Cracking WiFis, the Apple way; part 3: OpenCL (or CUDA) and pyrit

(part1)
(part2)

Cracking the WPA password with aircrack is not fast, especially in a VM. So the first thing is to do the cracking outside of BackTrack. We have to get the .cap file out of the VM. Just drag it from the VM to the desktop.

Also using just the CPU is slow. GPUs these days can crack faster than the CPU.

X Code Command Line tools only

OS X Mountain Lion comes with OpenCL tools. X Code is big and most of it is iOS and OS X dev tools which we don't need. So only Command Line Tools can be installed. You have to have an Apple developer account to download it (it's free):

Screen Shot 2013-02-25 at 4.03.50 PM

Then:

Screen Shot 2013-02-25 at 4.03.29 PM

Click Next or Continue or whatever until it is done.

or X Code (full version)

Full X Code can be installed from the App Store:

Screen Shot 2013-02-24 at 10.43.40 PM

Then Command Line Tools have to be installed. Go to XCode, then Properties:

Screen Shot 2013-02-25 at 4.13.55 PM

Install Pyrit (AMD Radeon)

Pyrit is a python tool that cracks WPA passwords.

Prerequisites. Download these in a folder named PYRIT for example:

http://libdnet.googlecode.com/files/libdnet-1.12.tgz
http://dfn.dl.sourceforge.net/sourceforge/pylibpcap/pylibpcap-0.6.4.tar.gz
http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz

Then in the folder in terminal do:

tar -xzf  libdnet-1.12.tgz
cd libdnet-1.12
./configure
make
sudo make install
cd python
sudo python setup.py install
cd ../..
 
tar -xzf pylibpcap-0.6.4.tar.gz
cd pylibpcap-0.6.4
sudo python setup.py install
cd ..
 
tar -xzf scapy-latest.tar.gz
cd scapy-2.1.0
sudo python setup.py install
cd ..

Now, it's time for the pyrit tool:

svn checkout http://pyrit.googlecode.com/svn/trunk/ pyrit-read-only
 
cd pyrit-read-only
cd pyrit
sudo python setup.py install

Install Pyrit (NVidia)

Extra steps for NVidia:

Download nvidia driver from http://developer.nvidia.com/cuda/cuda-downloads.

If you don't have nvidia driver, you'll get: SystemError: Nvidia's CUDA-compiler 'nvcc' can't be found.

Check the first and second option:

Then:

cd ..
cd .. 
cd pyrit-read-only
cd cpyrit_cuda
sudo LDFLAGS=-L/usr/local/cuda/lib python setup.py install

Test Pyrit

On a macbook with ATI we get something like:

$ pyrit list_cores
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
 
The following cores seem available...
#1: 'OpenCL-Device 'ATI Radeon HD 6750M''
#2: 'CPU-Core (SSE2/AES)'
#3: 'CPU-Core (SSE2/AES)'
#4: 'CPU-Core (SSE2/AES)'
#5: 'CPU-Core (SSE2/AES)'
#6: 'CPU-Core (SSE2/AES)'
#7: 'CPU-Core (SSE2/AES)'
#8: 'CPU-Core (SSE2/AES)'

On a macbook with nVidia, we get something like:

$ pyrit list_cores
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
 
The following cores seem available...
#1: 'CUDA-Device #1 'GeForce 9400M''
#2: 'CPU-Core (SSE2)'

Note: I have no idea why when OpenCL or CUDA is installed it takes the place of one of the cores, on a quad-core we get 7 cores with OpenCL. When benchmarking it seems all cores are being utilized. I guess it's a bug.

Benchmarking

$ pyrit benchmark
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
Running benchmark (7724.0 PMKs/s)... -
 
Computed 7723.98 PMKs/s total.
#1: 'OpenCL-Device 'ATI Radeon HD 6750M'': 7180.7 PMKs/s (RTT 2.7)
#2: 'CPU-Core (SSE2/AES)': 252.6 PMKs/s (RTT 3.8)
#3: 'CPU-Core (SSE2/AES)': 247.2 PMKs/s (RTT 3.9)
#4: 'CPU-Core (SSE2/AES)': 243.6 PMKs/s (RTT 4.0)
#5: 'CPU-Core (SSE2/AES)': 246.6 PMKs/s (RTT 3.9)
#6: 'CPU-Core (SSE2/AES)': 250.8 PMKs/s (RTT 3.8)
#7: 'CPU-Core (SSE2/AES)': 253.0 PMKs/s (RTT 3.8)
#8: 'CPU-Core (SSE2/AES)': 250.4 PMKs/s (RTT 3.9)

You can see that the GPU is faster than 7 cores (they should be 8, i don't know why one is missing)

Wordlists

Wordlists can be found here: http://blog.g0tmi1k.com/2011/06/dictionaries-wordlists.html

gfxCardStatus

Make sure you're in Discrete Only mode.

Screen Shot 2013-02-25 at 12.38.06 AM

Otherwise pyrit will complain:

Exception in thread OpenCL-Device 'ATI Radeon HD 6750M':
[...]
SystemError: Failed to create command-queue (CL_INVALID_VALUE)
[...]
SystemError: The core 'OpenCL-Device 'ATI Radeon HD 6750M'' has died unexpectedly

Cracking with Pyrit

$ pyrit -r ~/Steve-01.cap --all-handshakes -i ~/WORDLISTS/4.9gb/BIG-WPA-LIST-1.txt attack_passthrough
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
 
Parsing file '/Users/c00l/Desktop/Steve-01.cap' (1/1)...
Parsed 3539 packets (3539 802.11-packets), got 115 AP(s)
 
Picked AccessPoint 00:0f:01:37:1a:a0 ('Steve') automatically.
Attacking 20 handshake(s).
Tried 140007 PMKs so far; 7550 PMKs per second.
 
