This document discusses using Amazon's EC2 cloud computing services to crack WPA2-PSK WiFi passwords through brute force attacks in a cost effective manner. Custom code was written to parallelize the cracking process across multiple EC2 instance types. Testing showed that 100 million passwords could be cracked in around 2 months for $240 using this approach. The cloud provides elastic, on-demand computing resources that can be leveraged for password cracking at low cost compared to building your own hardware.
Streamlining Python Development: A Guide to a Modern Project Setup
Cracking wpa2 psk in the cloud
1. Cracking WPA2-PSK in the cloud A Cost Effective Solution For Brute Force Attacks By Fotios Lindiakos and Ed Rowland
2. WPA2-PSKWi-Fi Protected Access II – Pre-shared Key Replaced WPA in 2004 as 802.11i standard Added security replacing TKIP with CCMP (AES) Required for devices with Wi-Fi trademark Two modes Enterprise – requires a Radius Server (802.1x) Personal – 256 bit key created from a string of 64 digits or 8-63 character passphrase Key calculation Passphrase PBKDF2(f) salted w/SSID 4096 iterations of HMAC-SHA1
3.
4. Correct Passphrase “guessed” if tool can calculate the same Message Integrity Code (MIC)Hacking Exposed - Stuart McClure, Joel Scambray, George Kurtz
5. Tools Used Amazon’s EC2 cloud Multiple types of instances running 64 bit Ubuntu 10.04 LTS Aircrack-ng v1.1 Custom web front end Custom code to parallelize processing Laptop/mobile device running aircrack-ng to capture and send capture file to cloud
6. About The EC2 Cloud One of many proprietary web services Amazon offers providing PAAS, IAAS & SAAS Elastic Compute Cloud (EC2) virtualizes compute cycles into EC2 compute units (ECU) One ECU provides the equivalent CPU capacity of a 1.0-1.2 GHz 2007 Opteron or Xeon processor Access to an EC2 instance is via SSH leveraging PKI to encrypt a session key
12. About Custom Code Written in Ruby Front end is a Sinatra web application Back end is a wrapper around aircrack-ng Library handles communicating with EC2 Only 234 lines of code
13. Front End Accepts PCAP from the user Also gets SSID and how many instances to run Creates a “message” for each instance This message is put on a queue waiting for client to come online It contains all the information the client needs Starts cracking instances Waits for results and reports them to the user After a key is found, terminates all clients
14. Back End Pops a message off the queue at boot time Gets the PCAP and full dictionary file Creates smaller wordlists First, makes a list based on “chunk” assigned Breaks that into smaller chunks for reporting purposes Runs aircrack-ng against each chunk Reports progress or the key after every iteration
19. Future Work Utilize other EC2 Instance types High End Cluster with GPU 33.5 ECU and 2 x NVIDIA Tesla “Fermi” M2050 GPUs Optimize cracking client for architecture Fully utilize multiple CPU/core Fully utilize 64 bit capabilities Fully utilize GPU acceleration Look at other cracking tools coWPAtty, Hydra, custom code
20. Conclusion It’s certainly inexpensive and easy to leverage cloud computing to hack WPA2-PSK efficiently As long as you have an adequate dictionary The attack can be prioritized based on Cost Use cheaper instances, regardless of time Time Use most powerful instances, regardless of cost
Hinweis der Redaktion
Micro Instance 613 MB of memory, up to 2 ECUs (for short periodic bursts)Small Instance (Default) 1.7 GB of memory, 1 EC2 Compute Unit (1 virtual core with 1 EC2 Compute Unit)Large Instance 7.5 GB of memory, 4 EC2 Compute Units (2 virtual cores with 2 EC2 Compute Units each)High-CPU Medium Instance 1.7 GB of memory, 5 EC2 Compute Units (2 virtual cores with 2.5 EC2 Compute Units each)High-CPU Extra Large Instance 7 GB of memory, 20 EC2 Compute Units (8 virtual cores with 2.5 EC2 Compute Units each)