Run PIN code to crack the wireless network WiFi password principle analysis (turn)

Source: Internet
Author: User
Tags strong password

Is your home wireless router secure? Did anyone rub the net? Where is the vulnerability of the wireless router? So avoid rubbing the net?

To understand this, you must understand the principles of encryption and decoding.

Tools/Materials
    • Computer

    • Enough good enough WiFi signal source

    • USB Wireless Card (not required)

    • A little patience.

Basic knowledge
    1. 1

      General wireless encryption and crack classification:

      1, WEP encryption: This kind of encryption is older, very insecure, very easy to be cracked, now the wireless router has abandoned such encryption method.

      2, PWA/WPA2 PSK encryption. This type of encryption is reasonable and safe, but because many routers in order to facilitate users to surf the internet, set up the QSS fast connection function (or called WPS function). The point today is to be here.

      END
Hack method
  1. 1

    The decryption of the WEP signal

    This kind of encryption is very insecure, if your home router uses this encryption method, please replace it immediately.

    The decryption of WEP encrypted wireless signals relies on two factors.

    First, signal strength

    Second, whether there are online clients

  2. 2

    If the signal is strong, there are also clients online, through the WEP Hack tool, 10 minutes of things. This type of hack is done by grasping the packet, injecting, and then acquiring the password, as long as there is such a signal, 100% can be broken.

    Tools for yourself, WIFITE,MINIDWEP.

    Both of these tools are under Linux, but this is not the focus of the day and needs to be used flexibly according to the following tutorials.

  3. 3

    Decrypt the WPA encrypted WiFi signal.

    There are two kinds of WPA signals, one is early, no WPS function, the other is 2012 ago router, support WPS function, and QSS function.

    Look at your home behind the router, whether there is a QSS tag, if there is, you should be careful.

  4. 4

    WPA WiFi password cracking in two ways, one is the legendary grab bag, one is to run PIN code.

  5. 5

    To hack the tool to use:

    1, Linux environment (recommended to use Cdlinux, their own search, small, convenient, integrated tools and more)

    2, external wireless network card

    3. Empty U disk

  6. 6

    There are several ways to crack: Although the method is different, but the process and procedure are consistent, so I first say the method, say the steps. (There are many more fierce methods, but all are command-line interface, frankly, there are graphical interface and can be used, I do not like to delve into the command-line interface method, even if those methods are good)

    1, the Linux environment through the soft disk (UltraISO) to burn to a U disk (method on the Internet, lazy direct search keywords "How to use Soft disk (UltraISO) to make Ubunutkylin Startup Disk" This is also my experience, Replace the ISO file in the tutorial with the cdlinux ISO to write to the USB flash drive, and use the USB stick to boot the computer into the Linux environment to hack.

    2. In a Windows environment, install a virtual machine and run the Linux environment from the virtual machine. Virtual machine installation and use, should not be a problem, and need, their own Baidu, or contact me.

    3, install a Linux system (for a bit of Linux), such as BT Series, Kali, or the most common Ubuntu, and then install their own cracked tools, such as minidwep,wifite, pumps, bottles and so on.

    END
Grab packet hack WPA encrypted WiFi signal
  1. 1

    Grasping the packet crack, theoretically speaking, is 100% can be cracked.

  2. 2

    Let's talk about the principle of grasping the bag:

    WiFi signal is encrypted, if you want to log on to the wireless router, it is necessary to send a request to the router, the request and the wireless router to establish a connection, this request is a package, called the handshake package, this package contains you send a password in the past, but this password is encrypted.

  3. 3

    The success or absence of a catch-wrap hack depends on the following five areas:

    1, signal strength;

    2, whether there are clients online;

    3, the machine is strong enough to run the package;

    4. Is the dictionary useful?

    5. Luck

  4. 4

    Start to grab the bag, grab the bag tool using MINIDWEP Bar, this tool can grab the bag, also can run PIN.

    After entering the Cdlinux environment, click MINIDWEP-GTK, the software will have a hint,

  5. 5

    In this case, you need to attach the external network card inside the virtual machine, if you are using a USB stick to guide the system to crack, ignore this step:

    Click "Virtual Machine"-"mobile device"-"your wireless Card"--"connection" at this time the wireless network card is only hanging in the virtual machine inside, in order to normal use.

