User Tools

Site Tools


easside-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
easside-ng [2007/09/02 20:18]
darkaudax added new section regarding test setup
easside-ng [2013/03/19 18:21] (current)
jano Added link to the new page created of Besside-ng
Line 1: Line 1:
 ====== Easside-ng ====== ====== Easside-ng ======
- 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
- 
-This functionality will be available in a future release. It is NOT available currently. 
- 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
-++++++ IMPORTANT ++++++\\ 
- 
  
 ===== Description ===== ===== Description =====
Line 16: Line 5:
 Easside-ng is an auto-magic tool which allows you to communicate via an WEP-encrypted access point (AP) without knowing the WEP key.  It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme and then setup a TAP interface so that you can communicate with the AP without requiring the WEP key.  All this is done without your intervention. Easside-ng is an auto-magic tool which allows you to communicate via an WEP-encrypted access point (AP) without knowing the WEP key.  It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme and then setup a TAP interface so that you can communicate with the AP without requiring the WEP key.  All this is done without your intervention.
  
-There are two primary papers "The Fragmentation Attack in Practice" ​ by Andrea Bittau and "The Final Nail in WEP's Coffin"​ by Andrea Bittau, Mark Handley and Josua Lockey which are of interest. ​ See the the [[http://​aircrack-ng.org/​doku.php?​id=links|links page]] for these papers and more.  The papers referenced provide excellent background information if you would like to understand the underlying methodologies. ​ The concepts for the fragment attack currently incorporated in aircrack-ng came from these papers.+There are two primary papers "The Fragmentation Attack in Practice" ​ by Andrea Bittau and "The Final Nail in WEP's Coffin"​ by Andrea Bittau, Mark Handley and Josua Lockey which are of interest. ​ See the the [[links|links page]] for these papers and more.  The papers referenced provide excellent background information if you would like to understand the underlying methodologies. ​ The concepts for the fragment attack currently incorporated in aircrack-ng came from these papers.
  
-In order to access the wireless network without knowing the WEP key is done by having ​the AP itself decrypt the packets. ​ This is achieved having a "​buddy"​ process running on a server accessible on the Internet.  ​This "​buddy"​ server echoes back the decrypted packets to the system running easside-ng. ​ This imposes a number of critical requirements for easside-ng to work:+In order to access the wireless network without knowing the WEP key, we have the AP itself decrypt the packets. ​ This is achieved ​by having a "​buddy"​ process running on a server accessible on the Internet.  ​The "​buddy"​ server echoes back the decrypted packets to the system running easside-ng. ​ This imposes a number of critical requirements for easside-ng to work:
  
