Passwords for WPA / WPA2 using a video card
Hi, Habr!
Today I will tell and show you how you can use all the power of your video cards for brute force Wi-Fi passwords. Somehow, it’s not comical today to use only processor power for these tasks (in particular, aircrack-ng ), when 80% of computers have a video card. Therefore, it is wise to use all the potential power of your systems. Namely, it will be about the great pyrit program.
A little bit about the program:
Pyrit allows you to create huge databases for computing WPA / WPA2-PSK authentication. Using the computing power of multi-core and other platforms through ATI-Stream, Nvidia CUDA and OpenCL, is by far the most powerful attack against one of the most frequently used protocols in the world of security.
WPA / WPA2-PSK is a subset of the IEEE 802.11 WPA / WPA2 standard, which complicates key distribution and client authentication by assigning each participating Pre-Shared Key. This master key is obtained from the password that the user needs to pre-configure, for example, on his laptop and access point. When a laptop creates a connection with an access point, a new session key comes from the master key for encryption and authentication. When the laptop creates a connection to an access point, a new session key is generated based on the master key to encrypt and authorize subsequent traffic. “Savings” on using a single master key instead of individual keys for each user simplifies the deployment of WPA / WPA2 networks in homes and small offices at the cost of protocol vulnerabilities to the brute force key-transfer phase. This allows you to fully reveal the password that protects the network.
What is the profit? Compare the amount of pmk / s to aircrack-ng and pyrit:
')
It is reasonable to note that all actions were carried out in ubuntu 10.04 R2 x86_64 with Ati R6950 Twin Frozr III video card.
(Ie, everything is true for any ubuntu-like systems, in particular for backtrack 5, with minimal differences for 32 and 64 bit systems).
Installation
List of required programs:
1. AMD driver 11.6
2. AMD APP SDK 2.4 tyrk 1 tyrk 2
3. Pyrit svn checkout pyrit.googlecode.com/svn/trunk pyrit_svn
4. Calpp ++ tyrk
1. Driver installation:
2. Installing AMD APP SDK 2.4:
At the bottom of this file, add the following lines:
export AMDAPPSDKROOT
export AMDAPPSDKSAMPLESROOT
export AMDAPPSDKROOT = / home / user / AMD-APP-SDK-v2.4-lnx64
export AMDAPPSDKSAMPLESROOT = / home / user / AMD-APP-SDK-v2.4-lnx64 / samples
export LD_LIBRARY_PATH = $ AMDAPPSDKROOT / lib / x86: $ AMDAPPSDKROOT / lib / x86_x64: $ LD_LIBRARY_PATH
! Change / user / to your username
It is reasonable to note that the above option works for systems of any capacity.
Logout
3. Register icd-registration:
IMPORTANT!
Some English-language manuals describe the installation of both technologies that use Ati cards to interact directly with the card, this is OpenCL that is morally and physically outdated for this business , and Calpp with libboost libraries, which we will use.
4. Install Calpp:
We fix FIND_LIBRARY with the following values:
FIND_LIBRARY (LIB_ATICALCL aticalcl PATHS "/home/user/AMD-APP-SDK-v2.4-lnx64/lib/x86_64/")
FIND_LIBRARY (LIB_ATICALRT aticalrt PATHS "/home/user/AMD-APP-SDK-v2.4-lnx64/lib/x86_64/")
FIND_PATH (LIB_ATICAL_INCLUDE NAMES cal.h calcl.h PATHS "/home/user/AMD-APP-SDK-v2.4-lnx64/include/CAL")
5. Installing pyrit:
This completes the installation.