    When the software is turned on, the recognized network card is displayed in the upper left corner, click Scan, and start searching for nearby wireless signals.

  6. 6

    After the scan, there will be a lot of signals, but not all the signals you have to crack, first select have cracked value.

    1, the signal is limited (the lower the absolute value of the signal, the stronger, for example, 55 of the signal is the strongest.) )

    2, have the client's priority

    3, the priority of the 7x24 boot

  7. 7

    Select a signal, then click "L Start"

    The next step is to send a software attack command, forcing the client to come offline, re-connect, and then get a handshake packet.

    At this point to see the number of packets caught, the more the probability of cracking the higher. If the other side is watching video, or download, anyway, there is network activity, then the likelihood of catching the bag is very high.

    Bencons value If there is no significant increase within 10 minutes, you can give up.

    Just a little bit, and I got a bag. 2

    Click OK to explode.

  8. 8

    At this time there are two options, one is in the virtual machine with MINIDWEP for blasting, the other is to grasp the hand bag copy out, to Windows with other powerful computer to crack, such as with EWSA. This software support graphics acceleration, will cost you to improve the speed of the crack, recommend this approach. But the premise is that you have a strong enough dictionary and good enough machines and good luck.

    Click OK to select a dictionary to hack. Running the dictionary situation 2

  9. 9

    Found the password, that's what it looks like.

    This method depends on the strength of your patience and password dictionary, as well as the machine and character that runs the dictionary.

    The advantage of this approach is that as long as the time is long enough to catch the bag, it will certainly be able to crack out.

    The downside is that you need a strong password dictionary and strong hardware support.

    In case of bad character, encounter a 15-digit password, then the headache. I hope you encounter a weak password.

    END
Running pin code to crack WiFi password principle
  1. 1

    Here is the play, run pin code hack wifi password. This method is faster than the above.

    WPS (Wi-Fi Protected Setup) is the abbreviation for Wi-Fi protection settings. WPS is a certification program implemented by the Wi-Fi Alliance organization, which focuses on simplifying the configuration of wireless LAN installation and security performance. WPS is not a new security feature, it simply makes existing security technologies easier to configure.

  2. 2

    For general users, WPS provides a fairly simple encryption method. This feature not only enables fast interconnection of both Wi-Fi devices with WPS functions and wireless routers, but also randomly generates a eight-digit string as a personal identification number (PIN) for cryptographic operations. Eliminates the need to manually add the network name (SSID) and the tedious process of entering a lengthy wireless encryption password when the client needs to connect to the wireless network.

  3. 3

    How long does it take to hack the network? is a matter of primary concern. If the crack time takes days or weeks, or even a non-terminating time, the vulnerability might not be so important.

    Someone once did a test that would take 8 hours to complete a 8-digit WPA password on 3K/SEC's computer. If the PIN code is random 8 bits, consider the bad signal, the device is overloaded, there is a reasonable delay waiting for PIN authentication results (if the PIN code verification fails, the program will wait for a long time to prompt, here specifically QSS software) and other factors ... It's not realistic to think of WPA encryption in a short time. Some people may think that 10 hours can be fixed, it will take 100 hours, 1000 hours to finish. But this kind of manpower and material resources, really good value for money? Unless it's a wireless AP with a big meaning, it's worth it.

  4. 4

    First, the PIN code in WPS encryption is the only requirement for access between network devices, and no other means of identification is required, which makes brute force possible.

    Second, the 8th digit of the WPS pin is a checksum (checksum), so the hacker simply calculates the first 7 digits. In this way, the number of unique pins is reduced by one level to 10 7, which means there are 10 million variations.

  5. 5

    When implementing pin identification, the access point (the wireless router) is actually to find out if the first half of the PIN (the first 4 bits) and the second half (the last 3 bits) are correct. When the first PIN authentication connection fails, the router sends a EAP-NACK message back to the client, and through that response, the attacker will be able to determine whether the first half of the pin or the second half is correct. In other words, a hacker simply finds a 4-digit PIN and a 3-digit PIN from a 7-digit PIN. In this way, the order is reduced, from 10 million changes, reduced to 11000 (10 of 4 +10-square) species change. Therefore, in the actual crack attempt, the hacker can only Test 11,000 times, on average, only about 5,500 times to solve the test. This also confirms the feasibility of cracking the pin code within 2 hours.

