Description: Welcome to Challenge 3 of the Wi-Fi Megaprimer!
This challenge has 2 parts:
3a. Never Judge a Packet by its Type:
In this challenge the trace file contains a Shared Key Challenge Text and Encrypted Response. You will need to crack the WEP key with just this.
Download the trace file: http://code.securitytube.net/Challenge-3a
3b. Never Send a N00b to a do a Hacker's Job:
In this challenge, you send your N00b apprentice to collect a Wireshark trace. He mistakenly limits the size of the packets and all your get is a truncated encrypted data packet! :( Can you crack the WEP key with just this? Take a shot!
Download the trace file: http://code.securitytube.net/Challenge-3b
All tools / programming platforms required are present on BT4. We don't expect you to scour the web for this :)
Enjoy! Post your comments and your thoughts on this thread! Knowledge increases only by sharing and brainstorming with others.
Tags: wi-fi security , hacking , challenge , 3 , megaprimer ,
Let the games start :)
I expect a great response as always.
@Vito your reaction time was like 2 minuts :)
Just a quick note - all Hints will be posted as comments, so if you are participating, might be a good idea to make a comment. This will ensure that you get the Hints when I post them via email. Else, please keep checking this page from time to time.
Thanks to Fitzroy again for these prizes! :)
YESSSSSSS !!!! thanks vivek.
Will try my best for this one.
When will you be finishing the WPA section Vivek? The challenges are fun and all, but I'd really like to see the rest of the videos on the core subject finished so knowledge is gained before we play games :-)
Thanks Vivek, Good Hunting All!
Im not sure but my first thought for 3a was: Get keysteam form 2 packets and make new packets with that keysteam and then crack the wep. Im not sure if its all possible because im not so good with all the tools and scripting ..
" When will you be finishing the WPA section Vivek? "
Did you watch the video ?
lets try this is my first try
I'll get started tonight a have a few hours i can spare.
@yes m0ei, I did, but Vivek said that in one of the last videos too! I'd just hate to see another unfinished series on security tube because playing games took over, that's all.
Good luck to all. This one looks like a lot of sleepless nights ahead.
Hello all,
Great! Another challenge. I'll give it a try.
Thanks Vivek
Guys as I mentioned in the video, the series will continue. Also, in my opinion all video series will forever remain "ongoing". I can never claim that a topic is "done" as new things keep happening in the field, which I plan to cover.
But I would like to urge you all to take these challenges as seriously as the regular videos, if not more. These test your understanding based on what you have learnt. If you are getting stuck in these challenges or are unable to understand the solutions provided, then you need to revisit the basics once again.
These challenges are not "trick" questions, instead they are designed to test your fundamentals and are to ensure they present corner cases to you, where you will need to think out of the box.
Just learning the basics of Wireless security and a bunch of tool demos will not suffice, if you intend to use this knowledge professionally.
Actually, after hosting the first few challenges I realized that without them testing the viewers and forcing them to challenge themselves, this series is incomplete! So please participate and give sufficient time. This is the reason why now 1 week is allocated to every challenge, so almost everyone should be able to dedicate a couple of hours in the week to this.
All the best!
Hmm for 3a it seem you need to use take the challenge text send by the router then using a dictionary attack encrypt it using the WEP shared key (RC4 XOR algorithm) and compare it to the response sent to the router. Something like this. But the response sent to the router is 8 bytes longer so I'm thinking I forgot something there but my guess its something along those lines.
GL @ all!
according Challenge3a:
am I right with the thought that the challenge text is encrypted by using the public key (shared key) and sent back as response?
if this is the case:
I would say we have to throw the challenge text through a list of "public keys" and compare the result with the data of the response (in the pcap file) until the tried key equals the data in the data of the response.
hopefully I am not to far away from truth with my thought :S ?!
@Acebond maybe because it adds ICV to plain text before XOR and then crypts it? i may be wrong .. but it seems so if you watch basic of wep..
Thanks Vivek - I'm just itching for your clear and concise explanation of the low level workings of WPA.
Looking at this challange perhaps I'm being to simplistic, but 3a the chal/res seems out of order and munged up. Video 4 spoke of challenge sequence being client to AP, AP responds to client. Seems to me the first packet is a response with a status code of 'success', the second seems to be the challenge. My guess is the timestamp and sn have been messed up - but I stress it's a guess.
The trick *may be* finding a way in SCAPY to alter the fields in the packets to rebuild this. TBH looking at the various SCAPY docs it's not the most intuitive thing to use and I'm wondering if some raw changes with a hex editor would be quicker?
lets start the game...
Okay so for 3b open it up in wireshark.
pcap says it was 98 bytes on the wire and we only got 92...we lost six bytes what are they
open another capture and see what a data to broadcast is probably arp(or just think about it)
does this fit with the data section of 36 bytes?
so the capture lopped off the checksum..can't depend on that to tear through it.
maybe checking the format of the decrypted data? what are the chances that multiple
keys will return properly structured arp packets?
so we need to write a tool(aircrack will probably barf on truncated packets) and generating
6 bytes of random data and trying to crack them all would take some large amount of time
that's 281474976710656 packets. maybe we could eliminate some as improbable, but it's
a LOT of packets to try to dictionary crack one at a time and it's a single packet so
algorithm based cracking is out.
looks like dictionary against encrypted section with known format output to me
@Blackmarketeer. If you want low level workings of WPA CWSP covers handshakes and low level stuff pretty adequately(the book is floating around the interwebs)
Challenge-3a Packet 2 does not seem to be an authentication packet. looks like a data packet that has been messed with....
something wrong with the website.
can't download the file.
does anyone after me can download the file?
