Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 11:41

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 17 posts ] 
Author Message
 Post subject: WPA/WPA2
PostPosted: 02 Jul 2009 20:02 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
today i did some research on how to recover/crack WPA/WPA2 keys, what i found out is that most tools are very slow or faulty.
ewsa (elcomsoft wireless security auditor) seems fair, but there is no crack for it and some ppl say that it is faulty and won't show the recovered password, it says its found, but nothing else.

aircrack-ng < very slow and primitive
cowpatty < same deal, slow
cain < 200p/s ...very slow again

only tool that goes over 6000p/s using GPU to recover/crack the key is that ewsa.

Luigi, think you can write a tool which can recover/crack WPA/WPA2 keys using .cap file ?
biggest problem with that is that you must add GPU support, otherwise it will be slow as hell, which means its quite useless.
GPU - graphics processing unit - your video card in other words, if somebody did not know.
video card can do more complex calculations than cpu, so this is why it is way faster when it comes to brute force or dictonary attack against the lost keys.


ofcourse there's also so called rainbow tables, which are supported by cowpatty, but they are hard to get and take lot of room and are for specific SSID only, just mentioned it.


Top
 Profile  
 
 
 Post subject: Re: WPA/WPA2
PostPosted: 03 Jul 2009 06:48 

Joined: 16 Aug 2007 06:25
Posts: 367
Hmm interesting about the GPU being better... you sure about that? Most newer processors are much faster than the graphics card (as far as clock rates go). And if not, you are assuming the user is running a somewhat decent graphics card. Just seems like you should always keep the more basic applications at the cpu level unless you're dealing with intense graphics.

Interesting project idea though. Never really got into wireless AP cracking, though I did my fair share of wardriving and connecting to open access points in the area in my day :P


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 03 Jul 2009 10:24 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
isn't this (gpu used as cpu) possible with cuda?
http://en.wikipedia.org/wiki/CUDA

*edit* probably opencl is a better example: http://en.wikipedia.org/wiki/OpenCL


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 03 Jul 2009 19:45 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
Soma:
yes gpu is lots of times faster. i have 2.8ghz dual core cpu and 9500GT 512mb @ 1750mhz with 650mhz core clock (i think).
i tested the crack process on ewsa (elcomsoft wireless security auditor). with cpu, the speed was 200p/s, with gpu the speed was 6000p/s.
i also read some topic about "personal supercomputer", where they used 4x video cards as cpu and as result, they said it can be 250 times faster than any normal pc (i assume they meant some 3.0ghz quad cores). even 10 times faster is HUGE boost...and 250 is just crazy.

Luigi:
i tested CUDA, but it seem to support only certain programs. i also found something called Libra SDK, but it is not like install and use...i dont understand shit from it. i think i need some VB or some shit like that.

also i can't be bothered to rewrite some of the info so i will simply link to my own tutorial i wrote about cracking the WPA/WPA2 keys, it also includes lot of links and info about gpu as cpu.

> How to crack WPA/WPA2 secured wireless networks

in my tutorial i have included the .cap files if somebody wants to test tools and speed of those crack/recovery programs.


Now here's few of my ideas based on all that:

1.
Problem:
since there is no working crack for ewsa and im not buying it...
problem with crack is that idiot who made it, only removed the trial message, but trial does not show the found password, so the idiot did not add the function (or unlock it). so as result when password/key is found, it won't show it.

Idea:
is it possible to monitor that tools actions with diskmon or something similiar to see where exactly it stops reading the wordlist file to see the right key ?
or is it possible to see where it stops the brute-force attack to see the key?

2.
ewsa has gpu support built in, so if you think logically...then you don't really need CUDA or any other of those projects, do you ?!
so isn't it possible to write some .dll which will route to GPU and make any program use GPU + CPU to do the computing.



....just thinking and wondering, if GPU is so many times faster, why they don't use same tech to make cpus ? GPUs are NOT more expensive than CPUs, so whats the fucking deal ?!


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 05 Jul 2009 02:26 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
UPDATE

for ppl who doesn't know how much faster can GPU be...
i did a straight test using ewsa. i will include my cpu and gpu specs too.
cpu - 2.8ghz dual core
gpu - nVidia 9500GT 512mb 650mhz core clock (not sure about core clock)

EDIT: actually in ewsa it says that my gpu's "clock rate" is 1750mhz, not sure if its same as core clock.

using only cpu, i got around 300p/s (passwords per second)
using gpu power, i got around 7500p/s (passwords per second)

i would say that if you have some CRAZY graphics card in SLi, then it can be more than 1000 times faster than any conventional cpu these days (some 3.0 quad core or even better)

i did some reading about it and basics of this is that GPU can run the calculation in parallel. gpu can do much more complex calculations (needed for graphics) so gpu can use all this power to run simple calculations at same time.
theres lot more info in the nVidia's CUDA project.


