3.5
- Korek Chopchop attack against WEP
- Unlike
previous attack against WEP encryption, the goal of Korek chopchop
attack is not to find the WEP key, but just decrypt an specific
packet sent within the attacked network. Actually, Korek chopchop
attack decrypts a WEP data packet without knowing the WEP key. As
said before, its purpose is not intended to find the WEP key, but to
reveal the plaintext. Once replay_dec-X.cap is achieved, Whireshark
can be helpful to decrypt the choosen packet. Korek attack chopchop
is based on polynomial math about Cyclic Redundancy Check (CRC).
- The
initial setup for the lab is the same as previous practices. To
launch the attack, aireplay-ng is used with -4 option (meaning
chopchop attack):
- After
reading some packets (55 in this case), aireplay-ng asks about the
selected packet is ok to be decrypted. If answer is Yes, the attack
starts immediately decrypting the packet and saving the result in
replay_src-0918-224820.cap file:
- The
attack is finished:
- aireplay-ng indicates where captured packets are saved:
- replay_src--0918-224820.cap
file and its derivatives has been created:
- Using
Wireshark, the file replay_src--0918-224820.cap can be decrypted:
- It can be verified that the packet is the same selected by aireplay-ng (8842 2C00 28C6 etc... ), being a frame control sent by the AP Motorola 00:25:F2:9B:91:23 with destination to the client "roch", whose wireless interface card is Netgear 28:C6:8E:63:15:6B:
- Also, the file replay_dec-0918-224925.cap can be decrypted, again with Wireshark's help:
- In this case, the packet is sent by 173.194.46.69 (Google) to the client "roch" (192.168.0.15), because of an https connection:
