Posts: 4
Threads: 1
Joined: Apr 2019
04-05-2019, 03:43 PM
(This post was last modified: 04-05-2019, 03:44 PM by melmansuri.)
Hello community !
I am trying to compare these two attacks and I am analysing which packets are intercepted by the Wireshark tool and how these packets are created.
For the 4-Way handshake I understand this:
First there is a value called PMK. (PMK=PBKDF2(PASSPHRASE, SSID, 4096,32)).
PTK is derived from PMK as follows:
PTK=PRF512(PMK,"Pairwise key expansion",min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce)
The PTK will generate an intercepted value by Wireshark called MIC (MIC=HMAC(PTK[0:16],data)). This packet will be used by Hashcat to crack the password.
For the PMKID I understand this:
First there is a value called PMK (calculated the same way that in the previous attack)
This packet will generate the PMKID (PMKID=HMAC-SHA1(PMK,"PMK Name", MAC_AP,MAC_STA)).
I did both of them using Hashcat and the computation time to crack the password was the same for both. What I don't understand is how is it possible to have the same computation time, if cracking the 4-way handshake performs more hash calculations (PMK-PTK-MIC) than for the PMKID (PMK-PMKID).
Posts: 1,044
Threads: 2
Joined: Jun 2017
04-05-2019, 03:53 PM
(This post was last modified: 04-05-2019, 03:55 PM by ZerBea.)
How did you measure it?
My results:
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit08
hashcat (v5.1.0-855-g9ced13cc) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-EAPOL-PBKDF2
Hash.Target......: test.hccapx
Time.Started.....: Fri Apr 5 15:48:34 2019 (2 secs)
Time.Estimated...: Fri Apr 5 15:48:36 2019 (0 secs)
Guess.Base.......: File (digit08)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 493.3 kH/s (5.52ms) @ Accel:256 Loops:64 Thr:32 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/2 (0.00%) Salts
Progress.........: 840686/840686 (100.00%)
Rejected.........: 0/840686 (0.00%)
Restore.Point....: 420343/420343 (100.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1
Candidates.#1....: 18841836 -> 99989998
Hardware.Mon.#1..: Temp: 58c Fan: 34% Util: 92% Core:1835MHz Mem:5005MHz Bus:16
real 0m9,898s
user 0m7,541s
sys 0m0,933s
$ time hashcat -m 16800 test.16800 digit08
hashcat (v5.1.0-855-g9ced13cc) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PMKID-PBKDF2
Hash.Target......: test.16800
Time.Started.....: Fri Apr 5 15:48:58 2019 (1 sec)
Time.Estimated...: Fri Apr 5 15:48:59 2019 (0 secs)
Guess.Base.......: File (digit08)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 503.9 kH/s (5.52ms) @ Accel:256 Loops:64 Thr:32 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/2 (0.00%) Salts
Progress.........: 840686/840686 (100.00%)
Rejected.........: 0/840686 (0.00%)
Restore.Point....: 420343/420343 (100.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1
Candidates.#1....: 18841836 -> 99989998
Hardware.Mon.#1..: Temp: 61c Fan: 38% Util: 82% Core:1873MHz Mem:5005MHz Bus:16
real 0m5,127s
user 0m2,792s
sys 0m0,821s
looking faster, for me!
Posts: 4
Threads: 1
Joined: Apr 2019
I used this command for the PMKID attack: "./hashcat -a 3 -m 16800 pmkid_file.16800 ?s?d?d?d?d?d?l?u --force --kernel-accel=1 -w 4" I used the mask ?s?d?d?d?d?d?l?u because I knew that the password was "$10371aF", that will help to do the computation quickly.
For the 4-way handshake I used this command: ./hashcat -a 3 -m 2500 deauth.hccapx ?s?d?d?d?d?d?l?u --force --kernel-accel=1 -w 4.
For both of them I had 50 minutes as the "Time Estimated".
The difference between us is that I used a complexe password to be cracked.
Posts: 1,044
Threads: 2
Joined: Jun 2017
04-05-2019, 04:25 PM
(This post was last modified: 04-05-2019, 04:35 PM by ZerBea.)
