Test Your Access Point For KRACK (FT Handshakes)
Security researcher Vanhoefm, who discovered the severe flaw in WPA implementation dubbed – the KRACK ( Key Reinstallation Attack ) has now released a script that can check your router for KRACK. The script is now available in ‘vanhoefm’ repository. All you have to do is download, install some dependencies and run this script against an access point.
What is KRACK?
Details about KRACK is available at Vanhoefm website. It make use of a flaw in WPA implementation in protocol level to perform MITM, packet decryption, session take over etc. When a station wants to join a wireless network, station and access point performs a one time process called 4 way handshake. During a 4 way handshake, it generates a unique key that will be later used for encryption of the network traffic. This key will be installed in the station when it successfully receives the 3rd packet of the 4 way handshake.
If the station receives the 3rd message multiple times, it will keep on installing the key again and again which will reset the nonce. We can take advantage of this flaw to decrypt the packets and perform various activities in the network.
First update your current version of OS by executing
sudo apt update
This script requires various libraries that may not be installed. So lets install them one by one.
sudo apt install libnl-3-dev libnl-genl-3-dev pkg-config libssl-dev net-tools git sysfsutils python-scapy python-pycryptodome
Open up the Network Manager and disable WiFi. Now execute the below command so that our script can use WiFi
sudo rfkill unblock wifi
Download the folder that contains the scripts from below link
or clone the repository by executing the command
git clone https://github.com/vanhoefm/krackattacks-test-ap-ft.git
Now you have the script ready to run.
Running The Script
python krack-ft-test.py –help
for help. This will explain everything in detail about the procedures to be followed.
First, disable hardware encryption by running
Reboot the system after running this command.
Create a wpa_supplicant configuration file to connect to the network like the one shown below and save it by the name wifi.conf.
Now connect to this network using the command
sudo wpa_supplicant -D nl80211 -i wlan0 -c wifi.conf
sudo krack-ft-test.py wpa_supplicant -D nl80211 -i wlan0 -c network.conf
which whill create another monitor interface which will perform the tests.
Now fire up another terminal and roam to a different access point in the same network using wpa_cli. Scan for access points and roam to it using the command
and generate traffic between AP and Client using
sudo arping -I wlan0 10.9.3.45
To know if the AP is vulnerable, go back to the previous terminal where we ran krack-ft-test.py to see the result.
Is your Access Point Vulnerable?
Almost every offices, home, markets, hospitals has Wireless networks. Almost all the wireless network uses WPA protocol as the best method of securing WiFi network. This revelation spread a wave of panic around the globe.
Most of the Wireless device vendors have already written patches and are available for download as firmware update. All you have to do is download and install the updated firmware to your device. But most the IOT devices that are actively running are helpless; there is nothing we can do about them.
This project is under a 2-clause BSD license
Copyright 2017 Mathy Vanhoef
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.