wifi

472 Articles

ToorCon 9: Retrieving WEP Keys From Road Warriors

October 23, 2007 by No comments


[Vivek Ramachandran]’s Cafe Latte attack was one of the last talks we caught at ToorCon. I’ve found quite a few articles about it, but none really get it right. It’s fairly simple and deals with cracking WEP keys from unassociated laptops. First your WEP honeypot tells the client that it has successfully associated. The next thing the client does is broadcast a WEP encrypted ARP packet. By flipping the bits in the ARP packet you can replay the WEP packet and it will appear to the client to be coming from an IP MAC combo of another host on the network. All of the replies will have unique IVs and once you get ~60K you can crack it using PTW. The bit flipping is the same technique used in the fragmentation attack we covered earlier, but Cafe Latte requires generation of far fewer packets. You can read about the Cafe Latte attack on AirTight Networks.

SIP For The SMC WSKP100

July 31, 2007 by 2 Comments


[sprite_tm] made my morning by sending in his latest work. After opening up his new SMC WSKP100 (Skype wifi phone) to identify the hardware differences, he managed to shrink a flash image from the SMCWSP100 to fit on his new toy. Then he spent some time hacking the kernel from the former to work on his phone. The result? A SIP operational phone that’ll connect to his asterix server at half the price of SMC’s official SIP phone.

WiCrawl – Next-gen WiFi Auditor

October 15, 2006 by 24 Comments


At ToorCon, our friends at Midnight Research Labs released a new automated WiFi auditing tool called WiCrawl. WiCrawl automatically scans for accesspoints. Once an AP is discovered a number of plugins can be run against it ranging from getting an IP to breaking encryption. Aaron Peterson’s talk and demo is 50mins. You can download the 640×480 170MB .mov version here. The tool is going to be included in the next BackTrack CD.