fragmentation
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
fragmentation [2007/02/13 02:15] – Its PRGA, not PRAGA, who the fuck introduced PRAGA all over the wiki?? aspj | fragmentation [2008/09/08 23:07] – Added troubleshooting tip for "Not enough acks, repeating" message darkaudax | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Fragmentation Attack ====== | ====== Fragmentation Attack ====== | ||
+ | |||
+ | |||
+ | |||
===== Description ===== | ===== Description ===== | ||
- | This attack, when successful, can obtain 1500 bits of PRGA (pseudo random | + | This attack, when successful, can obtain 1500 bytes of PRGA (pseudo random |
+ | |||
+ | Basically, the program obtains a small amount of keying material from the packet then attempts to send ARP and/or LLC packets with known content to the access point (AP). If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet. | ||
- | Basically, the program obains a small amount of keying material from the packet then attempts to send ARP and/or LLC packets with known content to the access point (AP). If the packet is successfully echoed back by the AP then a larger amount | + | The original paper, [[http://darkircop.org/ |
- | The original paper by Andrea Bittau at http:// | ||
===== Usage ===== | ===== Usage ===== | ||
Line 37: | Line 41: | ||
===== Usage Example ===== | ===== Usage Example ===== | ||
- | Notes: | ||
- | *The source MAC address used in the attack must be associated with the access point. | ||
- | *For madwifi-ng drivers (Atheros chipset), you must change MAC address of your card to the MAC address you will injecting with otherwise the attack will not work. | ||
Essentially you start the attack with the following command then select the packet you want to try:\\ | Essentially you start the attack with the following command then select the packet you want to try:\\ | ||
aireplay-ng -5 -b 00: | aireplay-ng -5 -b 00: | ||
+ | | ||
Waiting for a data packet... | Waiting for a data packet... | ||
Read 96 packets... | Read 96 packets... | ||
Line 82: | Line 83: | ||
You have successfully obtained the PRGA which is stored in the file named by the program. | You have successfully obtained the PRGA which is stored in the file named by the program. | ||
+ | |||
+ | ===== Usage Tips ===== | ||
+ | |||
+ | *The source MAC address used in the attack must be associated with the access point. | ||
+ | |||
+ | *For madwifi-ng drivers (Atheros chipset), you must change MAC address of your card to the MAC address you will injecting with otherwise the attack will not work. See this [[faq# | ||
+ | |||
+ | * The fragmentation attack sends out a large number of packets that must all be received by the AP for the attack to be successful. | ||
+ | |||
+ | * The [[tutorial|tutorials page]] have a number of tutorials which utilize the fragmentation attack. | ||
+ | |||
+ | * When to say no to a packet? | ||
+ | |||
+ | |||
+ | |||
+ | ===== Usage Troubleshooting ===== | ||
+ | |||
+ | ==== General ===== | ||
+ | |||
+ | * Make sure your card can successfully inject. | ||
+ | * Make sure the MAC you are using for injection is associated with the AP. | ||
+ | * Make sure you are on the same channel as the AP. | ||
+ | * Also see the general aireplay-ng troubleshooting ideas: [[aireplay-ng# | ||
+ | |||
+ | Although not a direct troubleshooting tip for the fragmentation attack, if you are unable to get the attack to work, there are some alternate attacks you should consider: | ||
+ | |||
+ | * [[korek_chopchop|Korek chopchop Attack]]: This is an alternate technique to obtain PRGA for building packets for subsequent injection. | ||
+ | * [[interactive_packet_replay# | ||
+ | |||
+ | |||
+ | ==== "Not enough acks, repeating" | ||
+ | |||
+ | If you receive a message similar to: | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | Possible reasons are: | ||
+ | |||
+ | * Too close or too far from the Access Point | ||
+ | * The driver is problematic. | ||
fragmentation.txt · Last modified: 2009/09/05 23:32 by mister_x