SlideShare a Scribd company logo

Offline bruteforce attack on WiFi Protected Setup

0
0xcite

Offline bruteforce attack on WiFi Protected Setup

Technology
1 of 21
Download to read offline
Offline bruteforce attack on WiFi Protected Setup Dominique Bongard Founder 0xcite, Switzerland @reversity
§  Protocol aiming at easily connecting to protected WiFi networks §  Two main modes: Push-Button and 8 digit PIN code §  Gives the WPA passphrase to stations providing the right PIN §  Poor design and implementation
Stefan Viehböck
Stefan Viehböck
§  Brute force each half of the PIN §  Maximum 10‘000 tries + 1‘000 tries §  No limitation on number of tries in many AP §  Takes a few hours (depends on the AP) §  Largely slowed down in new devices (lock-out) §  Many AP still sold with WPS PIN activated
STA Nonce E-Hash1 E-Hash2 HMAC AES(HMAC(PIN1),E-S1) AES(HMAC(PIN2),E-S2)
§  If we can guess E-S1 and E-S2, we can the brute force PIN1 and PIN2 offline! §  Pixie dust attack!
§  Usually with pseudo-random generators (PRNG) §  Often insecure PRNG §  No or low entropy §  Small state (32 bits) §  Can the PRNG state be recovered ?
int rand_r( unsigned int *seed ) { unsigned int s=*seed; unsigned int uret; s = (s * 1103515245) + 12345; // permutate seed uret = s & 0xffe00000;// Only use top 11 bits s = (s * 1103515245) + 12345; // permutate seed uret += (s & 0xfffc0000) >> 11;// Only use top 14 bits s = (s * 1103515245) + 12345; // permutate seed uret += (s & 0xfe000000) >> (11+14);// Only use top 7 bits retval = (int)(uret & RAND_MAX); *seed = s; return retval; }
AP Nonce Description PK
§  Linear Congruential Generator §  32 bits state §  No external entropy §  E-S1 and E-S2 generated right after the Nonce
§  Do the WPS protocol up to message M3 §  Get the Nonce from M1 §  Bruteforce the state of the PRNG §  Compute E-S1 and E-S2 from the state §  Decrypt E-Hash1 and E-Hash2 §  Bruteforce Pin1 and Pin2 §  Do the full WPS protocol and get the passphrase
§  Linear Feedback Shift Register (LFSR) §  Broken §  Doesn‘t matter the keys are always NULL !!
§  Some AP have the same state at each boot §  Make a list of common states after reboot §  Attack the AP right after boot
§  Trigger the breakers §  DDOS the AP §  Jam the signal until the target reboots the AP
§  Looks okay §  Uses /dev/random §  Found in Atheros SDK §  But you never know §  Several papers attack the entropy of the linux PRNG in embedded systems
§  It‘s complicated §  Many of the implementations are the reference code for the chipset §  Only the GUI is reskinned §  Therefore many brands are affected §  Many vendors use different chipset §  Even for the same model number
§  Disable WPS now ! §  Reverse engineers: Check other AP for bad PRNG §  Cryptographers: Check if good PRNG are okay

Recommended

Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentestingYunfei Yang
 
Cisco acs configuration guide
Cisco acs configuration guideCisco acs configuration guide
Cisco acs configuration guideRichardsCCNA
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability TesterAditya Jain
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012Scott Sutherland
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentationSimon Vass
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefencePrakashchand Suthar
 
02. it정보화전략-보안 아키텍처 도입
02. it정보화전략-보안 아키텍처 도입02. it정보화전략-보안 아키텍처 도입
02. it정보화전략-보안 아키텍처 도입InGuen Hwang
 

Recommended

Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentestingYunfei Yang
 
Cisco acs configuration guide
Cisco acs configuration guideCisco acs configuration guide
Cisco acs configuration guideRichardsCCNA
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability TesterAditya Jain
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012Scott Sutherland
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentationSimon Vass
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefencePrakashchand Suthar
 
02. it정보화전략-보안 아키텍처 도입
02. it정보화전략-보안 아키텍처 도입02. it정보화전략-보안 아키텍처 도입
02. it정보화전략-보안 아키텍처 도입InGuen Hwang
 
Dns Amplification Zafiyeti
Dns Amplification ZafiyetiDns Amplification Zafiyeti
Dns Amplification ZafiyetiMehmet VAROL
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigationsMukesh Chaudhari
 
DoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriDoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriBGA Cyber Security
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking Mehul Jariwala
 
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShellScott Sutherland
 
Metasploitable
MetasploitableMetasploitable
MetasploitableSri Manakula Vinayagar Engineering College
 
Linux and firewall
Linux and firewallLinux and firewall
Linux and firewallMhmud Khraibene
 