@andrew - thanks :-)
sorry.. my fault about the website.
the problem is about my network.
i fixed it and lets get back to the game.
@andrew
thanks
fun stuff! im in
i may have had a chance with the first 2 challenges but i think this one is a bit over my head...but i'm gonna follow along to learn how its done...
I only just realised these challenges were happening. I've been learning about WiFi security as part of my MSc course. I think I might have to give this a go =)
@Vivek - I dropped a link on the grad IT students discussion board at the college I am attending. Maybe it will generate some traffic.
I'm in
Great, First challenge, i missed 1st,2nd chalenges, but now im in.
Good Luck guys :)
3b: maybe Fragmentation and Hirte Attack??
for Vivek and Guys.... in backtrack 4 there were three password lists but in backtrack they reduced them to one list which is d0rklist
so does "Backtrack 5" included in "everything you need is in backtrack"
Guys,
Here is something I am very sure about - this will require analysis of the packet and use of a small script. People who are suggesting Hirte/Caffe Latte/Fragmentation are off track. All of these attacks require the presence of one entity which knows the WEP key, either the AP or the Client. In this case, we have neither. Hence all "active" attacks are ruled out.
This is more of a packet analysis, WEP, RC4 and some basic scapy problem. Check Josh's post on using scapy.
Hello, I will try this one
In Part 8 Hacking WLAN Authentication, Vivek explained how the 2 packets can be used for fake authentication.
And that there were some not so well documented other attacks possible...
Based on the information in the 2 packets we should be able to get the WEP Keystream which the client used.
Do we need this WEP Keystream to do the "not so well documented other attacks"?
I'm thinking can we do some brute forcing (script) with the plaintext in packet 1, IV in packet 2 to get the same WEP keystream?
I'll remain silent on "part a" until I do some testing, but I have what I think is working python code for "part b". It decrypts my test packet properly. We'll have to see on the challenge one. Just a note, "part b" seemed harder so I started there.
Not sure if this idea is along the right lines but for Challenge-3b with the short packet i was wondering if we have to rebuild the packet so it is full size that it should be sort of fuzzing in a way, my line of thinking was to use scapy to copy the contents of the packet we have that just filling the rest up with spurious data so the packet is the correct size then run the Crack-1.py script on the packet to get the key... This is just an idea :)
--Chard
@Chard That's a possibility I suppose, but the truncated byte size on part B made generating each individual packet painful. I wrote my own python arc4/wep bruter for part B. We'll see if it works...,
@MamboYoyo :- about what you just said , i found a RC4 algorithim in Python which encrypt a plain text that you type along with the wep key.
so what i have done is , i went back to challenge one , after that i gace the algorithim the challenge text with the key which was tudes , but unfortunately i failed ; because when i compared the data that the client encrypted and sent it back to AP with my result , it was not the same
gace=gave ** ;)
@ahmadqdemat Thanks for checking that!
Did you also append the IV from the client in you script?
I'm in as well :)
actually i'm not sure of the append process if it's correct or not.
I'm viewing the RC4 video's maybe this will give me more insight in challenge-3a.
Would you need to rebuild the whole packet in 3b? Given you want the key, which comes first, could you not just recalculate the crc-32 for the 'short' packet? It's only the key you want after all, not the actual data :-)
@Blackmarketeer, I already went too far down this road to stop now. You approach may work, but I already put in the legwork on the other...
@Vivek btw I didn't think I was ever going to stop laughing at n00b apprentice.
mmm damn it's a hard challenge.
I'm expecting some tips from Vivek tomorrow.
Can anyone enlighten me as to why the challenge is 128 bytes and the encrypted response is 136 bytes? i know its not the WEP ICV and its not the FCS, so what could it be?
I started with me...give me time and i'll get there. Vivek usually posts clues over time and this one is due to run for a week. Plz don't get ancy. You got a couple of HUGE hints on b from Blackmarketeer and myself.
sorry me == b
i thought i was on to something on Challenge-3a..because the first packet was a successful authentication packet i assumed that the next one was an actual data packet that was made to look like an authentication packet... so i used a hex editor to change the bits in the packet from B0 to 08 and opened it back in wireshark and now it shows as a data packet. Then i gave the first Crack-1.py a shot at it with both a 5 character and a 13 character key. So..having said all that...it didn't work..hehe. So i'm no farther ahead than when i started.
I also took a look at Challenge-3b and again, me being a newbie to all this, I had questions. Looking at that single packet i noticed that the data packet is only missing a piece of the ICV and the entire frame check bits. With that in mind that would mean that the Crack-1.py should be able to decrypt it? or does the packet actually have to have the ICV and the frame check in order to decrypt. May be a simple question but hey i'm learning...hehe
either way...i'm having fun with these challenges and i'm just going to be Dr. Watson asking all the obvious questions to you guys..hehe
What about replaying the pcap file and recapturing the data in wireshark? Just a thought
Tim
Can anyone confirm that the keys are in the darkc0de wordlist on BT5?
