Test your security - Lesson 3o - Break a wifi code with WPA encryption

car hacker 1197675498 istock peshkov

There are many but too many internet tools that can "break", "fish", "skip" your passwords to anything. Each of these tools is specialized and is addressed by your operating system password, your wifi password, and your login password with a service.

Learn to be protected. These lessons are not meant to show you how to become the hacker, but what methods hackers use and how effective they are.

Lesson 3 - Break a wifi code with WPA / WPA2 encryption

Before we say anything we inform you that this lesson is 3 and the continuation of the 2 course. Before reading this article, please read first the 2 course and the 1 course, so that you can understand exactly what we will be presenting here today.

First of all, let's say as little as possible what and how is a WPA encryption:

The standard WPA version is personal (not enterprise) and we will talk about that. It is inferior to the enterprise but it is the one we all have in our house. The inferiority of WPA / WPA2-Personal in relation to WPA / WPA2-Enterprise is due to the authentication method, which for all clients is done through a unique pre-shared key or PSK, and that is why you will see it mentioned and as WPA / WPA2-PSK. That is, the access point (AP) is configured with a specific passphrase (an ASCII alphanumeric of 8 to 63 characters, the known code that you all put in your router), which every client must know in order to pass the authentication and to connect to the wireless network.

But how does WPA certification work? Enjoy the process and we hope you do not "get lost" in the process: Initially the basic code in the router, the passphrase, is encrypted with the method salt ("Salted" as we like to say) with the network name (ESSID or SSID) and the length of the name and then encoded by the method PBKDF2, corresponding to 4096 consecutive passes of the SHA-1 algorithm. The result is called a PMK (Pairwise Master Key) and is essentially a 256bit key.

01-PMK_creation_thumb 02-PTK_creation_thumb

Note that encryption has so far been in it passphrase and network name, so the PMK can be created by the router itself or another access point, as well as by any client that knows these two elements. Thus, when the user of a client selects an available WPA / WPA2 network and enters the corresponding passphrase to connect, his computer creates the PMK and wirelessly declares his desire at the access point. This is followed by authentication, a communication of four messages that start from the access point, also known as 4-way handshake. Regarding WPA cracking, the main interest is in the first two messages:

  1. Access Point creates a random number (ANonce) and sends it to the client.
  2. The client, receives the ANonce and also creates a random number (SNonce). Then, using the PMK, ANonce, SNonce, its MAC address, and the Access Point MAC address, creates a new key called 512bit (Pairwise Transient Key) PTK (with the less complex PRF-512 algorithm). With PTK, the client encodes SNonce by creating a Message Integrity Code (MIC), a digital signature of SNonce. Finally, the client sends the unencoded SNonce and MIC to the Access Point (router).


With these two steps, the Access Point is now able to certify that the client is "legitimate" after calculating the PMK in turn (since as an Access Point, obviously knowing its passphrase and SSID), then calculating the PTK (after knowing the PMK, the necessary MAC addresses, the ANONce it created and the SNonce it received in message 2), sign the SNonce with the PTK and see if the result matches the MIC it received. If it coincides, then obviously the client knows the same passphrase as the Access Point and therefore is indeed "legal". If you are not already "lost" in the process, make sure that no sensitive information is transmitted in the air, such as the passphrase or any other key.
In addition, for each client, all this connection to Access Point also occurs periodically, each time that Access Point decides that the PTK should be renewed.

But how do these knowledge help in finding the passphrase and, consequently, in breaking the WPA?

First of all, let's say that encryption used in passwords such as salt and PBKDF2 is one-way. That is, an initial phrase is coded and gives us a "difficult" result, but this process can not be done in reverse, we can not find the original phrase from the difficult result. So the logic to compare and to certify that the "impossible" result is the right one, is to do the same process, to codify the original phrase, and to compare the results.

So it is with WPA. Despite the extensive use of (known) encodings, the only parameter that can not be directly known to a third party, is the passphrase, which - anyway - is the requested. Otherwise, the SSID of the Access Point (and therefore its length) and the MAC addresses of the Access Point and a connected client can be easily found with a network scanner. Similarly, with a wireless network sniffer that "happens" to be active at the time of authentication of a client with the Access Point, can be found the ANNce, SNonce and MIC of SNonce that circulate freely in the air.

And with all these elements, a program can take sequential passphrase (brute force or dictionary) and to repeat for each verification process which also makes the Access Point, until, for some passphrase, the signature of SNonce with PTK to match the MIC. This will be the requested passphrase.

