# Wireless Security Lab ###### tags: `SUTD` `Security` `Lab` *Done by: Lin Huiqing (1003810)* Web view: https://hackmd.io/@ephemeral-instance/HJq4U4KUu ## Part 1 ### Task 1: Setup an Access Point An access point was set up using a mobile phone.The SSID (labelled "Network Name"), password and security protocol (labelled "Security type") as configured as seen below.  As the protocol is WPA2-Personal instead of WPA2-Enterprise, there is no need for a username. ### Task 2: Capturing Wireless Packets > **Step 1:** Start the Wireshark program. > In order to sniff the packets, you may need to grant Wireshark root privilege by typing `$ sudo wireshark` in a terminal. Wireshark is started by keying `sudo wireshark` into the terminal as seen below.  Wireshark has a GUI which is opened as a new window shown below.  > **Step 2:** Select the WiFi Interface > Click the Capture -> Options in the Wireshark program. Look for the interface for WiFi. Normally, the interface name is wlan0, but it may be a different name that depends on your configuration. For instance, the name of the WiFi interface on my MacBook is “Wi-Fi:en1”. To check the interface name, use the command `iwconfig`.  As seen in the screenshot, the interface name is `wlp2s0`. This is then selected on Wireshark. > **Step 3:** Enable the Monitor Mode > In Monitor Mode, it captures all packets from all SSID in its distance range. Please note that Monitor Mode is different from Promiscuous Mode. For the purpose of this lab, we need to capture all the traffic so that we need to enable the monitor mode. *Note: This step cannot be achieved with some Network Interface Controllers (like mine).* When this is attempted on Wireshark, there is a `Segmentation Fault`. Thus, I tried using the terminal to do so instead. To change the mode of the interface, the network interface has to be put down first. This is followed by changing the mode of the interface to monitor, before finally putting it back up. This is done with the series of commands below. ``` shell # put interface down sudo ifconfig wlp2s0 down # change interface to monitor mode sudo iwconfig wlp2s0 mode monitor # put interface up sudo ifconfig wlp2s0 up ``` The mode of the interface can be checked with `iwconfig`. The output of these commands is shown below.  > **Step 4:** Start Capturing > Click on start in the capture interfaces window and start the capture. Wireshark can start capturing packets from `wlp2s0` as seen below.  ### Task 3: Capturing the Four-way Handshake Wireshark is able to capture the following packets when a phone is used to connect to the computer's access point. Note that these packets are the ones with the EAPOL protocol, and are involved in the Four-way Handshake.  ### Task 4: Cracking WPA2 WiFi Passphrase Using Aircrack-ng The provided file `word_list.txt` is used in this task. `aircrack-ng` can be used to crack the passphrase used in the `wpa.full.cap` file relatively quickly. <!--  -->  The passphrase is found to be "44445555". On the other hand, `aircrack-ng` is not able to crack the passphrase in the `wpa.bad.passphrase.cap` file with the passwords listed in `word_list.txt` as seen below.  ### Questions > Answer the following questions and justify your answers. > a. What is the difference between Monitor Mode and Promiscuous Mode? For Monitor Mode, packets are sniffed from the air from a certain radio frequency band, without connecting to any access point. On the other hand, an interface in promiscuous mode can only sniff packets from an access point when connected to said access point. > b. If the WiFi traffic is on-going, how to crack the WiFi password? A deauth attack can be performed. This attack first sends a deauthentication frame to a client, which is a series of deauth packets which an access point sends to client devices before rebooting or shutting down. When the client receives the frame, it will then try to rejoin the "affected" network. As part of the process, the four-way handshake will be performed. With Monitor Mode, the attacker can then sniff the packets involved in the handshake with packet capturing tools such as Wireshark or airodump-ng. Then through lists of passwords, a dictionary attack can be performed on packets captured from the WiFi traffic. This can be done with tools like aircrack-ng. ## Part 2 ### Task 5: Cracking the WEP Password The passphrase of the packets exchanged in `WEP.cap` can be cracked by `aircrack-ng` as shown below.  