Cowpatty!



     For my project im going to be taking a look at cowpatty. I've used it before not with much success however I think it will be a great hash to take a look at as it seems to be a smaller project.

      "coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys. If you are auditing WPA-PSK networks, you can use this tool to identify weak passphrases that were used to generate the PMK."

The owner of my repo was nice to comment where the hash is and ask for help!



 File - https://github.com/joswr1ght/cowpatty/blob/bc3c6896ba9b6504c994e32dc7e6737b525fe91b/sha1.c 
This function to me looks rather complected , I dont really know how to approach a problem like this however I am interested in finding out more! I think its best to start with the build flags, I've actually read up on forums and actually made an attempt to edit the makefile as for some reason I was getting a bufferoverflow.  The suggest change to makefile was to edit out a flag
##################################
LDLIBS          = -lpcap
CFLAGS          = -pipe -Wall -DOPENSSL
#CFLAGS         += -O2
LDLIBS          += -lcrypto
CFLAGS          += -g3 -ggdb
...



I decided to grab another source and try it,

LDLIBS = -lpcap
CFLAGS = -pipe -Wall -DOPENSSL
CFLAGS += -O2
LDLIBS += -lcrypto
CFLAGS += -g3 -ggdb
#CFLAGS += -static
PROGOBJ = md5.o sha1.o utils.o cowpatty.o genpmk.o
PROG = cowpatty genpmk
BINDIR = /usr/local/bin
CC = clan

     The new source (actual repo) seems to work as intended. Makefile has no errors. I ran some test files through cowpatty to get a baseline as to how long computations take,  The average amount of time it takes to run the supplied test is 11 seconds (myLaptop)

I think my next steps are trying the tests on other systems then after I have a good benchmark I can begin to play with the flags to see the effects time.

Heres a sample test



Another thing I should consider is making the data set larger this can apparently be done with John the Ripper , which another classmate is actually working on, neat!




* ipad is the byte 0x36 repeated 64 times
opad is the byte 0x5c repeated 64 times




Im not sure if id be going in the right direction but would performance increase if I used a smaller byte?

/* the HMAC_SHA1 transform looks like:
*
* SHA1(K XOR opad, SHA1(K XOR ipad, text))
*
* where K is an n byte key
* ipad is the byte 0x36 repeated 64 times
* opad is the byte 0x5c repeated 64 times
* and text is the data being protected */

TLDR:

Stage 2:
 
   Rip up some data with John to make my tests much larger!

   Apply these larger and longer tests on multiple systems  including AArch64 systems
   Edit Flags to see how it affected performance with my larger tests

   Use Time and key/sec as benchmark

   See what happens when I use smaller bytes in the ipad + opad

   Learn what the hell is going on!

Stage 3:

   Combine both methods and see affect on performance

   See what else I can do to the hashing if my other attempts fail

   Share what I learned!

 


 



Comments

Post a Comment

Popular posts from this blog

Lab3

Image
Compiled C Lab Let's start by writing the hello world. then with this saved we can run the compiler with the Flags specified                     gcc -g -O0 -fno-builtin hello.c Looking at the objdump header file for our program Objdump -f We see that: Were using an x86 platform File Format is in ELF ( Executable and Linkable Format) We can look at the specific selections of this output file by using objdump with -d flag which disassemble sections containing code Objdump -d This is our main! We can see the function call to printf with callq on line 5. The argument was moved into the register on line 4. - Static gcc -g -O0 -fno-builtin -static hello.c -o hellostatic objdump -s hellostatic The file was huge, when read wouldn't fit in the whole window! This is due to the .static flag.  It causes the libraries to be included in the executable because it prevents dynamic l
Read more

Stage 2: CowPatty

Image
Introduction Firstly I want to mention you mentioned about hypervisor in class. I want it to be noted that I personally hate hypervisor, I havent really looked into its total purpose however it makes me hate windows 10. Since I use VMware and Android Studio anytime I was to use one or the other I have to turn hypervisor off, Its simply the worst Building On Aarchie     Right off the bat, I knew I had to build it differently then I did for on my x86 systems running a different Linux. Once i figured out it was 'yum'  as a package manager is was good to go, I had to install libraries as my make file was crashing, the error was related to libpcap not being installed, Once I ran  sudo yum install libpcap-devel .   my makefile ran fine and my program was able to build. Its great that I have CowPatty built however the test data I was supplied is quite small, I need to make the dictionary much larger. To do this Ill use john the ripper with the dictionary I was give
Read more