7

I am pretty new to the domain of wireless security and am trying to understand the various techniques used for compromising wireless networks. There are a few things that I am not able to correlate and need help understanding them.

(I understand that WEP is no longer recommended but I am just trying to understand some underlying concepts here.)

  1. Why do I need to bother to BREAK the WEP or WPA keys (maybe using a tool like aircrack-ng)?

Can't I just de-authenticate a client (using aireplay-ng) and then present the client with a fake AP (impersonating a legitimate one) and then, when the client tries to reconnect to the AP, simply capture packets in monitor mode and sniff the key out from those?

In fact, is the fake AP even required here? I mean, even without hosting a fake AP, I could still sniff the PSK from a monitor mode capture (say using tools like Wireshark/Kismet/Cain etc.) - correct?

  1. When we talk about PSK in case of WPA/WPA2, I understand that the PSK (the PMK and PTK finally) are used to encrypt all the data exchange. As per my understanding the PSK is not transmitted over the network by either the client or the AP during the connection/authentication process. It's just the initial nonce that is exchanged and thereafter it is the calculated PTK that is exchanged and it is the MIC that is used for verification. Is my understanding correct?

  2. If my understanding of point 2 is correct, the 4-way handshake is not encrypted, correct? And this 4-way handshake can still be eavesdropped on (maybe through a monitor mode capture or using tools like Kismet/Wireshark/airodump-ng etc.) correct?

Please let me know if I am missing something and any pointers to references will also be helpful.

charlesreid1
  • 117
  • 9
qre0ct
  • 1,492
  • 3
  • 19
  • 30
  • ...so? I'm confused how point 3 means "I can read traffic using monitor mode;" without the PSK/PMK, an attacker who sniffs the handshake cannot derive the PTK. Thus, they cannot decrypt traffic unless they get the key. – cpast Mar 22 '15 at 06:43
  • That's true. I agree that the attacker can not decrypt traffic unless he gets the key and that's exactly what I am trying to understand...the different techniques that an attacker may use to compromise the key. – qre0ct Mar 22 '15 at 06:56

1 Answers1

14

Your point 2 is a bit inaccurate. The PTK is never sent over the air in WPA; it is computed from the PMK, an AP nonce, a client nonce, the AP MAC address, and the client MAC address (this is "key exchange", but the PTK never gets transmitted). Without the PMK, an attacker who sniffs the data can't discover the PTK without doing a brute-force attack (essentially, the client sends a MAC with their nonce, using a key which is part of the PTK; the attacker tries various passphrases, computes PMK and PTK using those passphrases, and then verifies the MAC). So the attacker can sniff the handshake, but it doesn't really help them with things that aren't brute-force.

As to your point 1: The whole point of a PSK is that it authenticates both sides. If you don't know the PSK, then you can't know the PTK derived by the client. That means that your fake AP won't be able to impersonate the real one, because you can't decrypt the data the client sends you (and can't send a valid MAC on the GTK, so even initial association will fail). And, as mentioned, monitor mode doesn't help because the keys themselves are not transmitted over the air; all a handshake gives you is enough to try a brute-force, but it doesn't give you the keys directly.

cpast
  • 7,223
  • 1
  • 29
  • 35
  • Ok. I think the last point that you mentioned in your answer, "monitor mode doesn't help because the keys themselves are not transmitted over the air; all a handshake gives you is enough to try a brute-force, but it doesn't give you the keys directly", clears most of my confusion. Thanks. – qre0ct Mar 22 '15 at 06:59