User Tools

Site Tools


airdecloak-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
airdecloak-ng [2008/12/27 00:04] – aircrack-ng.exe -> aircrack-ng mister_xairdecloak-ng [2009/09/26 22:01] – Fixed typos darkaudax
Line 197: Line 197:
 === Timing === === Timing ===
  
-The time needed to receive a cloaked frame could be analysed; compared to its uncloaked equivalent since the sensor receive the real frame then forge a wep cloaked frame with the informations of the real one.+The time needed to receive a cloaked frame could be analyzed; compared to its uncloaked equivalent since the sensor receives the real frame then forge a wep cloaked frame with the informations of the real one.
  
 For this, 2 packets are needed (one real and one cloaked) and we have to make sure the "cloaking" status of both packets is accurate (and that the cloaked packet is forged against the real one we have). For this, 2 packets are needed (one real and one cloaked) and we have to make sure the "cloaking" status of both packets is accurate (and that the cloaked packet is forged against the real one we have).
Line 227: Line 227:
 {{http://www.aircrack-ng.org/wep_cloaking/low_traffic.jpg}} {{http://www.aircrack-ng.org/wep_cloaking/low_traffic.jpg}}
  
-There'a few possibilites to filter out the cloaked packet for 7509/7510:+There are a few possibilities to filter out the cloaked packet for 7509/7510:
 - both packets can be discarded since they have the same sequence number. - both packets can be discarded since they have the same sequence number.
 - use signal/timing to find the cloaked packet. - use signal/timing to find the cloaked packet.
  
  
-For packet 7538/7539, it will be easier, it's easy to find out which one is cloaked, a beacon has the same sequence number as packet 7539; 7539 is cloaked:+For packet 7538/7539, it will be easier, it's easy to find out which one is cloaked, a beacon has the same sequence numbers as packet 7539; 7539 is cloaked:
  
  
Line 247: Line 247:
  
 ... so other ways have to be used. Beacon will still be used but in another way: since 1319 is a valid sequence number, the previous (1318) and the next (1320) sequence numbers of valid packets are known. It's getting more complicated, these sequence number are both used more than once ;) \\ ... so other ways have to be used. Beacon will still be used but in another way: since 1319 is a valid sequence number, the previous (1318) and the next (1320) sequence numbers of valid packets are known. It's getting more complicated, these sequence number are both used more than once ;) \\
-Since it is known that wep cloaking copy the attributes (including frame size) of its equivalent real frame, wep cloaked packets can be easily found:+Since it is known that wep cloaking copies the attributes (including frame size) of its equivalent real frame, wep cloaked packets can be easily found:
  
 ^Position^Uncloaked^Cloaked^Frame size^Reason| ^Position^Uncloaked^Cloaked^Frame size^Reason|
Line 317: Line 317:
 Remove all duplicate sequence numbers for both the AP and the client (that are close to each other). Remove all duplicate sequence numbers for both the AP and the client (that are close to each other).
  
-Basically it apply ''duplicate_sn_ap'' and ''duplicate_sn_client'' filters+Basically it applies ''duplicate_sn_ap'' and ''duplicate_sn_client'' filters
  
 == consecutive_sn == == consecutive_sn ==
Line 363: Line 363:
 ===== Thanks ===== ===== Thanks =====
  
-Thanks to Alex Hernandez aka alt3kx from [[http://sybsecurity.com|sybsecurity.com]] for the hardware+Thanks to Alex Hernandez aka alt3kx from [[http://sybsecurity.com|sybsecurity.com]] for the hardware.
airdecloak-ng.txt · Last modified: 2023/01/17 09:58 by gemesa