I thought kind of similar to Zero... and tried to manipulate the 2nd packet... but no success till now :(
however, it's funny to play around with scapy... you can manipulate a package "by hand" in just a few seconds:
# open a pcap file
challenge = rdpcap("filename")
# show the content of one packet
challenge3[n] # where you can see n as the count of the package
# you can simply change attributes of a package (/object)
packets[0].addr1 = "ff:ff:ff:ff:ff:ff"
# and write everything to a new file
wrpcap("filename.pcap", challenge3, linktype=None)
...don't know if it will be helpful or not in this challenge but nice2know at least from my point of view!
just think about the possibilities :D you can script your own networking-tools in a few minutes!
nice games, but I want a really newbie challenge for me. Im not getting something straight. Is there anybody here that wants to group up and learn together? ? I would def join, I need help from somebody that learned faster... peers help peers please!
+GOOD JOB on the videos!!
I hope i get to play in this one. Missed the last two timelines cause of work commitments. Still had a go after the fact though!! Maybe i will get some time this weekend...
Well, Well, Well my friends! Hope you all had a good night's sleep (chuckle chuckle :) )! I feel like one of those reality show hosts who comes back the next day to the mansion :)
So, the next hint is …. there are no hints :) Its too early in the game right now. Good news, I have received no submissions for even one of the challenges 3a or 3b yet.
Actually, 3a is quite simple and 3b just requires some basic understand of WEP (which we have discussed in-depth) along with some simple scripting in python/perl/ruby/whatever :)
@WCNA I have not had a look at BT5 yet but I am sure they would have imported all the old lists as well. In the worst case, if your dictionary fails (if it is required in the first place) then you could just import the older BT4 ones.
@Andrew haha! I was merely referring to the "new joinee" security consultants in any organization :) The worst experience I have had is someone calling me up at night saying Aircrack-ng and other tools are not working! and the client has some uber-WIDS!!! Finally, I figured he had forgotten to create a monitor mode interface :) and hence all tools were failing :)
Enjoy my friends! I am off to creating WPA vids today
As for the 3b section I was wondering if anyone has tried to recreate the situation? The original should be a wep packet like any other that just got truncated right? So why not create your own wep packet with known values, truncate it EXACTLY as shown in the video(I think thats why it was shown in the first place) and then find out whats missing from your known packet to the truncated packet. I would imagine wireshark's truncation is nothing extremely complicated so however it messes up the packet I can see happening to the challenge one as well. Then work your way to 'crack' your custom truncated packet and you would know the process to crack the challenge one.
I should probably just check this myself but meh, Ive never been inclined towards challenges of any sort, just thought that the first thing that came to mind might be worth a shot for someone else that wants the $50 more than I do.
bt5, on your video about mdk3 or w.e I had to do something a little diffrenet. can you always use the latest and greatest os. bt5 i think is a little diffrent and thats what im running. im sure everybody would like something new so update the os!!! lol ima stalk you vivek!!!!
Still my thought for 3a is first get keysteam: challenge text XOR crypted anwser = keysteam . Length issue is that they add ICV to first text before XOR with keysteam. So i think we can make new packets with packetforge-ng when got keysteam... and then crack it .. correct me if any my thougth is wrong.. Rigth now stopping trying my theory is my low scripting skills .
@BrainiacBug if you got the keystream everything will be obvious since keystream=rc4(IV+WEP) with reverse rc4 implementation on the keystream you can remove the IV from the result and the WEP key will appear
@BrainiacBug but you should add CRC32 to the challenge text first as i think
what i have done till now :-
i brought the Challenge-1 pcap file then i deleted the data packet from it , after that i passed it to Crack1.py it didn't crack it , so i made a duplication for the authentication packet that sent from the Iphone to AP then modify the type to be data packet , after that i passed it to crack1.py the result was CRACKED!
i did this with 3a pcap file but i never got it cracked using the darkc0de.lst in backtrack 5
@ahmadqdemat i did the same thing by changing the bit in the packet so it was a data packet and ran Crack1.py. What i noticed after it didn't work was if i ran airdecap on Challenge-1 with a random WEP key it showed 1 WEP packet in the results...with the modified Challenge-3a cap and airdecap with random WEP key it showed 0 WEP packets in the results. So airdecap didn't even see that data packet as a WEP packet. What i did after that was compared the flags from the Challenge1 data packet and the Challenge3a data packet and made them the same. Airdecap then saw the Challenge3a data packet as a WEP packet...but still no success with Crack1.py
Many of you are very close but I guess you quit in the last minute :) Sometimes believing in your ideas till the end pays off.
Cummon, I need at least someone to send me the key to 3a! Its very easy. 3b may involve some work. :)
All the best! Where are Dagis and Tohaz? You guys are keeping all your techniques to yourself this time! We need more people to post what they are doing! I can assure you the more ideas the better!
