Download presentation
Presentation is loading. Please wait.
1
Breaking WPS with Reaver
Ian Miller & Zach Shepherd
2
What is WPS WiFi Protected Setup Introduced in 2006
Included in most major brand routers WPS is typically enabled by default Intended to make setting up “easy” for users
3
WPS Modes PIN Internal Registrar External Registrar
The client device has a PIN that must be entered into the the AP interface to setup. External Registrar The AP has a unique PIN that must be entered into the client device to allow it to connect Push Button Connect The AP and client device press a button within a timeout period which initiates connection.
4
The Exploit WPS requires PIN/External registrar to be supported
WPS PIN is 8 digits This gives 10^8 or 10,000,000 possible combinations WPS reports back with a NACK if the first 4 digits are incorrect Reduces entropy of first half to 10^4 or 10,000 combinations WPS then reports on the the final 4 digits Last digit is a checksum So entropy is reduced to 10^3 for the last half or 1,000 combinations. So, it only needs to check 11,000 combinations in the worst case. Each authentication check takes .5-3 seconds.
5
Reaver A script that implements the exploit
Takes from seconds to 10 hours to crack Average is about 4 hours Sometimes the default PIN is still used Takes almost no time at all Included in Backtrack 5 and in Kali Very easy for anyone to use
6
Reaver In Action - Using Airodump
7
Reaver In Action- Copy the BSSID
8
Reaver In Action- Start Running
Now all we have to do is type reaver -i moninterface -b bssid -vv So using the previous example we would type reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv Reaver will now start trying a series of PINs
9
Reaver In Action- After Running
10
Solutions Disable WPS Have a timeout after incorrect attempts
Doesn’t always work Not viable for average user Have a timeout after incorrect attempts Usually have to buy a “newer” router Change the firmware on your router Use a program like DD-WRT Lock your WPS Pin in router settings
11
Q&A
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.