In-depth explanation of WPA-PSK-TKIP and AES cracking

Pre-knowledge 1) the dangers of wireless network security and potential threats have been explained before. Here, we will not repeat them here. The main intrusion methods can be described as follows. Javascript: dcs. images. doResizes (this, 0, null)

Prerequisites

1) wireless network security and potential threats

We have already explained its harmfulness. We will not repeat it here. The main intrusion methods can be described as follows.

Javascript: dcs. images. doResizes (this, 0, null); border = 0>

When hackers obtain the AP encryption password, they can configure it on their wireless network card, and then they can access the Internet through the AP. Of course, in other words, it directly enters the peer intranet.

2) wireless terminology

AP is (WireLess) AccessPoint (Wireless) Access Point.

WEP encryption refers to the use of a shared key and RC4 encryption algorithm. However, due to its own algorithm defects, attackers can perform IV (initialization vector) brute-force cracking by capturing the data frames transmitted by the current AP.

WPA encryption, that is, Wi-Fi ProtectEdThe function of Access and WPA is to replace the current WEP (Wired Equivalent Privacy) Protocol. Its encryption feature makes it more difficult to intrude than WEP. Therefore, if you have high data security requirements, you must use the WPA encryption method (Windows XP SP2 already supports the WPA encryption method ).

3) Introduction to WPA

WPA is currently the best wireless security encryption system, which inherits the basic principles of WEP and solves the disadvantages of WEP. Because the algorithm for generating the encryption key is enhanced, even if the group information is collected and parsed, it is almost impossible to calculate the general key. The principle is to generate different keys for each group based on the general key and the serial number indicating the computer MAC address and group information. This key is then used for RC4 encryption like WEP. Through this processing, the data exchanged for all group information of all clients is encrypted by different keys. No matter how much data is collected, it is almost impossible to crack the original universal key. WPA also adds functions and authentication functions to prevent data tampering in the middle. With these features, the disadvantages of WEP that were previously criticized have to be completely solved.

WPA includes temporary Key Integrity Protocol (Temporal Key Integrity Proto)Col, TKIP) and 802.1x. Together with 802.1x, TKIP provides dynamic key encryption and mutual authentication functions for mobile clients. WPA periodically generates unique encryption keys for each client to prevent hacker intrusion. TKIP introduces a new algorithm for WEP, these new algorithms include extended 48-bit initial vectors and related sequence rules, packet key construction, key generation and distribution functions, and information integrity code (also known as Michael code ), this greatly improves the encryption security strength.

As the actual configuration, WPA settings include Pre-shared keys and Radius keys. The Pre-shared key has two cryptographic methods: TKIP and AES. The RADIUS key is authenticated by the RADIUS server and can dynamically select TKIP, AES, and WEP.

Because WPA has the ability to run the "pre-shared key mode", WPA deployment in the SOHO environment does not require authentication servers. Similar to WEP, a client's pre-shared key (often referred to as a "pass word") must match the pre-shared key stored in the Access Point. the Access Point uses the pass word for authentication, if the traffic characters match, the client is allowed to access the access point.

Encryption and cracking steps of Wireless Access Point WPA-PSK

For some reason, I have hidden some MAC addresses.

First, configure the encryption level as D-LINK on the Wireless AP that tested with the WPA-PSK to enable TKIP. Then, use the BackTrack2 disc in the attacker's notebook to start the boot system, that is, BT2. After entering the system, go to the Shell interface and enter "startx" to enter the graphic interface.

In the graphic interface, open a Shell and enter"Ifconfig-A: view the current Nic. Here, I use a USB Nic as an example. We can see that there is a NIC named rausb0. The status is not loaded. Here, the NIC driver is not loaded.

Many new users will face the problem of unsupported Nic drivers when cracking WPA. Here, we want to ensure that more Nic drivers can be identified and loaded normally, upgrade Aircrack-ng 0.7 r214 to a later version of AirCrack-ng 0.9.1r784. We are glad that the upgrade tool has been designed in BT2. The method is as follows: Enter:

Cd/

Cd pentest/wireless

UpDate-Aircrack. sh

You can upgrade the network, as shown in figure 2.

Javascript: dcs. images. doResizes (this, 0, null); border = 0>

After the upgrade, enter "aircrack-ng" to check whether the current version is updated to aircrack-ng 0.9.1 r784, you can enter "ifconfig-a rausb0 up" to load the usb nic Driver.

Next, we can use tools such as Kismet and Airosnort to scan the AP of the current wireless network. If Kismet is used, the software clearly shows the AP channel, traffic, and encryption. Then, we need to activate the NIC to the monitor mode for subsequent cracking,CommandFor: "aiRmOn-ng start rausb0 ". Note that if no upgrade is performed before, it may be shown in 3. If you have upgraded to aircrack-ng 0.9.1, 4 is displayed. You can see that the driver has been corrected and loaded properly.

 

Then enter the command to start sniffing andPacket CaptureThe command is "airoDuMp-ng-w ciw. cap -- channel 6 rausb0 ". Here ciw. cap is the file name of the packet capture file I set. After you press enter, we can see that WPA is used for encryption, as shown in Figure 5.

