Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Offline bruteforce attack on
WiFi Protected Setup
Dominique Bongard
Founder
0xcite, Switzerland
@reversity
§  Protocol aiming at easily connecting to protected WiFi networks
§  Two main modes: Push-Button and 8 digit PIN code
§...
Stefan Viehböck
Stefan Viehböck
§  Brute force each half of the PIN
§  Maximum 10‘000 tries + 1‘000 tries
§  No limitation on number of tries in many A...
STA
Nonce
E-Hash1 E-Hash2 HMAC
AES(HMAC(PIN1),E-S1) AES(HMAC(PIN2),E-S2)
§  If we can guess E-S1 and E-S2, we can the
brute force PIN1 and PIN2 offline!
§  Pixie dust attack!
§  Usually with pseudo-random generators (PRNG)
§  Often insecure PRNG
§  No or low entropy
§  Small state (32 bits)
§...
int rand_r( unsigned int *seed ) {
unsigned int s=*seed;
unsigned int uret;
s = (s * 1103515245) + 12345; // permutate see...
AP Nonce Description PK
§  Linear Congruential Generator
§  32 bits state
§  No external entropy
§  E-S1 and E-S2 generated right after the No...
§  Do the WPS protocol up to message M3
§  Get the Nonce from M1
§  Bruteforce the state of the PRNG
§  Compute E-S1 a...
§  Linear Feedback Shift Register (LFSR)
§  Broken
§  Doesn‘t matter the keys are always NULL !!
§  Some AP have the same state at each boot
§  Make a list of common states after reboot
§  Attack the AP right after b...
§  Trigger the breakers
§  DDOS the AP
§  Jam the signal until the target reboots the AP
§  Looks okay
§  Uses /dev/random
§  Found in Atheros SDK
§  But you never know
§  Several papers attack the entropy ...
§  It‘s complicated
§  Many of the implementations are the reference
code for the chipset
§  Only the GUI is reskinned
...
§  Disable WPS now !
§  Reverse engineers: Check other AP for bad PRNG
§  Cryptographers: Check if good PRNG are okay
Offline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected Setup
Upcoming SlideShare
Loading in …5
×

Offline bruteforce attack on WiFi Protected Setup

508,358 views

Published on

Offline bruteforce attack on WiFi Protected Setup

Published in: Technology
  • If you need your papers to be written and if you are not that kind of person who likes to do researches and analyze something - you should definitely contact these guys! They are awesome ⇒⇒⇒WRITE-MY-PAPER.net ⇐⇐⇐
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • These are one of the best companies for review articles. High quality with cheap rates. ⇒⇒⇒WRITE-MY-PAPER.net ⇐⇐⇐ I highly recommend it :)
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hi there! I just wanted to share a list of sites that helped me a lot during my studies: .................................................................................................................................... www.EssayWrite.best - Write an essay .................................................................................................................................... www.LitReview.xyz - Summary of books .................................................................................................................................... www.Coursework.best - Online coursework .................................................................................................................................... www.Dissertations.me - proquest dissertations .................................................................................................................................... www.ReMovie.club - Movies reviews .................................................................................................................................... www.WebSlides.vip - Best powerpoint presentations .................................................................................................................................... www.WritePaper.info - Write a research paper .................................................................................................................................... www.EddyHelp.com - Homework help online .................................................................................................................................... www.MyResumeHelp.net - Professional resume writing service .................................................................................................................................. www.HelpWriting.net - Help with writing any papers ......................................................................................................................................... Save so as not to lose
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • PumaToto | Agen Togel Terpercaya PumaToto merupakan Togel Online | Togel Terpercaya dengan Prediksi Togel Akurat | Prediksi Angka Jitu Bagi kalian yang suka bermain Togel Singapore | Togel HK bisa untuk bergabung dengan PumaToto Cara Main Togel | Cara Pasang Togel | Pasang Togel Online di PumaToto, dengan Discount dan Hadiah Menarik Tentunya Daftarkan diri Anda bersama PumaToto https://caramaintogel.com/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Offline bruteforce attack on WiFi Protected Setup

  1. 1. Offline bruteforce attack on WiFi Protected Setup Dominique Bongard Founder 0xcite, Switzerland @reversity
  2. 2. §  Protocol aiming at easily connecting to protected WiFi networks §  Two main modes: Push-Button and 8 digit PIN code §  Gives the WPA passphrase to stations providing the right PIN §  Poor design and implementation
  3. 3. Stefan Viehböck
  4. 4. Stefan Viehböck
  5. 5. §  Brute force each half of the PIN §  Maximum 10‘000 tries + 1‘000 tries §  No limitation on number of tries in many AP §  Takes a few hours (depends on the AP) §  Largely slowed down in new devices (lock-out) §  Many AP still sold with WPS PIN activated
  6. 6. STA Nonce E-Hash1 E-Hash2 HMAC AES(HMAC(PIN1),E-S1) AES(HMAC(PIN2),E-S2)
  7. 7. §  If we can guess E-S1 and E-S2, we can the brute force PIN1 and PIN2 offline! §  Pixie dust attack!
  8. 8. §  Usually with pseudo-random generators (PRNG) §  Often insecure PRNG §  No or low entropy §  Small state (32 bits) §  Can the PRNG state be recovered ?
  9. 9. int rand_r( unsigned int *seed ) { unsigned int s=*seed; unsigned int uret; s = (s * 1103515245) + 12345; // permutate seed uret = s & 0xffe00000;// Only use top 11 bits s = (s * 1103515245) + 12345; // permutate seed uret += (s & 0xfffc0000) >> 11;// Only use top 14 bits s = (s * 1103515245) + 12345; // permutate seed uret += (s & 0xfe000000) >> (11+14);// Only use top 7 bits retval = (int)(uret & RAND_MAX); *seed = s; return retval; }
  10. 10. AP Nonce Description PK
  11. 11. §  Linear Congruential Generator §  32 bits state §  No external entropy §  E-S1 and E-S2 generated right after the Nonce
  12. 12. §  Do the WPS protocol up to message M3 §  Get the Nonce from M1 §  Bruteforce the state of the PRNG §  Compute E-S1 and E-S2 from the state §  Decrypt E-Hash1 and E-Hash2 §  Bruteforce Pin1 and Pin2 §  Do the full WPS protocol and get the passphrase
  13. 13. §  Linear Feedback Shift Register (LFSR) §  Broken §  Doesn‘t matter the keys are always NULL !!
  14. 14. §  Some AP have the same state at each boot §  Make a list of common states after reboot §  Attack the AP right after boot
  15. 15. §  Trigger the breakers §  DDOS the AP §  Jam the signal until the target reboots the AP
  16. 16. §  Looks okay §  Uses /dev/random §  Found in Atheros SDK §  But you never know §  Several papers attack the entropy of the linux PRNG in embedded systems
  17. 17. §  It‘s complicated §  Many of the implementations are the reference code for the chipset §  Only the GUI is reskinned §  Therefore many brands are affected §  Many vendors use different chipset §  Even for the same model number
  18. 18. §  Disable WPS now ! §  Reverse engineers: Check other AP for bad PRNG §  Cryptographers: Check if good PRNG are okay

×