Wi-Fi Security: Cracking WPA With CPUs, GPUs, And The Cloud

WPA Cracking: It Starts With Sniffing

There are three steps to penetrating a WPA-protected network.

  1. Sniffing: Intercepting packets in order to get the data necessary to perform an attack.
  2. Parsing: Inspect the harvested packets to see if there's a valid handshake. This is the critical step. The information you're trying to capture consumes less than 1 MB, but it's important that it includes packets that contain PTK authentication information. This means that someone needs to log on to the network while you're sniffing.
  3. Attacking: Employ brute-force password cracking.

The entire process of sniffing, parsing, and attacking tends to be modular, but the exact procedure is a little different, depending on the operating system. At the moment, Linux is the preferred route for many networking ninjas, but there are tools in Windows that streamline the process too.

No matter what software route you take, making this happen isn't as easy as typing in the right commands. Getting past the sniffing step is perhaps the most difficult part because it requires a particular type of wireless card. Specifically, you need one that has drivers able to provide access to low-level 802.11 protocol information. The majority of wireless cards don't cut it because they use a driver that filters the RAW 802.11 packets and hides them from the upper layers of the operating system.

1 Minute: Setting Up Sniffing1 Minute: Setting Up Sniffing

But the right equipment doesn't cost an arm and a leg. Many compatible wireless cards cost less than $50. Ultimately, skill is what separates the beginners from hackers. Without giving you the blow-by-blow, these screenshots give you an idea of how easy it can get. In all, I spent about 10 minutes getting the information needed to set up the password attack, which is step three.

3 Minutes: Finding A Target3 Minutes: Finding A Target

There is one caveat worth mentioning. Capturing the authentication information (four-way handshake) requires you to monitor for the packets transmitted when a client attempts to connect with an access point (AP). The act of connecting is what generates the packets that hackers are interested in exploiting. If there are no wireless clients connected, a hacker must wait for someone to establish a connection. Checking your morning email just got a little more real, didn't it?

If a client is already connected, it is still possible to capture the requisite information by forcing a reconnection attempt. How, you ask? By targeting a specific user and booting them off the network with one simple command-line instruction.

5 Minutes: Capturing Four-Way Handshake5 Minutes: Capturing Four-Way Handshake

After we're done sniffing, we have to use a cracker to brute-force every master key against the PTK. Between Linux and Windows, there are fewer than 10 programs that actually perform the brute-force attack. The majority of them, such as Aircrack-ng and coWPAtty, rely on a dictionary attack. That means you need to provide a discrete database of words to check against. In the end, there are really only two programs that perform truly random brute-force attacks: Pyrit (combined with John the Ripper in Linux) and Elcomsoft's Wireless Security Auditor (Windows).

It should come as no surprise that coordinating an attack in Linux is more involved than Windows. Aircrack-ng is used to sniff and parse. Then you switch to Pyrit in pass-through mode via coWPAtty (PMK-PTK conversion) for the brute-force attack. In comparison, Elcomsoft offers a much more fluid experience with its Wireless Security Auditor. Admittedly, that app is so easy to use, a caveman could do it. It sniffs (provided you have an AirPcap adapter), parses, and attacks a WPA-protected network in no more than 10 mouse clicks.

Although cracking is slightly more complicated to pull off in Linux, it's also less expensive. The fully-automated version of WSA runs $1199, but it lets you use up to 32 CPU cores and eight GPUs, it adds sniffer support, and it features support for dedicated cracking hardware like Tableau's TACC1441 (the serious FPGA-based stuff). The standard version is more limited. It's restricted to two CPU cores and one GPU and only costs $399. You do need a third-party app for the sniffing step, though.

OS
Linux
Windows
Windows (fully automated)
Sniffing
Aircrack-ng
Aircrack-ngWireless Security Auditor Pro Edition
Parsing
Aircrack-ngWireless Security Auditor Std. EditionWireless Security Auditor Pro Edition
Cracking
Pyrit via CoWAPtty
Wireless Security Auditor Std. Edition
Wireless Security Auditor Pro Edition
Software Cost
Free
$399
$1199


Brute-Force Cracking

If you want more information on how brute-force attacks work, we suggest that you read page four of Harden Up: Can We Break Your Password With Our GPUs?. In a nutshell, brute-force attacks involve "guessing and checking" on a much larger and faster scale in an attempt to defeat passwords.

