Using WPA2 DK PSK (derrived Key) instead of 4Way Handshake
#1
Hi All,

I'm trying to audit WPA2 keys set on a number of branch location sites automatically. The controllers don't keep the plaintext, only the PSK (PBKDF2 derived key) from the following process:

DK = PBKDF2(Passphrase,SSID,SSID.length,2096,256).

There doesn't appear to be a way of feeding this data into oclHashcat ... to my mind the ability to crack this has to be supported due to the existing WPA2 support?

I guess as a workaround, would it be possible to use this data to create a 'fake' 4 way handshake capture, allowing (in a rather backwards) way to achieve this?

Would be interested to know if theres something more complex I haven't considered going on here between the two formats, or if this functionality could be easily supported? A lot of WLAN controllers store the passphrase in this way in on-disk configs and backups etc.

Regards,
TrX


Messages In This Thread
Using WPA2 DK PSK (derrived Key) instead of 4Way Handshake - by TrX - 09-03-2014, 01:27 AM