Forcing MIC failures, again
Queisser, Andrew VfB Stuttgart '07!!
andrew.queisser
Wed May 30 16:39:33 PDT 2007
Hi guys,
I've got Ubuntu with a 2.6.20 kernel now and I'm looking through what my
options are for forcing MIC failures. I've got a zd1211rw driver working
with ieee80211 driver. I still don't really understand the difference
between ieee80211 and mac80211 but as far as I can tell they do the same
thing in a slightly different way?
My mac80211 doesn't work yet, probably not part of the kernel so I'll
leave the original advice I got from Jouni for the next stage when I
have my zd1211rw working with mac80211.
Anyway right now I can rebuild the ieee80211_crypt_tkip module with some
code to corrupt the MIC but it doesn't seem to have any effect. I added
something like this:
if (corruptCondition)
pos[0]++;
at the end of the function ieee80211_michael_mic_add, just before the
return 0 statement. I added some printks to make sure my code executes
when I do some repeated pinging and it does get executed
I also tried some printk to print out the 8 bytes at the "pos" pointer
but they don't match what I see in my sniffer.
Questions:
- Would the contents of pos match the bytes in the sniffer or is there
another level of encryption that happens?
- Why doesn't the change to the MIC cause a MIC failure on the AP? Do I
have the code in the wrong spot?
Thanks,
Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20070530/1adf35be/attachment.htm
More information about the Hostap
mailing list