Like this article? We recommend
The Crack
First, the assumed and known values:
- SSID: linksys54gh
- SSID Length: 11
- Test password from a dictionary file or STDIN (radiustest)
- The four-way handshake is captured and stored in eapcap2.cap. (Refer to Figure 1.)
- Verification of capture. This part of the program verifies that all the required packets are in the capture file. This objective is accomplished by filtering out all packets that don't include the 802.1x Authentication type flag (0x888E). The remaining packets are then checked to be sure that a complete four-way handshake was captured.
- The packets are parsed for all relevant information. The following example
lists important parts to be used during the cracking process. Figures are taken
from previous Ethereal capture images.
- Packet 1 (A>S): Provides no real data for the cracking process.
- Packet 2 (S>A): Provides the SNonce value (green) shown in
Figure 5.
Figure 5 Packet 2 with SNonce value highlighted.
- Packet 3 (A>S): Provides the ANonce value (green) and the MAC
addresses of both the Authenticator (blue) and Supplicant (red). The MAC
addresses could be taken from any one of these packets (see Figure 6).
Figure 6 Packet 3 with ANonce value and MAC addresses highlighted.
- Packet 4: (S>A): Provides the MIC value and EAPoL packet to be used when
calculating the test MIC from the generated MIC Key (see Figure 7). Note that
the MIC value is added after it's calculated. Until it's added, the
data field is filled with 00 bytes.
Figure 7 Packet 4 with EAP frame data and MIC value highlighted.
- The selected test password is checked to be sure that it's not less than eight or greater than 63 characters, as required by 802.11i.
- The PMK is generated from the test password, using the following
algorithm:
PMK = pdkdf2_SHA1(passphrase, SSID, SSID length, 4096) PMK = pbkdf2_sha1("radiustest","linksys54gh",11,4096)
- The PTKs are generated from the PMK, using the following algorithm:
<li><p> = PRF-X(PMK,</p></li> Len(PMK), "Pairwise key expansion", Min(AA,SA) || Max(AA,SA) || Min(ANonce,SNonce) || Max(ANonce,SNonce)) PTK = SHA1_PRF( 9e99 88bd e2cb a743 95c0 289f fda0 7bc4 ;PMK 1ffa 889a 3309 237a 2240 c934 bcdc 7ddb ,32,"Pairwise key expansion", ;length of PMK & string 000c 41d2 94fb 000d 3a26 10fb 893e e551 ;MAC and nonce values 2145 57ff f3c0 76ac 9779 15a2 0607 2703 8e9b ea9b 6619 a5ba b40f 89c1 dabd c104 d457 411a ee33 8c00 fa8a 1f32 abfc 6cfb 7943 60ad ce3a fb5d 159a 51f6,76) PTK = ccbf 97a8 2b5c 51a4 4325 a77e 9bc5 7050 daec 5438 430f 00eb 893d 84d8 b4b4 b5e8 19f4 dce0 cc5f 2166 e94f db3e af68 eb76 80f4 e264 6e6d 9e36 260d 89ff bf24 ee7e
- A MIC value is calculated, using the MIC Key from the PTK and the EAPoL
message:
MIC = HMAC_MD5(MIC Key, 16, 802.1x data) MIC = HMAC_MD5( ccbf 97a8 2b5c 51a4 4325 a77e 9bc5 7050 ;first 16 bytes of PTK ,16, ;length of PTK 0103 005f fe01 0900 0000 0000 0000 0000 ;802.1x data 1400 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ) MIC = d0ca 4f2a 783c 4345 b0c0 0a12 ecc1 5f77
- The calculated MIC is compared to the captured MIC:
Calculated MIC using EAP frame four with "radiustest" is d0ca 4f2a 783c 4345 b0c0 0a12 ecc1 5f77 Capture MIC is d0ca 4f2a 783c 4345 b0c0 0a12 ecc1 5f77 CALCULATED MICS MATCH!!! Congratulations, the PSK is "radiustest".