Unlike online banking passwords, WPA doesn't have any authentication restriction. If you're persistent enough, you can keep guessing passwords until hell freezes over.

Available Characters Using The  English Language
Possible Passwords, Two Characters
Possible Passwords, Four Characters
Possible Passwords, Six Characters
Lower-case
676
456 976
308 915 776
Lower- and Upper-case
2704
7 311 616
19 770 609 664
Lower-case, Upper-case, and Numbers
3844
14 776 336
56 800 235 584
All (Printable) ASCII Characters
8836
78 074 896
689 869 781 056


Brute-force attacks are only effective when they can check passwords at a high speed, as the number of potential passwords grows exponentially with a larger character set and longer password length (possible passwords =n[password length] , where n is the number of possible characters).

Most of the time, hackers don't know the length of your password, though. That's why they have to perform an exhaustive search of all possible combinations, starting from a list of single-character options.

Create a new thread in the US Reviews comments forum about this subject
This thread is closed for comments
80 comments
Comment from the forums
    Your comment
    Top Comments
  • compton
    Thanks for another article that obviously took a lot of work to put together. The last couple of articles on WiFi and archive cracking were all excellent reads, and this is a welcome addition.
    14
  • Other Comments
  • fstrthnu
    Well it's good to see that WPA(2) is still going to hold out as a reliable security measure for years to come.
    6
  • runswindows95
    The 12 pack of Newcastles works for me! Give that to me, and I will set you up on my wifi! Free beer for free wifi!
    9
  • Soma42
    I think I'm going to go change my password right now...
    9
  • Pyree
    runswindows95The 12 pack of Newcastles works for me! Give that to me, and I will set you up on my wifi! Free beer for free wifi!


    Then either beer at your place is really expensive or internet is really cheap. Need 6x12 pack for me.
    3
  • compton
    Thanks for another article that obviously took a lot of work to put together. The last couple of articles on WiFi and archive cracking were all excellent reads, and this is a welcome addition.
    14
  • mikaelgrev
    "Why? Because an entire word is functionally the same as a single letter, like "a." So searching for "thematrix" is treated the same as "12" in a brute-force attack."

    This is an extremely wrong conclusion. Extremely wrong.
    -11
  • Anonymous
    What about the permutations of the words?
    i.e ape can be written:
    ape, Ape, aPe, apE, APe, aPE, ApE, APE.
    Thats 2^3=8 permutations. Add a number after and you get (2^3)*(10^1)=80 permutations.
    You can write PasswordPassword in 2^16=65536 ways.
    How about using a long sentence as a password?
    i.e MyCatIsSuperCuteAndCuddly, thats 2^25 permutations :)
    4
  • molo9000
    Any word on MAC address filtering?
    Can you scan for the MAC addresses? It's probably easy to get and fake MAC adresses, or it would have been mentioned.


    *scans networks*
    12 networks here,
    1 still using WEP
    10 allowing WPA with TKIP
    only 1 using WPA2 with AES only (my network)
    7
  • agnickolov
    Considering my WPA password is over 20 characters long I should be safe for the foreseeable future...
    5
  • ojas
    Interesting article, i see that my fortress is safe :)
    2
  • dickcheney
    molo9000Any word on MAC address filtering?Can you scan for the MAC addresses? It's probably easy to get and fake MAC adresses, or it would have been mentioned.*scans networks*12 networks here,1 still using WEP10 allowing WPA with TKIPonly 1 using WPA2 with AES only (my network)


    Same over here. I have a guest though, its a bit weaker than my main network. The guest is a 20 alphanumerical character long WPA2 AES-256bit. My main is 40 character long... Guess I went a bit overboard.
    3
  • gokanis
    aaron88_7"12345, that's amazing, I've got the same combination on my luggage!"Still makes me laugh every time!