Eagerly awaiting my first key for 3a !
here's where I am with 3b...I may be REALLY off track, but I'm still convinced it's an arp packet. code:
#!/usr/bin/env python
# Note: does generate false positives.
# Simple bruting program
# aking1012.com@gmail.com - Andrew King
# for a while i had my doubts, but i really do prefer python...
import sys
def checkformat(decrypted):
'''we can probably assume hw type is ethernet, we can also probably assume proto ip
so the idea is to check data package for 4 bytes of 00010800 in hex
'''
print toHex(decrypted)
# if ((decrypted[8]=="\x00") and (decrypted[9]=="\x01") and (decrypted[10]=="\x08") and (decrypted[11]=="\x00")):
if (decrypted.find("\x00\x01\x08\x00") != None):
return 1
return 0
def makekeystream(iv, dictfile, data):
found = 0
solution = ''
with open(dictfile) as f:
for dictword in f.readlines():
dictword = dictword.rstrip()
# hexKey = binascii.hexlify(dictword)
hexKey = toHex(dictword)
if len(dictword) > 5:
continue
if len(dictword) < 5:
continue
print "Trying key: " + dictword
while len(hexKey) < 5:
hexKey = hexKey + "\x00"
print hexKey
# print iv
# print hexKey
# hexKey = "\x01\x48\x42\xd4\x80\xb5\x71\x49\x5a\x4a\x03\x63\x79"
# lucky number 13, it worked for my 128-bit wep with known pass
# so far it's 64-bit WEP with a 5 character passphrase...
#
# print binascii.hexlify(md5)
key = iv + hexKey
# print toHex(key)
import Crypto.Cipher.ARC4 as ARC4
p = ARC4.new(key)
possible = p.decrypt(data)
found = checkformat(possible)
if found == 1:
solution = solution + dictword + " , "
return solution
def openpcap(pcap):
'''
ivoffset = 90
ivlen = 3
dataoffset = 94
datalen = 36
'''
ivoffset = 88
ivlen = 3
dataoffset = 92
datalen = 36
with open(pcap) as f:
pcapraw = str(f.read())
curroffset = ivoffset
iv = ''
while (curroffset < ivoffset+ivlen):
iv = iv + pcapraw[curroffset]
curroffset = curroffset + 1
data = ''
curroffset = dataoffset
while (curroffset < dataoffset+datalen):
data = data + pcapraw[curroffset]
curroffset = curroffset + 1
return iv, data
def toHex(s):
this = ''
test = bytearray(s)
for byte in test:
temp = hex(int(byte))
try:
garbage = temp[3]
except:
tempa = temp[:-1]
tempb = temp[2]
temp = tempa + '0' + tempb
this = this + temp
this = this.replace('0x','')
this = "0x" + this
return this
def main():
try:
myargs = sys.argv
if not (len(myargs) == 3): raise AssertionError
except:
print "usage is python wireless.py dictfile pcap"
sys.exit(2)
for arg in myargs:
dictfile = myargs[1]
pcap = myargs[2]
iv, data = openpcap(pcap)
ivhex = toHex(iv)
datahex = toHex(data)
print "Using dictfile: " + dictfile
print "Using iv: " + ivhex
print "Using data: " + datahex
keys = makekeystream(iv, dictfile, data)
if keys != '':
keyarray = keys.split(" , ")
with open("output") as f:
f.write(keyarray)
for key in keyarray:
print toHex(key).lstrip('0x')
else:
print "Ruh Roh?!? No keys found....o.O"
if __name__ == "__main__":
main()
@ahmad & zero. I have done things very similar to what you are doing. As for 3b, I've tried adding an icv to it with no luck. After over-complicating the last two, I really tried to think of simple methods of solving this challenge.
I'm probably going to have to bow out at this point. I've got a big exam coming up and I really have start focusing on my career for the next 2 weeks. I'll still pop in when I take a break to see how everyone is doing because these things are so much fun and I can't wait to see the results.
I don't get forward with 3a... maybe I think to complicated -.-
Maybe I should take some distance to 3a and switch over to 3b until I can maybe think about it in a different way.
...it's kind of frustrating because we all know that it should be really easy to crack it.. :D
btw does anyone know if the time stamp of each package is just part of the capture file or really part of each package? I can't find it inside the package itself.
@Vivek: would it be possible to add some functionality to the postings at securitytube? so that you can marke parts of your text as code which will be displayed in a different font ...or something similar?
