This tutorial walks you through cracking WPA/WPA2 networks which use pre. WPA3 uses Simultaneous Authentication of Equals (SAE) to replace Pre-Shared Key (PSK) authentication methods previously used. So better is to be safe from these type of attacks by Using WEP encryption method to secure your wifi and prevent such attacks.
Hi all, I have done up this walk-through of keys involved in the encryption process in WPA-PSK, and how the software we use subsequently cracks it. There seems to be a lot of questions on the topic and there is a common misunderstanding of the process, I also didn't understand it until studying it at university.
To understand how we are 'cracking' a password, we must know how a client joins a network.
When a client/station (STA) authenticates with an Access Point (AP), it goes through the 4-way handshake. During the 4-way handshake information is shared accross the air so both the STA and AP can be certain that each entity is who they say they are.
I will go through an example of WPA-PSK.
Pairwise Keys: Used for communication between a pair of devices, typically a STA and an AP. PMK
- Pairwise Master Key. This is a key-generating key used to derive the PTK. PTK
- Pairwise Transient Key. Calculated by applying the HMAC-SHA1 function to the PMK, the MAC addresses of the STA and the AP, and nonces generated when needed.
Then the groupkeys, used for multicast communication, in which one STA sends MPDU's to multiple STAs. GMK
- Group Master Key. This is a key-generating key, used to calculate a key to encrypt messages to every client (broadcast). GTK
- Group Temporal Key. Derived from the GMK, calculated along with some other components. Exactly how the GTK is generated is undefined, however it is changed every time a device leaves or joins the network.
The passphrase is not the key!
This is what I'm here to clear up. In the instance of WPA-PSK, the PSK is the PMK as described above. This key is calculated as follows: Key = PBKDF2(HMAC−SHA1, passphrase, ssid, 4096, 256)
This is derived by using a Password Based Derivation Function. The ASCII passphrase is converted to binary, and the salt is the SSID of the AP which is combined with a counter value as the intiial input, this is then put through a HMAC for 4096 rounds. The calculation requires 256 bits, and the SHA1 only outputs 160 bits, so the counter goes up, and the rounds are calculated all over again.
OK now to why we're all here. The 4-way handshake and what happens. For those not in the know, the authentication process is set up over 4 packets using EAPOL (Extensible Authentication Protocol Over LAN).
Message 1: AP to STA
Transmitted over the air: Anonce
Message 1 delivers a nonce to the STA so that it can generate the PTK.
Message 2: STA to AP
Transmitted over the air: Snonce
(Supplicant nonce), MIC
(message integrity code).
Message 2 delivers a nonce to the AP so that it can also generate a PTK. It also demonstrates to the AP that the STA is alive, and ensures the PTK is fresh and there is no MITM. The STA now has all it needs to generate a PTK (PMK/PSK, Anonce
, AP MAC addr, STA MAC addr).
Message 3: AP to STA
Transmitted over the air: MIC
(encrypted by PTK).
Message 3 demonstrates to the STA that the authenticator is alive, ensuring that the PTK is fresh, and sends a MIC to demonstrate that there is no MITM. The AP can now generate a PTK.
Message 4: STA to AP
Transmitted over the air: MIC (encrypted, repeat of message 2).
Message 4 is merely an acknowledgement message, protected by a MIC.
So as you can see, not the PTK, and certainly not the PMK/PSK are ever transmitted over the air. What a sniffer could detect would be these 4 messages, which would contain the Anonce, Snonce, AP MAC address and the STA MAC address. And as you may have seen, you only really need the first 2 messages. The only thing missing from the equation is the PMK, which brings us to our cracker.
Taken from the aircrack-ng documentation:
With pre-shared keys, the client and access point establish keying material to be used for their communication at the outset, when the client first associates with the access point. There is a four-way handshake between the client and access point. airodump-ng can capture this four-way handshake. Using input from a provided word list (dictionary), aircrack-ng duplicates the four-way handshake to determine if a particular entry in the word list matches the results the four-way handshake. If it does, then the pre-shared key has been successfully identified.
This is why to decrypt packets you need a valid session handshake even if you have the password, there are new nonces to calculate a new PTK.
Sources: https://tools.ietf.org/html/rfc2898#section-5.2 https://www.aircrack-ng.org/doku.php?id=aircrack-ng#how_does_it_work https://crypto.stackexchange.com/questions/28975/encryption-algorithm-used-in-wpa-wpa2
Cryptography and Network Security - Principles and Practice 7th Global Edition.