Reply
Wps attacks
Replies: 2   Views: 1691  Subscribers: 0

Posted by luc · 26-03-2012 - 01:07

Edited by luc · 12-11-2012 - 02:49
Project Title:­
WPS Attack Range-finding

­Problem Domain:­
Tactical Network Solutions ­[1]­ recently produced a piece of software that enacts an active attack on the Wi-Fi Protected Setup (WPS) that enables the recovery of passphrases and in some cases router configuration. This is detailed fully in ­[2]­.

As an active attack this causes issues of being within range of the target access point, and so this exercise is to see, on a budget, if an active attack can be performed and what are the range limits of this.

­Initial Progress:­
For this purpose a simple wireless adaptor, an ALFA AWUS036H 1000mW ­[3]­, a Raspberry Pi ­[4]­ (still in procurement) and a 25dBi yagi antenna ­[5]­ is to be used. Then, further experimentation with variant wireless adaptors, and modifications of the antenna are to be used.

As an aside battery options will be tested, given the intent of leaving the device for an unattended attack therefore reducing contact time in the vicinity of the target.

­ToDo:­
1. Finalise procurement of Raspberry Pi
2. Begin testing ranges with the ALFA wireless adaptor
3. Consider modifications, such as pringle-cans and a parabolic dish ­[6]­[7]­

Posted by reece · 26-03-2012 - 01:38

Edited by reece · 12-11-2012 - 04:06
Interesting project, and just as a disclaimer of course this is for learning purposes only to better understand the technical nature of WiFi, encryption and security. This is not intended to be used for malicious purposes.

As a side note, luc is a research engineer in this field and to be within the law (and so we are not promoting illicit practices) you must have the permission of the owner of the said network and hardware in order to test this. 

Do not use what is stated her for malicious purposes. CodeConsortium can not take any responsibility for misuse of this information. Please respect other peoples privacy!

­Uk Data Protection Act 1998­
­Uk Computer Misuse Act 1990­
­The Privacy and Electronic Communications (EC Directive) Regulations 2003­

­European Commission - Justice - Data Protection­

­18 USC § 1030 - FRAUD AND RELATED ACTIVITY IN CONNECTION WITH COMPUTERS­ 

Please lookup the regulations and laws for your own country of residence. These links provided are as a courtesy and may not apply to your own country of residence.

Also of further note, though potentially unrelated, if you engage in compiling software for this project please be aware any encryption software you compile may possibly be in violation of your country of residences law. Some countries prohibit the compilation of encryption software by its citizens.

Now thats out of the way, to move onto most interesting notes, to clarify for those interested the parabolic dish and Pringles(c) tube are for extending range and fine tuning reception, please be aware, if using a parabolic dish and metallic tube, it must be pointed in the direction of the WiFi source (router etc) in order for it to work.

For those not aware already, the Raspberry Pi is a small embedded computer, running an ARM processor. For more information on Raspberry Pi and getting yourself one, visit there website ­here­. Other alternatives to Raspberry Pi are also available such as the ­Panda Board­, ­Beagle Board­ and many others, or you can go for a custom built device using a SoC and build it yourself (though i advice you just buy one of the 3 linked above.­

Posted by luc · 16-05-2012 - 02:36

Project Update­

So I now have a Raspberry Pi (picture of mine in a case ­here­), after much waiting. Next stage is to get an SD card that actually works for it; which for those wondering I'd check out ­this link­.

Next stage is getting it working with the ALFA adapter, which shouldn't be problem. Will have a picture of it all hooked up, and hopefully on a hard float spin of Gentoo.

­Update:­
Right, Gentoo is now up and running on the board, so the next stage is getting the WPS cracking code up and running, getting a cheap WPS router that is susceptible to this, and then either buy several or work out a way to reset the registrar.

I think that with the Pi, a battery pack for it, the wireless adaptor that will be quite a big unit to attach to the antenna. Might have to see if other boards will work with it.­