|
Pages: 1 [2] 3 4 ... 8
|
 |
|
 Author
|
Topic: Implementation of new fragmentation attack (Read 18587 times)
|
kandinsky
Newbie
Posts: 15
|
Hello,
i have tried the fragmenation attack on a rt2570 and it worked!
I broke the device when trying to solder an external antenna to the usb stick.
Are rt2500 pcmcia cards working with the fragmentation attack or only the usb rt2570 version?
It is hard to find a usb card in a store.
ASPj: Can you patch the r2x00 or rt2500 to support afrag as well?
Thanks in advance
|
|
|
|
|
Logged
|
|
|
|
|
daouid
|
I broke the device when trying to solder an external antenna to the usb stick.
could you post a picture ? maybe i could help you fix it ? |
|
|
|
|
Logged
|
|
|
|
kandinsky
Newbie
Posts: 15
|
I throw the stick away  Thanks for offering your assitance  |
|
|
|
|
Logged
|
|
|
|
kandinsky
Newbie
Posts: 15
|
Hello,
I bought a new rt2570 usb device and modified it to connect an external antenna.
I just wanted to give you a feedback on the fragmentation attack.
I was able to test it successfully on Slax 5.17 with rt2570-1.4.9 drivers compiled on kernel 2.6.16.
It also works on Backtrack 2 Beta with compiled rt2570-1.4.9 drivers for kernel 2.6.15.16.
The afrag does not get a valid key stream on my ubuntu with kernel 2.6.17.
I think there is some problem with the iwpriv as afrag reports rfmontx:
I recommend to everyone who wants to try this attack to use one of the two distribution version mentioned above.
Kind regards,
Kandinsky
|
|
|
|
|
Logged
|
|
|
|
*dudux
Newbie
Posts: 29
|
I tested my app several times now, using my rt2570 driver. I tested on different computers, with different wifi cards (but all using rt2570 chipset) against different APs.
Success rate is at about 80%. Usually you get a keystream in less than 1 second.
I have tested a lot of APs which are invulnerable to the chopchop attack, fragmentation attack worked on all of them Smiley
I dont have any other cards to try, so until now, it seems like only rt2570 is able to handle fragmentation correctly. I'm still waiting for success reports on other wifi devices. Is it true that works in 80 %?
If you can, it answers in the following link ----> http://foro.elhacker.net/index.php/topic,147959.0.html |
|
|
|
|
Logged
|
|
|
|
*dudux
Newbie
Posts: 29
|
itīs works!!!!!!!!!!!  |
|
|
|
|
Logged
|
|
|
|
kandinsky
Newbie
Posts: 15
|
Hello,
I would like to add some information regarding my previous post on this board.
The usb stick works on my Ubuntu Linux 6.10 as well so there isn't a problem with the driver as I said before.
Anyway I noticed a strange behavior with this stick.
From time to time the chopchop and afrag attack did not work against my Linksys WRT54gl AP with firmware 4.30.5.
Chopchop exists immediately and afrag is looking for a package forever.
It sounds strange but after booting the stick in Windows and reboot back to Ubuntu, the chopchop attack and the afrag attack work perfectly against my AP.
I would like to thank ASPj for his brilliant work to implement the extremely useful fragmentation attack.
I tried to attack some of my other APs with different hardware/firmware and the success rate is around 80%.
On most of them chopchop failed.
Kind regards,
Kandinsky
|
|
|
|
|
Logged
|
|
|
|
|
daouid
|
Hello,
I bought a new rt2570 usb device and modified it to connect an external antenna.
I just wanted to give you a feedback on the fragmentation attack.
I was able to test it successfully on Slax 5.17 with rt2570-1.4.9 drivers compiled on kernel 2.6.16.
It also works on Backtrack 2 Beta with compiled rt2570-1.4.9 drivers for kernel 2.6.15.16.
The afrag does not get a valid key stream on my ubuntu with kernel 2.6.17.
I think there is some problem with the iwpriv as afrag reports rfmontx:
I recommend to everyone who wants to try this attack to use one of the two distribution version mentioned above.
Kind regards,
Kandinsky
Not sure if im right but backtrack is based on slack maybe we should set a topic to list all working non-working kernels  |
|
|
|
|
Logged
|
|
|
|
*dudux
Newbie
Posts: 29
|
for to kandisky......
itīs works with ubuntu???
|
|
|
|
|
Logged
|
|
|
|
obo
Jr. Member
Posts: 65
|
I was under the impression that the drivers required patching...
From what I understand, you're using the stock Edgy kernel. Am I correct?
|
|
|
|
|
Logged
|
|
|
|
kandinsky
Newbie
Posts: 15
|
Hello,
I am using the stock edgy kernel.
After compiling the module with make, I usually insert it with insmod ./rt2570 just to be sure it uses the ASPj power driver.
I am at your disposal if you have any further questions.
|
|
|
|
|
Logged
|
|
|
|
kandinsky
Newbie
Posts: 15
|
Some news: I broke my second RT2570 Wifi adapter. This time I soldered the external pigtail cable correctly but the USB connector broke off. Fuck it ! I bought a new Atheros card and compiled the last madwifi snapshot under slax for it. I wrote a guide how to compile the snapshot as a slax module which you can find under: http://www.slax.org/forum/viewtopic.php?t=15031My card is a MicraDigital 802.11g Wireless interface from Carrefour. On the bottom of the box it says Belkin F5D7000eaE and I think! it has the AR5212 (802.11b/g) chipset Fragmentation attack works for this adapter and the latest madwifi snapshot against my Linksys WRT54GL with firmware 4.30.5 US Good job ASPJ, you are the hero! Kind regards, Kandinsky. |
|
|
|
|
Logged
|
|
|
|
kandinsky
Newbie
Posts: 15
|
I forgot to mention in my previous post that I didn't patch the madwifi driver at all.
I didnt even know that you need to patch them for injection in monitor mode.
I use the snapshot from 28/11/2006 and the fragemenation attack gets a valid keystream.
With the keystream I forge the replay packet and the injection works without any addional patches in monitor mode.
Good news!
|
|
|
|
|
Logged
|
|
|
|
|
|
|
Mister_X
|
I'll download the video and add it in videos.aicrack-ng.org. Is it ok for you?
|
|
|
|
|
Logged
|
|
|
|
|
|
Pages: 1 [2] 3 4 ... 8
|
|
|
 |
Aircrack-ng
