Cracking WEP Cloaking and 802.11 Non Public Band Comunication

In this talk Rick Farina a.k.a Zero Chaos and Thomas D'Otreppe a.k.a Mister X discuss the latest advancements in cracking WEP Cloaking and 802.11 non public band communication.

Mister X also releases Airdecloak-ng, a tool which removes the cloaked packets from a pcap file and thus allow aircrack-ng to break the key. Internally the logic is to identify these spoofed chaff packets by analyzing the sequence number and IV field. As Wep cloaked packets are necessarily data packets (at least in the current implementation according to Thomas) it is not possible for them to follow the sequence number or IV accurately, thus allowing for a very easy filtering. The Sequence number technique was first mentioned by Joshua Wright in his blog. Later that year Vivek Ramachandran and Amit Vartak from Airtight Networks demoed the first version of the WEP Cloaking cracker by modifying Aircrack-ng.

Farina on the other hand spoke about a very interesting topic - non public band communication using 802.11 . He points out that with minor tweaks to the driver code it is possible to listen and send on non public bands. However, he cautions everyone that even though listening on non public bands is allowed, transmission is punishable by US law. The slides to their Defcon 16 presentation is available here. The video of their talk is embedded below.

Related Videos from: Interesting Talks at Defcon 16


You are Viewing this Video Now!	Active HTTPS Cookie Hijacking (Mike Defcon 16)	Demonstration of Hardware Trojans (Defcon 16)	Scanning the Internet with Nmap (Defcon 16)	Hijacking the Internet using a BGP MITM Attack (Defcon 16)
11847 views	3207 views	3461 views	4836 views	4315 views

Author