Reaver WPS Logo

Cracking WPA2 PSK using Reaver to crack WPS

Reaver is an attack that exposes the WPA2 PSK on a wireless router by attacking the WPS key. This attack is a brute force attack that takes advantage of the way routers check the WPS key in two halves instead of checking the entire key in the same function. After watching this video, you should immediately disable WPS on your router. You can download Reaver and try it for yourself at the following URL:


http://code.google.com/p/reaver-wps/

Proof of Concept:

The Attack:

WPS utilizes an 8 digit key to share the WPA2 PSK with a client who has the correct WPS key. Mathematically, this would provide a namespace of 100,000,000 unique keys, with a brute force speed of 1 key/second, we are looking at 1,157 days to crack the WPS key.

The last digit in the key was found to be a checksum which can be mathematically computed during the attack, bringing the unknown digits down to 7. A 7 digit key would then take 115 days to crack at a rate of 1 key/second.

The vulnerability that makes this attack feasible is that the router actually checks the WPS key in two halves, giving 10,000 unique keys that must be cracked twice, bringing the crack time down to less than 4 hours on average.

Preventing this Attack:

To prevent this attack, simply disable WPS on your router.