   * The target access point must be able to communicate with the Internet.   * The target access point must be able to communicate with the Internet.
Line 39: Line 28:
   - Once a network is found, it tries to authenticate.   - Once a network is found, it tries to authenticate.
   - Once the program has successfully authenticated then it associates with the AP.   - Once the program has successfully authenticated then it associates with the AP.
-  - After sniffing a single data packet, it proceeds to discover at least 1504 bytes of PRGA by sending out larger broadcasts and intercepting the relayed packets. ​ This is what is known as the fragmentation attack. ​ The PRGA is written to the prga.log file. +  - After sniffing a single data packet, it proceeds to discover at least 1504 bytes of PRGA by sending out larger broadcasts and intercepting the relayed packets. ​ This technique ​is known as the fragmentation attack. ​ The PRGA is written to the prga.log file. 
-  - It then decrypts the IP network by guessing the next three bytes of PRGA using multicast frames and the linear keystream expansion technique. ​ By decrypting the ARP request, the network number scheme can be determined. ​ This is used to build the ARP request which is used for subsequent injection. ​ Easside-ng can also use an IP packet to determine the IP network as well, it just takes a bit longer.+  - It then decrypts the IP network by guessing the next four bytes of PRGA using multicast frames and the linear keystream expansion technique. ​ By decrypting the ARP request, the network number scheme can be determined. ​ This is used to build the ARP request which is used for subsequent injection. ​ Easside-ng can also use an IP packet to determine the IP network as well, it just takes a bit longer.
   - It creates a permanent TCP connection with the "​buddy"​ server and verifies connectivity.   - It creates a permanent TCP connection with the "​buddy"​ server and verifies connectivity.
   - ARPs to get the MAC addresses for the router and source IP.  The defaults are .1 for the router and .123 for the client IP.   - ARPs to get the MAC addresses for the router and source IP.  The defaults are .1 for the router and .123 for the client IP.
Line 84: Line 73:
   * Easside-ng constantly listens to the packets being transmitted by the AP.  It then processes packets addressed to the TAP IP based on the MAC address or broadcasts.   * Easside-ng constantly listens to the packets being transmitted by the AP.  It then processes packets addressed to the TAP IP based on the MAC address or broadcasts.
   * For each packet it needs to process, the packet must first be decrypted. ​ This will be done in multiple steps. ​ The steps follow.   * For each packet it needs to process, the packet must first be decrypted. ​ This will be done in multiple steps. ​ The steps follow.
-  * Easside-ng creates a new packets composed of two fragments. ​ The first fragment has no data, it simply has the destination IP of the buddy-server. ​ This fragment is encrypted using the PRGA (keystream). ​ The second fragment contains the packet to be decrypted. ​ Since this packet is already encrypted, it is used "as is"​. ​ This new packet ​consistently ​of two fragments is then injected into the wifi network.+  * Easside-ng creates a new packets composed of two fragments. ​ The first fragment has no data, it simply has the destination IP of the buddy-server. ​ This fragment is encrypted using the PRGA (keystream). ​ The second fragment contains the packet to be decrypted. ​ Since this packet is already encrypted, it is used "as is"​. ​ This new packet ​consisting ​of two fragments is then injected into the wifi network.
   * The AP receives the fragmented packet, decrypts each fragment and reassembles the fragments into a single packet. ​ Since the destination IP of the reassembled packet is the buddy-server,​ it forwards it to the buddy server. ​ You should note that the AP was kind enough to decrypt the packet for you!   * The AP receives the fragmented packet, decrypts each fragment and reassembles the fragments into a single packet. ​ Since the destination IP of the reassembled packet is the buddy-server,​ it forwards it to the buddy server. ​ You should note that the AP was kind enough to decrypt the packet for you!
   *  The buddy server receives the decrypted packet from the AP by UDP.  It then resends the decrypted information back to easside-ng.   *  The buddy server receives the decrypted packet from the AP by UDP.  It then resends the decrypted information back to easside-ng.
Line 97: Line 86:
 Basically, the program obtains a small amount of keying material from the packet then attempts to send packets with known content to the access point (AP).  If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet. ​ This cycle is repeated several times until 1504 bytes of PRGA are obtained. Basically, the program obtains a small amount of keying material from the packet then attempts to send packets with known content to the access point (AP).  If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet. ​ This cycle is repeated several times until 1504 bytes of PRGA are obtained.
  
-The original paper, [[http://​darkircop.org/​bittau-wep.pdf|The Fragmentation Attack in Practice]], by Andrea Bittau provides a much more detailed technical description of the technique. ​ A local copy is located [[http://wiki-files.aircrack-ng.org/​doc/​Fragmentation-Attack-in-Practice.pdf|here]].  Here are [[http://​darkircop.org/​frag.pdf|presentation slides]] of a related paper.  A local copy of the slides is located [[http://wiki-files.aircrack-ng.org/​doc/​Final-Nail-in-WEPs-Coffin.slides.pdf|here]]. ​ Also see the paper "The Final Nail in WEP's Coffin"​ on this page.+The original paper, [[http://​darkircop.org/​bittau-wep.pdf|The Fragmentation Attack in Practice]], by Andrea Bittau provides a much more detailed technical description of the technique. ​ A local copy is located [[http://download.aircrack-ng.org/wiki-files/​doc/​Fragmentation-Attack-in-Practice.pdf|here]]. ​ A local copy of the presentation ​slides is located [[http://download.aircrack-ng.org/wiki-files/​doc/​Final-Nail-in-WEPs-Coffin.slides.pdf|here]]. ​ Also see the paper "The Final Nail in WEP's Coffin"​ on this page.
  
 ==== Linear Keystream Expansion Technique ==== ==== Linear Keystream Expansion Technique ====
Line 105: Line 94:
 So you may also be asking "What is the linear keystream expansion technique?"​. ​ The foundation is the fact that packets like an encrypted ARP request can easily be identified combined with the fact that the start of it has known plain text. So you may also be asking "What is the linear keystream expansion technique?"​. ​ The foundation is the fact that packets like an encrypted ARP request can easily be identified combined with the fact that the start of it has known plain text.
  
