mar 05, 2004 12:00 pm
Location: City of Mermaids, Denmark

Previous

Return to Unix/Linux

Who is online

Users browsing this forum: No registered users and 2 guests