Our point is that although the process is automated, that is, you give a computer a table with millions of common codes and tell him to perform the above procedure for each one of them until he finds the code, so our theme is time. Indeed. You see, for every passphrase that this theoretical cracking program tries, it has to create a different PMK. But, as mentioned, creating the PMK requires 4096 consecutive passes of the SHA-1 algorithm, an extremely time-consuming process that will result in testing only a few tens of passphrases per second. And this is not a practical solution.

A smart cracker would usually face such a problem by creating a table with pre-calculated hash values, such as a rainbow table. That is, you would instruct a fast system (or rather a cluster) to calculate all the PMKs that correspond to the passphrases contained in a list or a large dictionary. This process would be just as time consuming, but it would only be done once. Beyond that, for each attack, the cracker would use the ready-made table he created, eliminating the need to calculate PMKs, which would launch the attack time vertically.

However, in the case of WPA, the passphrase, before being coded to create the PMK, remember that it is "salted" with the SSID of the Access Point. This means that if a table with PMK precomputed values ​​is created, it will be useless for attacks on networks with a different SSID than the network for which it was designed. In a few words, if we change the name of our network with something irrelevant then we greatly increase the time we find our code from a cracker, to a point where we can say that in combination with a good password you will never find it, no matter how strong and fast the machine is. This is why recently the networks have started and put default network names (SSID) its name and a number, such as OTE23E561, or OTE123456 or OTENET2317 etc. Remember that in the past the default names were just OTE, linksys, wind, dlink , netgear, hol etc.

In practice, therefore, today's general WPA break is virtually impossible. Surprisingly, this does not mean that wireless networks using WPA are generally safe. You see, most administrators of such networks are unaware that the security provided by WPA is due to the rarity of passphrase and SSID. So, often use common SSIDs (eg myhome, mywlan, dimitris, kostas, spiti, etc.) or leave the default SSID of the router (eg default, linksys, netgear, dlink etc.) or leave the predefined provider's SSID (e.g., otenet, hol wifi, connex, etc.). At the same time, they use no or very complex passphrase to be able to remember them and easily share them.

So, the aspiring cracker does not need to take into account either all the possible SSIDs, not all possible passphrases. It's just a few precomputed PMK tables for the most common SSIDs, based on an equally common password dictionary. Indeed, such tables are ready to be downloaded to the internet, making the finding of the passphrase in such shared networks a ten-minute case. And such tables are widely circulated online and for Greek networks. And well, will you tell us that it is never possible for my personal code to exist in a dictionary? how did the cracker predict it? And yet, imagine a file with millions of preconceived notions (some guesses you might as well do now) that has no limit to the imagination and length. If, for example, your password is in the style of "name-year of birth" then you lost, there is a file with all the Greek names and a four-digit number next to those starting from 1 to 9999, ie dimitris1970 or dimitris1981 is inside and so at some point he will find it.

Let's do the theory:


The tools we need: Of course Kali linux installed on a laptop (or running with a usb live), and some files with codes. Some such small files already exist in Kali, but others can be found on the internet, for example, you can download and try the following for educational purposes onlythis here 13 GB  or also this here 1,36 GB or also this here42MB with Greek names.

There is still his set Renderman. It consists of 1000 tables for 1000 most commonly used SSID, according to WiGLE project. They are all distributed together in one giant torrent of 33Gb. The list of SSIDs they cover is available here and the dictionary on which they are based here.

We start… ..

1. Open your router, set it to WPA or WPA2 encryption and give it a common name and password. Open a console (terminal) in Kali and write the following to see how it names (and if you have) the wireless network card linux

2. Suppose the result tells you that you have wlan0 (give the following commands for the corresponding name of your wireless network card).
On the same console, type the following to set the wireless controller to monitor mode:
airmon-ng start wlan0

3. The result should be monitor mode enable on mon0 (or mon1 etc).
Next move to the same console to see the following wireless networks in your area
airodump-ng wlan0

The result of the above command is two tables. In the upper panel you can see all the active Access Points (routers) of the area and in the lower panel you can see a list of clients that are connected to them. For now, from the first panel, select a valid Access Point (AP for shortcut) that you want to attack (you mean your own). This AP should have a name (ESSID column) for which you have the corresponding table with precomputed PMK. It should also use the WPA or WPA2 protocol in its PSK version (ENC and AUTH columns). After selecting AP, write down its name, its MAC address, and the channel in which it operates (columns ESSID, BSSID and CH) and if you want to end airodumb-ng press Ctrl-C.