PHP Security
PHP SecurityPHP Security
PHP SecurityMindfire Solutions
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Priyanka Aash
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
Qt creatorでremote_debug
Qt creatorでremote_debugQt creatorでremote_debug
Qt creatorでremote_debugKazuo Asano (@kazuo_asa)
 
Owasp zap
Owasp zapOwasp zap
Owasp zappenetration Tester
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
DOS DDOS TESTLERİ
DOS DDOS TESTLERİ DOS DDOS TESTLERİ
DOS DDOS TESTLERİ BGA Cyber Security
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
실무자가 말하는 모의해킹
실무자가 말하는 모의해킹실무자가 말하는 모의해킹
실무자가 말하는 모의해킹양 한빛
 
体系的に学ばないXSSの話
体系的に学ばないXSSの話体系的に学ばないXSSの話
体系的に学ばないXSSの話Yutaka Maehira
 
signals & message queues overview
signals & message queues overviewsignals & message queues overview
signals & message queues overviewVaishali Dayal
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupCyber Security Alliance
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 

More Related Content

What's hot

Dns Amplification Zafiyeti
Dns Amplification ZafiyetiDns Amplification Zafiyeti
Dns Amplification ZafiyetiMehmet VAROL
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigationsMukesh Chaudhari
 
DoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriDoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriBGA Cyber Security
 
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShellScott Sutherland
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Priyanka Aash
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
실무자가 말하는 모의해킹
실무자가 말하는 모의해킹실무자가 말하는 모의해킹
실무자가 말하는 모의해킹양 한빛
 
体系的に学ばないXSSの話
体系的に学ばないXSSの話体系的に学ばないXSSの話
体系的に学ばないXSSの話Yutaka Maehira
 
signals & message queues overview
signals & message queues overviewsignals & message queues overview
signals & message queues overviewVaishali Dayal
 

What's hot (20)

Dns Amplification Zafiyeti
Dns Amplification ZafiyetiDns Amplification Zafiyeti
Dns Amplification Zafiyeti
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigations
 
DoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriDoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma Yöntemleri
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking
 
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
 
Metasploitable
MetasploitableMetasploitable
Metasploitable
 
Linux and firewall
Linux and firewallLinux and firewall
Linux and firewall
 
PHP Security
PHP SecurityPHP Security
PHP Security
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
 
Sql injection
Sql injectionSql injection
Sql injection
 
Qt creatorでremote_debug
Qt creatorでremote_debugQt creatorでremote_debug
Qt creatorでremote_debug
 
Owasp zap
Owasp zapOwasp zap
Owasp zap
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
DOS DDOS TESTLERİ
DOS DDOS TESTLERİ DOS DDOS TESTLERİ
DOS DDOS TESTLERİ
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
실무자가 말하는 모의해킹
실무자가 말하는 모의해킹실무자가 말하는 모의해킹
실무자가 말하는 모의해킹
 
体系的に学ばないXSSの話
体系的に学ばないXSSの話体系的に学ばないXSSの話
体系的に学ばないXSSの話
 
signals & message queues overview
signals & message queues overviewsignals & message queues overview
signals & message queues overview
 

Similar to Offline bruteforce attack on WiFi Protected Setup

Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupCyber Security Alliance
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)Michael Smith
 
One-Wire-Serial-Communication.pdf
One-Wire-Serial-Communication.pdfOne-Wire-Serial-Communication.pdf
One-Wire-Serial-Communication.pdfshamtekawambwa1
 
Serial Peripheral Interface
Serial Peripheral InterfaceSerial Peripheral Interface
Serial Peripheral InterfaceChirag Parikh
 
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...open-e
 
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...open-e
 
Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)Marco Balduzzi
 
Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackTomer Zait
 
Buffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackBuffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackironSource
 
Making multiplayer game with Elixir and Elm
Making multiplayer game with Elixir and ElmMaking multiplayer game with Elixir and Elm
Making multiplayer game with Elixir and Elmnetzke
 
side-channel-kevin2600
side-channel-kevin2600side-channel-kevin2600
side-channel-kevin2600Kevin2600
 
Et4045-3-attacks-2
Et4045-3-attacks-2Et4045-3-attacks-2
Et4045-3-attacks-2Tutun Juhana
 
Micro control idsecconf2010
Micro control idsecconf2010Micro control idsecconf2010
Micro control idsecconf2010idsecconf
 
Spi master core verification
Spi master core verificationSpi master core verification
Spi master core verificationMaulik Suthar
 
63071507 interrupts-up
63071507 interrupts-up63071507 interrupts-up
63071507 interrupts-uptt_aljobory
 
Arduino Platform with C programming.
Arduino Platform with C programming.Arduino Platform with C programming.
Arduino Platform with C programming.Govind Jha
 
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...open-e
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processorPriyanka Aash
 

Similar to Offline bruteforce attack on WiFi Protected Setup (20)

Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setup
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream Ciphers
 
BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)
 
Remote tanklevelmonitor
Remote tanklevelmonitorRemote tanklevelmonitor
Remote tanklevelmonitor
 
One-Wire-Serial-Communication.pdf
One-Wire-Serial-Communication.pdfOne-Wire-Serial-Communication.pdf
One-Wire-Serial-Communication.pdf
 
Serial Peripheral Interface
Serial Peripheral InterfaceSerial Peripheral Interface
Serial Peripheral Interface
 
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
Open-E DSS V6 Synchronous Volume Replication with Failover over a LAN with Un...
 