The password is 'forzajuve'.

--all-handshakes means that all handshakes in the file will be used together.

It will utilize the CPU and the GPU simultaneously. And now we get around 10k attempts/sec which is a lot better than aircrack-ng in a vm.

Note: your computer will unresponsive, make sure anything CPU or GPU intensive is switched off.

Some stuff was taken from here.

Check the wifis category for more tutorials.

13 thoughts on “Cracking WiFis, the Apple way; part 3: OpenCL (or CUDA) and pyrit”

  1. Hello! Thank you for your great post series!

    When I listed the cores, the OpenCL-Device ATI Radeon HD 6770M was not listed :

    pyrit list_cores
    Pyrit 0.4.1-dev (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
    This code is distributed under the GNU General Public License v3+

    The following cores seem available...
    #1: 'CPU-Core (SSE2/AES)'
    #2: 'CPU-Core (SSE2/AES)'
    #3: 'CPU-Core (SSE2/AES)'
    #4: 'CPU-Core (SSE2/AES)'
    #5: 'CPU-Core (SSE2/AES)'
    #6: 'CPU-Core (SSE2/AES)'
    #7: 'CPU-Core (SSE2/AES)'
    #8: 'CPU-Core (SSE2/AES)'

    I had to build pyrit and install cpyrit_opencl :

    svn checkout http://pyrit.googlecode.com/svn/trunk/ pyrit-read-only

    cd pyrit-read-only
    cd pyrit
    python setup.py build // add this line
    sudo python setup.py install

    // plus install cpyrit_opencl
    cd ../..
    cd cpyrit_opencl
    python setup.py build
    sudo python setup.py install

    then it's ok :

    pyrit list_cores
    Pyrit 0.4.1-dev (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
    This code is distributed under the GNU General Public License v3+

    The following cores seem available...
    #1: 'OpenCL-Device 'ATI Radeon HD 6770M''
    #2: 'CPU-Core (SSE2/AES)'
    #3: 'CPU-Core (SSE2/AES)'
    #4: 'CPU-Core (SSE2/AES)'
    #5: 'CPU-Core (SSE2/AES)'
    #6: 'CPU-Core (SSE2/AES)'
    #7: 'CPU-Core (SSE2/AES)'
    #8: 'CPU-Core (SSE2/AES)'

    1. I can't test mine or yours right now, but your update might be useful next time I reinstall 🙂
      Thanks for the update

    2. Thank you for this! I wanted to benchmark my macbook vs my windows laptop, was getting the same 8 core list with no GPU listing. This solved it!

  2. after doing all steps it get output like this.

    i have Intel HD Graphics 4000 1024 MB

    MacBook-Pro:pyrit-read-only manavbirdhillon$ cd pyrit
    MacBook-Pro:pyrit manavbirdhillon$ sudo python setup.py install
    Password:
    running install
    running build
    running build_py
    running build_ext
    running build_scripts
    running install_lib
    writing byte-compilation script '/tmp/tmpeCelmD.py'
    /usr/bin/python -O /tmp/tmpeCelmD.py
    removing /tmp/tmpeCelmD.py
    running install_scripts
    changing mode of /usr/local/bin/pyrit to 755
    running install_egg_info
    Removing /Library/Python/2.7/site-packages/pyrit-0.4.1_dev._svn.r308_-py2.7.egg-info
    Writing /Library/Python/2.7/site-packages/pyrit-0.4.1_dev._svn.r308_-py2.7.egg-info
    MacBook-Pro:pyrit manavbirdhillon$ pyrit list_cores
    -bash: pyrit: command not found

  3. a query, I installed everything correctly,
    when running list_cores: shows me this.
    all right, let me know as I do that
    "'CUDA-Device # 1' GeForce 410 '' 'show me
    the other 3 cores?

    #1: 'CUDA-Device #1 'GeForce 410''

    #2: 'CPU-Core (SSE2)'

    #3: 'CPU-Core (SSE2)'

    #4: 'CPU-Core (SSE2)'

      1. come to this:
        #1: 'CUDA-Device #1 'GeForce 410''

        #2: CUDA-Device #2 'GeForce 410'

        #3: CUDA-Device #3 'GeForce 410'

        #4: CUDA-Device #4 'GeForce 410'

        thanks

        1. Impossible to accomplish. There is only 1 CUDA device I reckon in your machine (at least if you have a single GPU card installed).
          I reckon you have a 4-core CPU and 1 GPU, in such case this behaviour is "normal".
          There is a bug in pyrit that once a GPU card is found, 1 CPU core is missing from the list.

          Quote from the article
          "Note: I have no idea why when OpenCL or CUDA is installed it takes the place of one of the cores, on a quad-core we get 7 cores with OpenCL. When benchmarking it seems all cores are being utilized. I guess it's a bug."

  4. Hi, i have a question, i did install my GPU as a OpenCL device instead as CUDA.. (by mistake, because it's a GeForce)

    pyrit benchmark
    Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
    This code is distributed under the GNU General Public License v3+

    Running benchmark (1247.2 PMKs/s)... \

    Computed 1247.22 PMKs/s total.
    #1: 'OpenCL-Device 'GeForce 9400M'': 685.1 PMKs/s (RTT 2.8)
    #2: 'CPU-Core (SSE2)': 636.2 PMKs/s (RTT 2.8)

    I'm trying now to build and install from cpyrit_cuda but it seems to be skipping the process and it stills showing the core as OpenCL...

    do you maybe know how to fix this in order to have the correct CUDA device installed?

    As you can see the speed of the PMKs/s is not very high this way..

    Thank you in advance!

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.