Vishnu Ramineni

Apr 1, 2020

4 min read

Cracking WiFi passwords using wifite

Note: This blog is meant for educational purposes. Only perform hacking on systems that you own or have permission to.

Here is the story. I was bored and have seen a list of multiple WiFi networks in my apartment. And I thought let’s crack one of the WiFi network password. I know many of us wanted free WiFi 😜. I launched a terminal in kali Linux OS (My favorite OS that I use for hacking). And started wifite tool in my terminal and scanning the list of WiFi networks in my apartment.

List of WiFi networks

The next step is to perform a dictionary attack on a WPA/WPA2 protected network with wifite. And getting ready with a dictionary file(list of common passwords/words) to start the attack.

And I have selected one of the WiFi networks from the list as target and launched the attack. Here it goes, it took less than a minute to crack the WiFi password with WPS Pixie Dust Attack.

Let’s see how WPS Pixie Dust Attack works…….. !

Design flaws in many routers can allow hackers to steal Wi-Fi credentials, even if WPA or WPA2 encryption is used with a strong password. While this tactic used to take up to 8 hours, the newer WPS Pixie-Dust attack(brute-forcing the PIN)can crack networks in seconds.

Router WPS PIN located at the backside of the router

WPS definitions

WPS Components include AP(router), the client (the device that is connected to the router), attacker device.

When the Registrar (the client computer) wants to connect to the Enrollee (the Access Point) they exchange a series of requests and response messages as part of the negotiation process, these a named M1 to M8.

In the Pixie Dust Attack, the negotiation process can be stopped already after message M3 because we already have all the values needed for the attack:
• We are given the Hash value (E-Hash1 and E-Hash2) of the WPS PIN since the Enrollee and the Registrar bough needs to prove to each other that they know the correct PIN
• The PKE is the DH (Diffie Hellman) public key of the Enrollee
• PKR is the DH (Diffie Hellman) public key of the Registrar
• Authkey a part of Key Derivation and is used to authenticate the Registration Protocol messages
• E-Nonce is the Enrollee Nonce

The goal is to brute force PSK1 and PSK2, which each contains 4 digits of the PIN. With the collected values the only thing we need is the nonces E-S1 and E-S2, which are supposed to be a secret bit, generated by pseudo-random generators (PRNG).

User selected PIN
PIN printed on the device

Many Access Points chipsets use insecure PRNG to generate these nonces. Broadcom basically uses the Rand() function from C, and in Ralink E-S1 and E-S2 a never generated and therefor always equals zero. Therefore if PRNG state can be recovered, E-S1 and E-S2 can be calculated and PSK1 and PSK2 be brute-forced from E-Hash1 and E-Hash2.