Description: This is the solution video to Challenge 3: http://www.securitytube.net/video/1884
3a can be solved in 2 ways - rewriting the authentication packet as a data packet and use existing tools on it or create an RC4 encryption / decryption engine and work from either direction. We have the ICV in the packet to verify if the key guess is correct.
3b is more interesting - you can never be sure you have the right solution, but you could make educated guesses. The size of the packet and the destination MAC address suggests that it is most probably an ARP Request packet. Which means we can know the first couple of bytes - LLC header + Part of ARP Header. Now, we can take different keys from the dictionary, take the IV from the truncated data packet and generate short keystreams. We can compare this with the decrypted keystream from the packet (as we know part of the plain text).
The important thing to note that there could always be keystream collisions - in the sense that the same IV with different WEP keys could produce the same keystream unto the Nth byte (N typically small). The larger the N, the lesser the probability that 2 keys with the same IV have the same keystream output till the Nth byte. Anyways, end conclusion - we can never fully be sure which is the key, for the dictionary at our disposal and the first few decrypted bytes, we could make some guesses, but they could be proven wrong if the size of the keystream sample increases.
Enjoy!
Tags: wi-fi security , hacking , challenge , 3 , megaprimer ,
It is an Honor to see my name in your video :)
waiting for your next video!
Nice ! Thanks Vivek.
Nice thorough explanation and VERY valid point on the collision probability(and small search term).
Ha. So I was on the right track with 3a! I would like to see a video using scapy to rewrite it into a data packet. I think I had the packet right but the pwd wasn't in the darkc0de.lst on BT5. I was way off on 3b. I tried to concatenate the packet with an ARP request even though I knew the ICV would be wrong. This was my 1st real experience with scapy and it was a lot of fun even though I didn't have much time to spend on it. I'll be taking my exam next weekend and I'll be able to spend more time on these challenges then.
Glad to see my name in your solution vid! Thanks a lot! Funny that there would have been another solution :D!
@WCNA: We will cover packet building and -manipulation in our Python/Scapy Primer. We will not explain it based on the packets used in this challenge but if you just want to know how to do that... it will be covered anyway in our primers.
quick question....
You say to use scapy to build data packet...That is all well and good, but the auth response does not contain a ICV. ALL valid data packets must have this or the AP will reject it.
So How do you generate the ICV to create a valid data packet..
am I missing someting?
thanxs
drforbin
ok...It appears I was wrong...The auth handshack does contain a ICV and IV. But the question still remains. You can only derive 128 bytes of the keystream from xoring the plaintext challenge with the encrypted challenge. So how do you know what to encode the ICV with for SKA replay attack?
i figured it out ....nevermind