340 likes | 369 Views
WPA, what else?. Thomas d’Otreppe de Bouvette Aircrack-ng. UNAM, Mexico City November 27-28, 2008. Agenda. WEP WPA – How does it work? WPA – Practice Location, location, location Cracking the key Bruteforce WPA - Tools Airbase-ng Tkiptun-ng Airolib-ng Practical stuff. 2. WEP.
E N D
WPA, what else? Thomas d’Otreppe de Bouvette Aircrack-ng UNAM, Mexico City November 27-28, 2008
Agenda • WEP • WPA – How does it work? • WPA – Practice • Location, location, location • Cracking the key • Bruteforce • WPA - Tools • Airbase-ng • Tkiptun-ng • Airolib-ng • Practical stuff 2
WEP • It was fun • A few new attacks were created • Caffe Latte • Cfrag • PTW2: Now needs less packets needed by PTW to crack a key • WEP Cloaking™ is now dead too 3
WEP • WPA – How does it work? • WPA – Practice • Location, location, location • Cracking the key • Bruteforce • WPA - Tools • Airbase-ng • Tkiptun-ng • Airolib-ng • Practical stuff 4
WPA • More and more networks use WPA • WPA is a hot topic these days: • CUDA • New attack and tool: tkiptun-ng 5
WPA • 802.11i group launched when flaws were found in WEP • 2 link-layer protocols: • TKIP (WPA1): Draft 3 of 802.11i group (backward compatible with legacy hardware). • CCMP (WPA2): final 802.11i standard • 2 authentication methods: • Personal: PSK • Enterprise: MGT 6
WEP • WPA – How does it work? • WPA – Practice • Location, location, location • Cracking the key • Bruteforce • WPA - Tools • Airbase-ng • Tkiptun-ng • Airolib-ng • Practical stuff 16
WPA – Location • Need all packets from the 4 way handshake => hear AP and Client • In fact, aircrack-ng can work with less than 4 packets • If too far, won’t get everything
WPA – Cracking the key • Processing Unit • CPU • GPU (CUDA and AMD Stream) • Method: • Wordlist • Bruteforce • « Rainbow » tables
WPA - CUDA • Cracking with your nVidia • Much faster than with a CPU (10-100x): • Intel P4 3.2Ghz: ~150 keys/sec • AMD Turion 64 X2 TL-60 (2Ghz): ~230 keys/sec • Nvidia 280GTX: ~11000 keys/sec • A few tools exists • Commercial • Open source: pyrit • Planned in aircrack-ng (AMD Stream too) 21
WPA - Bruteforce • Let’s calculate how much time it will take to crack a simple passphrase with alphanumerical values (upper and lower case). • Smallest WPA passphrase: 8 characters (max 63). 23
WPA - Bruteforce (2) • 8 characters passphrase • 62 possibilities per character: [A-Z][a-z][0-9] • Using a 280GTX (11000keys/sec) • 62^8 = 218 340 105 584 896 possible keys • 218340105584896/11000k/s= 19 849 100 508 sec • 19849100508 sec = 5 513 639 hours • 5513639 hours = 229 735 days • 229735 days = 630 years 24
630 years for a 8 char WPA key • A bit too long for a simple passphrase. • For a 12 characters passphrase, bruteforce will take 9 309 091 680 years. • Dictionnary attack and John The ripper are still the best solution. 25
WEP • WPA – How does it work? • WPA – Practice • Location, location, location • Cracking the key • Bruteforce • WPA - Tools • Airbase-ng • Tkiptun-ng • Airolib-ng • Practical stuff 26
Airbase-ng “Airbase-ng is multi-purpose tool aimed at attacking clients as opposed to the Access Point (AP) itself.” Features: • Soft AP/Ad hoc • Karma • Encrypt/Decrypt packets • Capture WPA handshake from a client. • Filtering to avoid disturbing nearby networks 27
Airbase-ng (2) • Turn any monitor-mode capable card into an AP • Default mode: Karma • Karmetasploit = airbase-ng + metasploit 28
Fun with airbase-ng • Karma • airbase-ng rausb0 • Soft AP: • airbase-ng –y –e myAP –c 6 rausb0 • ifconfig at0 up 192.168.0.254 • ping/ssh/… it from the client • Script to manipulate packets: • airbase-ng –Y both rausb0 • ./test/replay.py at1 29
Fun with airbase-ng (2) • WPA Handshake capture: airbase-ng -z 2 -W 1 –y -c 6 -e home rausb0 • Location problem solved ;), you just need the client:
Tkiptun-ng • Exaggerated in the news, only a few frames can be sent • Work in Progress: • Basic documentation written • Not fully working yet 31
Tkiptun-ng (2) • WPA TKIP + QoS (802.11e) • Decrypt packets from the AP • Modified chopchop • Breaks the MIC key • Save plaintext + keystream 32
Airolib-ng • Create pre-computed WPA hash tables to be used with aircrack-ng • Uses a sqlite database • Import/Export: • Import passphrases/essid lists • Cowpatty tables (genpmk) • Pyrit can exports its hash tables to airolib-ng format • Speed (once precomputed): • EEE 701 (900Mhz, SD Card): ~9700keys/sec • AMD Turion 64 X2 TL-60 (2Ghz, HDD 7200rpm): ~55500 keys/sec (~30000 keys/sec virtualized).
Conclusion • Questions? • Practical stuff • WPA Cracking • Fun: Aigraph-ng