Implement new WPA/WPA2 attack - PMKID

[kimocoder]

More information may be found at https://hashcat.net/forum/thread-7717.html
Which include a write-up on the matter.

[binarymaster]

Please specify the exact new method name, so others wouldn't open duplicate issues.

[kcdtv]

Maybe in a first time simply add a new option in aircrack-ng where the user would have to enter manually the two macs and the PMKID (which can be gathered very easly - and fast - with wpa_supplicant) . The only thing that i don't have clear is what is the "PMK name" in the formula:
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
Than you can see how to implement that cleverly in the whole suite. A key point would be to be able to get to the first EAPOL in monitor mode. Maybe with a new option in aireplay-ng or an extra tag used with option -1?

[aircrack-ng]

BSSID is already an option, so there would only be a need for STA which could be also useful for regular cracking where there are handshakes from different stations.

Alternatively, it can be fed the first EAPOL packet that should contain all the information needed.

[kimocoder]

PMKID attack has been included in wifite2.
The release tag is here

[jbenden]

Could someone post a capture file to be used in unit-testing this new feature? I also request that the correct results of each component of the formula (for the unit-test file) be included, too.

Thanks,
-Joe

[ZerBea]

testfile.zip
Attached test file. This file is from the old darkircop web site.

$ hcxpcaptool -z test.16800 test.pcap
start reading from test.pcap
summary:
file name....................: test.pcap
file type....................: pcap 2.4
file hardware information....: unknown
file os information..........: unknown
file application information.: unknown
network type.................: DLT_IEEE802_11 (105)
endianess....................: little endian
read errors..................: flawless
packets inside...............: 2
skipped packets..............: 0
packets with FCS.............: 0
warning......................: zero value timestamps detected
beacons (with ESSID inside)..: 1
EAPOL packets................: 1
EAPOL PMKIDs.................: 1

1 PMKID(s) written to test.16800

warning......................: zero value timestamps detected
Means that it was cleaned by wpaclean.
Please think about an improvement of wpaclean. Many users still use wpaclean, so it would be nice, if you add original timestamps.

BTW:
PMKID support is a great improvement for aircrack-ng suite!
If you have some more questions, feel free to contact me.

[ZerBea]

This is the second part. It's a simple code example to calculate the PMKID using libcrypto:
pmkidtest.c.zip
gcc pmkidtest.c -o pmkidtest -lcrypto
Result is the calculated PMKID for the PMK of the test.pcap.
The HMAC function is the same that you use to calculate the MIC for a WPA2 EAPOL.
So calculating a PSK from a PMKID is a little bit faster than calculating the PSK from EAPOL,
because we do not need PKE and PTK.

[ZerBea]

If you decide to implement an active attack vector (aireplay-ng, besside-ng), do not trust in the RSN-IE of the beacon. Instead do a proberequest and clone the RSN-IE from the probersponse for you your association. Write proberesponse, authentication (request/response), associationrequest, associationresponse and M1 to the cap file (besside-ng). That will make life easier for online hash crackers.
Also RSN-IE doesn't have a fixed len and some ap's deliver a zeroed PMKID on the first connect attempt.

[Merfi745]

Hello. dump axis BSSID: 28-10-7B-94-BB-29
pmkid pcapng: http://rgho.st/6ZrWQqLzM
pass: 15211521

[ZerBea]

@Merfi745.
Good example. Can also be used for this feature request:
#1912

[jbenden]

Currently running all local tests.

Big thanks for the help with this one!

-Joe