SlideShare a Scribd company logo
Offline bruteforce attack on
WiFi Protected Setup
Dominique Bongard
Founder
0xcite, Switzerland
@reversity
§  Protocol aiming at easily connecting to protected WiFi networks
§  Two main modes: Push-Button and 8 digit PIN code
§  Gives the WPA passphrase to stations providing the right PIN
§  Poor design and implementation
Offline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected Setup
Stefan Viehböck
Stefan Viehböck
§  Brute force each half of the PIN
§  Maximum 10‘000 tries + 1‘000 tries
§  No limitation on number of tries in many AP
§  Takes a few hours (depends on the AP)
§  Largely slowed down in new devices (lock-out)
§  Many AP still sold with WPS PIN activated
Offline bruteforce attack on WiFi Protected Setup
STA
Nonce
E-Hash1 E-Hash2 HMAC
AES(HMAC(PIN1),E-S1) AES(HMAC(PIN2),E-S2)
§  If we can guess E-S1 and E-S2, we can the
brute force PIN1 and PIN2 offline!
§  Pixie dust attack!
§  Usually with pseudo-random generators (PRNG)
§  Often insecure PRNG
§  No or low entropy
§  Small state (32 bits)
§  Can the PRNG state be recovered ?
int rand_r( unsigned int *seed ) {
unsigned int s=*seed;
unsigned int uret;
s = (s * 1103515245) + 12345; // permutate seed
uret = s & 0xffe00000;// Only use top 11 bits
s = (s * 1103515245) + 12345; // permutate seed
uret += (s & 0xfffc0000) >> 11;// Only use top 14 bits
s = (s * 1103515245) + 12345; // permutate seed
uret += (s & 0xfe000000) >> (11+14);// Only use top 7 bits
retval = (int)(uret & RAND_MAX);
*seed = s;
return retval; }
AP Nonce Description PK
§  Linear Congruential Generator
§  32 bits state
§  No external entropy
§  E-S1 and E-S2 generated right after the Nonce
§  Do the WPS protocol up to message M3
§  Get the Nonce from M1
§  Bruteforce the state of the PRNG
§  Compute E-S1 and E-S2 from the state
§  Decrypt E-Hash1 and E-Hash2
§  Bruteforce Pin1 and Pin2
§  Do the full WPS protocol and get the passphrase
§  Linear Feedback Shift Register (LFSR)
§  Broken
§  Doesn‘t matter the keys are always NULL !!
§  Some AP have the same state at each boot
§  Make a list of common states after reboot
§  Attack the AP right after boot
§  Trigger the breakers
§  DDOS the AP
§  Jam the signal until the target reboots the AP
§  Looks okay
§  Uses /dev/random
§  Found in Atheros SDK
§  But you never know
§  Several papers attack the entropy of the linux
PRNG in embedded systems
§  It‘s complicated
§  Many of the implementations are the reference
code for the chipset
§  Only the GUI is reskinned
§  Therefore many brands are affected
§  Many vendors use different chipset
§  Even for the same model number
§  Disable WPS now !
§  Reverse engineers: Check other AP for bad PRNG
§  Cryptographers: Check if good PRNG are okay

More Related Content

What's hot

Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
Kailash Kumar
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
shwetha mk
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
CODE BLUE
 
Process injection - Malware style
Process injection - Malware styleProcess injection - Malware style
Process injection - Malware style
Sander Demeester
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacks
n|u - The Open Security Community
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
S Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
anilinvns
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
Network management and security
Network management and securityNetwork management and security
Network management and security
Ankit Bhandari
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web Servers
Sam Bowne
 
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
Sam Bowne
 
Zabbix
ZabbixZabbix
Zabbix
pundir5
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Pushkar Dutt
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
Sqrrl
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 

What's hot (20)

Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
 
Process injection - Malware style
Process injection - Malware styleProcess injection - Malware style
Process injection - Malware style
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacks
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Network management and security
Network management and securityNetwork management and security
Network management and security
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web Servers
 
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
 
Zabbix
ZabbixZabbix
Zabbix
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 

Similar to Offline bruteforce attack on WiFi Protected Setup

Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setup
Cyber Security Alliance
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream Ciphers
Sam Bowne
 
BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)
Michael Smith
 
Remote tanklevelmonitor
Remote tanklevelmonitorRemote tanklevelmonitor
Remote tanklevelmonitor
Parshwadeep Lahane
 
One-Wire-Serial-Communication.pdf
One-Wire-Serial-Communication.pdfOne-Wire-Serial-Communication.pdf
One-Wire-Serial-Communication.pdf
shamtekawambwa1
 
Serial Peripheral Interface
Serial Peripheral InterfaceSerial Peripheral Interface
Serial Peripheral Interface
Chirag Parikh
 
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
open-e
 
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
open-e
 
Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)
Marco Balduzzi
 
Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The Stack
Tomer Zait
 
Buffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackBuffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the Stack
ironSource
 
Making multiplayer game with Elixir and Elm
Making multiplayer game with Elixir and ElmMaking multiplayer game with Elixir and Elm
Making multiplayer game with Elixir and Elm
netzke
 
side-channel-kevin2600
side-channel-kevin2600side-channel-kevin2600
side-channel-kevin2600
Kevin2600
 
Et4045-3-attacks-2
Et4045-3-attacks-2Et4045-3-attacks-2
Et4045-3-attacks-2
Tutun Juhana
 
