Difference between revisions of "WPA Attack"

From ivc wiki
Jump to navigationJump to search
Line 4: Line 4:
Most wireless networks operating today use WPA and a Pre-Shared Key (PSK) between parties, i.e. a common password between the Access Point and Client Station, for protection. While the 802.11i standard, of which WPA is implemented on, is still intact the authentication is prone to a offline brute-force attack.
Most wireless networks operating today use WPA and a Pre-Shared Key (PSK) between parties, i.e. a common password between the Access Point and Client Station, for protection. While the 802.11i standard, of which WPA is implemented on, is still intact the authentication is prone to a offline brute-force attack.


When a client want to connect to a access point, the following steps takes place:
When a client want to connect to a access point, the following stages will take place:
# Client takes the Password and ESSID to compute the ''Pairwise Master Key'' (PMK) and will ask the AP to connect
# Client takes the Password and ESSID to compute the ''Pairwise Master Key'' (PMK) and will ask the AP to connect
# AP will responds with a random ''ANonce'' number
# AP will responds with a random ''ANonce'' number

Revision as of 23:15, 30 August 2009

WPA is the precursor to WEP and filled a need as a replacement for the fully disclosed and unsecure WEP encryption.

Background

Most wireless networks operating today use WPA and a Pre-Shared Key (PSK) between parties, i.e. a common password between the Access Point and Client Station, for protection. While the 802.11i standard, of which WPA is implemented on, is still intact the authentication is prone to a offline brute-force attack.

When a client want to connect to a access point, the following stages will take place:

  1. Client takes the Password and ESSID to compute the Pairwise Master Key (PMK) and will ask the AP to connect
  2. AP will responds with a random ANonce number
  3. Client also create a random SNonce number, take the Pairwise Master Key, ANonce, SNounce, and other static bits to compute a Pairwise Transient Key
  4. Client will sign the SNonce number using the Pairwise Transient Key and send it unencrypted to the AP
  5. AP receives the signed SNonce, and compute the Pairwise Master Key from its Password and ESSID. Use the Pairwise Master Key, ANounce, SNounce, and other static bits to compute a Pairwise Transient Key
  6. By signing the SNonce message with the new Pairwise Transient Key, the AP can match the Integrity Code of the SNonce message sent from the client.
  7. The AP can assume the client used the same Pairwise Master Key (Password+ESSID) to generate the Pairwise Transient Key, used to sign the message
  8. AP sends an acknowledgment to the client signed with the Pairwise Transient Key and includes information for further communication

For an excellent explaination, see the Airolib-ng manual.

Tools

  • pyrit - blog - Reference manual - Code details
    • Like coWPatty and Airolib-ng
    • Pre-compute PMK keys
    • Import compressed (.gz) files
    • Supports stdin (i.e. John the Ripper piping)
    • Internal database over precomputed ESSID and PMK combinations
    • Export PMK to coWPAtty (*.cow ) and Airolib-ng (*.db) supported files
    • GPGPU acceleration
    • Strip out 4-way handshake from capture file
  • coWPAtty - coWPAtty project page - Readme
    • Like Pyrite and Airolib-ng
    • WPA-PSK attack on specific ESSID and captured 4-way handshake dump
    • Passthrough from Pyrite possible (GPGPU acceleration)
    • Pre-computed PMK tables supported
    • genpmk:
      • Generate "Pairwise Master Key" table for a specific ESSID, PMK tables
      • Table-file name should end with *.cow
  • Airolib-nb
    • Like coWPatty and Pyrit
    • Precompute TMK keys and attack WPA/WPA2 handshake captures
    • Internal SQLite3 database
    • Can export and import coWPAtty files

Extra:

Word lists

List of word lists

These are compiled word lists and readily available.

Generating word lists

By following simple guidelines a good word-list can be generated. Consider the following:

  • Most people use easy to remember passwords, in this case it has to be 8 characters or over in length
  • Append 0-9 to the word, i.e. (word)1, (word)2, (word)3, ..
  • Sequence of numbers are often used, e.g. 123, 321, 999, ..
  • First letter is often upper-case
  • Short words (under 8 characters) are stringed in series of two, e.g. googlegoogle, hellohello, openopen, ..
  • Forename and surname often used

John The Ripper and Raptor 3 are great utilities to create all the permutations mentioned above. JTP can pipe the data to avoid having to save the new stream. JTR has an extended rules engine to build the permutations.

john -wordfile:dictfile -rules -session:johnrestore.dat -stdout:63 | \
  cowpatty -r eap-test.dump -f - -s somethingclever [1]

Tools

GPU acceleration

CPU vs GPU.png

CUDA (Compute Unified Device Architecture) is a parallel computing architecture developed by nVidia [2]. Competitively, FireStream / Fire Processor is a stream processor developed by ATI Technologies. Both are based on the GPGPU (General Purpose Graphics Processing Units) concept for heavy floating-point computations [3]. Instead of having four or eight threads crunching on a parallelized task in the CPU, you could have 64, 320, or how many stream processors (Unified Shaders) tackling the same work in the GPU [4].

Traditionally the GPU has been very limited, only accelerating part of the graphics pipeline. Utilizing the GPU to perform floating-point computations is an order of magnitudes faster than on a modern CPU. It possible to achieve over a teraflop of theoretical computing capacity using relatively inexpensive commodity hardware.

As a side-note, SLI can not be used, only individual processor units.

References