1.

Present other method used for breaking WPA2, except the software reaver (min 1 page
max 2 pages).
When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy was created to
give wireless communications confidentiality. WEP, as it became known, proved terribly flawed and
easily cracked. As a replacement, most wireless access points now use Wi-Fi Protected Access II with
a pre-shared key for wireless security, known as WPA2-PSK. WPA2 uses a stronger encryption
algorithm, AES, that's very difficult to crack, but not impossible.
The weakness in the WPA2-PSK system is found in the fact that the encrypted password is
shared using a 4-way handshake. When a client tries to connect at the Access Point(AP), a 4-step
process takes place in order to perform the authentication of the client to the AP(shown in Figure 2):
a. The AP sends a nonce-value to the client station(STA) which starts constructing a
PTK(Pairwise Transient Key);
b. The client station sends its own nonce-value to the AP together with a MIC(Message
Integrity Code) including authentication;
c. The AP sends a GTK(Group Temporal Key) and a sequence number, used in the next
multicast or broadcast frames so that the receiving client can perform basic replay
detection, together with another MIC;
d. The client station sends an acknowledge response to the AP;

Figure 2: WPA 4-way Handshake

If the password can be grabbed during the 4-way handshake, then an attempt to crack the WPA2
can be made. Using the Backtrack Linux OS, along with Aircrack-Ng and a dictionary attack,
grabbing the password from the 4-way handshake can be achieved. The following steps describe the
cracking process of the WPA:
a. Put the Wi-Fi Adapter in Monitor Mode with Airmon-Ng; this is similar to putting a
wireless adapter into promiscuous mode and will allow us to see all of the wireless traffic
that passes by us in the air; this thing can be done by opening a terminal in Backtrack
and typing the airmon-ng start wlan0 command (after this, the wlan0 will be renamed
by the arimon-ng to mon0);
b. Grab the traffic by using the airodump-ng command; the command grabs all the traffic
seen by the wireless adapter after being set in monitor mode and displays critical
information about it (MAC address of the AP also known as BSSID, power, number of

Information Security: WLAN Security

beacon frames, number of data frames, channel, speed, encryption type, and the SSID);
in order to do this, the following command is typed in the terminal: airodump-ng
mon0;
c. Focus Airodump-Ng on one AP on one channel; after finishing the previous step, a list
will be shown in terminal, as shown in Figure 3:

Figure 3: Traffic Grab List

Focusing on one AP, on one channel is done by opening another terminal than the previous
one and type: airodump-ng bssid desired_bssid -c desired_channel write filename mon0
, where:
- desired_bssid is the BSSID of the desired AP( ex. 00:25:9C:97:4F:48);
- desired_channel is the channel the chosen AP is operation on( ex. 6, for the
chosen BSSID from the Figure 3 List);
- filename is the file where the output of the command is written (ex. WPAcrack);
d. Use Aireplay-Ng Deauth; this command is used because, in order to capture the
encrypted password, the client must try and authenticate against the AP. If the client is
already authenticated, we de-authenticate so that his system will automatically reauthenticate him and thus perform the 4-way handshake, from where the encrypted
password can be grabbed. Another terminal is opened and the following command is
typed: aireplay-ng deauth 100 a ap_bssid mon0 (100 represents the number of deauthenticate frames wanted to be sent and ap_bssid the bssid of the AP, for example
00:25:9C:97:4F:48 );
e. Capture the Handshake; when the client re-authenticates, airodump-ng will attempt to
grab his password in the new 4-way handshake; a successful capture is shown by a
message in the terminal which says WPA handshake, as shown in Figure 4.

Figure 4: Successful encrypted password capture

f.

At this step, the encrypted password from the 4-way handshake will be written in the
filename specified at the 3rd step for the airodump-ng command ( in our example,
WPAcrack). At this moment, we will attempt to crack the encrypted password by opening
another terminal and typing the command: aircrack-ng WPAcrack-01.cap -w
2

Information Security: WLAN Security

/pentest/passwords/wordlists/darkc0de; the darkc0de represents the default

password list included with aricrack-ng on BackTrack and the absolute path to the
password file is /pentest/passwords/wordlist/darkc0de;
This process can be relatively slow and tedious. Depending upon the length of the password
list, it can last from a few minutes to a few days. As an example, on a dual core 2.8 gig Intel processor,
a little over 500 passwords per second are approximately tested. That works out to about 1.8 million
passwords per hour..When the password is found, it will be shown on the screen.

2. Present the RC4 algorithm used in WEP (min 1 page max 2 pages).
This stream cipher was invented in 1987 by Ron Rivest, one of the inventors of the RSA public
key cryptography algorithm and co-founders of RSA security. Even though the RC4 cipher is officially
named Rivest Cipher 4, it is also known as Rons Code 4 (RC2, RC5 and RC6 also exist). RC4
had a really large success thanks to its simplicity and efficiency. It was used in many popular standards
and protocols such as WEP, WPA, SSL or TLS. Unfortunately, the cipher has some weaknesses and is
not used anymore in modern protocols.
The RC4 algorithm generates a pseudo-random keystream that is then used to generate the
ciphertext, by performing the XOR operation with the plaintext. The pseudo-random keystream is in
reality a sequence of numbers generated with the approximation properties of random numbers, thus
being called pseudo-random. The sequence of bytes generated is not random since the output is always
the same for a given input but it has to approximate random properties to make it harder to crack. The
keystream is generated from a variable length key using an internal state composed of the following
elements:
1. An array of 256 bytes(denoted S) which contains one of the 256 possible permutations of
these bytes;
2. Two indexes used to point the elements in the S array; 8 bits are necessary for each index,
since the array has 256 elements;
The S array is initialized and shuffled with using the key scheduling algorithm and, after that, is
used and modified with the pseudo-random generation algorithm in order to generate the keystream
mentioned above. The first step consists in initializing the S array with the identity permutation, which
means the values in the array have the equal value to their index. Once the S array has been initialized,
the array is shuffled, using the key to make it a permutation array. Consider two indexes i and j which
are firstly initialized to 0. The following actions are iterated for 256 times in order to make the
permutation:
a. compute j = j + S[i] + key[i mod keylength];
b. swap S[i] and S[j];
c. increment i;
After the 256 iterations have been completed, the S array is properly initialized and is used in the next
stept of the RC4 algorithm to generate the keystream.
The pseudo-random generation step of the algorithm consists in generating a keystream of the
size of the message to encrypt. This algorithm enables us to generate a keystream of any size. In order
to do this, the two indexes are again initialized to 0 and the generation of the keystream starts to take
place one byte at a time, until the size of the message desired to be encrypted is reached. For each byte
needed to be computed, the following actions are performed:
a. Compute new value of i and j:
i := (i + 1) % 256;
j := (j + S[i]) % 256;
b. Swap S[i] and S[j] to have a dynamic state (it makes it obviously harder to crack than if
the state was computed only once and use for the generation of the whole keystream);
c. Retrieve the next byte of the keystream from the S array at the index S[i]+S[j]% 256;
3

Information Security: WLAN Security

Figure 1: RC4 algorithm

After the keystream is generated, the encryption of the plaintext takes place by performing the
XOR operation between the plaintext and the keystream. The decryption process is symmetric to the
encryption, by performing another XOR operation, this time using the ciphertext with the keystream.
It can also be said that, by XOR-ing the plaintext two times in a row with the keystream, the final
result will represent the original plaintext. The encryption and decryption processes are shown in
Figure 1.