-The program first obtains the PRGA from known plain text portion of the ARP request. Then it creates a new ARP request packet broken into two fragments. ​ The first fragment is one more byte then the know PRGA and the PRGA is guessed for the extra byte.  These guesses are sent and the program listens to see which one is replayed by the AP.  The replayed packet has the correct PRGA and this value was included in the destination multicast address. ​ Now that we know the correct PRGA, one more byte can be decrypted in the original ARP request. ​ This process is repeated until the sending IP in the original ARP request is decrypted. ​ It takes a maximum of 256 guesses to determine the correct PRGA for a particular byte and on average only 128 guesses.+The program first obtains the PRGA from known plain text portion of the ARP request. Then it creates a new ARP request packet broken into two fragments. ​ The first fragment is one more byte than the known PRGA and the PRGA is guessed for the extra byte.  These guesses are sent and the program listens to see which one is replayed by the AP.  The replayed packet has the correct PRGA and this value was included in the destination multicast address. ​ Now that we know the correct PRGA, one more byte can be decrypted in the original ARP request. ​ This process is repeated until the sending IP in the original ARP request is decrypted. ​ It takes a maximum of 256 guesses to determine the correct PRGA for a particular byte and on average only 128 guesses.
  
 The linear keystream expansion technique (Arbaugh inductive) is reverse ​ The linear keystream expansion technique (Arbaugh inductive) is reverse ​
Line 133: Line 122:
   * easside-ng was private and came a year before PTW.   * easside-ng was private and came a year before PTW.
   * easside-ng is handy for a quick and stealthy attack. ​ It is significantly faster than PTW.  It's "​instant"​ and requires no flooding.   * easside-ng is handy for a quick and stealthy attack. ​ It is significantly faster than PTW.  It's "​instant"​ and requires no flooding.
 +
  
 ===== Usage ===== ===== Usage =====
  
  
-Usage: easside-ng <arg[v0]+Usage: easside-ng <args>
  
 Where: Where:
  
   * -h              Displays the list of options.   * -h              Displays the list of options.
-  * -v              MAC address of the Acess Point (Optional)+  * -v              MAC address of the Access ​Point (Optional)
   * -m             ​Source MAC address to be used (Optional)   * -m             ​Source MAC address to be used (Optional)
   * -i                Source IP address to be used on the wireless LAN.  Defaults to the decoded network plus "​.123"​ (Optional)   * -i                Source IP address to be used on the wireless LAN.  Defaults to the decoded network plus "​.123"​ (Optional)
Line 149: Line 139:
   * -f                Wireless interface name. (Mandatory)   * -f                Wireless interface name. (Mandatory)
   * -c               Locks the card to the specified channel (Optional)   * -c               Locks the card to the specified channel (Optional)
-  * [v0]            Current version number. ​ Informational only. 
  
  
Line 156: Line 145:
 NOTE: There are no parameters for buddy-ng. ​ Once invoked, it listens on TCP port 6969 and UDP port 6969.  TCP is used for the permanent connection between esside-ng and buddy-ng. ​ UDP is used to receive decrypted packets from the AP. NOTE: There are no parameters for buddy-ng. ​ Once invoked, it listens on TCP port 6969 and UDP port 6969.  TCP is used for the permanent connection between esside-ng and buddy-ng. ​ UDP is used to receive decrypted packets from the AP.
  
- +When you run easside-ng, it creates a file automatically in the current directory:
- +
-When you run easside-ng, it creates a file automatically in the current directory ​when run the program:+
  
   * prga.log - Contains the PRGA obtained through the fragmentation attack. ​ The following is NOT correct. ​ It is a future feature: "This can be used as input to other aircrack-ng suite tools which require PRGA as input. ​ You can also use the PRGA from other tools for this file."   * prga.log - Contains the PRGA obtained through the fragmentation attack. ​ The following is NOT correct. ​ It is a future feature: "This can be used as input to other aircrack-ng suite tools which require PRGA as input. ​ You can also use the PRGA from other tools for this file."
Line 198: Line 185:
 Where: Where:
  
-  * -f ath0                                This is the wireless ​interface name. +  * -f ath0                  ​Wireless ​interface name. 
-  * -v 00:​14:​6C:​7E:​40:​80 ​    The is the MAC address of the AP. +  * -v 00:​14:​6C:​7E:​40:​80 ​    MAC address of the AP. 
-  *  -c 9                                    This is the channel ​the AP is on. +  *  -c 9                    ​Channel ​the AP is on. 
-  *  -s 10.116.23.144 ​           This is the buddy server IP.+  *  -s 10.116.23.144 ​       ​Buddy ​server IP.
  