Check the installation is correct:
Using
1. We look at the available processor cores / graphics cards:
2. Run the evaluation test:
output (the amount of pmk / s will naturally depend on your video card):
# 1: 'CAL ++ Device # 1' ATI CYPRESS '': 82426.3 PMKs / s (RTT 2.4)
# 2: 'CPU-Core (SSE2)': 643.5 PMKs / s (RTT 3.0)
# 3: 'CPU-Core (SSE2)': 655.1 PMKs / s (RTT 3.0)
# 4: 'CPU-Core (SSE2)': 691.0 PMKs / s (RTT 2.9)
# 5: Network-Clients: 0.0 PMKs / s (RTT 0.0)
It is reasonable to note that 1 video card replaces 1 processor core, i.e. if you have 2 or more cards, or a dual-chip card, the output will be as follows:
# 1: 'CAL ++ Device # 1' ATI CYPRESS '': 82426.3 PMKs / s (RTT 2.4)
# 2: 'CAL ++ Device # 2' ATI JUNIPER '': 41805.7 PMKs / s (RTT 2.6)
# 3: 'CPU-Core (SSE2)': 655.1 PMKs / s (RTT 3.0)
# 4: 'CPU-Core (SSE2)': 691.0 PMKs / s (RTT 2.9)
# 5: Network-Clients: 0.0 PMKs / s (RTT 0.0)
Further, all the above actions are based on the fact that you already have a .cap file with an intercepted handshake ( how to intercept the handshake ).
IMPORTANT!
In pyrit, you can create entire databases of precompiled hashes for password selection. There are 2 options for storing and using these databases:
Option 1 - storing the database in the user's hidden home folder. I call it mobile, i.e. A file with 1 million frequently encountered passwords is taken, after which any essids are added to it for a quick check (1 million words + 1 essid on my card is approximately a minute of time).
Pros :
The file with passwords filled 1 time and forgot (you can upload as many as you like, but not desirable)
Any number of essids with any names.
Small time costs
Cons :
When using dictionaries of more than 20 million and at least 10 different essid'ov time is spent much more.
Conclusion - the pros smoothly flow into the minuses and vice versa. From myself, I note that this is ideal when there is a punching dictionary of up to 1 million words, which allows you to check different .cap files at high speed.
Example of use :
Option 2 - storing the database in any specified user folder. This is a more solid approach to business. Allows you to create a base for specific essids and a specific number of passwords, i.e. a file with 100 million passwords is taken, after which any essids with unique names are added to it. After that, the base is compiled and attached to specific essid'am that you poured into it. After compilation the speed increases 5-7 times. You will say a great option, and you will be right, but of course there is a spoon of dekty :) the catch lies in the compile time, which naturally depends on the number of passwords and essids and makes up a long time.
Pros :
Suppose 1 base on 10 unique essid'ov can be used for any access points, provided that the point name coincides with that which is in the database. Those. if two of your neighbors have the name of the dlink access point, but naturally different mac-addresses, this will NOT prevent you from sorting through their base without creating a new base.
Speed
Tremendous speed
Made 1 base for the most common essids and check them for the minimum time in any !!! quantities.
Cons :
Compile time
It takes a lot of hard disk space.
Conclusion - dry facts about my base: 850 million words, 24 essid'a, 32 hours of compiling, 650.000 pmk / s brute force on the base, weight 240 gb.
Naturally, with a smaller number of passwords and essids, time costs are reduced in direct proportion. Worth it or not, everyone decides for himself.
Example of use :
Conclusion
For those who are constantly / professionally engaged in the selection of passwords for Wi-Fi, the presence of such programs makes life much easier. Nowadays, it’s a sin not to use all the power of your hardware, it’s not for nothing that we upgrade :) ( I’ll remind you once again of the difference - bust on a processor ~ 3.000 pmk / s, brute-force on a video card ~ 85.000 pmk / s ). A few words about analogs - this is the program commview for wifi , made under Windows, I did not see it in my eyes and did not touch it, because itstinks, I do not use Windows. It is, of course, paid ($ 500 profit).
Related Links:
pyrit
aircrack-ng
Today I will tell and show you how you can use all the power of your video cards for brute force Wi-Fi passwords. Somehow, it’s not comical today to use only processor power for these tasks (in particular, aircrack-ng ), when 80% of computers have a video card. Therefore, it is wise to use all the potential power of your systems. Namely, it will be about the great pyrit program.
A little bit about the program:
Pyrit allows you to create huge databases for computing WPA / WPA2-PSK authentication. Using the computing power of multi-core and other platforms through ATI-Stream, Nvidia CUDA and OpenCL, is by far the most powerful attack against one of the most frequently used protocols in the world of security.