4. Open a new console and using this information, enter:
airodump-ng –c κανάλι -w όνομααρχείου_capture –-bssid διεύθυνση_MACτου_AP  wlan0
π.χ.  :  airodump-ng –c 1 –w tutorial –-bssid E0:1D:3B:3D:E9:44  wlan0

With the above command you ask airodump-ng to capture all the data circulating in the air and related to the specific AP and save it in the file you defined (in our example, you have named it tutorial.cap). But you do not want any data. You want what is exchanged between the AP and a client during the authentication process. So first check the bottom panel showing airodump-ng to see if there is a client connected to the AP. If the table is empty, then there is no connected client and all you can do is wait for someone to connect. If a client is connected, first note the client's MAC address (STATION column).

5. Then open a third console and enter:
aireplay-ng –-deauth 5 –a διεύθυνσηMACτουAP –c διεύθυνση_MACτου_client wlan0
π.χ.  :  aireplay-ng –deauth 5 –a E0:1D:3B:3D:E9:44 –c 14:89:FD:56:E7:1E wlan0

With the above command, aireplay-ng will send deauth packages to the client, forcing it to repeat the authentication process so that airodumb-ng can capture the data it needs.
Either with normal or artificially induced authentication, when the airodump-ng captures the necessary data, it will display (at the top of the console it occupies) the message "WPA handshake" followed by the AP MAC address (attention, sometimes while airodump-ng successfully captures authentication data each time, it may not display this message, so if after aireplay-ng or normal client authentication does not display this message, try to proceed in the next step immediately). At this point you can now stop capturing data with airodump-ng (Ctrl-C).

6. All you have to do is assign the passphrase search to aircrack-ng, already having a dictionary on your disk. On the console, type:
aircrack-ng -w όνομααρχείουμεκωδικούς –b SSIDτουAP όνομααρχείου_capture
π.χ. :  aircrack-ng –w word-passwords.txt –b E0:1D:3B:3D:E9:44 tutorial-01.cap

Here, before writing the aircrack-ng command, give the console the ls command to see the file names of your directory and therefore the name of the capture file created in step # 4 by the airodump-ng command. We then asked to name this file tutorial but if there is a file with the same name then the airodump-ng command does not crash but creates a file named tutorial-01. So make sure you give aircrack-ng the correct name for your file.

See the above example in video:

Alternatively for step 6 you can use the cowpatty command if you have a file with precomputed PMK codes stored on your disk.

6a. (alternative to 6). All you have to do is assign the passphrase to coWPAtty. On the console, type:
cowpatty –r όνομααρχείου_capture –d αρχείοπίνακαprecomputed_PMK –s SSIDτου_AP
π.χ.  : cowpatty –r tutorial-01.cap –d linksys.wpa –s Linksys


Either way, keep your computer quiet. If you look at how your system works from there and beyond you will see that all the cores work 2% and your machine "gives its change". If all goes well and your password is in the password file then at some point it will let you know that it has found it and that's it.

If you really want to try the technique on an AP, for the SSID of which you can not find a ready-made precomputed PMK table, you can use a simple dictionary file. Just change the syntax of coWPAtty and replace it with “–d file_dictionary”. Of course, the process will be hundreds of times slower and not at all practical for a bulky dictionary.

If you want to try the technique frequently on a particular AP (because, for example, the owner frequently changes passphrase), but you do not find a ready-made precomputed PMK table for the corresponding SSID, you can create your own table. You will need a dictionary and the genpmk tool, which comes with coWPAtty (hence Kali linux). To create, open a console and type:
genpmk –f filedictionary –d namefiletable –s therare_SSID
e.g. : genpmk –f word-passwords.txt –d preco-table.wpa –s mitsos

In conclusion:

But what did all this teach us? That if we want to be safe then we must:

a. use only WPA or WPA2 encryption,

b. to change the default network name to something unusual, such as "geiaxara" or "geia_sou_geitona" or "mitsos"

c. to put an unusual code that has nothing to do with (or only) our name, age, address, group, city, animal, etc. (do not forget that our neighbor who may know some information about us will hack us). We also understand your need not to get involved with incomprehensible alphanumeric symbols that are difficult to remember and manage. That's why we suggest a huge phrase that you like and easily remember together with an irrelevant number-symbol as a good solution, such as say "arnaki_aspro_kai_paxi _ (@)" or "ta-maura-matia-sou-otan-ta-vlepo- me-zalizoune-1000 ”or“ to.1821.egine.i.epanastasi.stin.ellada ”are quite good, easy to remember and easily recognizable by clients.

In the next lesson we will show you how to "break" the code of our WPA wireless network with the raven program and how the hackers will easily and quickly create their own dictionary with the crunch and cupp programs.

dimitris - iGuRu.gr

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news