Cracking WPA networks with MacRuby
knoopx.netCorrect me if I'm wrong, but this isn't a brute force attack, its a dictionary attack. A brute force attack would go through every iterattion, like 00001, 00002...
true, it's a dictionary attack.
keys = File.read("./dictionary.txt").lines.to_a.reverse
As a followup we will demonstrate that technically advanced attacks on the ssh protocol are unnecessary when we are breaking in to a predetermined account with the password 'aardvark'.
How is this news? Connecting to a WPA protected AP to brute force a single character (256 times) isn't particularly impressive or useful. The speed at which the connects happen still make this impractical for large-scale attacks (or, attacks on an entire keyphrase).
What are the 256 keys the author cycled through? Does WPA only have 256 possible keys?
WPA does not only have 256 keys.
The author decided to show that if he knew all but one character of his network password, he could bruteforce the missing character. To that end, he took all 256 possibilities for that character, and computed the resulting keys. Then tried connecting with those keys.
This shows a connection rate of 30 attempts/2 minutes which is 0.25/second. That is not practical for most attacks.
Is there any reason the attacker would know all but one character? This seems pretty silly.
The way my cable modem is set up, there are only 16 bits of the WPA key that aren't shared with the MAC address in an obvious way. Because of the configuration, it's impossible for me to change this. So anyone with this knowledge can break into my network by changing two characters -- pretty trivial.
Who on earth do you have service with that doesn't let you set your own WIFI password?
Time Warner Wideband. I work around it by having a router behind the modem which firewalls off the rest of the network -- I treat the modem's side as completely untrusted. Not perfect, but it works.
I don't know who he has, but Time Warner does this in NYC. You have zero control over the configuration of the modem/router.
Sounds like a great defense in a file sharing lawsuit.
"Sorry, but I really have no idea how many people used my Wifi!"
But Time Warner will know it was just you :)
I've been wondering why know one hasn't written an application yet that breaks into a W-Lan Network as an alternative to typing in a password.
Obviously there are some legal considerations in certain countries regarding development, possession and usage of such an application but the risk seems to be rather small if you restrict network services, change the MAC and use End-to-End encryption. Besides you might even get away with calling it a tool for penetration tests.
Great demo of a new MacRuby API, not so great demo of cracking a wireless network.