Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision |
tkiptun-ng [2009/05/03 20:03] – Fixed broken URL darkaudax | tkiptun-ng [2009/09/26 20:41] – Fiex typos darkaudax |
---|
===== Description ===== | ===== Description ===== |
| |
NOTE: This documention is still under development. Please check back on a regular basis to obtain the latest updates. If you have any feedback on the documentation, please post your comments to the [[http://forum.tinyshell.be|Forum]]. | NOTE: This documentation is still under development. Please check back on a regular basis to obtain the latest updates. If you have any feedback on the documentation, please post your comments to the [[http://forum.aircrack-ng.org|Forum]]. |
| |
**IMPORTANT NOTE:** The tkiptun-ng SVN version is not fully working. The final attack phase is not yet implemented. The other portions are working with the ieee80211 drivers for RT73 and RTL8187L chipsets. The madwifi-ng driver is definitely broken and is known to completely fail. tkiptun-ng may work with other drivers but has not been tested so your mileage may vary. | **IMPORTANT NOTE:** The tkiptun-ng SVN version is not fully working. The final attack phase is not yet implemented. The other portions are working with the ieee80211 drivers for RT73 and RTL8187L chipsets. The madwifi-ng driver is definitely broken and is known to completely fail. tkiptun-ng may work with other drivers but has not been tested so your mileage may vary. |
At this point, tkiptun-ng has recovered the MIC key and knows a keystram for access point to client communication. Subsequently, using the XOR file, you can create new packets and inject them. The creation and injection are done using the other aircrack-ng suite tools. | At this point, tkiptun-ng has recovered the MIC key and knows a keystram for access point to client communication. Subsequently, using the XOR file, you can create new packets and inject them. The creation and injection are done using the other aircrack-ng suite tools. |
| |
Please remember this is an extremely advanced attack. You require advanced linux and aircrack-ng skills to use this tool. DO NOT EXPECT support unless you can demonstrate you have these skills. Novices will NOT BE SUPPORTED. | [[http://download.aircrack-ng.org/wiki-files/doc/tkip_master.pdf|Cryptanalysis of IEEE 802.11i TKIP]] by Finn Michael Halvorsen and Olav Haugen, June 2009 provides an excellent detailed description of how tkiptun-ng works. As well, their paper includes detailed descriptions of many other attacks against WEP/WPA/WPA2. |
| |
| Please remember this is an extremely advanced attack. You must possess advanced linux and aircrack-ng skills to use this tool. DO NOT EXPECT support unless you can demonstrate you have these skills. Novices will NOT BE SUPPORTED. |
| |
| |
===== Specific Requirements ===== | ===== Specific Requirements ===== |
| |
The network card MAC address that is used by tkiptun-ng needs to be set to the MAC address of the client you are attacking. | The network card MAC address used by tkiptun-ng needs to be set to the MAC address of the client you are attacking. |
| |
| |