Key Re-Installation Attacks Two Years On
Key Re-Installation Attacks
Woah, I bet it’s been a while since you read anything about KRACK, right? I imagine (for those who were interested in the initial paper) you read the follow up paper in October 2018, if you were not that interested then well, you probably thought this vulnerability was done with and to be honest - it pretty much is. Nonetheless today I’m going to be talking about it, not because I want to relight old news but because I had a really interesting experience with getting the POC working.
So, I had the pleasure of being assigned the task to try & get the PoC working for this exploit, at first this is something I was really excited about but it ended up being quite disheartening.
Let’s first discuss the working environment I had for this. While I had seen YouTube videos whereby people had got this exploit working in their bedrooms with potentially hundreds of things affecting RF I wanted to do this in a “perfect” condition and since we have an RF chamber at work I had the pleasure & joy of using it (By the way, if you ever get the chance to do any work in one, do it, it’s awesome)! The setup went something like this… We had an access point outside the RF chamber, inside the RF chamber were two attena’s which were being connected to this access point. We then connected our laptop & the device to the access point receiving our signal via the attenna’s (pretty standard stuff). With this setup we checked everything could talk to everything & it could of course. I had three wireless cards in action on my laptop, one was being used in monitor mode to do a packet capture on everything taking place, the second card was being used as the AP for the PoC and the third was how I was connecting to the network at all.