 The system responds: The system responds:
Line 245: Line 232:
    ​ifconfig at0 up    ​ifconfig at0 up
  
-Now you can send and receive packets to and from the AP network which in this case is 192.168.1.0/​24 via the at0 inteface.  Notice that you don't need a WEP key to do this!  The TAP interface is a virtual interface that acts as if it were the wifi interface with the correct WEP key configured. ​ You can assign an IP, use DHCP with it and so on.  By default, the at0 interface is assigned the network obtained at the start plus "​.123"​.+Now you can send and receive packets to and from the AP network which in this case is 192.168.1.0/​24 via the at0 interface.  Notice that you don't need a WEP key to do this!  The TAP interface is a virtual interface that acts as if it were the wifi interface with the correct WEP key configured. ​ You can assign an IP, use DHCP with it and so on.  By default, the at0 interface is assigned the network obtained at the start plus "​.123"​.
  
  
Line 261: Line 248:
 First run easside-ng to obtain the prga file.  Then run wesside-ng to flood the network and obtain the WEP key.  It is really that simple! First run easside-ng to obtain the prga file.  Then run wesside-ng to flood the network and obtain the WEP key.  It is really that simple!
  
-Playfully, this is known as "besside-ng".+Playfully, this is known as [[besside-ng|Besside-ng]].
  
 ==== Demonstrating Insecurity! ==== ==== Demonstrating Insecurity! ====
Line 289: Line 276:
  
   * It is running on Internet with a routeable IP address   * It is running on Internet with a routeable IP address
-  * It is accessable ​by both the system running easside-ng and the wireless LAN+  * It is accessible ​by both the system running easside-ng and the wireless LAN
   * Inbound and outbound UDP and TCP port 6969 is permitted.   * Inbound and outbound UDP and TCP port 6969 is permitted.
  
Line 326: Line 313:
  
 The ideal situation is to have the buddy-ng server running on a separate system someplace on the Internet. ​ Then have a second system with easside-ng running with a routeable IP address. The ideal situation is to have the buddy-ng server running on a separate system someplace on the Internet. ​ Then have a second system with easside-ng running with a routeable IP address.
 +
 +
 +===== Tap interface under Windows =====
 +
 +To obtain a tap interface in a MS Windows environment,​ install OpenVPN.
  
  
 ===== Usage Troubleshooting ===== ===== Usage Troubleshooting =====
  
-Make sure your card is in monitor mode.+  * Make sure your card is in monitor mode.
  
-Make sure your card can inject by testing it with the [[injection_test|aireplay-ng injection test]]. ​ Also specifically ensure you can communicate with the AP in question.+  * Make sure your card can inject by testing it with the [[injection_test|aireplay-ng injection test]]. ​ Also specifically ensure you can communicate with the AP in question.
  
-Make sure your card supports the fragmentation attack. ​ Again, this can be confirmed with the aireplay-ng injection test.+  * Make sure your card supports the fragmentation attack. ​ Again, this can be confirmed with the aireplay-ng injection test.
  
-Make sure to delete prga.log if you are changing access points or if you want to restart cleanly. ​ In general, if you have problems, it is a good idea to delete it.+  * Make sure to delete ​**prga.log** if you are changing access points or if you want to restart cleanly. ​ In general, if you have problems, it is a good idea to delete it.
  
-There are a few known limitations:​ +  * There are a few known limitations:​ 
-  * Only open authentication is support. ​ Shared key authentication is not supported. +    * Only open authentication is support. ​ Shared key authentication is not supported. 
-  * Only B and G networks are supported.+    * Only B and G networks are supported.
  
easside-ng.1188757133.txt.gz · Last modified: 2007/09/02 20:18 by darkaudax