What is performed from an attacker’s perspective?
An attacker would initially need to identify a wireless network that uses PSK authentication. This can easily be performed by using the aircrack-ng suite of tools, specifically the airodump-ng tool. The first step of this process would be for an attacker to start a capable wireless card (or USB wireless adaptor) in monitor mode. This can be performed with the following command (as an example):
airmon-ng start wlan0
ifconfig wlan0 down
Once the device is in monitor mode, the main interface is taken down (as per the second command).
The next step in the process is to identify a target network. Using the airodump-ng tool and only specifying the monitor interface (in this example, mon0) allows the device to hop between wireless channels. This is not ideal for capturing a specific network handshake but is useful to locate the specific channel for the next step:
The results would show several networks, each with varying signal strengths and configurations, but in our example we will use channel 1 with the ‘SureCloud-WiFi’ AP.
Our next step is to target this network. We do that by specifying additional arguments for airodump-ng:
airodump-ng mon0 –w surecloud-wifi-capture –channel 1
This command will capture wireless traffic to the file surecloud-wifi-capture-01.cap and will only focus on channel 1. Additional parameters can be specified, such as the use of –essid to target the network SSID name.
Once a handshake has been captured airodump-ng will note it at the top of the display. The next step following this is to clean up the capture file from any unnecessary packets not relating to the exchange, and to then ideally convert it to a hashcat-capable format for GPU processing. The following commands can be used to do this:
# wpaclean [output file] [input file]
wpaclean surecloud-wifi-clean.cap surecloud-wifi-capture-01.cap
# aircrack-ng [input file] –J [output file]
aircrack-ng surecloud-wifi-clean.cap –J surecloud-wifi-hashcat
Using Hashcat is the most efficient way to perform password attacks such as dictionary attacks. How to use Hashcat is outside the scope of this article, but there are excellent resources available online:
What is the background process behind this, from a technical point of view?
The key exchange handshake process uses several pieces of information, some of which is transferred over the air for the other device to make its necessary computations. This information includes:
- Pairwise Master Key (SSID, PSK)
- Authenticator Nonce (One-time key, generated by the Authenticator)
- Supplicant Nonce (One-time key, generated by the Supplicant)
- Authenticator MAC Address (Enumerated over the air)
- Supplicant MAC Address (Enumerated over the air)
The Pairwise-Master-Key is never revealed over the air, but is used in a Pseudo-Random-Function alongside the key data (a concatenation of the Authenticator and Supplicant MAC addresses, and the Authenticator and Supplicant Nonces) to generate the Pairwise-Transient-Key.
As for the Pairwise-Transient-Key this is a 512 bit key, which is used to provide the following sub-keys:
- Key-Confirmation-Key (First 128 bits)
- Key-Encryption-Key (Second 128 Bits)
- Temporal-Key (Third 128 Bits)
- MIC Authenticator Tx Key (Fourth 64 bits) – Only used for TKIP
- MIC Authenticator Rx Key (Fifth 64 bits) – Only used for TKIP
The Key-Confirmation-Key (KCK) is the key that is used for the creation of the Message Integrity Code (MIC), which is what is ultimately used for computing the PSK passphrase by password cracking tools. The MIC key itself is calculated using a HMAC-MD5 algorithm.