User Tools

Site Tools


easside-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
easside-ng [2008/05/27 17:48]
darkaudax
easside-ng [2009/09/08 01:20]
mister_x removed availability warning (1.0 is released)
Line 1: Line 1:
 ====== Easside-ng ====== ====== Easside-ng ======
- 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
- 
-This functionality will be available in a future release. It is NOT available currently. 
- 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
- 
  
 ===== Description ===== ===== Description =====
Line 16: Line 5:
 Easside-ng is an auto-magic tool which allows you to communicate via an WEP-encrypted access point (AP) without knowing the WEP key.  It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme and then setup a TAP interface so that you can communicate with the AP without requiring the WEP key.  All this is done without your intervention. Easside-ng is an auto-magic tool which allows you to communicate via an WEP-encrypted access point (AP) without knowing the WEP key.  It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme and then setup a TAP interface so that you can communicate with the AP without requiring the WEP key.  All this is done without your intervention.
  
-There are two primary papers "The Fragmentation Attack in Practice"  by Andrea Bittau and "The Final Nail in WEP's Coffin" by Andrea Bittau, Mark Handley and Josua Lockey which are of interest.  See the the [[http://aircrack-ng.org/doku.php?id=links|links page]] for these papers and more.  The papers referenced provide excellent background information if you would like to understand the underlying methodologies.  The concepts for the fragment attack currently incorporated in aircrack-ng came from these papers.+There are two primary papers "The Fragmentation Attack in Practice"  by Andrea Bittau and "The Final Nail in WEP's Coffin" by Andrea Bittau, Mark Handley and Josua Lockey which are of interest.  See the the [[links|links page]] for these papers and more.  The papers referenced provide excellent background information if you would like to understand the underlying methodologies.  The concepts for the fragment attack currently incorporated in aircrack-ng came from these papers.
  
 In order to access the wireless network without knowing the WEP key is done by having the AP itself decrypt the packets.  This is achieved having a "buddy" process running on a server accessible on the Internet.  This "buddy" server echoes back the decrypted packets to the system running easside-ng.  This imposes a number of critical requirements for easside-ng to work: In order to access the wireless network without knowing the WEP key is done by having the AP itself decrypt the packets.  This is achieved having a "buddy" process running on a server accessible on the Internet.  This "buddy" server echoes back the decrypted packets to the system running easside-ng.  This imposes a number of critical requirements for easside-ng to work:
Line 97: Line 86:
 Basically, the program obtains a small amount of keying material from the packet then attempts to send packets with known content to the access point (AP).  If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet.  This cycle is repeated several times until 1504 bytes of PRGA are obtained. Basically, the program obtains a small amount of keying material from the packet then attempts to send packets with known content to the access point (AP).  If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet.  This cycle is repeated several times until 1504 bytes of PRGA are obtained.
  
-The original paper, [[http://darkircop.org/bittau-wep.pdf|The Fragmentation Attack in Practice]], by Andrea Bittau provides a much more detailed technical description of the technique.  A local copy is located [[http://wiki-files.aircrack-ng.org/doc/Fragmentation-Attack-in-Practice.pdf|here]].  Here are [[http://darkircop.org/frag.pdf|presentation slides]] of a related paper.  A local copy of the slides is located [[http://wiki-files.aircrack-ng.org/doc/Final-Nail-in-WEPs-Coffin.slides.pdf|here]].  Also see the paper "The Final Nail in WEP's Coffin" on this page.+The original paper, [[http://darkircop.org/bittau-wep.pdf|The Fragmentation Attack in Practice]], by Andrea Bittau provides a much more detailed technical description of the technique.  A local copy is located [[http://download.aircrack-ng.org/wiki-files/doc/Fragmentation-Attack-in-Practice.pdf|here]].  A local copy of the presentation slides is located [[http://download.aircrack-ng.org/wiki-files/doc/Final-Nail-in-WEPs-Coffin.slides.pdf|here]].  Also see the paper "The Final Nail in WEP's Coffin" on this page.
  
 ==== Linear Keystream Expansion Technique ==== ==== Linear Keystream Expansion Technique ====
easside-ng.txt ยท Last modified: 2013/03/19 18:21 by jano