SlideShare una empresa de Scribd logo

Offline bruteforce attack on WiFi Protected Setup

0
0xcite

Offline bruteforce attack on WiFi Protected Setup

Tecnología
1 de 21
Descargar para leer sin conexión
Offline bruteforce attack on WiFi Protected Setup Dominique Bongard Founder 0xcite, Switzerland @reversity
§  Protocol aiming at easily connecting to protected WiFi networks §  Two main modes: Push-Button and 8 digit PIN code §  Gives the WPA passphrase to stations providing the right PIN §  Poor design and implementation
Stefan Viehböck
Stefan Viehböck
§  Brute force each half of the PIN §  Maximum 10‘000 tries + 1‘000 tries §  No limitation on number of tries in many AP §  Takes a few hours (depends on the AP) §  Largely slowed down in new devices (lock-out) §  Many AP still sold with WPS PIN activated
STA Nonce E-Hash1 E-Hash2 HMAC AES(HMAC(PIN1),E-S1) AES(HMAC(PIN2),E-S2)
§  If we can guess E-S1 and E-S2, we can the brute force PIN1 and PIN2 offline! §  Pixie dust attack!
§  Usually with pseudo-random generators (PRNG) §  Often insecure PRNG §  No or low entropy §  Small state (32 bits) §  Can the PRNG state be recovered ?
int rand_r( unsigned int *seed ) { unsigned int s=*seed; unsigned int uret; s = (s * 1103515245) + 12345; // permutate seed uret = s & 0xffe00000;// Only use top 11 bits s = (s * 1103515245) + 12345; // permutate seed uret += (s & 0xfffc0000) >> 11;// Only use top 14 bits s = (s * 1103515245) + 12345; // permutate seed uret += (s & 0xfe000000) >> (11+14);// Only use top 7 bits retval = (int)(uret & RAND_MAX); *seed = s; return retval; }
AP Nonce Description PK
§  Linear Congruential Generator §  32 bits state §  No external entropy §  E-S1 and E-S2 generated right after the Nonce
§  Do the WPS protocol up to message M3 §  Get the Nonce from M1 §  Bruteforce the state of the PRNG §  Compute E-S1 and E-S2 from the state §  Decrypt E-Hash1 and E-Hash2 §  Bruteforce Pin1 and Pin2 §  Do the full WPS protocol and get the passphrase
§  Linear Feedback Shift Register (LFSR) §  Broken §  Doesn‘t matter the keys are always NULL !!
§  Some AP have the same state at each boot §  Make a list of common states after reboot §  Attack the AP right after boot
§  Trigger the breakers §  DDOS the AP §  Jam the signal until the target reboots the AP
§  Looks okay §  Uses /dev/random §  Found in Atheros SDK §  But you never know §  Several papers attack the entropy of the linux PRNG in embedded systems
§  It‘s complicated §  Many of the implementations are the reference code for the chipset §  Only the GUI is reskinned §  Therefore many brands are affected §  Many vendors use different chipset §  Even for the same model number
§  Disable WPS now ! §  Reverse engineers: Check other AP for bad PRNG §  Cryptographers: Check if good PRNG are okay

Recomendados

Wireshark
WiresharkWireshark
WiresharkKushagra Ganeriwal
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linuxHelder Oliveira
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic PresentationMD. SHORIFUL ISLAM
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentestingYunfei Yang
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark TutorialCoursenvy.com
 

Recomendados

Wireshark
WiresharkWireshark
WiresharkKushagra Ganeriwal
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linuxHelder Oliveira
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic PresentationMD. SHORIFUL ISLAM
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentestingYunfei Yang
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark TutorialCoursenvy.com
 
Meessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptxMeessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptxJohnLagman3
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacksn|u - The Open Security Community
 
Web Security
Web SecurityWeb Security
Web SecurityDipika Bambhaniya
 
Bluetooth technology
Bluetooth technologyBluetooth technology
Bluetooth technologynikilasherpa04
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its ComponentsMohibullah Saail
 
WPA2
WPA2WPA2
WPA2Mshari Alabdulkarim
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisDavid Sweigert
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)Forescout Technologies Inc
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
Wireshark
WiresharkWireshark
WiresharkSourav Roy
 