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
Open-E DSS V6 Synchronous Volume Replication With Failover over a LAN with Br...
 
Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)
 
Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The Stack
 
Buffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackBuffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the Stack
 
Making multiplayer game with Elixir and Elm
Making multiplayer game with Elixir and ElmMaking multiplayer game with Elixir and Elm
Making multiplayer game with Elixir and Elm
 
side-channel-kevin2600
side-channel-kevin2600side-channel-kevin2600
side-channel-kevin2600
 
Et4045-3-attacks-2
Et4045-3-attacks-2Et4045-3-attacks-2
Et4045-3-attacks-2
 
Micro control idsecconf2010
Micro control idsecconf2010Micro control idsecconf2010
Micro control idsecconf2010
 
Spi master core verification
Spi master core verificationSpi master core verification
Spi master core verification
 
63071507 interrupts-up
63071507 interrupts-up63071507 interrupts-up
63071507 interrupts-up
 
Arduino Platform with C programming.
Arduino Platform with C programming.Arduino Platform with C programming.
Arduino Platform with C programming.
 
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
Step-by-Step Guide to NAS (NFS) Failover over a LAN (with unicast) Supported ...
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processor
 

Recently uploaded

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 

Recently uploaded (20)

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 

Offline bruteforce attack on WiFi Protected Setup

  • 1. Offline bruteforce attack on WiFi Protected Setup Dominique Bongard Founder 0xcite, Switzerland @reversity
  • 2. §  Protocol aiming at easily connecting to protected WiFi networks §  Two main modes: Push-Button and 8 digit PIN code §  Gives the WPA passphrase to stations providing the right PIN §  Poor design and implementation
  • 3.
  • 4.
  • 7. §  Brute force each half of the PIN §  Maximum 10‘000 tries + 1‘000 tries §  No limitation on number of tries in many AP §  Takes a few hours (depends on the AP) §  Largely slowed down in new devices (lock-out) §  Many AP still sold with WPS PIN activated
  • 8.
  • 10. §  If we can guess E-S1 and E-S2, we can the brute force PIN1 and PIN2 offline! §  Pixie dust attack!
  • 11. §  Usually with pseudo-random generators (PRNG) §  Often insecure PRNG §  No or low entropy §  Small state (32 bits) §  Can the PRNG state be recovered ?
  • 12. int rand_r( unsigned int *seed ) { unsigned int s=*seed; unsigned int uret; s = (s * 1103515245) + 12345; // permutate seed uret = s & 0xffe00000;// Only use top 11 bits s = (s * 1103515245) + 12345; // permutate seed uret += (s & 0xfffc0000) >> 11;// Only use top 14 bits s = (s * 1103515245) + 12345; // permutate seed uret += (s & 0xfe000000) >> (11+14);// Only use top 7 bits retval = (int)(uret & RAND_MAX); *seed = s; return retval; }
  • 14. §  Linear Congruential Generator §  32 bits state §  No external entropy §  E-S1 and E-S2 generated right after the Nonce
  • 15. §  Do the WPS protocol up to message M3 §  Get the Nonce from M1 §  Bruteforce the state of the PRNG §  Compute E-S1 and E-S2 from the state §  Decrypt E-Hash1 and E-Hash2 §  Bruteforce Pin1 and Pin2 §  Do the full WPS protocol and get the passphrase
  • 16. §  Linear Feedback Shift Register (LFSR) §  Broken §  Doesn‘t matter the keys are always NULL !!
  • 17. §  Some AP have the same state at each boot §  Make a list of common states after reboot §  Attack the AP right after boot
  • 18. §  Trigger the breakers §  DDOS the AP §  Jam the signal until the target reboots the AP
  • 19. §  Looks okay §  Uses /dev/random §  Found in Atheros SDK §  But you never know §  Several papers attack the entropy of the linux PRNG in embedded systems
  • 20. §  It‘s complicated §  Many of the implementations are the reference code for the chipset §  Only the GUI is reskinned §  Therefore many brands are affected §  Many vendors use different chipset §  Even for the same model number
  • 21. §  Disable WPS now ! §  Reverse engineers: Check other AP for bad PRNG §  Cryptographers: Check if good PRNG are okay