Cracking WPA networks with MacRuby (opens in new tab)

(knoopx.net)

38 pointsknoopx14y ago15 comments

15 comments

Correct me if I'm wrong, but this isn't a brute force attack, its a dictionary attack. A brute force attack would go through every iterattion, like 00001, 00002...

hmottestad14y ago

true, it's a dictionary attack.

  keys = File.read("./dictionary.txt").lines.to_a.reverse

trotsky14y ago

As a followup we will demonstrate that technically advanced attacks on the ssh protocol are unnecessary when we are breaking in to a predetermined account with the password 'aardvark'.

borski14y ago

How is this news? Connecting to a WPA protected AP to brute force a single character (256 times) isn't particularly impressive or useful. The speed at which the connects happen still make this impractical for large-scale attacks (or, attacks on an entire keyphrase).

macrael14y ago

What are the 256 keys the author cycled through? Does WPA only have 256 possible keys?

willscott14y ago

WPA does not only have 256 keys.

The author decided to show that if he knew all but one character of his network password, he could bruteforce the missing character. To that end, he took all 256 possibilities for that character, and computed the resulting keys. Then tried connecting with those keys.

This shows a connection rate of 30 attempts/2 minutes which is 0.25/second. That is not practical for most attacks.

macrael14y ago

Is there any reason the attacker would know all but one character? This seems pretty silly.

1 more reply

DasIch14y ago

I've been wondering why know one hasn't written an application yet that breaks into a W-Lan Network as an alternative to typing in a password.

Obviously there are some legal considerations in certain countries regarding development, possession and usage of such an application but the risk seems to be rather small if you restrict network services, change the MAC and use End-to-End encryption. Besides you might even get away with calling it a tool for penetration tests.

mef14y ago

Great demo of a new MacRuby API, not so great demo of cracking a wireless network.

j / k navigate · click thread line to collapse

15 comments

inconditus14y ago

Correct me if I'm wrong, but this isn't a brute force attack, its a dictionary attack. A brute force attack would go through every iterattion, like 00001, 00002...

hmottestad14y ago

true, it's a dictionary attack.

  keys = File.read("./dictionary.txt").lines.to_a.reverse

trotsky14y ago

As a followup we will demonstrate that technically advanced attacks on the ssh protocol are unnecessary when we are breaking in to a predetermined account with the password 'aardvark'.

borski14y ago

macrael14y ago

What are the 256 keys the author cycled through? Does WPA only have 256 possible keys?

willscott14y ago

WPA does not only have 256 keys.

This shows a connection rate of 30 attempts/2 minutes which is 0.25/second. That is not practical for most attacks.

macrael14y ago

Is there any reason the attacker would know all but one character? This seems pretty silly.

1 more reply

DasIch14y ago

I've been wondering why know one hasn't written an application yet that breaks into a W-Lan Network as an alternative to typing in a password.

mef14y ago

Great demo of a new MacRuby API, not so great demo of cracking a wireless network.

j / k navigate · click thread line to collapse