Description: Vivek asked me to upload a Video about how I cracked the challenge... so here it is!
ANNOUNCEMENT:
My brother Rene and I will do an “In-depth Python Network Coding Primer” (with a Scapy part) for you!
Please leave comments if you have some thoughts of what should be covered! or just leave some other comments ;)
Tags: wifi , wlan , wireless , crack , hack , challenge , python , scapy ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Great solution Patrick. Will be looking forward to the In-depth Python Network Coding Primer.
Well done. Looking forward to your python primer. I mentioned that you said you would be doing one one the e-h forum and people were definitely interested. I'm kinda busy now but after June 5, I plan on really digging into Python and Scapy.
BTW, is that Kino you're using for your video editing?
Patrick congrats again! All the best for the next challenge :)
Thanks alot Patric, good job cracking both. I liked the fact that you never gave up.
Looking forward to your Primer
thx for all the comments! I thought that nobody would be interested in another solution :)!
@mediumhat: thx, hopefully we can keep up with Vivek's Primers
@WCNA: that's the right way, don't set yourself under pressure! I was recording with quicktime (screen recording), the presentation was made with Keynote and at the and I appended the announcement with iMovie (hasn't worked that well... after that the background of the presentation looked like... buahh..)
@m0ei: thx! :) sometimes I was really close to biting into my keyboard
@Wavelength: thx, we will hurry up with it
@Vivek: thank's... I'm a bit afraid of the next challenge... WPA is a lot more complicated then WEP :S!!
Nice clear HD video. Thanks Patrick.
Just a query on the slide 3A theory. Is that right IV+KEYWORD -> XOR ????
@Blackmarketeer: thanks for pointing that out. sorry for that! I said "the IV with the keyword appended" ...it should of course mean "the IV and the Keyword are thrown through a XOR operation" (so they both build the input)
Congratulation for cracking the whole challenge! Great video! :)
waiting for your python primer!
Congratulations Patrick on completing the challenge. I'm particularly impressed by your persistence because, after all, the prize was allocated long ago!
Like Blackmarketeer, I noticed the slight glitch early on ... as far as I understand it, the IV and the Keyword are combined and then put through the RC4 algorithm which creates the keystream. It's the keystream which is XORed against the plain text.
I enjoyed the video because it went through your thoughts and the process very clearly. It was around 30 minutes and I'd far rather have something so well-produced than a five minute rush through which leaves so many questions unanswered.
I don't know if anyone else had difficulty reading any of the text on the video? I found the red particularly difficult (no, I don't have any form of colour blindness!) so I suppose the options are to either post future code in plain text in the description accompanying the video or have it available as a download, as Vivek did with his pcap files and Python code. Alternatively, I don't know how easy it would be to change the colours on the terminal.
I hope you don't mind this comment because I'm simply doing as you asked!
I'm looking forward to your Python and Scapy series.
@Ignatius:
thanks a lot! you're totally right :D!
I had a look through the WEP auth documentation again now... and I really misinterpretet something there! thanks for the clarification!!!
I'm sorry that it's sometimes hard to read the code (I will of course turn off the terminal transparency in future videos (and maybe switch to other colours)! I will also increase the font size. It was the very first video I recorded... so quality will of course increase!
Thx for your input :) I really appreciate it!
@Patrick: wow, if that was your first video, then I'm even more impressed!
Forgive me if I make a comment that makes an assumption and I am wrong ...
Your accent gives the clue that you are German (or maybe from a country that has German as one of the prime languages). I know just important qualities such as professionalism, accuracy, punctuality, tenacity etc. are to those from such a background. These attributes account for the contribution that you have made to Vivek's WLAN Security Megaprimer series.
@Patrick: don't beat yourself up over it - I never even cracked the first one :-)
The quality of the video is utterly stunning and your presentation is both clear, human and humerous.
Every time I've tried to use GTKRecord it just maxes out the processor - so getting that running on your box deserves a round of applause in the first place!
It's amazing what can be learned from people who are selfless enough to take the time to make videos for others. I did not know how to get at elements of the capture in Scapy - but you covered that without taking for granted others would know. It's the little things that make the picture.
I very much look forward to your Python videos and I'm sure they will be excellent.
Well done Patrick, both for cracking the challenge and for the clear explanation as to how you did it.
@Ignatius: :D that's really funny! Actually I'm from Austria, where German is the main language ...so you may be right with your thoughts :)!
@Blackmarketeer:
First I also tried to record it on my main machine (which is running on Linux) but then I very quickly switched to my macbook (that's not only my "mobile" machine... it's also my "everything that runs works for sure" machine)
@Blackmarketeer & Ignatius:
wow thanks for your compliments!
I also look forward to our Python Primer series... because my brother Rene knows a lot more then me about Python and of course about "network programming" (he's an outstanding developer). So he will kind of cover the "development side" and we try to merge that with my "hacker's point of view".. it's also planned that I will focus on Scapy (I learned to love it sooo much) :)! He can explain the coding-side very detailed... and I can explain ...let's call it the "hacker's context" and how to "use" that stuff.
