User Tools

Site Tools


tkiptun-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
tkiptun-ng [2009/06/01 18:18]
mister_x updated forum link
tkiptun-ng [2009/09/27 16:01] (current)
darkaudax Updated to reflect v1.0
Line 3: Line 3:
 ===== Description ===== ===== Description =====
  
-NOTE: This documention ​is still under development. ​ Please check back on a regular basis to obtain the latest updates. ​ If you have any feedback on the documentation,​ please post your comments to the [[http://​forum.aircrack-ng.org|Forum]].+NOTE: This documentation ​is still under development. ​ Please check back on a regular basis to obtain the latest updates. ​ If you have any feedback on the documentation,​ please post your comments to the [[http://​forum.aircrack-ng.org|Forum]].
  
-**IMPORTANT NOTE:** The tkiptun-ng ​SVN version ​is not fully working. ​ The final attack phase is not yet implemented. ​ The other portions are working with the ieee80211 drivers for RT73 and RTL8187L chipsets. ​ The madwifi-ng driver is definitely broken and is known to completely fail.  tkiptun-ng may work with other drivers but has not been tested so your mileage may vary.+**IMPORTANT NOTE:** The tkiptun-ng ​included in v1.0 is not fully working. ​ The final attack phase is not yet implemented. ​ The other portions are working with the ieee80211 drivers for RT73 and RTL8187L chipsets. ​ The madwifi-ng driver is definitely broken and is known to completely fail.  tkiptun-ng may work with other drivers but has not been tested so your mileage may vary.
  
 Tkiptun-ng is a tool created by Martin Beck aka hirte, a member of aircrack-ng team. This tool is able to inject a few frames into a WPA TKIP network with QoS.  He worked with Erik Tews (who created PTW attack) for a conference in [[http://​pacsec.jp/​|PacSec 2008]]: "Gone in 900 Seconds, Some Crypto Issues with WPA". Tkiptun-ng is a tool created by Martin Beck aka hirte, a member of aircrack-ng team. This tool is able to inject a few frames into a WPA TKIP network with QoS.  He worked with Erik Tews (who created PTW attack) for a conference in [[http://​pacsec.jp/​|PacSec 2008]]: "Gone in 900 Seconds, Some Crypto Issues with WPA".
Line 15: Line 15:
 At this point, tkiptun-ng has recovered the MIC key  and knows a keystram for access point to client communication. ​ Subsequently,​ using the XOR file, you can create new packets and inject them.  The creation and injection are done using the other aircrack-ng suite tools. At this point, tkiptun-ng has recovered the MIC key  and knows a keystram for access point to client communication. ​ Subsequently,​ using the XOR file, you can create new packets and inject them.  The creation and injection are done using the other aircrack-ng suite tools.
  
-Please remember this is an extremely advanced attack. ​ You require ​advanced linux and aircrack-ng skills to use this tool.  DO NOT EXPECT support unless you can demonstrate you have these skills. ​ Novices will NOT BE SUPPORTED.+[[http://​download.aircrack-ng.org/​wiki-files/​doc/​tkip_master.pdf|Cryptanalysis of IEEE 802.11i TKIP]] by Finn Michael Halvorsen and Olav Haugen, June 2009 provides an excellent detailed description of how tkiptun-ng works. ​ As well, their paper includes detailed descriptions of many other attacks against WEP/​WPA/​WPA2. 
 + 
 +Please remember this is an extremely advanced attack. ​ You must possess ​advanced linux and aircrack-ng skills to use this tool.  DO NOT EXPECT support unless you can demonstrate you have these skills. ​ Novices will NOT BE SUPPORTED.
  
  
Line 29: Line 31:
 ===== Specific Requirements ===== ===== Specific Requirements =====
  
-The network card MAC address ​that is used by tkiptun-ng needs to be set to the MAC address of the client you are attacking.+The network card MAC address used by tkiptun-ng needs to be set to the MAC address of the client you are attacking.
  
  
tkiptun-ng.1243873106.txt.gz · Last modified: 2009/06/01 18:18 by mister_x