# Finding my WPA key...



## Black Panther (Apr 11, 2011)

Yesterday while messing around one of the pc's it asked me for the WPA key. Obviously I didn't remember it at all, but restoring the registry from a backup enabled the pc to be online again.

Now this is embarrassing, I tried to log into my routers page to get the key... and my username and/or password were 'wrong'. I had them written down (had changed them from the default admin and 1234) but apparently either I had changed them again and forgot to note them down or something else is wrong? 

I googled and downloaded WirelessKeyView in the hope of retrieving it, but it didn't work, just showed a blank page i.e. 





> Some wireless card vendors use 3-party software to connect and manage the wireless connections, instead of using the build-in wireless support that comes with Windows XP/Vista. In these cases, the wireless keys are stored in other locations, and WirelessKeyView cannot retrieve them.



Suggestions as to what I can do short of pressing router's reset button?


----------



## streetfighter 2 (Apr 11, 2011)

If you are using 3rd party wireless configuration software then what is it?  Did you try googling for info on key retrieval using that particular 3rd party software?

I always use the Window's built-in wireless connection manager because of issues like this.


----------



## Black Panther (Apr 11, 2011)

streetfighter 2 said:


> If you are using 3rd party wireless configuration software then what is it?  Did you try googling for info on key retrieval using that particular 3rd party software?
> 
> I always use the Window's built-in wireless connection manager because of issues like this.



That's the issue, I am *not* using any third party software - so I guess this is just something WirelessKeyView doesn't work with.


----------



## digibucc (Apr 11, 2011)

and even though you changed them, you tried the default anyway right?


----------



## Black Panther (Apr 11, 2011)

Yup I did


----------



## lilhasselhoffer (Apr 11, 2011)

*Reset time*

Sorry - stupid comment


----------



## streetfighter 2 (Apr 11, 2011)

You know you can use WirelessKeyView on any computer that's ever been connected to your wireless with the current key.  

I can't imagine you only have one computer that's ever used the wireless.

Also, am I the only one that thinks the whole scenario sounds fishy?  Sounds to me like your wireless was hacked.


----------



## zehpavora (Apr 11, 2011)

Well, if you really can't reset, there's always hacking. I don't know about WPA protocols, but there are tons of hacking tools to WPE, for example. There is also a Linux Distro specially for internet hacking (although they consider it "security-check") called Backtrack. Even though I suggested it, I don`t think this goes against the rules since you'll be doing to yourself. I AM NOT suggesting you to hack other people NOR recommending it.


----------



## Bo$$ (Apr 11, 2011)

WPA will take weeks to crack if, it is not a dictionary word (if it is 6 characters long).


----------



## zehpavora (Apr 11, 2011)

Are you sure? I am not a hacker myself, but I've read that you could crack WPA in some hours.

What you should really do is push that reset button, it's a pain to put everything back together but is far easier than trying to figure out the password.


----------



## Bo$$ (Apr 11, 2011)

it depends on how much power you have to crack the password, with Backtrack and a pair of nvidia cars it will be less


----------



## Black Panther (Apr 11, 2011)

streetfighter 2 said:


> You know you can use WirelessKeyView on any computer that's ever been connected to your wireless with the current key.



I know now you mention it, but I hadn't thought about it before. I tried it on my own desktop since I have a fresh install of only 4 months there... All the others are much older.

Also I remember whenever I connected any pc (or even my own cellphone for that matter) I always got asked for the username and password, never for the WPA key


----------



## slyfox2151 (Apr 11, 2011)

zehpavora said:


> Are you sure? I am not a hacker myself, but I've read that you could crack WPA in some hours.
> 
> What you should really do is push that reset button, it's a pain to put everything back together but is far easier than trying to figure out the password.



no.... its more like months to years to decades depending on how long the password is.

WEP can be cracked in under 5 mins.... but hes not using wep... hes using WPA.




WPA with any half decent password is not really crackable with stardard hardware.... or even low grade specialist hardware.


----------



## digibucc (Apr 11, 2011)

well the wpa key is the password.  wep is the weird numbers bit.

i thought so sly, but wasn't positive.


----------



## zehpavora (Apr 11, 2011)

With such new information, I think your router is not configured to use WPA, but another authenticating method which I not familiar with. Maybe if you use the username and password you use for your cellphone, you may be able to access your router.

slyfox2151, I was not aware of that. I know WPA is far more secure that WEP just didn't know how harder it was to crack it. And yes, I knew he had WPA not WEP. I was suggesting based on my not-so-applicable knowledge.


