Description: Welcome to Part 18 of the WLAN Security Megaprimer! Please start this series by watching Part 1 http://www.securitytube.net/video/1756, if you have not done so already.
In this video, we will look at Korek's infamous ChopChop attack! This attack unbelievably allows you to decrypt an entire WEP packet without knowing the WEP key. Though almost magical sounding, this attack has a firm foundation in polynomial math dealing with CRCs. I will not get into the math, instead will try to make you understand how this works using some interesting illustrations :)
The attack works by chopping off the last byte of the packet, making a guess for the plain text value of the byte, and then correcting the ICV. This uses the same approach as the Caffe Latte attack, leveraging the message modification vulnerability in WEP. The idea is that if the guess for the chopped byte is correct, the packet will be a valid WEP packet. It will thus be accepted by the access point. If it is invalid, it will be silently discarded. The tools uses this approach to find one byte at a time of the packet, till it manages to reconstruct the entire packet.
Tags: 802.11 , WEP , Cracking , Aireplay-ng , ARP , replay , security , hacking , wireless , weak IV , Caffe Latte , Message Modification , Korek attack , chopchop ,
Thank You sir..........again for this nice tutorial........
Thanks........
Thank you Vivek :)
Sir your tutorial are very good...bcoz they take us step by step from basic to professional level. great work
Thanks my friend.
It's more than great and i really don't know how to thank you. You're really pushing me to make a video.
Vivek, your videos are always so clear and professional, and this is no exception. A pleasure to watch and easy to grasp the core concepts.
I am very much indebted to you for what you have taught me about 802.11 and security in general over the last few months.
Thank you so much for your time.
Barry
Thanks vivek for your time and awesome video :)
Perfect....Go Vivek GO....
Thanks so much
Dear Vivek,
I have finally taken the time to go through the video sequence and have to say I am very impressed.
It is a clear and detailed view of what is actually being
done with clear explanations on how it is being accomplished.
I also like the way that you use and explain the use of
Wireshark in your videos as this, to be honest, is not well
documented in other areas.
(it is something I have been meaning to get to grips with
but your explanations have given a very good starting point for this n00b ;) )
I truly appreciate the time and effort you put into your
videos and also love noting the curtains behind you :D
You are a Night And Day person for sure !!
Keep it up, this is probably the most expansive and most
detailed description of wireless capabilities that exists
anywhere.
As Vishal said..
Go Vivek GO !!
@Machinist, Behrouz, zidane, Vishal, h0itm Thanks for all the appreciation and encouragement guys!
@m0ei You are most welcome! SecuriyTube Free education movement needs more people to propel it forward!
@Blackmarketeer Thanks buddy! I feel free education in security is my calling :) and hence blindly following it. It is very gratifying to see that I am able to help.
@TAPE Thanks dude! I really appreciate your kind words! I use Wireshark always as that is the only way one can really learn a concept - by looking at the real packets over the air. We should never trust the output of a tool blindly :)
Thaank You very much Vivek
i really dont want this megaprimer to finish :D
by the way i tried this attack almost 50 times on different AP's but i keep get the same 2 messages
First One :- Failure: the access point does not properly discard frames with an
invalid ICV - try running aireplay-ng in authenticated mode (-h) instead.
So i used the authenticated mode with -h then provided a PRE CONNECTED Client MAC address this message apperas
The chopchop attack appears to have failed. Possible reasons:
* You're trying to inject with an unsupported chipset (Centrino?).
* The driver source wasn't properly patched for injection support.
* You are too far from the AP. Get closer or reduce the send rate.
* Target is 802.11g only but you are using a Prism2 or RTL8180.
* The wireless interface isn't setup on the correct channel.
* The client MAC you have specified is not currently authenticated.
Try running another aireplay-ng to fake authentication (attack "-1").
* The AP isn't vulnerable when operating in authenticated mode.
Try aireplay-ng in non-authenticated mode instead (no -h option).
Although that i test the injection with aireplay-ng
Do you have any Explanations? :D
Vivek,
I have watched all of your videos up to this one. I feel like I just got done with a few years of school :)
Thank you for the time and effort you put into these videos. You do an EXCELLENT job of teaching from the ground up.
I am eagerly awaiting videos on WPA.
My only question in this video is, what can a hacker do with a decrypted wep packet? Or is this simply another weakness in wep?
Keep up the good work!!
Thanks Vivek for all the hard work you put into making these video lessons!
Thanks, you're awesome Vivek!
yo. vivek. you da man.
Vivek
I am enjoying each and every one of your videos as I see most here are.
Thanks you so much as you have been an ensperation to me.
We must have you out one year for our annual "Mantracker" training.
http://www.coweta.ga.us/Index.aspx?page=313
Our new schedule will be up soon.
Thanks again for all your hard work and time.
Vivek, you are the man. Just wanted to confirm that this only works with WEP? I tried with WPA TKIP and it didnt work.... Please confirm.
Hi Vivek,
Your explanation was plain simple and beautiful !
It was by accident that I landed here. I am very much impressed and loved it.
Thank you for the good work.