4-Way Handshake vs PMKID
#1
Wink 
Hello community !

I am trying to compare these two attacks and I am analysing which packets are intercepted by the Wireshark tool and how these packets are created. 

For the 4-Way handshake I understand this:
First there is a value called PMK. (PMK=PBKDF2(PASSPHRASE, SSID, 4096,32)).
PTK is derived from PMK as follows: 
PTK=[font=Consolas, Menlo, Monaco,]PRF512(PMK,[font=Consolas, Menlo, Monaco,]"Pairwise key expansion",min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce)[/font][/font]

[font=Consolas, Menlo, Monaco,]The PTK will generate an intercepted value by Wireshark called MIC (MIC=HMAC(PTK[0:16],data)). This packet will be used by Hashcat to crack the password.[/font]

[font=Consolas, Menlo, Monaco,]For the PMKID I understand this: [/font]
[font=Consolas, Menlo, Monaco,]First there is a value called PMK (calculated the same way that in the previous attack)[/font]
[font=Consolas, Menlo, Monaco,]This packet will generate the PMKID (PMKID=HMAC-SHA1(PMK,"PMK Name", MAC_AP,MAC_STA)).[/font]

[font=Consolas, Menlo, Monaco,]I did both of them using Hashcat and the computation time to crack the password was the same for both. What I don't understand is how is it possible to have the same computation time, if cracking the 4-way handshake performs more hash calculations (PMK-PTK-MIC) than for the PMKID (PMK-PMKID).[/font]
Reply
#2
How did you measure it?


My results:

$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit08
hashcat (v5.1.0-855-g9ced13cc) starting...

Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-EAPOL-PBKDF2
Hash.Target......: test.hccapx
Time.Started.....: Fri Apr 5 15:48:34 2019 (2 secs)
Time.Estimated...: Fri Apr 5 15:48:36 2019 (0 secs)
Guess.Base.......: File (digit08)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 493.3 kH/s (5.52ms) @ Accel:256 Loops:64 Thr:32 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/2 (0.00%) Salts
Progress.........: 840686/840686 (100.00%)
Rejected.........: 0/840686 (0.00%)
Restore.Point....: 420343/420343 (100.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1
Candidates.#1....: 18841836 -> 99989998
Hardware.Mon.#1..: Temp: 58c Fan: 34% Util: 92% Core:1835MHz Mem:5005MHz Bus:16

real 0m9,898s
user 0m7,541s
sys 0m0,933s



$ time hashcat -m 16800 test.16800 digit08
hashcat (v5.1.0-855-g9ced13cc) starting...

Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PMKID-PBKDF2
Hash.Target......: test.16800
Time.Started.....: Fri Apr 5 15:48:58 2019 (1 sec)
Time.Estimated...: Fri Apr 5 15:48:59 2019 (0 secs)
Guess.Base.......: File (digit08)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 503.9 kH/s (5.52ms) @ Accel:256 Loops:64 Thr:32 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/2 (0.00%) Salts
Progress.........: 840686/840686 (100.00%)
Rejected.........: 0/840686 (0.00%)
Restore.Point....: 420343/420343 (100.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1
Candidates.#1....: 18841836 -> 99989998
Hardware.Mon.#1..: Temp: 61c Fan: 38% Util: 82% Core:1873MHz Mem:5005MHz Bus:16

real 0m5,127s
user 0m2,792s
sys 0m0,821s

looking faster, for me!
Reply
#3
I used this command for the PMKID attack: "./hashcat -a 3 -m 16800 pmkid_file.16800 ?s?d?d?d?d?d?l?u --force --kernel-accel=1 -w 4" I used the mask ?s?d?d?d?d?d?l?u because I knew that the password was "$10371aF", that will help to do the computation quickly.

For the 4-way handshake I used this command: ./hashcat -a 3 -m 2500 deauth.hccapx ?s?d?d?d?d?d?l?u --force --kernel-accel=1 -w 4.

