Forcing MIC failures, again
j at w1.fi
Wed May 30 22:14:18 EDT 2007
On Wed, May 30, 2007 at 11:39:33PM -0000, Queisser, Andrew (VfB Stuttgart '07!!) wrote:
> if (corruptCondition)
> at the end of the function ieee80211_michael_mic_add, just before the
> return 0 statement.
> - Would the contents of pos match the bytes in the sniffer or is there
> another level of encryption that happens?
No, they should not match. Michael MIC value is encrypted with rest of
> - Why doesn't the change to the MIC cause a MIC failure on the AP? Do I
> have the code in the wrong spot?
If your driver is only using software encryption for TKIP, this would be
suitable place to change the MIC value. Are you sure the AP implements
TKIP countermeasures correctly?
Jouni Malinen PGP id EFC895FA
More information about the HostAP