.

A Wireless Hacking Computer That Can't Be Hacked

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Sep 04, 2006 3:17 pm

A Wireless Hacking Computer That Can't Be Hacked

If you think seeing a dozen wireless networks makes your computer the ultimate scanning box, think again. A small security firm has made a portable computer that is capable of scanning 300 networks simultaneously. Dubbed the "Janus Project", the computer also has a unique "Instant Off" switch that renders the captured data inaccessible.

The computer is the brain-child of Kyle Williams from the Janus Wireless Security Research Group in Portland, Oregon. We first spotted Williams sitting quietly and sipping Mountain Dew at the recently held Defcon security convention at the Riviera Casino in Las Vegas, Nevada. While it appeared as if Williams wasn't ver busy, the bright yellow Janus computer in front of him was scanning and capturing data from hundreds of wireless networks in range.

At first glance, the Janus computer looks like a laptop, but Williams said it is much more powerful than that. Inside the rugged yellow case sits a mini-computer motherboard powered by a 1.5 GHz VIA C7 processor and an Acer 17" LCD screen. Ubuntu 6.0 Linux runs the eight Atheros a/b/g Gold mini-PCI cards which continuously scan wireless networks. The mini-PCI cards are connected to two four-port PCI to mini-PCI converter boards. The wireless data is stored onto a 20 GB hard drive.

While the eight Wi-Fi cards are impressive, the Janus box also has two Teletronics 1 watt amplifiers along with external antenna ports in the back of the Pelican case. Williams made every port watertight by sealing them with epoxy and silicone. "When the lid is closed, it is essentially waterproof," said Williams.

So what does all of this wireless firepower provide? The Wi-Fi cards allow Williams to continuously scan and capture traffic from any wireless channel. Williams likes to continuously dump the raw network traffic to the hard drive, while running the Kismet scanner to get a "bird's eye" view of the area. From his Riviera hotel room and using a 1W amplified antenna, Williams said his Janus computer was able to capture data from 300 access points simultaneously. He said over 2000 access points were scanned and 3.5 GB of traffic was captured during the entire convention.

In addition to scanning for wireless traffic, Williams says the computer can break most WEP keys very quickly by focusing all eight wireless cards on the access point. Using a combination of common utilities like airreplay, airdump and aircrack, Willams said, "When I use all 8 radios to focus in on a single access point, [the WEP key] lasts less than five minutes." However, he added that some retail wireless access points will "just die" after being hit with so much traffic.

In addition to the capturing process, the hard drive and memory contents are continuously encrypted with AES 256-bit keys. There is also an "Instant Off" switch that, according to Williams, renders the captured data inaccessible to anyone but him.

Williams and his friend Martin Peck optimized the OS crypto software to take advantage of the C7's hardware crypto engine. During normal operation the operating system loops the XFS file system, along with the swap partition, through the AES 256-bit encryption. For added security, the encryption keys are rotated throughout the entire memory space.

After the Instant Off switch is hit, a USB key with a 2000-bit passkey and a manually entered password are needed to access the computer. Williams said that even if someone managed to grab the USB key, they would still have to "torture or bribe me" to get the password.

Williams is improving the Janus computer to crack wireless networks even faster. He is optimizing software routines to use the C7 chip to crack WPA and WPA2 protected networks without the use of Rainbow tables. He is also working on breaking SHA1 and RSA encryption in a single processor instruction cycle. Previous methods have required multiple clock cycles to go through one cracking pass.

Williams told us that he has spent a few thousand dollars building the Janus computer and hopes to make his money back by selling commercial versions to big companies and government organizations. "Maybe one day I could get the military to be a customer," said Williams.


For original story and a picture of the machine:
http://www.tgdaily.com/2006/08/30/defco ... s_project/

Don
CISSP, MCSE, CSTA, Security+ SME
<<

jimbob

Post Tue Sep 05, 2006 7:48 am

Re: A Wireless Hacking Computer That Can't Be Hacked

That is real science fiction stuff! Now why haven't we seen one of those in the movies?

Jim
<<

ogenstad

Newbie
Newbie

Posts: 6

Joined: Mon Sep 04, 2006 4:32 am

Post Wed Sep 06, 2006 5:33 am

Re: A Wireless Hacking Computer That Can't Be Hacked

It seems like a cool box. However I fail to see why it can't be hacked? It uses encryption but that's something else.
<<

pcsneaker

Jr. Member
Jr. Member

Posts: 73

Joined: Mon Nov 07, 2005 12:23 pm

Post Sun Sep 10, 2006 4:49 am

Re: A Wireless Hacking Computer That Can't Be Hacked

In addition to scanning for wireless traffic, Williams says the computer can break most WEP keys very quickly by focusing all eight wireless cards on the access point. Using a combination of common utilities like airreplay, airdump and aircrack, Willams said, "When I use all 8 radios to focus in on a single access point, [the WEP key] lasts less than five minutes." However, he added that some retail wireless access points will "just die" after being hit with so much traffic.


I canot see the reason why WEP would be cracked more quickly using 8 cards instead of one.

In most cases you'll just capture traffic sent by the access point - so one card will do it. In case that you're running a replay attack with ARP packets  you'll flood the access point with packets at the speed it supports, so where's the advantage of using multiple cards ?

If you are trying to crack multiple access points you'll benefit from that box, but I doubt that you'll get it done quicker when just targeting a single access point.
MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Mon Sep 11, 2006 10:42 am

Re: A Wireless Hacking Computer That Can't Be Hacked

Anytime your cracking a limited keyspace you will benefit from multiprocessing. It allows you to search different parts of the keyspace simultaneously which is much faster. As long as there is intelligence built in to do that of course, otherwise they are trying to crack the exact same thing at the same time.
<<

pcsneaker

Jr. Member
Jr. Member

Posts: 73

Joined: Mon Nov 07, 2005 12:23 pm

Post Mon Sep 11, 2006 11:14 am

Re: A Wireless Hacking Computer That Can't Be Hacked

Of course, but you don't need a wireless card to crack the key, you'll use it just to capture data.

Multiple wireless cards won't give you the ability to do multiprocessing as opposed to have multiple processors.
MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+
<<

Kev

Post Mon Sep 11, 2006 2:00 pm

Re: A Wireless Hacking Computer That Can't Be Hacked

  I like to use multiple cards when hacking wep. I use one to gather data and the other to inject packets at the same time. Injecting does help speed up with the data gathering which in turn speeds up the cracking process.  Using 2 cards in this instance seems to be more stable and a little faster, but I haven’t really put it to a lab test to really verify that result.
<<

ryan.cartner

User avatar

Newbie
Newbie

Posts: 20

Joined: Tue Aug 15, 2006 12:26 pm

Post Wed Sep 20, 2006 10:51 am

Re: A Wireless Hacking Computer That Can't Be Hacked

Kev's got it here.

The reason more cards allow faster wep cracking is based on WEP Packet Injection. Rather than passively cracking wep keys by just passively grabbing whatever the wep target is sending out, you can actively pressure the target to send out more packets. aircrack can do this, other tools as well. The more cards, the more traffic you can generate.

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software