This document discusses techniques for cracking WiFi passwords, including: 1. Capturing the WPA handshake to obtain the password hash. 2. Using a brute force attack or dictionary attack to crack the password hash. 3. Explaining the WiFi Protected Setup (WPS) protocol and how the Reaver tool can brute force the WPS PIN to access the network. 4. Recommending strong password practices to prevent cracking, such as using long, random passwords with symbols and numbers.

1. By
Swaroop YermalkaR

2. Changing the
world
through Wireless
Communication!

3. Dj Akhil Talreja

6. Dlink
BT5 r3 laptop with wifi router Galaxy
card pop

7. Simple WPA/2 Cracking Technique
Brute-Force attack
Understanding WPS [ Wi-Fi Protected Setup ]
Exploring Reaver

8. 1. Start Sniffing
2. Capture WPA Handshake
3. Apply Dictionary
4. Crack the password!

10. Supplicant Authenticator
Probe req,resp
Authentication RR, Association RR
Pre-shared key 256bit Pre-shared key 256bit
Snounce
PTK PTK
Message 2
Snounce + MIC
Message 4
Key install Acknowledgement
Source: securitytube.net

12. Step 1
Step 2

13. Step 3
Step 4

14. 1. Monitor air for a new client trying to associate with the access point (passive)

15. 2. De-authentication one or all clients and monitor reconnection (active)
Legitimate
client AP
De-authentication
Packet

19. Source: http://lastbit.com/pswcalc.asp

20. Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing
standard that attempts to allow easy establishment of a secure wireless home network.
Created by the Wi-Fi Alliance and introduced in 2007, the goal of the protocol is to
allow home users who know little of wireless security and may be intimidated by the
available security options to set up Wi-Fi Protected Access, as well as making it easy
to add new devices to an existing network without entering long passphrases.
Source: wikipedia

23. Reaver is fantastic tool to crack this WPS pin written by Craig Heffner.
It performs a brute force attack against the AP, attempting every possible
combination in order to guess the AP's 8 digit pin number.
Since the pin numbers are all numeric, there are 10^8 (100,000,000) possible values
for any given pin number.
Source: Tactical Network Solutions articles

25. …use pin as master key!
n0nEc@nhaCkthi$pa$sw0rd!!!

27. Keep non-dictionary, combination of symbols, digits and numbers.
Ex: R0ck$t@R

28. 1. Tactical Network Solutions
2. WiFi Security Megaprimer by Vivek Ramchandran

29. Feedback, questions and
suggestions:
swaroop.wireless@gmail.com
Swaroop D. YermalkaR