Upload
dulcie-golden
View
219
Download
0
Embed Size (px)
Citation preview
1
WPA, what else?
UNAM, Mexico CityNovember 27-28, 2008
Thomas d’Otreppe de BouvetteAircrack-ng
2
Agenda
• WEP
• WPA – How does it work?
• WPA – Practice– Location, location, location– Cracking the key– Bruteforce
• WPA - Tools– Airbase-ng– Tkiptun-ng– Airolib-ng
• Practical stuff2
3
WEP
• It was fun
• A few new attacks were created– Caffe Latte– Cfrag
• PTW2: Now needs less packets needed by PTW to crack a key
• WEP Cloaking™ is now dead too3
4
• WEP
• WPA – How does it work?
• WPA – Practice– Location, location, location– Cracking the key– Bruteforce
• WPA - Tools– Airbase-ng– Tkiptun-ng– Airolib-ng
• Practical stuff4
5
WPA
• More and more networks use WPA
• WPA is a hot topic these days:– CUDA– New attack and tool: tkiptun-ng
5
6
WPA
• 802.11i group launched when flaws were found in WEP
• 2 link-layer protocols:– TKIP (WPA1): Draft 3 of 802.11i group (backward
compatible with legacy hardware).– CCMP (WPA2): final 802.11i standard
• 2 authentication methods:– Personal: PSK– Enterprise: MGT
6
7
WPA-PSK – How does it work?
7
8
9
WPA-PSK – 4 way handshake
9
10
WPA-PSK – PTK ConstructionPairwise Master Key (256 bit)
ANonce
SNonce
STA MAC Address
AP MAC Address
HA
SH Pairwise Transient Key
11
WPA-PSK – PMK ConstructionPassphrase
SSID
Number of iterations: 4096
SSID Length
PB
KD
F2
Length of the result key: 256bits
PMK
12
13
14
15
16
• WEP
• WPA – How does it work?
• WPA – Practice– Location, location, location– Cracking the key– Bruteforce
• WPA - Tools– Airbase-ng– Tkiptun-ng– Airolib-ng
• Practical stuff16
17
WPA – Location
• Need all packets from the 4 way handshake => hear AP and Client
• In fact, aircrack-ng can work with less than 4 packets
• If too far, won’t get everything
18
WPA – Location (2)
AP Client Attacker
AP ClientAttacker
19
WPA – Location (3)
AP Client
Attacker
AP ClientAttacker
20
WPA – Cracking the key
• Processing Unit– CPU– GPU (CUDA and AMD Stream)
• Method:– Wordlist– Bruteforce
• « Rainbow » tables
21
WPA - CUDA
• Cracking with your nVidia
• Much faster than with a CPU (10-100x):– Intel P4 3.2Ghz: ~150 keys/sec– AMD Turion 64 X2 TL-60 (2Ghz): ~230 keys/sec– Nvidia 280GTX: ~11000 keys/sec
• A few tools exists– Commercial– Open source: pyrit
• Planned in aircrack-ng (AMD Stream too)21
22
WPA - Pyrit cracking speed
22
23
WPA - Bruteforce
• Let’s calculate how much time it will take to crack a simple passphrase with alphanumerical values (upper and lower case).
• Smallest WPA passphrase: 8 characters (max 63).
23
24
WPA - Bruteforce (2)
• 8 characters passphrase• 62 possibilities per character: [A-Z][a-z][0-9]• Using a 280GTX (11000keys/sec)
• 62^8 = 218 340 105 584 896 possible keys• 218340105584896/11000k/s= 19 849 100 508 sec• 19849100508 sec = 5 513 639 hours• 5513639 hours = 229 735 days• 229735 days = 630 years
24
25
630 years for a 8 char WPA key
• A bit too long for a simple passphrase.
• For a 12 characters passphrase, bruteforce will take 9 309 091 680 years.
• Dictionnary attack and John The ripper are still the best solution.
25
26
• WEP
• WPA – How does it work?
• WPA – Practice– Location, location, location– Cracking the key– Bruteforce
• WPA - Tools– Airbase-ng– Tkiptun-ng– Airolib-ng
• Practical stuff26
27
Airbase-ng
“Airbase-ng is multi-purpose tool aimed at attacking clients as opposed to the Access Point (AP) itself.”
Features:• Soft AP/Ad hoc• Karma• Encrypt/Decrypt packets• Capture WPA handshake from a client.• Filtering to avoid disturbing nearby networks
27
28
Airbase-ng (2)
• Turn any monitor-mode capable card into an AP
• Default mode: Karma
• Karmetasploit = airbase-ng + metasploit
28
29
Fun with airbase-ng
• Karma– airbase-ng rausb0
• Soft AP:– airbase-ng –y –e myAP –c 6 rausb0– ifconfig at0 up 192.168.0.254– ping/ssh/… it from the client
• Script to manipulate packets:– airbase-ng –Y both rausb0– ./test/replay.py at1
29
30
Fun with airbase-ng (2)
• WPA Handshake capture:airbase-ng -z 2 -W 1 –y -c 6 -e home rausb0
• Location problem solved ;), you just need the client:
ClientAttackerFake AP
31
Tkiptun-ng
• Exaggerated in the news, only a few frames can be sent
• Work in Progress:– Basic documentation written– Not fully working yet
31
32
Tkiptun-ng (2)
• WPA TKIP + QoS (802.11e)
• Decrypt packets from the AP
• Modified chopchop
• Breaks the MIC key
• Save plaintext + keystream
32
33
Airolib-ng
• Create pre-computed WPA hash tables to be used with aircrack-ng
• Uses a sqlite database
• Import/Export:– Import passphrases/essid lists– Cowpatty tables (genpmk)– Pyrit can exports its hash tables to airolib-ng format
• Speed (once precomputed):– EEE 701 (900Mhz, SD Card): ~9700keys/sec– AMD Turion 64 X2 TL-60 (2Ghz, HDD 7200rpm): ~55500
keys/sec (~30000 keys/sec virtualized).
34
Conclusion
• Questions?
• Practical stuff– WPA Cracking– Fun: Aigraph-ng