WPA / WPA2-PSK is a subset of the IEEE 802.11 WPA / WPA2 standard, which complicates key distribution and client authentication by assigning each participating Pre-Shared Key. This master key is obtained from the password that the user needs to pre-configure, for example, on his laptop and access point. When a laptop creates a connection with an access point, a new session key comes from the master key for encryption and authentication. When the laptop creates a connection to an access point, a new session key is generated based on the master key to encrypt and authorize subsequent traffic. “Savings” on using a single master key instead of individual keys for each user simplifies the deployment of WPA / WPA2 networks in homes and small offices at the cost of protocol vulnerabilities to the brute force key-transfer phase. This allows you to fully reveal the password that protects the network.
What is the profit? Compare the amount of pmk / s to aircrack-ng and pyrit:
')
It is reasonable to note that all actions were carried out in ubuntu 10.04 R2 x86_64 with Ati R6950 Twin Frozr III video card.
(Ie, everything is true for any ubuntu-like systems, in particular for backtrack 5, with minimal differences for 32 and 64 bit systems).
Installation
List of required programs:
1. AMD driver 11.6
2. AMD APP SDK 2.4 tyrk 1 tyrk 2
3. Pyrit svn checkout pyrit.googlecode.com/svn/trunk pyrit_svn
4. Calpp ++ tyrk
1. Driver installation:
chmod +x ati-driver-installer-11-5-x86.x86_64.run
sudo ./ati-driver-installer-11-5-x86.x86_64.run
sudo reboot2. Installing AMD APP SDK 2.4:
cp /home/user/Downloads/AMD-APP-SDK-v2.4-lnx64.tgz /home/user
cd /home/user
tar -xvzf AMD-APP-SDK-v2.4-lnx64.tgz
sudo gedit ~/.bashrcAt the bottom of this file, add the following lines:
export AMDAPPSDKROOT
export AMDAPPSDKSAMPLESROOT
export AMDAPPSDKROOT = / home / user / AMD-APP-SDK-v2.4-lnx64
export AMDAPPSDKSAMPLESROOT = / home / user / AMD-APP-SDK-v2.4-lnx64 / samples
export LD_LIBRARY_PATH = $ AMDAPPSDKROOT / lib / x86: $ AMDAPPSDKROOT / lib / x86_x64: $ LD_LIBRARY_PATH
! Change / user / to your username
It is reasonable to note that the above option works for systems of any capacity.
Logout
3. Register icd-registration:
tar xfz $AMDAPPSDKROOT/icd-registration.tgz
sudo cp $AMDAPPSDKROOT/etc /etcIMPORTANT!
Some English-language manuals describe the installation of both technologies that use Ati cards to interact directly with the card, this is OpenCL that is morally and physically outdated for this business , and Calpp with libboost libraries, which we will use.
4. Install Calpp:
sudo apt-get install libboost1.40-all-dev cmake
tar -xvzf calpp-0.90.tar.gz
cd calpp-0.90
sudo gedit CMakeLists.txtWe fix FIND_LIBRARY with the following values:
FIND_LIBRARY (LIB_ATICALCL aticalcl PATHS "/home/user/AMD-APP-SDK-v2.4-lnx64/lib/x86_64/")
FIND_LIBRARY (LIB_ATICALRT aticalrt PATHS "/home/user/AMD-APP-SDK-v2.4-lnx64/lib/x86_64/")
FIND_PATH (LIB_ATICAL_INCLUDE NAMES cal.h calcl.h PATHS "/home/user/AMD-APP-SDK-v2.4-lnx64/include/CAL")
sudo cmake .
sudo make install5. Installing pyrit:
sudo apt-get install g++ python-dev zlib1g-dev libssl-dev python-scapy libpcap0.8 libpcap0.8-dev libpcap-dev
svn checkout pyrit.googlecode.com/svn/trunk pyrit_svn
cd /pyrit_svn/pyrit
sudo python setup.py build install
cd ..
cd cpyrit_calpp
sudo python setup.py build installThis completes the installation.
