| View previous topic :: View next topic |
| Author |
Message |
weiss
Joined: 13 Dec 2005
Posts: 232
Reputation: 83
|
 Posted: Mon Nov 12, 2007 2:06 am Post subject: WPA-PSK Module |
 |
|
..
Last edited by weiss on Sun Mar 08, 2009 9:17 am; edited 6 times in total |
|
| Back to top |
|
 |
passcape
Joined: 09 Dec 2005
Posts: 69
Reputation: 13
Location: CCCP
|
| Posted: Thu Nov 15, 2007 11:33 am Post subject: |
|
|
| No point to generate rainbow tables, for the SSID will be different for different connections. |
|
| Back to top |
|
|
passcape
Joined: 09 Dec 2005
Posts: 69
Reputation: 13
Location: CCCP
|
| Posted: Thu Nov 15, 2007 5:30 pm Post subject: |
|
|
It would be interesting to compare the recovery speed with other software. I've found one over the net. I wonder is there anything else? Here's my calculations for P IV 2800:
PSPR by ElcomSoft - 74 p\sec (based on dictionary attack)
wpa-pmk-full - 57 p\sec
wpa-pmk-half - 115 p\sec
BTW, what's the difference between these two modules (wpa-pmk-full and wpa-pmk-half)? Does the last one check only first 20 bytes half of the hash? |
|
| Back to top |
|
|
weiss
Joined: 13 Dec 2005
Posts: 232
Reputation: 83
|
| Posted: Thu Nov 15, 2007 8:45 pm Post subject: |
|
|
| Quote: | | No point to generate rainbow tables, for the SSID will be different for different connections. |
well, there is a point actually. 
Alot of WIFI routers are distributed with a default SSID.
For example, linksys..which is very popular, have the appropriate 'linksys'
which some people don't change.
take another strictly hypothetical example - a company using WPA-PSK changes the key every couple of weeks, but not the SSID..
rainbow tables would be useful here also.
The point of having 2 separate modules is because only 20 bytes are required to recover a password from PMK hash.
Its HIGHLY unlikely that a collision would be found using different key from real one.
The full version is for creating the rainbow tables, which can be useful in certain situations.
HMAC algorithms have a "weak point" in that the plaintext isn't included in the first 2 calls to SHA1/MD5 compression function.
I would suggest looking at either coWPAtty or Aircrack-ng which both handle attacking WPA-PSK
Cain and Abel also has support for WPA-PSK
I'm not worried about benchmarks right now, since its not possible to fully optimize this algorithm as a module |
|
| Back to top |
|
|
weiss
Joined: 13 Dec 2005
Posts: 232
Reputation: 83
|
| Posted: Thu Nov 15, 2007 9:42 pm Post subject: |
|
|
ok, i realise now that "rainbow tables" is probably the wrong terminology to use..
but the point i was trying to make is that PMKs are required to attack PTK (Pairwise Transient Key) used for authenticating client.
so, we could pre-compute them to save time in attacks against APs that use default SSID, such as linksys routers. |
|
| Back to top |
|
|
weiss
Joined: 13 Dec 2005
Posts: 232
Reputation: 83
|
| Posted: Fri Nov 16, 2007 6:10 am Post subject: RIPEMD-128 + 160 modules |
|
|
...
Last edited by weiss on Mon Jun 02, 2008 11:23 pm; edited 1 time in total |
|
| Back to top |
|
|
passcape
Joined: 09 Dec 2005
Posts: 69
Reputation: 13
Location: CCCP
|
| Posted: Fri Nov 16, 2007 9:38 am Post subject: |
|
|
| Quote: | | well, there is a point actually. |
Wouldn't it be faster to 'break' the hash rather then to generate tables? Assuming we have 100 p/sec. How much does it take to generate it (8-chars passwords)?
| Quote: | | HMAC algorithms have a "weak point" in that the plaintext isn't included in the first 2 calls to SHA1/MD5 compression function. |
So what?
| Quote: | | Cain and Abel also has support for WPA-PSK |
I've tested it. It runs at 124 pass/sec on my computer.
| Quote: | | I'm not worried about benchmarks right now, since its not possible to fully optimize this algorithm as a module |
Why? Just rewrite it in assembler. |
|
| Back to top |
|
|
weiss
Joined: 13 Dec 2005
Posts: 232
Reputation: 83
|
| Posted: Fri Nov 16, 2007 9:37 pm Post subject: |
|
|
| Quote: | | Wouldn't it be faster to 'break' the hash rather then to generate tables? Assuming we have 100 p/sec. How much does it take to generate it (8-chars passwords)? |
as i said, some wifi vendors ship their products with default SSID, and customers do not change the SSID while using WPA-PSK.