The passphrase is found to be `1F:1F:1F:1F:1F`. ### Task 6: Cracking the WEP Packet > **Step 2:** Implement the RC4 Algorithm The RC4 algorithm is implemented based on the pseudo-code provided as follows: ``` python def KSA(key): S = list(range(256)) j = 0 for i in range(256): j = (j + S[i] + key[i % len(key)]) % 256 S[i], S[j] = S[j], S[i] return S def PRGA(S): i = 0 j = 0 while True: i = (i + 1) % 256 j = (j + S[i]) % 256 S[i], S[j] = S[j], S[i] yield S[(S[i] + S[j]) % 256] def RC4(key): S = KSA(key) return PRGA(S) ``` > **Step 3:** Verify Your Results The packets in `WEP.cap` can be viewed using Wireshark. The broadcast packet with SN=1982 is picked out to be decrypted.  In the screenshot above, the necessary information which are required for decryption can be seen: * Initialization Vector: `cdd23a` * WEP ICV: `5db2d69a` * Data: `c5e4b0c3ea87a1cd9b4b23f7076011ea0f8d89fb144430ab1b0bf44c2b32822881251e3d0829915d5837c2d2f7edec86b6d855e1668b` The missing information, the key, can be retrieved from Task 5 as `1F1F1F1F1F`. Using these pieces of information and based on the WEP encryption process described in Task 6 Step 1, the following code is written to decrypt and extract the payload, and subsequently check the payload against the expected checksum. ``` python # Decryption of WEP packet with SN=1982 key = '1F1F1F1F1F' iv = 'cdd23a' iv_n_key = iv + key iv_n_key = binascii.unhexlify(iv_n_key) msg = 'c5e4b0c3ea87a1cd9b4b23f7076011ea0f8d89fb144430ab1b0bf44c2b32822881251e3d0829915d5837c2d2f7edec86b6d855e1668b' icv = '5db2d69a' ciphertext = msg + icv ciphertext = binascii.unhexlify(ciphertext) payload = decrypt(iv_n_key, ciphertext) print(f"payload: {payload}") decrypted_ICV = payload[-8:] print(f"decrypted ICV: {decrypted_ICV}") decrypted_msg = payload[:-8] crcle = binascii.crc32(bytes.fromhex(decrypted_msg)) & 0xffffffff crc = struct.pack('<L', crcle) crc = binascii.hexlify(crc).decode().upper() print(f"checksum: {crc}") assert decrypted_ICV == crc print("checksum is correct!") ``` The output of the above code is as follows.  The output shows the following: * payload is decrypted as `AAAA0300000008060001080006040001000EA66BFB69AC100001000000000000AC1000F00000000000000000000000000000000000006B8FE49D` which is a standard payload for a broadcast packet * ICV is decrypted as `6B8FE49D` * checksum calculated based on payload matches up with the ICV ### Questions > Demonstrate the following in the report > a. Justify the correctness of your implementation of the RC4 algorithm To check for the correctness of the RC4 algorithm, the decryption procedure is first put together in a `decrypt` function as shown below. ``` python def decrypt(key, ciphertext): ## Use RC4 to generate keystream keystream = RC4(key) ## Cracking the ciphertext plaintext = "" for i in ciphertext: plaintext += ('{:02X}'.format(i ^ next(keystream))) return plaintext ``` After which, the code is verified with the provided test cases with the code as shown below. ``` python # Several test cases: (to test RC4 implementation only) # Test Case 1: key = '1A2B3C', ciphertext = '00112233' -> plaintext = '0F6D13BC' key = binascii.unhexlify('1A2B3C') ciphertext = binascii.unhexlify('00112233') plaintext = decrypt(key, ciphertext) assert plaintext == '0F6D13BC' print(f"plaintext == {plaintext}; passed Test Case 1!") # Test Case 2: key = '000000', ciphertext = '00112233' -> plaintext = 'DE09AB72' key = binascii.unhexlify('000000') ciphertext = binascii.unhexlify('00112233') plaintext = decrypt(key, ciphertext) assert plaintext == 'DE09AB72' print(f"plaintext == {plaintext}; passed Test Case 2!") # Test Case 3: key = '012345', ciphertext = '00112233' -> plaintext = '6F914F8F' key = binascii.unhexlify('012345') ciphertext = binascii.unhexlify('00112233') plaintext = decrypt(key, ciphertext) assert plaintext == '6F914F8F' print(f"plaintext == {plaintext}; passed Test Case 3!") ``` The written test cases are passed, as seen in the following output.  > b. The cracked payload and ICV of one broadcast packet The broadcast packet chosen is the packet with SN=1982 in `WEP.cap`. Below are the cracked payload and ICV. * payload: `AAAA0300000008060001080006040001000EA66BFB69AC100001000000000000AC1000F00000000000000000000000000000000000006B8FE49D` * ICV: `5db2d69a `