similar script that i'm working on for 3a. I need to check if the challenge is encrypted with just the key or the iv+key
#!/usr/bin/env python
# Simple bruting program
# aking1012.com@gmail.com - Andrew King
#
#
#
import sys, binascii, re, hashlib
import Crypto.Cipher.ARC4 as ARC4
def checkformat(decrypted):
# print toHex(decrypted)
# if ((decrypted[8]=="\x00") and (decrypted[9]=="\x01") and (decrypted[10]=="\x08") and (decrypted[11]=="\x00")):
# print decrypted.find("\x00\x01\x08\x00")
# if ((decrypted.find("\x00\x01\x08\x00")) != -1):
if ((decrypted.find("\xe5\x99\x55\xea")) != -1):
return 1
return 0
def makekeystream(iv, dictfile, data):
found = 0
solution = ''
with open(dictfile) as f:
for dictword in f.readlines():
dictword = dictword.rstrip()
hexKey = binascii.hexlify(dictword)
# hexKey = toHex(dictword)
if len(dictword) > 13:
continue
if len(dictword) < 13:
continue
print "Trying key: " + dictword
while len(hexKey) < 13:
hexKey = hexKey + "\x00"
print hexKey
# print iv
# print hexKey
# hexKey = "\x01\x48\x42\xd4\x80\xb5\x71\x49\x5a\x4a\x03\x63\x79"
#
key = iv + hexKey
# print toHex(key)
p = ARC4.new(key)
possible = p.decrypt(data)
found = checkformat(possible)
if found == 1:
solution = solution + dictword + " , "
return solution
def openpcap(pcap):
#my test packet
'''
ivoffset = 90
ivlen = 3
dataoffset = 94
datalen = 36
'''
#the challenge 3a
ivoffset = 296
ivlen = 3
dataoffset = 300
datalen = 136
'''
#the challenge 3b
ivoffset = 88
ivlen = 3
dataoffset = 92
datalen = 36
'''
with open(pcap) as f:
pcapraw = str(f.read())
curroffset = ivoffset
iv = ''
while (curroffset < ivoffset+ivlen):
iv = iv + pcapraw[curroffset]
curroffset = curroffset + 1
data = ''
curroffset = dataoffset
while (curroffset < dataoffset+datalen):
data = data + pcapraw[curroffset]
curroffset = curroffset + 1
return iv, data
def toHex(s):
this = ''
test = bytearray(s)
for byte in test:
temp = hex(int(byte))
try:
garbage = temp[3]
except:
tempa = temp[:-1]
tempb = temp[2]
temp = tempa + '0' + tempb
this = this + temp
this = this.replace('0x','')
this = "0x" + this
return this
def main():
try:
myargs = sys.argv
if not (len(myargs) == 3): raise AssertionError
except:
print "usage is python wireless.py dictfile pcap"
sys.exit(2)
for arg in myargs:
dictfile = myargs[1]
pcap = myargs[2]
iv, data = openpcap(pcap)
ivhex = toHex(iv)
datahex = toHex(data)
print "Using dictfile: " + dictfile
print "Using iv: " + ivhex
print "Using data: " + datahex
keys = makekeystream(iv, dictfile, data)
if keys != '':
keyarray = keys.split(" , ")
print len(keyarray)
with open("output", "w+") as f:
f.write(keys)
else:
print "Ruh Roh?!? No keys found....o.O"
if __name__ == "__main__":
main()
I'm new to this, but what about recalculating the keystream of challenge 3a, then manually encrypt the challenge text and compare it to the encrypted one?
@writemecas you will prove that 1=1. this can be done to challenge text and dictionary words if(!) the IV is right
I've not managed to crack this, but I can announce that I was able to get into Vivek's home network about an hour ago and leave him a gift on his Macbook :-)
[only joking :-), I'm just not funny.... I'll get my coat]
My theroy is to get the keystream by xoring cipher text with (challenge text + icv) am working on this now....am i on the right track or far away?!!
@Andrew close ... real close :)
@Blackmarketeer I don't have an Internet connection at home, I am a wireless hacker :) ... ...... Just kidding!
@coon Sure, I will add it to my to do list. The whole website is handcoded in Python by me, so all functionalities need to be added :) Can't install a "widget" or "plugin" )
Good Night All! I hope to receive a WEP key for 3a and/or 3b soon! :)
I wonder how long a total 64-bit key exhaustion attempt would take...I think I'm about to find out...
Where is our friend Josh Wright? Generally he posts comments to help us out! Josh we need you!!!!!
@Andrew 1089 years in php using airdecap-ng, just started it
i've uploaded dictionaty file from backtrack 5 to
http://uploadbox.com/files/a1f54690c8/
Vivek, please confirm that it is usable in the challenge ;)
@tohaz Good Move buddy
So still no answers from anyone... Maybe time this weekend (as late in the challenge as it is), might be enough!!! Heres hoping.
Tohaz, why not just copy over the dictionaries from BT4?
Think I just beat 3a...sending the mail to confirm.
And 3b with the same code. Yup...pwned...I'll post the full code when I get a confirm or deny from Vivek.
@Andrew well congrats if ya get it man...i've been spinning my wheels the past day or so and hit a dead end...
Andrew has cracked 3a successfully! and 3b partly, I have asked him for some clarifications. I have received a couple of more solutions but Andrew is the closest to winning right now! :)
Others, gear up!
Hint 1 for 3a: You have an IV and a complete encrypted packet. How would you crack this? Refer to a previous challenge
Hint 1 for 3b: Is the keystream a function(key, IV) ?
Keep posting! I think this has become the most commented video on ST :) in the shortest duration :)
Congratulation @Andrew if you got it correct. Igot bored trying and finding a way, but no solution, completely nothing...... Anyway i hope vivek explains thi step by step, i'm interested in nowing the detailed info about this.
mmm Keystream = Rc4(iv, wep key). i don't see the problem , anyone ?
@Andrew has won this challenge! Congratulations!
Andrew, please don't post the full solution for now. The contest will remain open till next Wednesday and anyone completing 3a and/or 3b will be mentioned in the solution slides!
Others, now you know its doable, and Andrew has in part given out the solution in the comments! I wanna see more emails with the keys and the explanation.
