Saturday, September 29, 2018

Aircrack-ng 1.4

We are pleased to announce our third release this year. It focuses a lot on code quality and adds a few visible features:
  • PMKID cracking
  • Crack 802.11w capture files
  • Speed and memory usage improvement when loading (large) files with Aircrack-ng and Airdecap-ng
  • Packages for Linux distributions and Windows
While we didn't bring as much as in the previous release, we keep on improving continuous integration/delivery tools and our code quality keep increasing.

Other notable changes in this release:
  • Fix building on various platforms
  • Improved and tweaked our CI/CD processes
  • Using new CI/CD tools for our buildbots and packaging, PyDeployer
  • Almost doubled the amount of tests

PMKID

On routers with 802.11i/p/r, the AP can cache an "ID" for the connection so roaming clients don't have to waste frames reauthenticating and just use the PMKID, which helps decrease a bit the latency (from 6 frames to only 2).

Calculation is of the PMKID is done this way:

PMKID = HMAC-SHA1-128(PMK, "PMK Name" | BSSID | STA MAC)

A big advantage here is that this PMKID is present in the first EAPoL frame of the 4-way handshake.

A few caveats about this attack:
  • Sometimes APs send empty PMKID
  • It doesn't work on WPA/WPA2 Enterprise networks

When loading a PCAP, Aircrack-ng will detect if it contains a PMKID. In the following screenshot, it is present for the network ogogo, notice the "with PMKID" on the same line:



When selecting the network, it will use it as if it were a regular PCAP with a handshake (and thus the wordlist requirement applies).

If you'd like to test, two capture files with PMKID are available in our test files:

More details about the attack itself can be found in this post.

Packages

Distros often have old versions of Aircrack-ng in their repository. Sometimes a few years old. We recently decided to tackle this issue to provide recent versions, and for multiple OSs.

For CI/CD, we have been using buildbots, on top of Travis CI and AppVeyor, to automatically build aircrack-ng on multiple platforms and multiple distros. It happens to every commit done to the master branch in our GitHub repository.

We recently added packages building to the buildbots for a bunch of different distro: Debian, Ubuntu, Mint, SLES, OpenSuse, Fedora, RHEL, CentOS, Amazon Linux and Elementary OS. Stable release packages will be available shortly.

More details will be provided in a separate blog post.

1 comment:

  1. Hi, cool, what about MacOS packages? Do you plan to provide those also?

    ReplyDelete