----------



## slyfox2151 (Apr 11, 2011)

digibucc said:


> well the wpa key is the password.  wep is the weird numbers bit.
> 
> i thought so sly, but wasn't positive.



i have done quite a bit of wireless cracking ^^..... with my current 63 random charactor password... it would take Thousands of years to even come close to brute forcing it.


if its not a dictionary word, you basicaly have NO CHANCE to crack a strong WPA password by brute force if its longer then 8 random charactors.






i think the security that asks for a user name + password to connect is a radius server..... witch i doubt is what the OP is using.......         
to check what security is it, download this http://www.metageek.net/products/inssider/ 
run it and look for your SSID in the list,   (under the privacy colum.)




but really, your best option at this point is to RESET the router and setup the wireless again with a new password using WPA2 + AES. anything over 8 charators not in the dictionary or common words ect will not be crackable, its also VERY UNLIKELY anyone will even try to crack a WPA router.... let alone yours.

change your SSID to something unique as well, no one can use a rainbow table to try and speed up a possible attack.

NOTE: the following attack chart does not include chars such as Numbers:0123456789 or punctuation:!@#$%^&*(,.<>   adding those to a password would make it exponentially harder to crack.
when cracking WPA using brute force... you would be lucky to hit 1500 passwords per second on a dual core @ 4ghz.... and upto 10 000 with a GTX260.



















sorry, slightly off topic.


----------



## streetfighter 2 (Apr 11, 2011)

@slyfox2151
Great post.  To think I've been using NetStumbler like a sucker. 

I have a ridiculously over-engineered wireless with three access points (two of which are MIMO) all running WPA-AES.  My [PSK] password, which I just checked, is 20 characters long and includes numbers.  I'd love to use WPA2, but some of my older wireless devices do not support it.

What gets confusing though is the terminology.  I wrote this post in an effort to clear up the confusion.  I've started getting in the habit of writing out wireless security structures in the following manner (to preserve my sanity ):
Certificate->Protocol-Encryption (ie. WPA2->CCMP-AES)

For instance in my network, WPA-AES (as labeled by the router settings) is actually WPA->TKIP-AES.  If I had used what my router refers to as "WPA-TKIP" it would actually be WPA->TKIP-RC4.

When I was looking at some screens of inSSIDer I noticed they used the following: RSNA-CCMP.  I googled around and discovered that RSNA=802.11i=WPA2.  Therefore an RSNA-CCMP would be written in the aforementioned form as WPA2->CCMP-AES (because AES is default for CCMP).

Anyway, this is probably a fork of the thread, but it's definitely TPU quality material, or at least I think it is. 

EDIT: If I remember correctly, attempting to brute force wireless keys on standard routers can crash or temporarily disable the router.


----------



## slyfox2151 (Apr 11, 2011)

streetfighter 2 said:


> @slyfox2151
> 
> 
> EDIT: If I remember correctly, attempting to brute force wireless keys on standard routers can crash or temporarily disable the router.



only when trying to crack WEP with packet injection..... if you tried to send to many requests you would effectivly flood the bandwidth of the router.




the most common way to crack WPA/WPA2 is to capture the 4 way handshake when a device connects to the router. the attacker would capture this "4way handshake" and save it as a file on a storage device, he would then try to crack the encryption using any number of ways. brute force / word.... this attack has no effect on a router as the attack is just listening to the wireless traffic.


----------



## Deleted member 3 (Apr 11, 2011)

Reset the router? I see no reason not to.


----------



## slyfox2151 (Apr 11, 2011)

DanTheBanjoman said:


> Reset the router? I see no reason not to.



perhaps he did.... and now his internets is not working /evil laugh!


----------



## streetfighter 2 (Apr 11, 2011)

slyfox2151 said:


> only when trying to crack WEP with packet injection..... if you tried to send to many requests you would effectivly flood the bandwidth of the router.


