The issue regarding searched threads returning 404s has been fixed. My apologies. - NekoElf
The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.
Seven Years of Service
Posts: 287
Threads: 88
KRACK attack ~ New WPA2 Attack! 10-16-2017, 11:55 AM
#1
Today I present to you KRACK Attack.
KRACK of Key Reinstallation Attack basically reinstalls the already-in-use key, this affects the 4 Handshake to generate a fresh key, this 14 year old handshake has never been kracked until now,
Any device that uses Wi-Fi is likely vulnerable.
First of all the demo.
Second the paper.
Paper
CVE(s)
- CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
- CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
- CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
- CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
- CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
- CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
- CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
- CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
And finally their website:
KrackAttack
They will be releasing the code after everyone has had a reasonable chance to update their devices, I am very excited to try this attack out.
(This post was last modified: 10-16-2017, 12:46 PM by S3xySmurf.)
![[Image: YmmIqHV.gif]](https://i.imgur.com/YmmIqHV.gif)
Donations:
1CCR21K2fnu2yAinUTFPsVdY7u4FkjNPs5
Twelve Years of Service
Posts: 2,376
Threads: 227
RE: KRACK attack ~ New WiFi Attack! 10-16-2017, 12:46 PM
#2
Damn, what a shame that they won't release their code...I was actually excited to see what's going on. Props to the author here for including the whitepaper.
Seven Years of Service
Posts: 287
Threads: 88
RE: KRACK attack ~ New WiFi Attack! 10-16-2017, 01:24 PM
#3
(10-16-2017, 12:46 PM)phyrrus9 Wrote: Damn, what a shame that they won't release their code...I was actually excited to see what's going on. Props to the author here for including the whitepaper.
I was also upset when I couldn't find the code for this, I've got a network I'd really like to test this on
Donations:
1CCR21K2fnu2yAinUTFPsVdY7u4FkjNPs5
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
•
Seven Years of Service
Posts: 92
Threads: 3
RE: KRACK attack ~ New WPA2 Attack! 10-16-2017, 05:13 PM
#4
This is huge..it's surprising how long it took to discover this security hole
•
Seven Years of Service
Posts: 1,182
Threads: 348
RE: KRACK attack ~ New WPA2 Attack! 10-16-2017, 08:30 PM
#5
Everyone is flipping out but as long as you have an open sourced router this is a non issue, for those of you still using a store bought default or the one your isp handed you, good luck waiting for them to update and patch this vulnerability. If you are interested in building your own router you can check out
https://sinister.ly/Thread-Tutorial-Turn...ful-Router for more information.
![[Image: tm06mQ3.gif]](http://i.imgur.com/tm06mQ3.gif)
If my threads help you feel free to Like and Rep
Keybase | https://keybase.io/ecks ProtonMail | n3r0nu77@protonmail.com Steam | Nu77v47u3 Discord | Ecks#2162
Seven Years of Service
Posts: 1,182
Threads: 348
RE: KRACK attack ~ New WiFi Attack! 10-16-2017, 08:32 PM
#6
(10-16-2017, 01:24 PM)S3xySmurf Wrote: (10-16-2017, 12:46 PM)phyrrus9 Wrote: Damn, what a shame that they won't release their code...I was actually excited to see what's going on. Props to the author here for including the whitepaper.
I was also upset when I couldn't find the code for this, I've got a network I'd really like to test this on
https://www.krackattacks.com/ <- Don't think they have released the code, but all the information on what they did and such is on their website.
If my threads help you feel free to Like and Rep
Keybase | https://keybase.io/ecks ProtonMail | n3r0nu77@protonmail.com Steam | Nu77v47u3 Discord | Ecks#2162
•
Twelve Years of Service
Posts: 72,627
Threads: 307
RE: KRACK attack ~ New WPA2 Attack! 10-16-2017, 09:10 PM
#7
(10-16-2017, 08:30 PM)Ecks Wrote: or the one your isp handed you, good luck waiting for them to update and patch this vulnerability.
Hence one of many reasons not to use a Router supported and provided by your ISP.
Nice contribution Indeed. Will look Into this after work today.
•
Seven Years of Service
Posts: 287
Threads: 88
RE: KRACK attack ~ New WiFi Attack! 10-16-2017, 09:30 PM
#8
(10-16-2017, 08:32 PM)Ecks Wrote: (10-16-2017, 01:24 PM)S3xySmurf Wrote: (10-16-2017, 12:46 PM)phyrrus9 Wrote: Damn, what a shame that they won't release their code...I was actually excited to see what's going on. Props to the author here for including the whitepaper.
I was also upset when I couldn't find the code for this, I've got a network I'd really like to test this on
https://www.krackattacks.com/ <- Don't think they have released the code, but all the information on what they did and such is on their website.
They haven't released the code yet but they are planning to do so when the relevant parties have patched this hole.
Donations:
1CCR21K2fnu2yAinUTFPsVdY7u4FkjNPs5
•
Ten Years of Service
Posts: 1,708
Threads: 46
RE: KRACK attack ~ New WPA2 Attack! 10-16-2017, 10:02 PM
#9
Very nice contribution, just heard about this on the way home. Think I already have a patch for this on my router but I'll have to check. I still need to go about building together my replacement router but OpenWRT works for now.
You can find me on
Keybase
"Reach the state of
ubiquity, and you will be in
control"
Student, Technician, Designer, and more.
![[Image: YUpAMpx.png]](https://i.imgur.com/YUpAMpx.png)
Twelve Years of Service
Posts: 2,376
Threads: 227
RE: KRACK attack ~ New WPA2 Attack! 10-17-2017, 06:56 AM
#10
Fun fact, this isn't even the biggest bug. Saw a bunch of shit today about some core protocol vuln that is basically unpatchable because it will either conflict with WPA2 or 802.11 specs. New spec needed to fix bug. Maybe we'll see WPA3 in the next 3 years
Users browsing this thread: 3 Guest(s)
.png "Donator (Rank IV)")
![[Image: giphy.gif]](https://media.giphy.com/media/3o7btLEF1MDTC3USKk/giphy.gif)
![[Image: AD83g1A.png]](http://i.imgur.com/AD83g1A.png)
