This appendix describes the process needed to modify a WEP-encrypted packet and ensure that the CRC for the packet remains valid, in other words, the bit-flipping attack.
Assume that a sender wishes to send a message to a recipient, and that he wishes to use a CRC to detect errors during transmission.
Let the message, M(x), be the single ASCII letter N: M(x) = 01001110, and let the CRC generator be G(x) = x3 + x2 + 1, or 1101. To compute the CRC value, M(x) is first multiplied by the degree of G(x), which is 3. Because multiplication in GF(2) is a left shift, we end up with M'(x) = 01001110000. This value is now divided by G(x), and because division in GF(2) is the XOR operation, the result is:
------------ 1101| 01001110000 1101 1001 1101 1001 1101 1001 1101 1000 1101 1010 1101 1110 1101 110
The long division results in a remainder of 110, which is now subtracted (subtraction in GF(2) is the XOR operation) from M'(x) to obtain P(x)—the message that is sent: P(x)=01001110110.
Upon receipt of the message, the recipient divides it with G(x). If the remainder of the division is 0, the message did not contain errors within the precision of the CRC.
For this example, we take the message above (ASCII 'N') and modify the message so it becomes an ASCII y and we still ensure that the ICV remains valid using the process described in Chapter 15.
Stating the problem: Given P(x)= 01001110110, derive P'(x)=01111001XXX where XXX is a valid CRC.
First, the delta between the current message, M(x), and the desired message, N(x), is computed by the exclusive OR of the two values.
M(x) = 01001110
N(x) = 01111001
Δ(x) = 00110111
Now, the CRC is calculated for the delta value:
------------ 1101 |00110111000 1101 1100 1101 010
The remainder of the division is the CRC of the delta. Now the delta and its CRC are exclusive OR'd with P(x):
P(x) 01001110110 Δ(x) ⊕ 00110111000 01111001110 CRC(Δ) ⊕ 010 P'(x) 01111001100
Now, P'(x) is shown to be a valid message; the remainder of the CRC calculation is 0.
------------ 1101 | 01111001100 1101 1000 1101 1011 1101 1101 1101 0
Because the remainder of the CRC calculation is 0, P'(x) has a valid CRC and the message has been successfully modified.
18.222.96.135