Alright, so today I wanna talk about my little adventure with KRACK 2. Yeah, the sequel nobody asked for, but here we are!
First off, what’s KRACK 2? Basically, it’s another set of vulnerabilities in Wi-Fi, specifically targeting devices that support the 802.11r standard, which is all about fast roaming. Think seamless switching between Wi-Fi access points. Sounds cool, right? Well, not when it’s got holes.
My Setup: I grabbed a couple of old routers and a Raspberry Pi. Nothing fancy, just stuff lying around. I flashed OpenWRT on the routers to give me some control, and used the Pi as my attack platform. Gotta love a Pi for this kind of tinkering.
Diving In: I started by setting up a Wi-Fi network with 802.11r enabled. This is key, because without it, you’re just shooting blanks. I made sure to use WPA2-PSK, because that’s what most people use, and that’s where the fun is. I then installed a bunch of tools on my Pi: Aircrack-ng suite, Wireshark, and some custom scripts I found online. You know, the usual hacker starter pack.
The Attack: The core of KRACK 2 involves messing with the Fast BSS Transition (FT) handshake. This is what allows devices to quickly switch between access points. The vulnerability lets you replay certain handshake messages, which can lead to decryption or even injection of packets. Nasty stuff.
I used a script to capture the FT handshake while a device was connecting to my Wi-Fi network. Then, I modified the handshake messages and replayed them using Aircrack-ng. It took a few tries, tweaking the timing and message contents, but eventually, boom! I saw decrypted traffic in Wireshark. It was like peeking into someone else’s conversation.
The Nitty-Gritty: The hardest part was getting the timing right. The FT handshake is sensitive, and if the replayed messages are off even by a millisecond, it won’t work. Also, different devices behave differently, so what works for one might not work for another. It was a lot of trial and error.
Lessons Learned:
- 802.11r isn’t always your friend. While fast roaming is nice, it adds complexity, and complexity means more chances for vulnerabilities.
- Patch, patch, patch! Seriously, keep your devices updated. Vendors release patches for these vulnerabilities, and you need to install them.
- Wireshark is your best friend. Being able to see the actual packets flying around is crucial for understanding what’s going on.
Final Thoughts: KRACK 2 isn’t as widespread or easily exploitable as the original KRACK, but it’s still a serious issue. It showed me how even seemingly small vulnerabilities in complex protocols can have significant consequences. It was a fun, albeit slightly terrifying, learning experience.
Disclaimer: Don’t go using this knowledge for evil. This is purely for educational purposes. Hacking into networks without permission is illegal and just plain wrong. Be a good human, okay?