Hopefully this "fusion" of knowledge will work ;)
Great Video and solution Patrick, I have learnt a lot from watching your solution and the other solutions posted before yours. In regards to the "Python For Hackers" MegaPrimer I think this is a fantastic idea and you will be taking a lot of "weight off viveks shoulders" by doing this..... I can wait for you to start the Primer... Thank You
--Chard
** can = I meant cant
Nice video. Definitely need to work on my video editing/presenting( maybe my beer intake should drop before/during the recording ;) ). Looking at using dyne-bolic instead of trying to get ubuntu updates to play nicely with my from source ffmpeg. Glad you got it worked out. Looking forward to the python4hackers primer. Good job on sticking with it until the end. Something that is interesting to cover is threaded ssl socket server/client. Just a thought. Packet injection/mangling with raw/pcap/scapy is also interesting. Again, good job.
Thanks again Andrew!
I really hoped that we will receive some input from you :)!
Please let me know if you have a nice (and solid) video recording+editing solution running on Ubuntu... I played around a bit and gave up (switched to my mac).
I tink I will continue to record on the mac... but do the editing on my main machine (6 cores, 8 Gig of RAM, SSD) because my mac is really on it's limits while converting :(!
I will talk to my brother today about all your (very good) ideas!
btw: some beer-intake is sometimes really helpful (as I explained in the video) ;P
@Patrick - the problem I have with video editing on ubuntu is a versioning issue. I want to use h264 as the video stream. Every update relating to ffmpeg breaks it and I have to recompile and install ffmpeg(or I could stop being lazy and debianize it with a full load of options). dyne-bolic is a live-cd distro that comes with lots of media options and cinelarra out of the box. haven't checked on h264 encoding yet, but it might be just what the doctor ordered. If you're using gtk-record mencoder handles the ogv streams/swscaler/etc better than ffmpeg. ffmpeg with the x11cap driver is a REALLY nice solution if you get sound recording sorted out for your particular setup. A lot of people shy away from ffmpeg recording due to the fluid nature(audio parameters are different from box to box) of audio devices.
Well done, Patrick!
Thanks for the video, now that I watched it again after having had some sleep I think I can follow your thought process better ... ;-)
Keep up the good work :-).
Thanks for the announcement, too!!! I'm sure the Python primers will be excellent and making them will require a lot of HYPER-RELAXED cooperation :-)
thumbs up on this presentation. taught me a lot. :o)
Thx Andrew! I will try out some of this stuff!
@ranamann: thx :P we should of course try out different relaxing techniques ;)! or we rely on stuff that just works... like beer :D!
@PhaseAmbiguty:
thanks! It's nice to hear that some people learned something from me (and my faults) :)
I really want to thank all of you for the great feedback! When I uploaded the video I was kind of afraid of what could happen if everybody thinks it's trash and so on... :)! I'm really happy about every single comment!!!
PS: trust me, we really work on our primer! suggestions on what you think we should cover are welcome! ;)
Hello all!
Thank you very much Patrick for the great explanation. I will write your python script and try it after posting this comment. I need to learn pyhton syntax before you upload Python Primer lessons and I will be looking forward to it.
Would you please include how to generate IP packets and send it to the wire in the primer ?
Thanks albay!
We have planned to cover packet generation in our Primer.
I had a quick look on the MIT Python video series, to see how and what they are teaching. http://www.securitytube.net/video/610
This series should be brilliant to learn Python!
In your case I would really take the time to get a solid basic knowledge of Python coding! You will profit a lot from that! It will be also easier to follow the important stuff in our upcoming "network focussed Python Primer".
Our Primer will of course require a solid basic knowledge of Python. There is a point where we have to say "OK you should at least know that" to teach you the "advanced stuff".
This should of course not frighten you ;)!
IF YOU ARE WILLING TO LEARN, then you will learn all that stuff!!! Keep motivated! ;)
@Patrick Since I developed applications using Perl, C#, ASP for several years, I am not frighten either :-)
I hope it will not take any longer to learn Python. All I need is time.
I am loving the group work here Patrick! Thanks for keeping the fire burning :) We all eagerly await your python/scapy tutes.
@Patrick: I've already worked my way through about half of the MIT videos so I'll be able to "hit the ground running" when your series starts. I did some C++ quite a while ago and I guess many of the principles are transferrable to Python (as well as other languages).
@Vivek: Thx buddy :)! I really learned to love the community here... and as we have seen in your AWESOME Challenge... it's growing!!! It's nice to see that I'm not the only one who begs for knowledge-input :D! I already learned so much from you... it's time to give something back to the community that was founded by you ;)!
@Ignatius & albay:
1) If you have some programming background it will be easy to understand Python
2) You do not need to be "the Godfather of Python" to follow the Primer.
But as I also said before: The more you know about Python, the more you can focus on the important stuff (and you don't have to think about the syntax or stuff like that).
@all
Because so many people are waiting for it:
We have worked out with what kind of stuff we want to start and are preparing the Presentation and... "the way we want to present the demos". We have decided to merge Scapy into everything from the beginning... (for example we want to avoid the use of external tools like Wireshark as far as it's possible/reasonable) but I don't want to foreclose something ;P !!!
We will upload the the 1st vid within the next week!
Fortunately Vivek's outstanding Wi-Fi Primer continues.. so you have a lot to learn anyway!!! :)