Distributed WPA Cracking

CSCI5673 - Distributed Systems

Spring 2011University of Colorado

Rodney BeedeRyan KroissArpit Sud

2011-05-02

Topics

• The Team• Introduction• WPA 1/2• Architecture• Master Node• Worker Node• Test Methodology• Results & Conclusions• Future Work• Questions

Introduction

• Cracking WiFio WEP - easyo WPA - hard

• Brute Forceo Not practicalo 8 character minimum

• Dictionaryo Common passwords

• coWPAtty by Joshua Wrighto Generate rainbow tableo Search rainbow table

Introduction - Our Idea

• Distributed key generationo Already done

• Distributed table lookupo Not done

• Web service• Fast lookup• Modify existing code

WPA a.k.a. WPA1

• WPA stands for WiFi Protected Access• Meant to replace WEP

o WEP failed to meet its security goals• Comes in two flavours

o WPA-PSK* (Pre-Shared Key) which uses TKIP

o WPA-Enterprise more secure but requires RADIUS authentication server

 

* also known as WPA-Personal

WPA2

• Successor to WPA• Makes PSK more secure as it uses CCMP

instead of TKIP• Both WPA-PSK and WPA2-PSK are

susceptible to password cracking attacks• No known attacks against Enterprise flavors

o The Lesson is....

Attacking WPA-PSK

• Authentication handshake required for cracking WPA-PSK

• Authentication handshake happens when a client connects to AP (and also when the client "thinks" it is no longer authenticated)

• Packet capture is 3-step processo Place wireless card in monitor mode("listen all")o Start packet captureo Send a deauthentication packet to wireless client

to induce authentication handshake• A script is provided that performs the above 3

steps

Architecture

Master Node

• Java web application• Accepts jobs

o Upload .cap fileo SSID name

• Queues jobo Runs 1 at a time

• Tracks worker statuso NOT LOADEDo LOADEDo RUNNINGo FINISHEDo ERROR

Master Node (cont)

• Start / Kill worker clientso Remote ssho Hand out table offsets

• Records web app log• Job Run

1.User submits job2.Master saves to NFS share3.Master tells workers

1.When ready2.TCP packet3.Location of files and output destination

4.Master checks SOLUTION file

• Started by master• Loads rainbow table into memory

o 1000 files x 40MB = 40GB (5GB per worker)

• Giant byte array with pointers per SSID• Creates socket to listen for messages from

master• Possible message types

o STARTo STATUSo KILL

Worker Node

Worker Node (cont)

• STATUS - returns worker status• KILL - kills current job (if applicable)• START command creates new thread

o Looks up SSIDo Finds corresponding portion of rainbow

tableo Leverages coWPAtty for password look upo If password is found

Worker outputs solution to fileMaster tells other workers to stop

o Otherwise, workers report FINISHED after reading through table

Original coWPAtty

• Read records in rainbow table

• Records contain length, passphrase, and PMK

• PMK -> PTK (requires capture data)

• PTK -> MAC• Grab key MIC• Compare with MIC

found in capture data

Serial versus Distributed

• Serialo Run once and doneo Reads data from

disko Runs on one

machineo Quick start-up timeo Less opportunity

for optimizations

• Distributedo Runs as a serviceo Loads data into

memoryo Runs on N

machineso Slow start-up timeo More opportunity

for optimizations

Test Methodology

• 996,358 word rainbow tableo 1,000 SSIDso 40MB / SSIDo 40GB total size

• 8 worker nodes• 1 master node• Cisco C210 M1 (on loan from Cisco)

o  Two Intel Xeon E5540 (2.5GHz)8 logical CPUs

o  72GB RAMo Sixteen 10K RPM SAS 6.0 gbps 146GB drives

RAID5

Test Methodology (cont)

• Packet capture data with SSID linksys available in SVN

• Test data created with the following keys:o First in Dictionary: !8zj39leo Middle in Dictionary: }ttringeo Last in Dictionary: korrelie

• Gathered data for time taken to find solution from Master and worker logs

• Compared to original coWPAtty running on a single node

• Results shown on next slide are average of times recorded by the 3 of us

Results & Conclusions

• First in dictionaryo Serial = 8 millisecondso Distributed = 5 milliseconds

• Middle in dictionaryo Serial = 3056 millisecondso Distributed = 742 milliseconds

• Last in dictionaryo Serial = 6014 millisecondso Distributed = 767 milliseconds

 • Seemingly small

o Scalableo Ideal for web service

Future Work

• GUI client for data capture• Distribute table generation• Hybrid disk/memory approach• Thousands of heterogeneous clients

o Like SETI@HOME• Rewrite in Java or C++

o Simpler code• Improved data structures

Questions?

http://code.google.com/p/distributed-wpa-cracking/

Tips for a secure PSK wireless network:• Use a unique SSID (not linksys or home)• Have a long* & unique key; use special

characters

*max. 63 characters