Cracking wpa2 psk in the cloud
Upcoming SlideShare
Loading in...5

Cracking wpa2 psk in the cloud






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Micro Instance 613 MB of memory, up to 2 ECUs (for short periodic bursts)Small Instance (Default) 1.7 GB of memory, 1 EC2 Compute Unit (1 virtual core with 1 EC2 Compute Unit)Large Instance 7.5 GB of memory, 4 EC2 Compute Units (2 virtual cores with 2 EC2 Compute Units each)High-CPU Medium Instance 1.7 GB of memory, 5 EC2 Compute Units (2 virtual cores with 2.5 EC2 Compute Units each)High-CPU Extra Large Instance 7 GB of memory, 20 EC2 Compute Units (8 virtual cores with 2.5 EC2 Compute Units each)

Cracking wpa2 psk in the cloud Cracking wpa2 psk in the cloud Presentation Transcript

  • Cracking WPA2-PSK in the cloud
    A Cost Effective Solution For Brute Force Attacks
    By Fotios Lindiakos and Ed Rowland
  • WPA2-PSKWi-Fi Protected Access II – Pre-shared Key
    Replaced WPA in 2004 as 802.11i standard
    Added security replacing TKIP with CCMP (AES)
    Required for devices with Wi-Fi trademark
    Two modes
    Enterprise – requires a Radius Server (802.1x)
    Personal – 256 bit key created from a string of 64 digits or 8-63 character passphrase
    Key calculation
    Passphrase  PBKDF2(f) salted w/SSID  4096 iterations of HMAC-SHA1
  • WPA2-PSK/802-11i4 Way Handshake
    • Goal - derive Passphrase from PMK
    • Correct Passphrase “guessed” if tool can calculate the same Message Integrity Code (MIC)
    Hacking Exposed - Stuart McClure, Joel Scambray, George Kurtz
  • Tools Used
    Amazon’s EC2 cloud
    Multiple types of instances running 64 bit Ubuntu 10.04 LTS
    Aircrack-ng v1.1
    Custom web front end
    Custom code to parallelize processing
    Laptop/mobile device running aircrack-ng to capture and send capture file to cloud
  • About The EC2 Cloud
    One of many proprietary web services Amazon offers providing PAAS, IAAS & SAAS
    Elastic Compute Cloud (EC2) virtualizes compute cycles into EC2 compute units (ECU)
    One ECU provides the equivalent CPU capacity of a 1.0-1.2 GHz 2007 Opteron or Xeon processor
    Access to an EC2 instance is via SSH leveraging PKI to encrypt a session key
  • To the cloud!
  • Cracking Statistics
  • But what about cracking…
    One Hundred MILLION keys!
  • Time to Crack 100,000,000
  • Optimized for “Bang for your buck”
  • About Custom Code
    Written in Ruby
    Front end is a Sinatra web application
    Back end is a wrapper around aircrack-ng
    Library handles communicating with EC2
    Only 234 lines of code
  • Front End
    Accepts PCAP from the user
    Also gets SSID and how many instances to run
    Creates a “message” for each instance
    This message is put on a queue waiting for client to come online
    It contains all the information the client needs
    Starts cracking instances
    Waits for results and reports them to the user
    After a key is found, terminates all clients
  • Back End
    Pops a message off the queue at boot time
    Gets the PCAP and full dictionary file
    Creates smaller wordlists
    First, makes a list based on “chunk” assigned
    Breaks that into smaller chunks for reporting purposes
    Runs aircrack-ng against each chunk
    Reports progress or the key after every iteration
  • Tested Instance Types and Cost
  • Demo
  • Results – Single Instance
  • Results – Parallel Instances
  • Future Work
    Utilize other EC2 Instance types
    High End Cluster with GPU
    33.5 ECU and 2 x NVIDIA Tesla “Fermi” M2050 GPUs
    Optimize cracking client for architecture
    Fully utilize multiple CPU/core
    Fully utilize 64 bit capabilities
    Fully utilize GPU acceleration
    Look at other cracking tools
    coWPAtty, Hydra, custom code
  • Conclusion
    It’s certainly inexpensive and easy to leverage cloud computing to hack WPA2-PSK efficiently
    As long as you have an adequate dictionary
    The attack can be prioritized based on
    Use cheaper instances, regardless of time
    Use most powerful instances, regardless of cost