Articles by "wifi"
Showing posts with label wifi. Show all posts
The developer Jens "atom" Steube, of the HashCat cracking application ,  has found a new vulnerability in the wireless networks protected with WPA-WPA2 PSK (Pre-Shared Key) with fast  roaming activated , since they are vulnerable to a new method of attack . Unlike other attacks , no connected client is needed , since the router is attacked directly by obtaining the PMKID value Nor does it require full handshake (4 ways).




Previous WPA / WPA2 attacks required an attacker to wait patiently while listening on a wireless network until the user successfully logged in. Then they could capture the four-way greeting to "decipher" the key.

New vulnerability in WPA2-PSK 

The developers  discovered this attack quite accidentally  while they were looking for  possible attacks for WPA3 , which will be much more difficult to attack thanks to the use of  Simultaneous Authentication of Equals (SAE) , which makes it  immune to passive, active attacks, or attacks with dictionary. 

WPA2, stands for  WiFi Protected Access 2 , is considered as the system to protect wireless networks of maximum security. Recall that WPA2 is a security protocol for WiFi networks with 15 years old (published in 2004), and has its replacement in WPA3.

WPA and WPA2 differ little conceptually and differ mainly in the encryption algorithm they employ. While WPA bases the encryption of communications on the use of the TKIP [ Temporary Key Integrity Protocol ] algorithm , which is based on RC4 like WEP, WPA2 uses CCMP [ Counter-mode / CBC-MAC Protocol ] based on AES [ Advanced Encrytion] System ]. The second notable difference is found in the algorithm used to control the integrity of the message. While WPA uses a less elaborate version for the generation of the MIC code ( Message Integrity Code ), or code "Michael" , WPA2 implements an improved version of MIC.

WPA-PSK / WPA2-PSK and TKIP or AES use a pre-shared key (Pre-Shared Key = PSK) of 8 or more characters long, and a maximum of 63 characters. 

The key to the attack they have discovered is that, unlike previous ones, you do not need to capture the  4-way EAPOL handshake  (Extensible Authentication Protocol over LAN) as needed with KRACK . Instead, the attack will extract the RSN IE (Robust Security Network Information Element ) from a single EAPOL frame. The RSN IE is an optional field that contains the (PMK), which is generated by the router itself when a user tries to authenticate. The main advantages over other types of attacks already known are:



  • No more regular users are required, because the attacker communicates directly with the AP (also known as "no client" attack)
  • No more waiting for a complete 4-way handshake between the regular user and the AP
  • No more eventual retransmissions of EAPOL frames (which can lead to results that are impossible to decipher)
  • No more invalid passwords sent by the regular user
  • No more EAPOL frames lost when the regular user or the AP is too far away from the attacker
  • Fixing of nonce and replaycounter values ​​is not required (resulting in slightly higher speeds)
  • No more special output format (pcap, hccapx, etc.) - the final data will appear as a regular hexagonal encoded string 




Pairwise Master Key Identifier (PMKID)


The PMKID is calculated using HMAC-SHA1 where the key is PMK and the data part is the concatenation of a fixed string label "PMK name", the MAC address of the access point and the MAC address of the station.

PMK = PBKDF2 (HMAC-SHA1, PSK, SSID, 4096, 256)
PMKID = HMAC-SHA1-128 (PMK, "Name of PMK" | MAC_AP | MAC_STA)

In addition, obtaining the handshake is much easier by obtaining the Pairwise Master Key Identifier (PMK). They have also added a new method of hash resolution called hash-mode 16801, which allows to skip the PMK computing part , which is what until now made the cracking of WPA so slow. So, now it is much easier to obtain the hash, but to crack it is still as difficult (or easy) as always, depending on the means available. 

16801 mode waits for a list of precalculated PMKs, as hexadecimal encoded strings of length 64, as the list of input words. To precalculate the PMKs, you can use the hcxkeys tool. The hcxkeys tools require the ESSID, so you must request the ESSID of your client in advance. 

Discoverers do not know what is the scope of the vulnerability, nor how many devices and routers will work. What they do know is that it will work on any network that has roaming enabled  (802.11i / p / q / r) (the most modern routers). Many companies with WPA2 Enterprise use PSK, so their networks are now vulnerable to these new attacks.