README
1coWPAtty - Brute-force dictionary attack against WPA-PSK.
2
3Copyright(c) 2004-2018 Joshua Wright <jwright@hasborg.com>
4
5--------------------------------------------------------------------------------
6
7INTRO
8
9Right off the bat, this code isn't very useful. The PBKDF2 function makes
104096 SHA-1 passes for each passphrase, which takes quite a bit of time. On
11my Pentium II development system, I'm getting ~4 passphrases/second.
12The SHA-1 code I'm using has been optimized to the best of my ability (which
13isn't saying that much), but I doubt if it would be possible to optimize it
14such that the tool experiences an exponential performance increase.
15
16However, if you are auditing WPA-PSK or WPA2-PSK networks, you can use
17this tool to identify weak passphrases that were used to generate the
18PMK. Supply a libpcap capture file that includes the 4-way handshake, a
19dictionary file of passphrases to guess with, and the SSID for the
20network:
21
22$ ./cowpatty -r eap-test.dump -f dict -s somethingclever
23cowpatty 4.0 - WPA-PSK dictionary attack. <jwright@hasborg.com>
24
25Collected all necessary data to mount crack against WPA/PSK passphrase.
26Starting dictionary attack. Please be patient.
27
28The PSK is "family movie night".
29
304087 passphrases tested in 59.05 seconds: 69.22 passphrases/second
31$
32
33The files "dict" and "eap-test.dump" are included with this distribution
34for testing purposes. If your SSID has spaces or other non-ASCII characters,
35enclose it in quotes so the shell doesn't interpret it as multiple parameters.
36
37
38This tool can also accept dictionary words from STDIN, allowing us to utilize
39a tool such as John the Ripper to create lots of word permutations from a
40dictionary file:
41
42$ john -wordfile:dictfile -rules -session:johnrestore.dat -stdout:63 | \
43 cowpatty -r eap-test.dump -f - -s somethingclever
44
45In the default configuration of John the Ripper, common permutations of
46dictionary words will be sent as potential passwords to coWPAtty. For
47example, here is a list of the words John will create from the input word
48"password":
49
50jwright@mercury:~$ echo password >word
51jwright@mercury:~$ john -session:/tmp/delme -wordfile:word -rules -stdout
52password
53Password
54passwords
55password1
56Password1
57drowssap
581password
59PASSWORD
60password2
61password!
62password3
63password7
64password9
65password5
66password4
67password8
68password6
69password0
70password.
71password?
72psswrd
73drowssaP
74Drowssap
75passworD
762password
774password
78Password2
79Password!
80Password3
81Password9
82Password5
83Password7
84Password4
85Password6
86Password8
87Password.
88Password?
89Password0
903password
917password
929password
935password
946password
958password
96Passwords
97passworded
98passwording
99Passworded
100Passwording
101words: 49 time: 0:00:00:00 100% w/s: 49.00 current: Passwording
102jwright@mercury:~$
103
104John the Ripper is available at http://www.openwall.com/john/.
105
106
107Note that it is also possible to mount a precomputed attack against the PSK.
108The PBKDF2 algorithm used to generate the PMK takes two non-fixed inputs: the
109passphrase and the network SSID. For a given SSID, we can precompute all the
110PMK's from a dictionary file with the "genpmk" tool:
111
112$ ./genpmk
113genpmk 1.0 - WPA-PSK precomputation attack. <jwright@hasborg.com>
114genpmk: Must specify a dictionary file with -f
115Usage: genpmk [options]
116
117 -f Dictionary file
118 -d Output hash file
119 -s Network SSID
120 -h Print this help information and exit
121 -v Print verbose information (more -v for more verbosity)
122 -V Print program version and exit
123
124After precomputing the hash file, run cowpatty with the -d argument.
125$ ./genpmk -f dict -d hashfile -s somethingclever
126genpmk 1.0 - WPA-PSK dictionary attack. <jwright@hasborg.com>
127File hashfile does not exist, creating.
128<snip>
129
1304090 passphrases tested in 322.79 seconds: 12.67 passphrases/second
131$
132
133Once the hashfile is created with the PMK's, we can use it with cowpatty:
134
135$ ./cowpatty -r eap-test.dump -d hashfile -s somethingclever
136cowpatty 3.1 - WPA-PSK dictionary attack. <jwright@hasborg.com>
137
138Collected all necessary data to mount crack against WPA/PSK passphrase.
139Starting dictionary attack. Please be patient.
140
141The PSK is family movie night".
142
1434087 passphrases tested in 0.21 seconds: 19096.17 passphrases/second
144$
145
146
147The attack isn't accelerated dramatically with the precomputation attack since
148we still have to spend the time precomputing the PMK with the genpmk utility,
149but we only have to do this once for each SSID. This allows us to precompute
150hash files with common SSID's such as "linksys" and "tsunami". If you spend
151the time precomputing big dictionaries, please drop me a copy.
152
153
154REFERENCE
155
156See Robert Moskowitz's paper "Weakness in Passphrase Choice in WPA Interface"
157for more information on WPA-PSK attacks at
158http://wifinetnews.com/archives/002452.html.
159
160
161THANKS
162
163My sincere thanks to dragorn for merging in the assembly SHA1 code, and to
164Randy Chou for advice on optimizing the pbkdf2 function. Also thanks to
165renderman for the inspiration to add the precomputation code. Thanks to h1kari
166and beetle for their respective foo.
167
168
169QUESTIONS, COMMENTS, CONCERNS
170
171Please contact jwright@hasborg.com with any questions, comments or concerns.
172My PGP key is located at http://802.11ninja.net/pgpkey.html.
173