Andrew, congratulations!!!
@Vivek-Ramachandran, "The whole website is handcoded in Python by me, so all functionalities need to be added"
WOW. Nice. Python FTW.
@Andrew, Congratulations on winning.
@Andrew, Congratulations.
@Andrew - congratulations. I hope you enjoy spending your prize!
I've not been around for a while due to work committments. It's a long thread and I'll have to read it several times to get my head around the various suggestions.
Vivek has given a clue and I wonder if this track might be correct:
1. Vivek has posted some videos dealing with how RC4 works, along with some code to reproduce the two stages of creating the keystream.
2. How about taking a dictionary and creating hex WEP keys (as in Challenge 1).
3. Prepend the hex WEP key with the known IV then put it through the RC4 algorithm to create a keystream.
4. Compare this (byte by byte) with the known keystream.
5. When it fails, stop the comparison and go back to the start with the next hex WEP key.
Congratulations Andrew!
@Andrew - well done mate :-)
@Andrew Well Done Buddy, I havnt given my full attention to this challenge as i am learning Python as from prevoius challenge posts this is my downfall
--Chard
Same as Chard, i'm into C# now because of some university projects. I'm good in python but not a professional, i was hoping for a a some videos about python scripting, it will definitely increase my experience.
Thx all for the congrats. I'm nowhere near professional on the python stuff though(or ruby for that matter). I'll wind up running through the working code in the how I did it video at the end of the week. I expect Vivek will have a video then for the concepts of the solution. Mine will just be the how of the thing and some of the blunders I made along the way.
Btw please Vivek after revealing the solution, can you please stop the challenges for a while ? i really spent quite some time trying solving the problems, my eyes are hurting me lol. So a rest of this challenge is a must, you can continue the WPA videos in that time.
@m0ei I have found the Python Videos that Vivek Posted on the solution for the 2nd challenge very interesting
http://www.securitytube.net/video/610
Also http://www.python.org/doc/
--Chard
@Andrew - congratulations!!! Good Job :)
@Chard
IF your learning python from scrap ........you can have a look at this website ........
http://letslearnpython.com/
@Andrew, Congratulations on winning !!!!!!!!!
Thanks rootx
congratulations Andrew!
@all the guys who want to learn python:
one of the best(free) books to really learn python can be found here http://diveintopython.org/ (written by Mark Pilgrim). The MIT lessons doesn't look that bad too ;)!
if you have some basic knowledge about python, you will really, really love SCAPY because you can import it as a python library and it really helps you:
a) learning everything about "low lvl network protocols"
b) doin' crazy networking-, package-,... stuff without of reinventing the wheel :)
hopefully some other guys will also crack the challenge... i'll see if i have enough time to work on it this weekend ^^
@Chard @rootx @Patrick - I always learned better by manipulating working code and troubleshooting. Google is my friend, and, as previously noted by Chard, the docs are absolutely indispensable. As for books, core python was a good one(I own it/paid for it). I also like many oreilly recipe books or pragmatic programmer books(mostly for ruby in my experience). Just recommendations on things I found most useful. Then again, I learn "try-fail-try again" not class/learn/get job.
looking at this as my particular prize: http://www.youtube.com/watch?v=JGy2F6fec3A&feature=player_embedded
Congratulations Andrew!
Before I get my head back in the books, I'd like to second the suggestion that you do a mega-primer on python and scapy for hacking.
what Andrew done in his try - he searched for ARP packet header instead of answer to challenge text. "never jugde the packet" suits in this idea
@HumanError - where are you having trouble specifically? I stopped relying on stock tools some time ago. They are great as a jumping off point, but you really MUST eventually tweak them or understand what they do and make your own.
Andrew you are apsolutley right. Tools are just helpers.
@WCNA, i like to "Third" the suggestion for a python megaprimer, but not the basics, like What's a variable or what's looping ? just start directly from the Intermediate level in python.
I don't want to waste my time watching the MIT course because i already know what they're going to teach me.
still working on 3a..
can someone tell me if I'm right or totally wrong? :D
I thought that I have to rebuild the challenge response by:
encrypting the challenge text with the IV + a password from a wordlist. if the encrypted string matches the challenge response, I'm in... but it looks like I missed something :S
The problem is that my encrypted string is shorter than the challenge response.
So I thought... maybe... I could try to check if the response just contains the string... but as I said, I think I've missed something important -.-
thats how I thought it should work:
#!/usr/bin/python
'''
Usage: wephex [pcap-file] [wordlist] [key-length]
'''
import re, sys
from scapy.all import *
import Crypto.Cipher.ARC4 as ARC4
from binascii import hexlify
## Config Part
ch3a = rdpcap(sys.argv[1])
wordlist = open(sys.argv[2], 'r')
keylength = int(sys.argv[3])
chtext = ch3a[0].info
iv = ch3a[1].iv.encode("hex")
response= hexlify(ch3a[1].wepdata) # binascii.hexlify(ch3a[1].wepdata)
length = 128
outfile = open('THA_KEY.txt', 'a')
## RUN!!!
for line in wordlist:
if len(line) == keylength: # check WEP-Key length
hexpass = hexlify(line)
ivkey = iv + hexpass
crypt = ARC4.new(ivkey) # RC4 iv+key
tryout = crypt.encrypt(chtext) # encrypt the challenge text with our new algorythm
tryoutvalue = hexlify(str(tryout))
print "trying Key: ", line
# print "tryout: ", tryoutvalue
# print "diff with: ", data
if tryoutvalue in response: # check if our encrypted string is in the challenge-response string
print "!!! FOUND KEY !!!"