however, only shit devices allow less than 8 character passwords, which is why i stated in the readme.txt file that the module was probably only suitable for dictionary attack.
so, it is possible to generate a file full of HMAC-SHA1 hashes based on the SSID, which can be then fed into the second part of the computation using the dictionary word/pass phrase we want to test while attempting to brute force the PMK from the PTK which is sent over the air between the client/router.
please read the documents that come with coWPAtty, and also look through its source code..then you will understand better what this module is useful for.
you're comparing my module with other software like cain and abel..
their versions are built into the program, allowing them complete control over how passphrases/ssid are generated.
i don't have that option, which is why mine will always be slower, whether in assembly or not.
these modules are created in my free time, i don't get paid for it.
| Quote: |
I've tested it. It runs at 124 pass/sec on my computer. |
9 hashes more per second? not that impressive, is it?
| Quote: | | Why? Just rewrite it in assembler. |
because it wouldn't make a huge difference, i'm not going to sit for 2-3 hours optimizing an algorithm that is only going to create 10-20 more hashes per second than the next WPA cracker.
i have plans to implement a separate algorithm, based on SSE2, but it can't be made into passwordspro module.
and its debateable how much of a difference it will make.
i can predict that with multi-core processing, it could compute equivilant keys/s as David Hultons coWPAtty for FPGA, but only time will tell.
you're welcome to write your own though, this part of the forum, and modules in general is not exclusive to just me here..
i don't own patent for writing passwordspro modules.
David Hulton WPA cracking with FPGA
http://openciphers.sourceforge.net/oc/wpa.php
Hacking airwaves with FPGA (David Hulton)
http://openciphers.sourceforge.net/slides/shmoocon-2007.pdf
If you really want to optimize this algorithm, you're going to have to think bigger ideas than just an assembly implementation. |
|
| Back to top |
|
|
miki
Joined: 11 Nov 2005
Posts: 71
Reputation: 14
Location: Italy
|
|
| Back to top |
|
|
weiss
Joined: 13 Dec 2005
Posts: 232
Reputation: 83
|
| Posted: Tue Nov 20, 2007 8:15 am Post subject: |
|
|
...
Last edited by weiss on Mon Jun 02, 2008 11:22 pm; edited 1 time in total |
|
| Back to top |
|
|
c4p0ne
Joined: 26 Jun 2007
Posts: 265
Reputation: 125
Location: Classified
|
| Posted: Mon Jun 02, 2008 4:09 pm Post subject: |
|
|
| PasswordsPro is crashing on me on XP/Vista & Vista 64 with the .dll as the faulting problem. Could I be doing something wrong? Can you send me a "sample/test" .txt file I could import into PasswordsPro to verify that it is indeed crashing on me through no fault of my own? |
|
| Back to top |
|
|
weiss
Joined: 13 Dec 2005
Posts: 232
Reputation: 83
|
| Posted: Mon Jun 02, 2008 8:59 pm Post subject: |
|
|
| yeah, i'll upload later today. |
|
| Back to top |
|
|
weiss
Joined: 13 Dec 2005
Posts: 232
Reputation: 83
|
| Posted: Mon Jun 02, 2008 11:21 pm Post subject: |
|
|
..
Last edited by weiss on Sun Mar 08, 2009 9:18 am; edited 1 time in total |
|
| Back to top |
|
|
BL4CK
Joined: 02 Jun 2008
Posts: 2
Reputation: 0
|
| Posted: Sun Jun 08, 2008 2:47 pm Post subject: |
|
|
| What program is used to capture the hash that is needed? wireshark? airodump? I looked at the four packets (handshake) that I captured in wireshark, and I couldn't find my actual wpa psk in any of them |
|
| Back to top |
|
|
weiss
Joined: 13 Dec 2005
Posts: 232
Reputation: 83
|
| Posted: Mon Jun 09, 2008 9:57 pm Post subject: |
|
|
i plan on writing a module that cracks the hash using packets from 4 way handshake, but haven't time so far.
the module here is only used for recovering plaintext of wpa-psk hash. |
|
| Back to top |
|
|
|