In this case, Deauth is required to facilitate the acquisition of WPA handshake verification packets, which is used for AP attacks that use WPA authentication and can force the AP to re-perform handshake verification with the client, this makes interception possible. Command: "aireplay-ng-0 10-a AP \'s MAC rausb0" or "aireplay-ng-0 10-a AP \'s MAC-h Client \'s MAC rausb0". Here, "-0" refers to DeautentiCatE attack method, followed by the number of sent packets. "-a" is followed by the MAC address of the AP to be intruded. "-h" is recommended for better performance, this is followed by the MAC address of the monitored client, which is displayed in 6, and then the USB wireless Nic, as shown in 6.

 

Note that Deauth attacks often fail once. To ensure successful interception, it must be repeated. It should be noted that during the attack, other wireless clients of the AP may be unable to access the Internet normally, that is, the network may be disconnected frequently, and some low-end APs may cause their wireless functions to be suspended and cannotPingYes. Restart required.

Next, we need to build the dictionary needed to crack the WPA-PSK. There are a lot of tools for creating dictionaries. We can build them on our own, given the length of this article. In fact, BackTrack2 has prepared a dictionary for us. Enter "zcat/pentest/password/dictionaries/wordlist.txt. Z> password.txt" to create a dictionary named password.txt, which contains a combination of frequently used words, letters, and numbers. Of course, you may need a dictionary suitable for domestic conditions.

After that, we can enable aircrack-ng for Synchronous cracking. The command is: "aircrack-ng-w password.txt ciw.cap”, and the character-w”here is the dictionary. password.txt is the dictionary just created, the following is the packet capture file captured for WPA verification. After you press enter, you can see the result 7.

 

Note that the password cracking time depends on the difficulty of the password, Dictionary inclusion, memory, CPU, and so on. In general, crack WEP encryption time can be at least 1 minute, but crack the WPA-PSK unless the code is indeed very corresponding, the fastest 1 minute can be, but in most cases, it takes 20 minutes to spend less, and hours to spend more. After all, not all users use passwords such as test and admin123. Figure 8 shows the interface after successful WPA-PSK encryption cracking.

Figure 8

In addition to AirCrack-ng, here you can also use Cowpatty to crack the WPA-PSK, the tool is specially used to crack the WPA-PSK key, the method is as follows.

Enable Ethereal, WireShark, and other sniffer tools to open the previously captured cap file containing the WPA handshake, and use eapol to filter the captured Key data, as shown in figure 9, save it as wpa. cap file. Then you can use Cowpatty to work with the dictionary to crack the code. The specific command is: "cowpatty-f passd.txt-r wpa. cap-s AP 'sssid-v ". In this example, the -fsid is a dictionary, and passd.txt is a dictionary. "-r" is followed by another packet capture file for WPA verification. "-s" is followed by ESSID of the monitored AP, the last "-v" shows the detailed process. 0 is the interface after WPA encryption is successfully cracked using Cowpatty.

 

 

Figure 9

0

Now that you have obtained the WPA-PSK encryption password, you can configure your own wireless network card, you can access the Internet through the AP. In other words, it is connected to the peer intranet.ArchitectureOr what BSD and Unix operating systems are used, we can bypass all of them by intruding the wireless network and directly attack the Intranet. If the penetration of a specified target cannot be achieved by injecting Elevation of Privilege or other methods, you may wish to try it in the wireless field, which may be even more rewarding.

In addition, there will be some details during the cracking. Let's talk about it briefly. The data packet that has not captured the WPA handshake is displayed as shown in Figure 11 during the cracking. AiroDump-Ng sometimes prompts, as shown in 12.

1

2

Differences between WPA-PSK-TKIP and WPA-PSK-AES Encryption

From the perspective of the intercepted handshake packet, the verification part of the WPA-PSK-TKIP handshake packet will be displayed as eapol wpa Key (254), the Key length is 32; the handshake package validation section of the WPA-PSK-AES is displayed as eapol wpa Key (254) and the Key length is 16. If you click to open the Key information, you can see a clear AES encryption prompt, as shown in 13.

3

Common attack error prompts and Solutions

Q: Why does the Deauth attack packet using Aireplay fail to respond?

A: There are two main reasons. One is that the wireless network adapter may not support these wireless tools well. For example, the 2200G wireless network adapter that comes with many laptops refers to BT2, in Windows, the solution is different. Second, the Wireless Access Point has its own problems. Some APs may lose response within a short period of time after being attacked. They must be restarted or wait for a while before they can return to normal operation.

Q: Windows can crack the WPA-PSK?

A: You can use Winaircrack for cracking. The final cracking steps are similar. However, if you want to use it for a complete attack, many wireless Nic drivers will not be supported due to its simplified version. In addition, it basically does not have the Deauth attack capability, so unfortunately, it is not allowed to attack. It can only be used to crack the obtained WPA handshake package.

Finally, I am Christopher Yang, the leader of ZerOne. I hope this article will help you better understand the development situation in the wireless security field. If there is any unclear or incorrect description in this article, please correct me. ZerOne Security Team has been keeping a low profile before and has recently decided to emerge. wireless Security is our direction and we are working hard to connect with foreign technologies.