print "Key is: ", line
outfile.write("Key is: "+line)
wordlist.close()
outfile.close()
sys.exit()
superclose...you're making the same mistake that I did for a while. i'm re-encoding the solution video now. if you're still working the challenge i can wait on the upload. have you tried this script when you KNOW the key on a test pcap? I would try it out. it might point you in the right direction. here's something to think about: why did we use hexlify in challenge 2?
thx for the hint Andrew!!!
I have fired up a test-setup at the beginning... but I don't know if I kept the files... so I will follow your advice now.
If I'm the only one who's still working on the challenge then don't wait with your upload (I wouldn't watch it before my solution works)... but I think other people are also still working on it, so it would be great if you could keep it back for a while. ^^
m0e1 said: i like to "Third" the suggestion for a python megaprimer, but not the basics...
Exactly. I got a basic python book a long time ago and read it. It has nothing on sockets, packet manipulation, etc.
LEAP... I Heard LEAP... I Love LEAP... lol
haven't had sooo much time and I'm a bit handicapped because my access point doesn't want to work that well with WEP encryption -.-
but my thought is, that I forgot to add the icv to the plaintext key... but that's not enough to get an equal string length. I thought that I should also append the iv to the beginning of the encrypted string but then the "generated" challenge response is longer then the original one.
I think that I used the wrong format at some point (bin/ascii/hex)
Got my WEP test setup runnin' now... and I'm able to produce an encrypted stream of the same length as the challenge response (in my test pcap as well as in Challenge-3a pcap) BUT the encrypted streams are completely different. :(
I think I should have a beer or two now... :D
Here's the script to test my test-capture:
import Crypto.Cipher.ARC4 as ARC4
from binascii import hexlify
from binascii import a2b_base64 as a2b
## Config Part
ch3a = rdpcap(sys.argv[1])
wordlist = open(sys.argv[2], 'r')
keylength = int(sys.argv[3])
chtext = ch3a[10].info
iv = ch3a[12].iv
icv = "4b89da48"
response= ch3a[12].wepdata
length = 128
outfile = open('THA_KEY.txt', 'a')
## RUN!!!
for line in wordlist:
if len(line) != keylength: # check/fix WEP-Key length
line = line[0 : keylength]
hexpass = hexlify(line) # same output as ascii
ivkey = iv + hexpass #
crypt = ARC4.new(ivkey) # RC4 iv+key
tryout = crypt.encrypt(chtext+icv) # encrypt (challenge text + icv) with our new algorythm
tryout = tryout
tryoutHex = hexlify(tryout)
responseHex = hexlify(response)
print "trying Key: ", line
print "tryout: " , hexlify(tryout)
print "diff with: ", hexlify(response)
#print "iv: ", iv
#print "icv: ", icv
if tryout in response: # check if our encrypted string is in the challenge-response string
print "!!!!!!!!!!!!!!!! FOUND KEY !!!!!!!!!!!!!!!!"
print "Key is: ", line
outfile.write("Key is: "+line)
wordlist.close()
outfile.close()
sys.exit()
why did we use hexlify in challenge 2?...you're thinking on the right track.
notice:
# if ((decrypted[8]=="\x00") and (decrypted[9]=="\x01") and (decrypted[10]=="\x08") and (decrypted[11]=="\x00")):
wasn't ultimately used but it is part of a hint
maybe, he searched for llc header :)
@ Security Tube
BIG ANNOUNCEMENT:
I already thought about publishing a "in-depth Python networking primer" together with my brother Rene.
After we've seen the requests for such a primer, we had kind of a meeting today and we're happy to announce to make this primer for sure!!! Please give us some time. We actually started the planning stage and we want to keep up with the quality of Vivek's primers (that's of course not easy)!
We want to cover at least:
*) Scapy (and when it makes sense to use it)
*) "How to talk with your network" in Python?
*) How to code your own server in Python? - with security in mind (don't be afraid of that ;) )
*) common failures of developers
... and of course some other stuff (as I said we just started the planning stage)
this primer will of course require basic knowledge of python ...but come on... that's something you should learn anyway ;)!
back to topic now... *rolleyes*
@andrew: thx mon! that's a big hint ...I will continue to work on my script tomorrow :)! can't wait for the WPA challenges... I really started to love encryption :D!
@Patrick - nice. I stalled on the ruby primer BAD. Had other stuff that was more interesting to me and I have the focus of a cat...oooh shiny...anyway. You're so close. When you figure it out you're going to **facepalm**(I know I did). I'm waiting until Monday EDT to post the video here. The exploitation primer is going to be getting challenges(yours truly gets the privilege of making them...here comes the brain pain). We'll see how that goes. Don't give up on this thing. When you finish one, the other will take under a minute if you're in the mindset I think you are...
