|
Pages: [1] 2
|
  |
|
 Author
|
Topic: Wep Cloaking (Read 1857 times)
|
tilimil
Guest
|
Anybody working on a AirDefense WEP cloaking workaround that doesn't require me to manually weed out chaff through repeated sequence numbers?
|
|
|
|
|
Logged
|
|
|
|
|
darkAudax
|
tilimil,
We would be happy to add code to deal with it. Do you have some full packet captures you can post links to?
d.
|
|
|
|
|
Logged
|
|
|
|
|
darkAudax
|
tilimil,
Could you please register. It will make it easier to communicate.
Thanks,
d.
|
|
|
|
|
Logged
|
|
|
|
tilimil
Newbie
Posts: 1
|
Done. Working on getting a hold of capture of this.
|
|
|
|
|
Logged
|
|
|
|
Zero_Chaos
Frequency Guru
Global Moderator
Full Member
Posts: 141
He is right
|
In ideal circumstances, here are the requests.
1.) A pcap with a known WEP key that is captured completely passively, no injection. 100,000 unique ivs
2.) A pcap with a known WEP key that is captured during arp packet injection. 100,000 unique ivs
If you can get us these two pcap files, I'm sure we can do something for you ;-)
Anything less than these two pcaps is of course appreciated, but the two suggested would be the most useful.
-Zero_Chaos
|
|
|
|
|
Logged
|
|
|
|
lemmingman
Newbie
Posts: 4
|
I work with Tilimil.
If we strip app data from the pcap you can still work with it, correct?
|
|
|
|
|
Logged
|
|
|
|
erik
Newbie
Posts: 12
|
Yes, we are espeacily intrested in the arp capture, you can strip everything, except arp.
|
|
|
|
|
Logged
|
|
|
|
Zero_Chaos
Frequency Guru
Global Moderator
Full Member
Posts: 141
He is right
|
Yes, we are espeacily intrested in the arp capture, you can strip everything, except arp.
um, no. Please do NOT strip everything but arp. Leave as much in as possible. Thanks -Zero_Chaos |
|
|
|
|
Logged
|
|
|
|
|
|
|
Mister_X
|
If you prefer, you can send me the files so that I can distribute to ppl in the team (and the files do not become public).
|
|
|
|
|
Logged
|
|
|
|
|
darkAudax
|
lemmingman, A patch for aircrack-ng will be released shortly. See below for details for the defcon presentation and related materials: http://defcon.org/html/defcon-15/dc-15-speakers.html#GuptaThe Emperor Has No Cloak - WEP Cloaking Exposed Deepak Gupta Principal Architect, AirTight Networks Vivek Ramachandran Senior Wireless Security Researcher, AirTight Networks We thought The Emperor has No Cloak story was a pure fiction until we came across an announcement three weeks ago. Marketing can sell anything. The question is can an invisible cloak be sold in modern times when most of us can see through it? The WEP cloaking technique works (or rather, as we argue, does not work) by injecting spoofed WEP encrypted data frames ("Chaff") into the air. These chaff packets may contain random data or encrypted with a key different from the actual WEP key in use and may use only weak IVs. Unmodified WEP cracking tools fail to crack the original WEP key in a chaff-contaminated packet trace. Apart from the fact that WEP cloaking does not address any of the other weaknesses in WEP (such as message modification, replay attacks, shared authentication flaws, packet decoding using ICV etc); there are multiple ways to beat WEP cloaking, which we will disclose during our talk. We also plan to release a set of tools including a patch for Aircrack which will keep WEP cracking the simple job it's always been - even in the presence of WEP Cloaking. Final verdict on WEP Cloaking: WEP was, is, will remain broken. It cannot be secured by obscuring its flaws. Deepak Gupta leads the architecture group at AirTight Networks. He has a decade of research experience in network and systems security. Deepak's recent work in this area includes designing a system for buffer overflow prevention, and an online packet sniffer and Layer 7 filter tool for gigabit line speeds. From 1996 to 2005 Deepak was on the faculty at the Department of Computer Science & Engineering at Indian Institute of Technology. Deepak holds a Bachelor's in Technology and a Ph.D. from IIT Kanpur, India. Vivek Ramachandran is a member of security research team at AirTight Networks. His current focus is on 802.11 security -- both threats and countermeasures. In 2006, Vivek was featured in the "India Top 10" list of the Microsoft Security Shootout contest (web application security) among a reported 65,000 participants. He has delivered talks and tutorials in security conferences and workshops, and has published case studies and original research papers in DDoS mitigation and arp spoofing detection. Vivek is a graduate in Electronics and Communications from the Indian Institute of Technology, Guwahati. |
|
|
|
|
Logged
|
|
|
|
erik
Newbie
Posts: 12
|
What a pity, I wanted to break that system...
|
|
|
|
|
Logged
|
|
|
|
Defcon
Guest
|
Found one of the author;s site here : http://security-freak.net/Found some videos on Aircrack, Airbase etc in the videos section. Who knows maybe we could get a sneak preview of whats to come at Defcon in the videos section  though that would be a spoiler for Defcon  |
|
|
|
|
Logged
|
|
|
|
lemmingman
Newbie
Posts: 4
|
I'm so happy I'm crying.
|
|
|
|
|
Logged
|
|
|
|
monkee
Newbie
Posts: 1
|
Just got back from Defcon on Sunday, sat through the Airtight discussion, pretty interesting talk. So they were talking about different filtering techniques to handle the chaff frames, are these going to be or already included in aircrack-ng? If they are already checked in, is it in the dev branch?
Thanks
monkee
|
|
|
|
|
Logged
|
|
|
|
|
|
Pages: [1] 2
|
|
|
 |
Aircrack-ng
Ok, thanks. 