SNMP
SNMPSNMP
SNMPMuKunD VInaYaK
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
Wireshark - presentation
Wireshark - presentationWireshark - presentation
Wireshark - presentationKateryna Haskova
 
Open shortest path first (ospf)
Open shortest path first (ospf)Open shortest path first (ospf)
Open shortest path first (ospf)Respa Peter
 
Wireshark
WiresharkWireshark
WiresharkVijay kumar
 
LoRa and NB-IoT
LoRa and NB-IoT LoRa and NB-IoT
LoRa and NB-IoT Darshan Patil
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnetyogendra singh chahar
 
Email security
Email securityEmail security
Email securityBaliram Yadav
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupCyber Security Alliance
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 

Más contenido relacionado

La actualidad más candente

Meessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptxMeessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptxJohnLagman3
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its ComponentsMohibullah Saail
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisDavid Sweigert
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Open shortest path first (ospf)
Open shortest path first (ospf)Open shortest path first (ospf)
Open shortest path first (ospf)Respa Peter
 

La actualidad más candente (20)

Meessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptxMeessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptx
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacks
 
Web Security
Web SecurityWeb Security
Web Security
 
Bluetooth technology
Bluetooth technologyBluetooth technology
Bluetooth technology
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its Components
 
WPA2
WPA2WPA2
WPA2
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
 
Ipsec
IpsecIpsec
Ipsec
 
Wireshark
WiresharkWireshark
Wireshark
 
SNMP
SNMPSNMP
SNMP
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
Wireshark - presentation
Wireshark - presentationWireshark - presentation
Wireshark - presentation
 
Open shortest path first (ospf)
Open shortest path first (ospf)Open shortest path first (ospf)
Open shortest path first (ospf)
 
Wireshark
WiresharkWireshark
Wireshark
 
LoRa and NB-IoT
LoRa and NB-IoT LoRa and NB-IoT
LoRa and NB-IoT
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnet
 
Email security
Email securityEmail security
Email security
 

Similar a Offline bruteforce attack on WiFi Protected Setup

Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupCyber Security Alliance
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)Michael Smith
 
One-Wire-Serial-Communication.pdf
One-Wire-Serial-Communication.pdfOne-Wire-Serial-Communication.pdf
One-Wire-Serial-Communication.pdfshamtekawambwa1
 
Serial Peripheral Interface
Serial Peripheral InterfaceSerial Peripheral Interface
Serial Peripheral InterfaceChirag Parikh
 
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...open-e
 
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...open-e
 
Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)Marco Balduzzi
 
Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackTomer Zait
 
Buffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackBuffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackironSource
 
Making multiplayer game with Elixir and Elm
Making multiplayer game with Elixir and ElmMaking multiplayer game with Elixir and Elm
Making multiplayer game with Elixir and Elmnetzke
 
side-channel-kevin2600
side-channel-kevin2600side-channel-kevin2600
side-channel-kevin2600Kevin2600
 
Et4045-3-attacks-2
Et4045-3-attacks-2Et4045-3-attacks-2
Et4045-3-attacks-2Tutun Juhana
 
Micro control idsecconf2010
Micro control idsecconf2010Micro control idsecconf2010
Micro control idsecconf2010idsecconf
 
Spi master core verification
Spi master core verificationSpi master core verification
Spi master core verificationMaulik Suthar
 
63071507 interrupts-up
63071507 interrupts-up63071507 interrupts-up
63071507 interrupts-uptt_aljobory
 
Arduino Platform with C programming.
Arduino Platform with C programming.Arduino Platform with C programming.
Arduino Platform with C programming.Govind Jha
 
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...open-e
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processorPriyanka Aash
 

Similar a Offline bruteforce attack on WiFi Protected Setup (20)

Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setup
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream Ciphers
 
BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)
 
Remote tanklevelmonitor
Remote tanklevelmonitorRemote tanklevelmonitor
Remote tanklevelmonitor
 
One-Wire-Serial-Communication.pdf
One-Wire-Serial-Communication.pdfOne-Wire-Serial-Communication.pdf
One-Wire-Serial-Communication.pdf
 
Serial Peripheral Interface
Serial Peripheral InterfaceSerial Peripheral Interface
Serial Peripheral Interface
 
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
 
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
 
Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)
 
Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The Stack
 
Buffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackBuffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the Stack
 
Making multiplayer game with Elixir and Elm
Making multiplayer game with Elixir and ElmMaking multiplayer game with Elixir and Elm
Making multiplayer game with Elixir and Elm
 
side-channel-kevin2600
side-channel-kevin2600side-channel-kevin2600
side-channel-kevin2600
 
Et4045-3-attacks-2
Et4045-3-attacks-2Et4045-3-attacks-2
Et4045-3-attacks-2
 
Micro control idsecconf2010
Micro control idsecconf2010Micro control idsecconf2010
Micro control idsecconf2010
 
Spi master core verification
Spi master core verificationSpi master core verification
Spi master core verification
 
63071507 interrupts-up
63071507 interrupts-up63071507 interrupts-up
63071507 interrupts-up
 
Arduino Platform with C programming.
Arduino Platform with C programming.Arduino Platform with C programming.
Arduino Platform with C programming.
 
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processor
 

Último

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Último (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Offline bruteforce attack on WiFi Protected Setup

  • 1. Offline bruteforce attack on WiFi Protected Setup Dominique Bongard Founder 0xcite, Switzerland @reversity
  • 2. §  Protocol aiming at easily connecting to protected WiFi networks §  Two main modes: Push-Button and 8 digit PIN code §  Gives the WPA passphrase to stations providing the right PIN §  Poor design and implementation
  • 3.
  • 4.
  • 7. §  Brute force each half of the PIN §  Maximum 10‘000 tries + 1‘000 tries §  No limitation on number of tries in many AP §  Takes a few hours (depends on the AP) §  Largely slowed down in new devices (lock-out) §  Many AP still sold with WPS PIN activated
  • 8.
  • 10. §  If we can guess E-S1 and E-S2, we can the brute force PIN1 and PIN2 offline! §  Pixie dust attack!
  • 11. §  Usually with pseudo-random generators (PRNG) §  Often insecure PRNG §  No or low entropy §  Small state (32 bits) §  Can the PRNG state be recovered ?
  • 12. int rand_r( unsigned int *seed ) { unsigned int s=*seed; unsigned int uret; s = (s * 1103515245) + 12345; // permutate seed uret = s & 0xffe00000;// Only use top 11 bits s = (s * 1103515245) + 12345; // permutate seed uret += (s & 0xfffc0000) >> 11;// Only use top 14 bits s = (s * 1103515245) + 12345; // permutate seed uret += (s & 0xfe000000) >> (11+14);// Only use top 7 bits retval = (int)(uret & RAND_MAX); *seed = s; return retval; }
  • 14. §  Linear Congruential Generator §  32 bits state §  No external entropy §  E-S1 and E-S2 generated right after the Nonce
  • 15. §  Do the WPS protocol up to message M3 §  Get the Nonce from M1 §  Bruteforce the state of the PRNG §  Compute E-S1 and E-S2 from the state §  Decrypt E-Hash1 and E-Hash2 §  Bruteforce Pin1 and Pin2 §  Do the full WPS protocol and get the passphrase
  • 16. §  Linear Feedback Shift Register (LFSR) §  Broken §  Doesn‘t matter the keys are always NULL !!
  • 17. §  Some AP have the same state at each boot §  Make a list of common states after reboot §  Attack the AP right after boot
  • 18. §  Trigger the breakers §  DDOS the AP §  Jam the signal until the target reboots the AP
  • 19. §  Looks okay §  Uses /dev/random §  Found in Atheros SDK §  But you never know §  Several papers attack the entropy of the linux PRNG in embedded systems
  • 20. §  It‘s complicated §  Many of the implementations are the reference code for the chipset §  Only the GUI is reskinned §  Therefore many brands are affected §  Many vendors use different chipset §  Even for the same model number
  • 21. §  Disable WPS now ! §  Reverse engineers: Check other AP for bad PRNG §  Cryptographers: Check if good PRNG are okay