@Andrew: I tried to work with everything in binary but no success till now... I'm either on the wrong path with that thought or just makin' a mistake somewhere... but I'm a way to tired to think straight. looking forward to a facepalmin' monday :D!!!
btw: I had a quick look at your ruby primer but I can't find part one... would be interesting to watch it starting with the 1st one. and come on man... get your motivation back ;)! a ruby primer is a really nice idea! at least because of metasploit and all that ruby-stuff out there. I prefer Python but if you have to deal with ruby-tools, it's great to know ruby! so people like me wouldn't have to pray for a miracle when they change a few lines of ruby code :D
okay...you said you're looking forward to the facepalm so here goes. i'm uploading the video now, so I may as well tell you...stop hexlifying it and you're done.
like hexpass = line # same output as ascii
@Andrew - looks like i may be too late but the actual solution should probably not have been posted yet as the challenge was to continue until Wed.
Vivek mentioned - "Andrew, please don't post the full solution for now. The contest will remain open till next Wednesday and anyone completing 3a and/or 3b will be mentioned in the solution slides!"
that being said.. good job on being the first to complete!
thought that I tried this out... but I will fly over my code today to find out if there is still something "hexlified" or something similar.
@xyweormw - he has to approve video postings. I asked about if I should even post it on vimeo since a couple of people just watch follow that channel for things before they get upped here(off board). I submitted it as directed and the opportunity not to approve until Wed was still there. I believe the thinking was that no one was commenting on progress any more.
makes sense
Awesome Discussion! :) I am loving the enthusiasm. Contest remains open till Wednesday as announced. So keep going!
As promised the WPA-PSK video has been posted: http://www.securitytube.net/video/1905 Looking forward to all your comments! Hope you enjoy this one.
Got some distance now and I'm back in!
I think I know the... let's just call it mistake :D!!! Will try it out now.. hopefully I'm right
got a password out of my script now... hopefully it's the right one.
@Andrew: it really ended facepalmin' ...but because of another issue :D
I started to think about 3b now...
It's quiet hard to figure out a value to compare with the decrypted value.
Of course it's a broadcast... so do we need to analyze the package and find some values that stay the same all the time?
I tink that's also what Andrew does in his script here.
You're thinking on the right track
Thx for being that helpful Andrew!
Securitytube is really a nice Community / place2be :)
I can't work on it while am in office but I will try out several thoughts tonigt :)
3B was really easy after I had a solution for 3A!
You just have to think about it. it's an encrypted broadcast message. what protocol could it be? IPv4 is used, so it might be ... ;)
very nice challenge!
Vivek asked me to post a video on how I solved 3a.
So, here it is:
http://www.securitytube.net/video/1910
Hopefully it will help some of you to learn or understand :)
Andrew explained what was needed pretty well in his video. I'll take a look at how 3lL060 approached it and see if it's any clearer.
Was looking fwd to Vivek's video solution to 3a and 3b to be released on the 25th. Glad we got a look at what's involved sooner with Andrew's vid.
I took the path Andrew describes as beating up the problem, not really applying much thought to what needed to be done. Scripted airdecap-ng to attack 3a with the bt4 word lists, the way shown in challenge 1. Then when that didn't work I replaced the wordlists with brute force... which will take forever in python if you're still using the p = Popen( every time.
At this point I'll admit that testing my code to see if it gave the results expected with packet captured that used a known key might have been a good idea. Also, trying to compile a modified version of airdecap-ng on windows might have not been the best use of my time. I thought maybe if I could reuse the code in airdecap-ng and take advantage of the calculations being internal to the program and not opening a second process for each key... that it might significantly speed up the brute force to the point where it may be feasible to go from 0000000000 to FFFFFFFFFF in a reasonable amount of time. Take what they have, strip out the code to write the results to disk, and put in a loop for brute force instead of reading word lists. Maybe with C it would only take a few hours... or a week.
Even with all that working though it was all built on the assumption that airdecap-ng would return success decrypting the packets when given the right key.
Next time we do a challenge hopefully I won't work 36hrs that weekend.
On the positive side... I'm a little more comfortable with python now. Annoyed with windows... yes. Annoyed with vc++, yes. Finally installed cygwin and am having a much better time at it, yes. Next time will just use the other computer and do the whole thing on bt5 and stop getting sidetracked by the possibilities of doing all of this stuff on windows just because it's possible too, yes.
Now that I'm off work and not all strung out like yesterday I plan on trying out the solutions posted. Really, really, really excited. :o)
hi to all especially Vivek-Ramachandran.
Thank you for sharing this videos.
i wanna all of the power point file of this videos for my penetration testing class .
can you give me them ?
your sincerely
Challenge 4 posted: http://www.securitytube.net/video/1997
Best of Luck! Will run till July 15th.
The next challenge will be on WPA-Enterprise.
We've already started posting videos on WPA-Enterprise. The latest one talks about cracking EAP-MD5 with Eapmd5pass and Eapmd5crack
http://www.securitytube.net/video/2008
Dear Friends,
We have finally launched our own certification courses:
Here is the intro video to SecurityTube Certifications:
http://www.securitytube.net/video/2255
Also, launch video for SecurityTube Wi-Fi Security Expert (SWSE) Certification:
http://www.securitytube.net/video/2256
Look forward to hearing from you all!
Vivek