How do you know, how complex my both PSKs are!
and you didn't answer my first question:
How did you measure it?
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...
real 0m12,719s
user 0m7,575s
sys 0m0,917s
$ time hashcat -m 16800 test.16800 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...
real 0m7,171s
user 0m2,856s
sys 0m0,934s
still looking faster for me!
Posts: 4
Threads: 1
Joined: Apr 2019
In your first message there is a field called "Time estimated", so I used this field to determine how long it takes each one of them. I hope I answered to your question. However my question is why one is faster than another according your example.
Posts: 1,044
Threads: 2
Joined: Jun 2017
04-05-2019, 04:51 PM
(This post was last modified: 04-05-2019, 04:55 PM by ZerBea.)
1. Calculating of PMKID is faster
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
2. You run hashcat with default nonce-error-corrections on WPA-EAPOL-PBKDF2, so every md5 (WPA1) or sha (WPA2)
or aes (WPA2 key ver 3) calculation is performed 8 times for big endian and little endian anonces.
If you are sure your captured handshake is ok, run --nonce-error-corrections=0
that will make hashcat faster
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=128 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...
real 0m15,633s
user 0m7,852s
sys 0m1,074s
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...
real 0m11,981s
user 0m7,643s
sys 0m0,909s
use time to calculate the real time:
https://linuxize.com/post/linux-time-command/
and to retrieve real(!) values of execution time
Posts: 5,185
Threads: 230
Joined: Apr 2010
The main time for computation is in the PBKDF2 (99.99999%, well not exactly but you get the point), not anything after that. Therefore anything after that PBKDF2 can be seen as almost not existent.
Posts: 1,044
Threads: 2
Joined: Jun 2017
As Atom said, PBKDF2 will cost us much time!
Now we drop PBKDF2:
$ time hashcat -m 2501 test.hccapx --nonce-error-corrections=0 foundhashcat.pmk
hashcat (v5.1.0-855-g9ced13cc) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-EAPOL-PMK
Hash.Target......: test.hccapx
Time.Started.....: Fri Apr 5 17:02:31 2019 (0 secs)
Time.Estimated...: Fri Apr 5 17:02:31 2019 (0 secs)
Guess.Base.......: File (foundhashcat.pmk)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 32466.6 kH/s (0.00ms) @ Accel:1024 Loops:1024 Thr:32 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/2 (0.00%) Salts
Progress.........: 693154/693154 (100.00%)
Rejected.........: 0/693154 (0.00%)
Restore.Point....: 346577/346577 (100.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1
real 0m9,455s
user 0m6,805s
sys 0m0,733s
$ time hashcat -m 16801 test.16800 foundhashcat.pmk
hashcat (v5.1.0-855-g9ced13cc) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PMKID-PMK
Hash.Target......: test.16800
Time.Started.....: Fri Apr 5 17:03:47 2019 (0 secs)
Time.Estimated...: Fri Apr 5 17:03:47 2019 (0 secs)
Guess.Base.......: File (foundhashcat.pmk)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 66574.7 kH/s (0.00ms) @ Accel:1024 Loops:512 Thr:32 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/2 (0.00%) Salts
Progress.........: 693154/693154 (100.00%)
Rejected.........: 0/693154 (0.00%)
Restore.Point....: 346577/346577 (100.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1
real 0m4,794s
user 0m2,166s
sys 0m0,707s
Posts: 4
Threads: 1
Joined: Apr 2019
(04-05-2019, 04:53 PM)atom Wrote: The main time for computation is in the PBKDF2 (99.99999%, well not exactly but you get the point), not anything after that. Therefore anything after that PBKDF2 can be seen as almost not existent.
So if I get your point, the two attacks take the same time because both of them use PBKDF2 in the beginning and the other functions (SHA-1 and PRF512) are faster calculating the hashes. So the only time to consider is the PBKDF2 function.
Posts: 1
Threads: 0
Joined: Jun 2019
retrieve real values of execution time
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...
real 0m10,981s
user 0m8,643s
sys 0m0,921s
use time to calculate the real time using time command:
time command
|