For both of them I had 50 minutes as the "Time Estimated".

The difference between us is that I used a complexe password to be cracked.
Reply
#4
How do you know, how complex my both PSKs are!
and you didn't answer my first question:
How did you measure it?


$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...

real    0m12,719s
user    0m7,575s
sys    0m0,917s


$ time hashcat -m 16800 test.16800 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...

real    0m7,171s
user    0m2,856s
sys    0m0,934s

still looking faster for me!
Reply
#5
In your first message there is a field called "Time estimated", so I used this field to determine how long it takes each one of them. I hope I answered to your question. However my question is why one is faster than another according your example.
Reply
#6
1. Calculating of PMKID is faster
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)

2. You run hashcat with default nonce-error-corrections on WPA-EAPOL-PBKDF2, so every md5 (WPA1) or sha (WPA2)
or aes (WPA2 key ver 3) calculation is performed 8 times for big endian and little endian anonces.
If you are sure your captured handshake is ok, run --nonce-error-corrections=0
that will make hashcat faster

$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=128 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...

real 0m15,633s
user 0m7,852s
sys 0m1,074s

$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...

real 0m11,981s
user 0m7,643s
sys 0m0,909s

use time to calculate the real time:
https://linuxize.com/post/linux-time-command/
and to retrieve real(!) values of execution time
Reply
#7
The main time for computation is in the PBKDF2 (99.99999%, well not exactly but you get the point), not anything after that. Therefore anything after that PBKDF2 can be seen as almost not existent.
Reply
#8
As Atom said, PBKDF2 will cost us much time!

Now we drop PBKDF2:

$ time hashcat -m 2501 test.hccapx --nonce-error-corrections=0 foundhashcat.pmk
hashcat (v5.1.0-855-g9ced13cc) starting...

Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-EAPOL-PMK
Hash.Target......: test.hccapx
Time.Started.....: Fri Apr 5 17:02:31 2019 (0 secs)
Time.Estimated...: Fri Apr 5 17:02:31 2019 (0 secs)
Guess.Base.......: File (foundhashcat.pmk)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 32466.6 kH/s (0.00ms) @ Accel:1024 Loops:1024 Thr:32 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/2 (0.00%) Salts
Progress.........: 693154/693154 (100.00%)
Rejected.........: 0/693154 (0.00%)
Restore.Point....: 346577/346577 (100.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1

real 0m9,455s
user 0m6,805s
sys 0m0,733s


$ time hashcat -m 16801 test.16800 foundhashcat.pmk
hashcat (v5.1.0-855-g9ced13cc) starting...

Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PMKID-PMK
Hash.Target......: test.16800
Time.Started.....: Fri Apr 5 17:03:47 2019 (0 secs)
Time.Estimated...: Fri Apr 5 17:03:47 2019 (0 secs)
Guess.Base.......: File (foundhashcat.pmk)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 66574.7 kH/s (0.00ms) @ Accel:1024 Loops:512 Thr:32 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/2 (0.00%) Salts
Progress.........: 693154/693154 (100.00%)
Rejected.........: 0/693154 (0.00%)
Restore.Point....: 346577/346577 (100.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1

real 0m4,794s
user 0m2,166s
sys 0m0,707s
Reply
#9
(04-05-2019, 04:53 PM)atom Wrote: The main time for computation is in the PBKDF2 (99.99999%, well not exactly but you get the point), not anything after that. Therefore anything after that PBKDF2 can be seen as almost not existent.

So if I get your point, the two attacks take the same time because both of them use PBKDF2 in the beginning and the other functions (SHA-1 and PRF512) are faster calculating the hashes. So the only time to consider is the PBKDF2 function.
Reply
#10
retrieve real values of execution time

$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...

real 0m10,981s
user 0m8,643s
sys 0m0,921s

use time to calculate the real time using time command:
time command
Reply