    One of the best lines in the movie...
    0
  • fausto
    i better check on security when i get home
    1
  • banthracis
    molo9000Any word on MAC address filtering?Can you scan for the MAC addresses? It's probably easy to get and fake MAC adresses, or it would have been mentioned.*scans networks*12 networks here,1 still using WEP10 allowing WPA with TKIPonly 1 using WPA2 with AES only (my network)


    MAC address filtering is a joke, especially if the network actively broadcasts its SSID. Simple reason, MAC address and IP info is not even encrypted when sent over the air. So, wait for legit user to connect, grab his MAC, spoof MAC address and enjoy.
    3
  • acku
    Anonymous said:
    "Why? Because an entire word is functionally the same as a single letter, like "a." So searching for "thematrix" is treated the same as "12" in a brute-force attack."

    This is an extremely wrong conclusion. Extremely wrong.



    If you truly understand programming, then you know that my statement is a comparison of dictionary vs. brute-force attacks. In a dictionary attack, you provide a wordlist, which is used to make unique combination. For a brute-force attack, each letter is randomly selected and joined together in a string. The length of a password has no bearing on the number of KDFs. I suggest that you read Ivan Golubev's blog post and hit up the BackTrack forums if you need help understanding why this is the case.

    Quote:
    "Next Big Bang" do you known what moore's law is? that "All (Printable) ASCII characters" 12 character password will be cracked in your lifetime, possibly with the cpu power of your cell phone.
    in 1982 we had spectrum zx with a z80 cpu running @3.5mhz. now I've an intel E7-8870 with 10cores running @E7-8870. not to mention like you demonstrated that gpu's are far more powerful cracking passwords. Also you can use other programs, pyrit is not the best for cracking with gpu's. Also you can use rainbow tables.
    Your assumption that a WPA2 with 12 characters is safe forever is very wrong and missleading and dangerous. It's the same assumptions that made people believe WEP was ok to use forever. now we can crack wep under 1 minute.


    RISC? That better be distributed if we're going to walk down that path. And as I've explained time and time again, rainbow tables are not valid for this type of attack. I purposely explained why under "Understanding WPA/WPA2."

    Second, I'm not sure what you're using but Pyrit is considered the standard by which other brute-force crackers are measured for WPA/WPA2. It's what's used at DEFCON. Our version has some optimizations, but again, it you go to any of the major security conferences, you'll find that it's what people use.

    Third, WEP is can be broken with relative ease because it's not a brute-force attack that renders it ineffective. It's a related key attack. Any nondirect attack leverages weaknesses in order to compromise a system. That's a different ballpark. We're dealing with cracking at the lowest common denominator.

    Quote:
    What about the permutations of the words?
    i.e ape can be written:
    ape, Ape, aPe, apE, APe, aPE, ApE, APE.
    Thats 2^3=8 permutations. Add a number after and you get (2^3)*(10^1)=80 permutations.
    You can write PasswordPassword in 2^16=65536 ways.
    How about using a long sentence as a password?
    i.e MyCatIsSuperCuteAndCuddly, thats 2^25 permutations :)


    Permutations of words don't count in a dictionary based attack. I mean com'on. :) Let's be reasonable. You're either paranoid at this point or too smart. Though, I'd argue that caps on the first letter is easily defeatable.

    Cheers,
    Andrew Ku
    TomsHardware.com
    6
  • custodian-1
    All through history people have tried to lock things if someone locks it someone else will figure how to unlock it. It may me mathematically impossible but it's not the only way. Someone will have to know the password and we are fallible.
    2
  • WyomingKnott
    Quote:
    or amateur script kiddies testing their meddle.

    I try to avoid picking on grammar or word errors, since it seems that many of these articles are translated from German. But this is a beauty.

    The phrase is usually "testing their mettle," which the dictionary on Yahoo! defines as "Courage and fortitude; spirit." The usual error on this phrase is the substitution of the word "metal" by spell checkers, dictation software, or people who don't know the origin of the phrase.

    But since these kiddies do indeed "meddle" with out networks, our data, and our lives, the substitution works elegantly.
    0
  • jamie_1318
    Man sucks for all you people who live close enough to there neighbor to worry about their password being hacked. My nearest neighbor is more than 200m away, and than I live in a brick house, so it barely goes out the windows. It would be pretty obvious if some dude was standing outside my house accessing my files.
    -2
  • djridonkulus
    Why don't they limit the number of authentication attempts like you said in the article like banks? Wouldn't that kill all attempts at brute force hacking?
    3