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 24 Jul 2009 06:14 

Joined: 24 Jul 2009 05:44
Posts: 1
Sethioz wrote:
today i did some research on how to recover/crack WPA/WPA2 keys, what i found out is that most tools are very slow or faulty.
ewsa (elcomsoft wireless security auditor) seems fair, but there is no crack for it and some ppl say that it is faulty and won't show the recovered password, it says its found, but nothing else.

There is a crack for ewsa, but it doesn't show the recovered password. Since it doesn't show the password, I cracked an already known password and used cheat engine to find it in memory. Now when it says it is cracked I can open cheat engine and get the password.
Here is the link to the cheat engine website: http://cheatengine.org
Once you have installed cheat engine, open ewsa.exe and click the add address manually button. Then set the address to 005DC508 and the type to text. Then the password will be under the value column on the bottom. Have Fun!
P.S. If you don't understand how to do something on cheat engine read the manual.
P.S.S You'll have to find the crack for ewsa yourself.


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 24 Jul 2009 08:25 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
i already did that ages ago, look at my tutorial which i linked, i have explained all that in there already.


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 07 May 2011 12:52 

Joined: 24 Jan 2011 13:58
Posts: 27
What I know is that all the tools out that use the same method - dictionary attack! So if the password is not in the dictionary you are lost.In other words - you need a really good dictionary or you must know the password :) .
All videos and shits about cracking wpa are crap.Total fake.They know the password and add it to the dictionary to show success.

I read something about a found way by Japanese researchers to crack the password without dictionary attack.But it will not be completely revealed to the public until the next generation of encrypting mechanism for WIFI is introduced.The way it happened with WEP.WEP cracking tools came out when WPA shows up. :)
The real deal to get the password is by fishing and social engineering.

PS: The link to the forum you have posted gives 403:Forbidden


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 07 May 2011 17:40 

Joined: 27 Apr 2011 18:44
Posts: 47
I did this guide: http://aboveultimate.com/p/forum/forum_ ... 20407.post
To overclock the GPU and CPU read it, do it if you have a good fan or cooling system.


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 08 May 2011 15:57 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
@fango: yes there is a method, but its not completed yet. there are news about it on aircrack, there is even a beta tool, but its missing options.
however wordlist attack is extremely useful, its the stupidity of humans. for example if AP's name is "Titanic" then first thing i would try, is to download subtitles for movie titanic and turn them into wordlist, i would also go for different languages, based on the country / area i live in. you just need to know how to make extremely good wordlists.

@wocarin: stop trolling this forum, this topic about cracking WPA/WPA2, it is not some overclocking topic. this isnt first post by you i see, you keep trolling a lot, stop it. trolling = posting offtopic and senseless shit (like parroting somebody)


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 08 May 2011 16:09 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
maybe wocarin was referring to an overclock for increasing the power of gpu/cpu during brute forcing cracking


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 08 May 2011 19:41 

Joined: 27 Apr 2011 18:44
Posts: 47
Sethioz wrote:
@wocarin: stop trolling this forum, this topic about cracking WPA/WPA2, it is not some overclocking topic. this isnt first post by you i see, you keep trolling a lot, stop it. trolling = posting offtopic and senseless shit (like parroting somebody)


Wikipedia wrote:
TROLL is someone who posts inflammatory, extraneous, or off-topic messages in an online community, such as an online discussion forum, chat room, or blog, with the primary intent of provoking readers into an emotional response

Wikipedia wrote:
Overclocking is the process of running a computer component at a higher clock rate (more clock cycles per second) than it was designed for or was specified by the manufacturer, usually practiced by enthusiasts seeking an increase in the performance of their computers.


Either you are blind, or too lazy to read the all the thread or to look in the dictionary what overclocking means. I don't know maybe you are typing from a especial learning facility I don't know!
I don't see how do I troll if I'm posting how to increase the power of your GPU and CPU, therefore having more power to crack a WPA key....
I'm just trying to contribute to the community with the little knowledge I have.
Next time please read all the thread or think before replying with your:
Sethioz wrote:
senseless shit

@Sethioz Click Me

@Aluigi You are right.

On-topic:
I think I didn't explain myself in the post before. If you overclock your GPU and CPU you will have more power of processing hence cracking the WPA key faster. Also you can rent a VPS with a huge processor and try bruteforcing instead of a dictionary attack.


Sethioz wrote:
UPDATE
cpu - 2.8ghz dual core
gpu - nVidia 9500GT 512mb 650mhz core clock (not sure about core clock)
EDIT: actually in ewsa it says that my gpu's "clock rate" is 1750mhz, not sure if its same as core clock.


