r00kie-kr00kie: PoC for vulnerability in Broadcom and Cypress Wi-Fi chips

by do son · Published March 22, 2020 · Updated October 11, 2021

r00kie-kr00kie

PoC exploit for the CVE-2019-15126 kr00k vulnerability

What is Kr00k?

Kr00k – formally known as CVE-2019-15126 – is a vulnerability in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic.

Who is affected?

The vulnerability affects all unpatched devices with Broadcom and Cypress FullMac Wi-Fi chips. These are the most common Wi-Fi chips used in today’s client devices, made by well-known manufacturers including Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy) as well as devices under many other brands.

Wi-Fi Access points and routers are also affected by Kr00k, making even environments with patched client devices vulnerable. All-in-all, before patching there were more than a billion affected devices.

Which Wi-Fi chips exactly were vulnerable?

ESET tested a number of popular devices with Broadcom and Cypress Wi-Fi chips and confirmed a manifestation of the Kr00k vulnerability. We have also tested some devices with Wi-Fi chips from other manufacturers, including Qualcomm, Realtek, Ralink and Mediatek, and did not see the vulnerability manifest itself. Obviously, we have not tested every possible Wi-Fi chip by every manufacturer, so while we are not aware of other affected chips, we also cannot rule this out.

Disclaimer

This is a PoC exploit for the CVE-2019-15126 kr00k vulnerability.

This project is intended for educational purposes only and cannot be used for law violations or personal gain.
The author of this project is not responsible for any possible harm caused by the materials.