Micro control idsecconf2010
Micro control idsecconf2010Micro control idsecconf2010
Micro control idsecconf2010
idsecconf
 
Spi master core verification
Spi master core verificationSpi master core verification
Spi master core verification
Maulik Suthar
 
63071507 interrupts-up
63071507 interrupts-up63071507 interrupts-up
63071507 interrupts-up
tt_aljobory
 
Arduino Platform with C programming.
Arduino Platform with C programming.Arduino Platform with C programming.
Arduino Platform with C programming.
Govind Jha
 
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
open-e
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processor
Priyanka Aash
 

Similar to Offline bruteforce attack on WiFi Protected Setup (20)

Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setup
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream Ciphers
 
BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)
 
Remote tanklevelmonitor
Remote tanklevelmonitorRemote tanklevelmonitor
Remote tanklevelmonitor
 
One-Wire-Serial-Communication.pdf
One-Wire-Serial-Communication.pdfOne-Wire-Serial-Communication.pdf
One-Wire-Serial-Communication.pdf
 
Serial Peripheral Interface
Serial Peripheral InterfaceSerial Peripheral Interface
Serial Peripheral Interface
 
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
 
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
 
Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)
 
Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The Stack
 
Buffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackBuffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the Stack
 
Making multiplayer game with Elixir and Elm
Making multiplayer game with Elixir and ElmMaking multiplayer game with Elixir and Elm
Making multiplayer game with Elixir and Elm
 
side-channel-kevin2600
side-channel-kevin2600side-channel-kevin2600
side-channel-kevin2600
 
Et4045-3-attacks-2
Et4045-3-attacks-2Et4045-3-attacks-2
Et4045-3-attacks-2
 
Micro control idsecconf2010
Micro control idsecconf2010Micro control idsecconf2010
Micro control idsecconf2010
 
Spi master core verification
Spi master core verificationSpi master core verification
Spi master core verification
 
63071507 interrupts-up
63071507 interrupts-up63071507 interrupts-up
63071507 interrupts-up
 
Arduino Platform with C programming.
Arduino Platform with C programming.Arduino Platform with C programming.
Arduino Platform with C programming.
 
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processor
 

Recently uploaded

find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
Safe Software
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
HackersList
 
Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
chetankumar9855
 
Figma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdfFigma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdf
Management Institute of Skills Development
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
Jimmy Lai
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Zilliz
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
KAMAL CHOUDHARY
 
Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
CEPTES Software Inc
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
Edge AI and Vision Alliance
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
313mohammedarshad
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
SynapseIndia
 

Recently uploaded (20)

find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
 
Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
 
Figma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdfFigma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdf
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
 
Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
 

Offline bruteforce attack on WiFi Protected Setup

  • 1. Offline bruteforce attack on WiFi Protected Setup Dominique Bongard Founder 0xcite, Switzerland @reversity
  • 2. §  Protocol aiming at easily connecting to protected WiFi networks §  Two main modes: Push-Button and 8 digit PIN code §  Gives the WPA passphrase to stations providing the right PIN §  Poor design and implementation
  • 7. §  Brute force each half of the PIN §  Maximum 10‘000 tries + 1‘000 tries §  No limitation on number of tries in many AP §  Takes a few hours (depends on the AP) §  Largely slowed down in new devices (lock-out) §  Many AP still sold with WPS PIN activated
  • 10. §  If we can guess E-S1 and E-S2, we can the brute force PIN1 and PIN2 offline! §  Pixie dust attack!
  • 11. §  Usually with pseudo-random generators (PRNG) §  Often insecure PRNG §  No or low entropy §  Small state (32 bits) §  Can the PRNG state be recovered ?
  • 12. int rand_r( unsigned int *seed ) { unsigned int s=*seed; unsigned int uret; s = (s * 1103515245) + 12345; // permutate seed uret = s & 0xffe00000;// Only use top 11 bits s = (s * 1103515245) + 12345; // permutate seed uret += (s & 0xfffc0000) >> 11;// Only use top 14 bits s = (s * 1103515245) + 12345; // permutate seed uret += (s & 0xfe000000) >> (11+14);// Only use top 7 bits retval = (int)(uret & RAND_MAX); *seed = s; return retval; }
  • 14. §  Linear Congruential Generator §  32 bits state §  No external entropy §  E-S1 and E-S2 generated right after the Nonce
  • 15. §  Do the WPS protocol up to message M3 §  Get the Nonce from M1 §  Bruteforce the state of the PRNG §  Compute E-S1 and E-S2 from the state §  Decrypt E-Hash1 and E-Hash2 §  Bruteforce Pin1 and Pin2 §  Do the full WPS protocol and get the passphrase
  • 16. §  Linear Feedback Shift Register (LFSR) §  Broken §  Doesn‘t matter the keys are always NULL !!
  • 17. §  Some AP have the same state at each boot §  Make a list of common states after reboot §  Attack the AP right after boot
  • 18. §  Trigger the breakers §  DDOS the AP §  Jam the signal until the target reboots the AP
  • 19. §  Looks okay §  Uses /dev/random §  Found in Atheros SDK §  But you never know §  Several papers attack the entropy of the linux PRNG in embedded systems
  • 20. §  It‘s complicated §  Many of the implementations are the reference code for the chipset §  Only the GUI is reskinned §  Therefore many brands are affected §  Many vendors use different chipset §  Even for the same model number
  • 21. §  Disable WPS now ! §  Reverse engineers: Check other AP for bad PRNG §  Cryptographers: Check if good PRNG are okay