There are lots of tools to look for your specs I use cpu-z


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 13 May 2011 19:45 

Joined: 24 Jan 2011 13:58
Posts: 27
Is it possible to use non latin alphabet to set up a WPA password, like Chinese, Japan , Cyrillic, Arabic, Urdu, Hindu and so on characters?
I'm telling you dictionary attacks are useless.Think about it if the person writes the word in his language but using latin alphabet.There will be no dictionary that has that word.
The real deal is MITM. You set up a network with the same SSID , disconnect client from the original one, when it connects to yours fake network you render some nice looking legit web page asking for password.When you get it, and record it, you release the client to turn off the the fake network.
There was some script doing that, but I forgot its name.


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 14 May 2011 10:05 

Joined: 21 Feb 2009 15:32
Posts: 8
fango wrote:
Is it possible to use non latin alphabet to set up a WPA password, like Chinese, Japan , Cyrillic, Arabic, Urdu, Hindu and so on characters?


I guess only asci chars are used for the password. I can't imagine that unicode chars are possible.


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 14 May 2011 20:56 

Joined: 27 Apr 2011 18:44
Posts: 47
UnnamedPlayer wrote:
fango wrote:
Is it possible to use non latin alphabet to set up a WPA password, like Chinese, Japan , Cyrillic, Arabic, Urdu, Hindu and so on characters?


I guess only asci chars are used for the password. I can't imagine that unicode chars are possible.


But still dictionary attacks are useless because, if the password is in spanish or in portuguese? I think either the best thing to get a WPA password is social engineering or maybe the script that fango says.


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 24 May 2011 18:03 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
i know what overclocking is, i just didnt really find it relevant, but i see your point.
somewhat its related, cuz you crack faster using clocked cpu/gpu. anyway forget it.

as about wordlists, you are useless if you use english wordlist on italian router/person.
cracking isnt just the matter of using tools, you need some brains. for example when i tried to crack one WPA. name of network was "Titanic" and using GPS i found the place where it came from, polish ppl living in there.
so i downloaded polish subtitles for movie Titanic and made a wordlist out of it. also considering the fact that "Titanic" has a case sense spelling, which means that password most likely is some name with Capital letter from movie titanic.
you cant expect everyone in world to use english words, its common sense really.
when i go after somebody's WPA/WPA2, i first do the research.

while there seem to be a new method of cracking WPA/WPA2, without guessing the password, then for now, in public it doesnt exist and only guessing is possible. so it means you must do research before hitting it with wordlists.

another note, is that depending on where you live. some ISPs provide routers, they have default name and default passwords (not same passwords). for example one of the ISP in UK uses 8 digit, lower alpha - numeric passwords for all of their routers. (WPA/WPA2 minimum is 8 digits anyways, but they are never more than 8).
they even include a sticker on back of the router. also based on their wireless name, like "ISProuter-3092", you can even tell where it was bought from, based on that you can make assumtion where the person is from. for example if it was bought from some russian shop > its obvious.

one somewhat offtopic thing, for example by using GPS, you can map the location of the rotuer. lets say its your neighbour from across the road. and you are able to see his router on wall or table.
use the deauth and use like 1000 mil times (pretty much forever). deauth the person from network forever and he starts thinking .. wht the heck. take a digital camera and point it there, wait when he starts to investigate his router, 99% of ppl have no idea what their admin login even is, so they have to check from sticker on router, he flips it over and you will see the key there.


enough of this tho, i have guides on my forum on how to crack passwords. that includes how to make wordlists ..etc


Top
 Profile  
 
 Post subject: Re: WPA/WPA2
PostPosted: 24 May 2011 20:36 

Joined: 27 Apr 2011 18:44
Posts: 47
Sethioz wrote:

another note, is that depending on where you live. some ISPs provide routers, they have default name and default passwords (not same passwords). for example one of the ISP in UK uses 8 digit, lower alpha - numeric passwords for all of their routers. (WPA/WPA2 minimum is 8 digits anyways, but they are never more than 8).
they even include a sticker on back of the router. also based on their wireless name, like "ISProuter-3092", you can even tell where it was bought from, based on that you can make assumtion where the person is from. for example if it was bought from some russian shop > its obvious.

one somewhat offtopic thing, for example by using GPS, you can map the location of the rotuer. lets say its your neighbour from across the road. and you are able to see his router on wall or table.
use the deauth and use like 1000 mil times (pretty much forever). deauth the person from network forever and he starts thinking .. wht the heck. take a digital camera and point it there, wait when he starts to investigate his router, 99% of ppl have no idea what their admin login even is, so they have to check from sticker on router, he flips it over and you will see the key there.



Regarding the admin login, it is right, Most of the people do not know what is it. I had an idea a long time ago that it might work.

You send 'infinite' deauth packets until the victim is desperate (probably 1 day without internet or a few hours) then you call the victim (via celular phone or skype better) saying that you are from the ISP, you ask the number/key in the sticker pasted to the modem/router (the password), you say some technical B.S and say that the problem will be solved within 5-10 minutes, after 5-7 minutes you cancel the deauth attack and you are done.

Regarding the default logins here is a website: http://www.phenoelit-us.org/dpl/dpl.html


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 17 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: