Wednesday, February 3, 2016

Cracking wifi password with pyrit and NVIDIA GPU on Amazon AWS

WPA algorithm is very secure, and to get the password usually we have only one way - to brute force it, which could take huge time if password is strong enough. But what if instead of using regular CPUs we would use a power of GPU? Amazon says, that we can use up to 1,536 CUDA cores on g2.2xlarge instance, which costs $0.65 per Hour. Sounds very promising, so let's see how it can help us to speed up password brute force.

Below I will give step-by-step tutorial on how to deploy Amazon GPU instance and run pyrit (python tool) to crack password using GPU.

In this article I assume that you are already familiar with aircrack-ng wi-fi cracking tools. And you've already captured handshake into .cap file.

1. Go to Amazon EC2 panel and click Launch new instance

2. Select Ubuntu Server 14.04 LTS (HVM) 64 bit > GPU instances g2.2xlarge > Review and launch

3. SSH to your new instance
ssh -i your_aws_key.pem ubuntu@your-instance-dns.com
cat /etc/lsb-release 
> DISTRIB_DESCRIPTION="Ubuntu 14.04.3 LTS"

4. Go to nvidia website and download latest CUDA installer (choose runfile for Ubuntu 14.04). At the time of writing it is cuda_7.5.18:
wget http://developer.download.nvidia.com/compute/cuda/7.5/Prod/local_installers/cuda_7.5.18_linux.run

5. Install build tools:
sudo aptitude update
sudo aptitude install build-essential

6. To avoid ERROR: Unable to load the kernel module 'nvidia.ko', install also:
sudo aptitude install linux-image-extra-virtual

7. To avoid ERROR: The Nouveau kernel driver is currently in use by your system.
echo -e 'blacklist nouveau\noptions nouveau modeset=0'| sudo tee /etc/modprobe.d/blacklist-nouveau.conf
sudo update-initramfs -u

8. To avoid ERROR: Unable to find the kernel source tree for the currently running kernel:
sudo aptitude install linux-source
sudo aptitude install linux-headers-$(uname -r)

8. Reboot:
sudo shutdown -r now

9. Extract nvidia installers:
chmod +x cuda_7.5.18_linux.run
mkdir ~/nvidia
./cuda_7.5.18_linux.run --extract=~/nvidia/

10. Run driver installation:
sudo ./nvidia/NVIDIA-Linux-x86_64-352.39.run

11. Download and unzip pyrit and cpyrit-cuda:
wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/pyrit/pyrit-0.4.0.tar.gz
wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/pyrit/cpyrit-cuda-0.4.0.tar.gz
tar -xvzf pyrit-0.4.0.tar.gz
tar -xvzf cpyrit-cuda-0.4.0.tar.gz

12. Install additional libs:
sudo apt-get install python-dev libssl-dev libpcap-dev scapy

13. Install pyrit and cpyrit-cuda:
cd ~/pyrit-0.4.0
sudo python setup.py install
cd ~/cpyrit-cuda-0.4.0
sudo python setup.py install

14. Run pyrit list_cores and make sure CUDA cores are detected:
pyrit list_cores

The following cores seem available...
#1:  'CUDA-Device #1 'GRID K520''
#2:  'CPU-Core (SSE2)'
#3:  'CPU-Core (SSE2)'
#4:  'CPU-Core (SSE2)'
#5:  'CPU-Core (SSE2)'
#6:  'CPU-Core (SSE2)'
#7:  'CPU-Core (SSE2)'
#8:  'CPU-Core (SSE2)'

15. Create file gen_pw.py, modify chars variable which is our characters dictionary. In my case I'm cracking password containing only digits.
import itertools, string, sys

def generator_all(charset, min_len, max_len):
    return (''.join(candidate)
        for candidate in itertools.chain.from_iterable(itertools.product(charset, repeat=i)
        for i in range(min_len, max_len + 1)))

chars = string.digits #string.ascii_lowercase + string.digits

min_chars = int(sys.argv[1])
max_chars = int(sys.argv[2])

gen = generator_all(chars, min_chars, max_chars)

for pw in gen:
        print pw

16. Run brute force to crack password from 8 to 12 characters length:
python gen_pw.py 8 12| pyrit -r xxx.cap -b XX:XX:XX:XX:XX:XX  -i - attack_passthrough


I tried to brute force password with and without CUDA, and result is 4k pw/sec vs 30k pw/sec. I'm a bit disappointed, because I expected much faster results with CUDA. But anyway I got an experience of setting up CUDA driver on Amazon AWS. Hope this can help someone else to crack their wifi password with CUDA. :)

No comments:

Post a Comment