Check the installation is correct:
pyrit selftestUsing
1. We look at the available processor cores / graphics cards:
pyrit list_cores2. Run the evaluation test:
pyrit benchmark
output (the amount of pmk / s will naturally depend on your video card):
# 1: 'CAL ++ Device # 1' ATI CYPRESS '': 82426.3 PMKs / s (RTT 2.4)
# 2: 'CPU-Core (SSE2)': 643.5 PMKs / s (RTT 3.0)
# 3: 'CPU-Core (SSE2)': 655.1 PMKs / s (RTT 3.0)
# 4: 'CPU-Core (SSE2)': 691.0 PMKs / s (RTT 2.9)
# 5: Network-Clients: 0.0 PMKs / s (RTT 0.0)
It is reasonable to note that 1 video card replaces 1 processor core, i.e. if you have 2 or more cards, or a dual-chip card, the output will be as follows:
# 1: 'CAL ++ Device # 1' ATI CYPRESS '': 82426.3 PMKs / s (RTT 2.4)
# 2: 'CAL ++ Device # 2' ATI JUNIPER '': 41805.7 PMKs / s (RTT 2.6)
# 3: 'CPU-Core (SSE2)': 655.1 PMKs / s (RTT 3.0)
# 4: 'CPU-Core (SSE2)': 691.0 PMKs / s (RTT 2.9)
# 5: Network-Clients: 0.0 PMKs / s (RTT 0.0)
Further, all the above actions are based on the fact that you already have a .cap file with an intercepted handshake ( how to intercept the handshake ).
IMPORTANT!
In pyrit, you can create entire databases of precompiled hashes for password selection. There are 2 options for storing and using these databases:
Option 1 - storing the database in the user's hidden home folder. I call it mobile, i.e. A file with 1 million frequently encountered passwords is taken, after which any essids are added to it for a quick check (1 million words + 1 essid on my card is approximately a minute of time).
Pros :
The file with passwords filled 1 time and forgot (you can upload as many as you like, but not desirable)
Any number of essids with any names.
Small time costs
Cons :
When using dictionaries of more than 20 million and at least 10 different essid'ov time is spent much more.
Conclusion - the pros smoothly flow into the minuses and vice versa. From myself, I note that this is ideal when there is a punching dictionary of up to 1 million words, which allows you to check different .cap files at high speed.
Example of use :
pyrit -i //////. import_passwords
pyrit -r cap-01.cap analyze
pyrit -r cap-01.cap -b 00:11:22:33:44:55 attack_batch
pyrit -r cap-01.cap attack_batchOption 2 - storing the database in any specified user folder. This is a more solid approach to business. Allows you to create a base for specific essids and a specific number of passwords, i.e. a file with 100 million passwords is taken, after which any essids with unique names are added to it. After that, the base is compiled and attached to specific essid'am that you poured into it. After compilation the speed increases 5-7 times. You will say a great option, and you will be right, but of course there is a spoon of dekty :) the catch lies in the compile time, which naturally depends on the number of passwords and essids and makes up a long time.
Pros :
Suppose 1 base on 10 unique essid'ov can be used for any access points, provided that the point name coincides with that which is in the database. Those. if two of your neighbors have the name of the dlink access point, but naturally different mac-addresses, this will NOT prevent you from sorting through their base without creating a new base.
Speed
Tremendous speed
Made 1 base for the most common essids and check them for the minimum time in any !!! quantities.
Cons :
Compile time
It takes a lot of hard disk space.
Conclusion - dry facts about my base: 850 million words, 24 essid'a, 32 hours of compiling, 650.000 pmk / s brute force on the base, weight 240 gb.
Naturally, with a smaller number of passwords and essids, time costs are reduced in direct proportion. Worth it or not, everyone decides for himself.
Example of use :
pyrit -u file:////////.db -i //////. import_passwords
pyrit -u file:////////.db -e linksys create_essid
pyrit -u file:////////.db eval
pyrit -u file:////////.db batch
pyrit -u file:////////.db eval
pyrit -u file:////////.db -r /////cap/output-01.cap attack_db
Conclusion
For those who are constantly / professionally engaged in the selection of passwords for Wi-Fi, the presence of such programs makes life much easier. Nowadays, it’s a sin not to use all the power of your hardware, it’s not for nothing that we upgrade :) ( I’ll remind you once again of the difference - bust on a processor ~ 3.000 pmk / s, brute-force on a video card ~ 85.000 pmk / s ). A few words about analogs - this is the program commview for wifi , made under Windows, I did not see it in my eyes and did not touch it, because it
Related Links:
pyrit
aircrack-ng
Source: https://habr.com/ru/post/122553/
All Articles