    END
To run a pin code hack wifi password steps
  1. 1

    Enter the Cdlinux interface, open the MINIDWEP, scan the signal, the usual:

    1, Signal Strong Limited (the smaller the absolute value of the signal, the stronger. )

    2, have the client's priority

    3, the priority of the 7x24 boot

    4, at this time to select a signal with a WPS mark after the crack.

  2. 2

    Select a signal with a WPS marker, then click "Reaver"

    There are a lot of parameters that can be changed before you know what they mean, just by default.

    Click OK

  3. 3

    The hack interface is as follows:

    If the crack speed is lower than 5s/pin, indicating that the signal is not strong enough, it is recommended to put the wireless card as close as possible to the source of the place, or change a signal.

    If you are prompted to wait 60 seconds to try again, that means that the route is a new version of the anti-pin function, but I secretly tell you that this anti-pin to you is a pseudo-anti-pin, and so on 60 seconds after the software continue to crack. Such a router has a benefit, because you each pin him for a while, the router rejects you for a minute, equivalent to a router rest a minute, you know, so the router is not easy to die.

    If the PIN code is always the same value, the router hangs, another time to pin, here to illustrate a point, if you use the virtual machine pin, each pin end, do not get results, do not shut down the virtual system, directly shut down the virtual machine, point "hang", so you next open the virtual machine, reconnect the network card, Or choose the signal you do not have a pin to play, you can continue the last progress.

    If it is a USB stick boot to crack, you need to manually save the log file, the next time the hack and then copy the log files to Linux, to continue the last progress.

  4. 4

    Here is the wait.

    By the principle mentioned above can know, crack is first to crack the first four, if wrong, and then a four-digit number to crack, so you are likely in a very short time, the crack progress jumped to 90%.

    That means the first four bits of the 8-digit PIN have been fixed. You can see that the first four digits of the pin value will not move, the following three will continue to change, is the poor lift, the last one is the checksum, regardless.

    General signal good, good quality router (will not be pin dead)

    The hack will end within two hours.

    Wait for the password!

    Once the password is found

    At this point you need to record someone else's pin, so that when someone changes the password, you can use this PIN code to easily get a new password.

    There is someone else's password: It's the back part of the WPA PSK.

    END
Using a pump to crack
    1. 1

      The pump is also a popular software, I update this tool. The way to crack is similar to the above, let me briefly say.

    2. 2

      Enter the system screen, click Inflator 1.0, start the program

    3. 3

      When the program opens, press Yes

    4. 4

      Select the first row of the Wlan0 point, after 10 seconds will prompt loading success.

      Load successfully prompts monitor mode enabled on Min0 (wlan0), click Next Next.

    5. 5

      Enter this interface and click Scan for WPS to enable the APS to scan for 30 seconds and then the signal will appear, next, select a signal, then next

    6. 6

      After entering this interface, click Run directly to start the hack.

      The later process and the minidwep of the same, wait for the password it ...

      END
Use Wifite to hack the wireless password
    1. Wifite is a fully automated, high-volume hack of the wireless password tool, as long as the time is long enough, you can hack out all the signals you have searched at once.

    2. Install a 32-bit Ubuntu

    3. Install Wifite, the system will automatically install dependent dependencies.

    4. 4

      Run sudo wifite in this terminal

      Scan the signal, after 30 seconds, enough signal, press CTRL + C to stop scanning

    5. 5

      According to the principle of signal selection, select the first sequence number of the corresponding signal, separated by commas with different signals, and then enter, at this time the software will be based on different signals to take a different approach to crack. After waiting patiently, you will get what you want.

      END
Precautions
    • This tutorial is for learning only and cannot be used for illegal activities.

    • To keep your wireless network safe, discard WEP encryption

    • Turn off the WPS function in the router

    • After three points, do not be afraid of trouble, try to use more than 20-bit wifi password, even if others caught the bag, will be very crazy.

Run PIN code to crack wireless network WiFi password principle Analysis (GO)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.