User Tools

Site Tools


korek_chopchop

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
korek_chopchop [2007/03/11 18:16] – Change to standard format and add more detail. darkaudaxkorek_chopchop [2007/07/03 00:13] – fixed typo mister_x
Line 22: Line 22:
  
 ===== Usage Examples ===== ===== Usage Examples =====
 +
  
  
Line 118: Line 119:
    Completed in 21s (2.29 bytes/s)    Completed in 21s (2.29 bytes/s)
  
-Success!  The file "replay_dec-0201-191706.xor" above can then be used in the next step to generate a packet with [[packetforge-ng]] such as an arp packet.  You may also use tcpdump or Wireshark to view the decrpted packet which is stored in replay_dec-0201-191706.cap.+Success!  The file "replay_dec-0201-191706.xor" above can then be used in the next step to generate a packet with [[packetforge-ng]] such as an arp packet.  You may also use tcpdump or Wireshark to view the decrypted packet which is stored in replay_dec-0201-191706.cap.
  
 ==== Generating an ARP packet ==== ==== Generating an ARP packet ====
Line 144: Line 145:
  
       aireplay-ng -2 -r arp.cap ath0       aireplay-ng -2 -r arp.cap ath0
 +
  
  
 ===== Usage Tips ===== ===== Usage Tips =====
  
-Nothing at this time.+When to say no to a packet?  You may ask if there are times when you should say "no" to selecting a specific packet.  Here are some examples of when you might say no: 
 + 
 +  * The packet length was too short and you wanted/needed PRGA longer then the packet length. 
 +  * You were looking to decrypt a packet to/from a specific client and you would wait for   a packet to/from that client MAC address. 
 +  * You may want to purposely pick a short packet.  The reason being that the decryption time is linear to the length of the packet.  IE Small packets take less time. 
 + 
  
  
Line 154: Line 162:
  
 Also see the general aireplay-ng troubleshooting ideas: [[aireplay-ng#usage_troubleshooting|aireplay-ng usage troubleshooting]]. Also see the general aireplay-ng troubleshooting ideas: [[aireplay-ng#usage_troubleshooting|aireplay-ng usage troubleshooting]].
 +
 +Although not a direct troubleshooting tip for the chopchop attack, if you are unable to get the attack to work, there are some alternate attacks you should consider:
 +
 +  * [[fragmentation|Fragmentation Attack]]: This is an alternate technique to obtain PRGA for building packets for subsequent injection.
 +  * [[interactive_packet_replay#other_examples|-p 0841 method]]: This technique allows you to reinject any data packet received from the access point and generate IVs.
  
  
korek_chopchop.txt · Last modified: 2009/06/02 19:24 by mister_x