I think you're right about packet injection, but WEP is not the only protocol susceptible to that.  The Japanese variant of the Beck-Tews attack on WPA-TKIP also involves sending captured/modified packets to the router and can cause the router to crash/malfunction.



slyfox2151 said:


> the most common way to crack WPA/WPA2 is to capture the 4 way handshake when a device connects to the router. the attacker would capture this "4way handshake" and save it as a file on a storage device, he would then try to crack the encryption using any number of ways. brute force / word.... this attack has no effect on a router as the attack is just listening to the wireless traffic.


I guess you gathered that I don't do a lot of wireless hacking. 

This makes perfect sense though.  I'll keep it in mind in case I decide to try my hand at cracking WPA/WPA2.


----------



## cheesy999 (Apr 11, 2011)

slyfox2151 said:


> perhaps he did.... and now his internets is not working /evil laugh!



could be a lot harder then resetting just one router if their are repeaters and resetting the router would mean she'd have to enter all the passwords all over again

Are you sure your not trying to do what someone i know did and connect to a router with a similar name?


----------



## slyfox2151 (Apr 11, 2011)

hence why you should run AES not TKIP , also with that attack you listed, the security is not broken, it only allows small packets to be injected.... chances are no one is going to use that attack on a home / small buisness connection


when i was cracking my wifi connection with WPA, it took 4 hours to brute force a 6 digit password with only the numbers 012345678 and i specified the password length.









(all this talk of wireless security makes me want to have another go with my new 6core and gtx560 to see how much both the hardware and software has improved)


----------



## 95Viper (Apr 11, 2011)

Black Panther said:


> Suggestions as to what I can do short of pressing router's reset button?



Yep, WirelessKeyview is sorta useless with routers.  It is mainly to be used to retrieve the wireless devices login password(key).

My router screwed up, too. 
I could login on the wireless and get access to the net and stuff, but the adminstrative logon would not work.
I was just on the verge of reseting it to factory defaults...
But, I decided to turn it off, left it off for a little while, then turned it on and tried the same password it said was wrong before and, this time it took it.
Don't know what the problem was.  Guess the table was glitched somehow.
I know for a fact, it had not been hacked and the ISP had not had access(I locked their backdoor).

Yep, your user login to the wireless router should be the Username and the Key.  It should be stored on the remote wireless devices login file, encrypted.
However, that is not the same as the router adminstrative login password, that is usually different, unless, you set it the same.
EDIT: The router login is stored on the router and not in a file on the computer; unless, you have a password cache or a saving app turned on in the OS/software.

If all else fails, you might have to do a factory reset.

Goodluck!


----------



## streetfighter 2 (Apr 11, 2011)

slyfox2151 said:


> hence why you should run AES not TKIP


This is what I was objecting to in my earlier post.  Correct me if I'm wrong but AES and TKIP are not mutually exclusive.  For instance, I am currently using WPA with AES, which I believe still utilizes TKIP.

If I'm correct the use of "TKIP" or "AES" as the single defining characteristic of a wireless network is a misnomer.  Hence my neologism, Certificate->Protocol-Encryption.


----------



## slyfox2151 (Apr 11, 2011)

streetfighter 2 said:


> This is what I was objecting to in my earlier post.  Correct me if I'm wrong but AES and TKIP are not mutually exclusive.  For instance, I am currently using WPA with AES, which I believe still utilizes TKIP.
> 
> If I'm correct the use of "TKIP" or "AES" as the single defining characteristic of a wireless network is a misnomer.  Hence my neologism, Certificate->Protocol-Encryption.



AFAIK... AES was not/is not supported by WPA... only WPA2, will have a look into it.

EDIT,
well after having a quick look in my router.... i can indeed set WPA to be TKIP or AES..... i can also set it to TKIP + AES 




if i read what you said correctly, your implying setting AES or TKIP is what people set there security as without worrying about weather they use WPA or WPA2... if that is what you mean then i dont agree.... i find most people will set WPA2 as a default if they have SOME idea of what wireless security is and not change weather is AES or TKIP as they usualy have no idea what the difference is.

i also belive that WPA+AES is better/stronger then WPA2+TKIP.

WPA2+AES+TKIP being the best of all for home use.


----------



## newtekie1 (Apr 11, 2011)

slyfox2151 said:


> AFAIK... AES was not/is not supported by WPA... only WPA2, will have a look into it.
> 
> EDIT,
> well after having a quick look in my router.... i can indeed set WPA to be TKIP or AES..... i can also set it to TKIP + AES



As I understand it: TKIP is basically a software solution, implemented to allow old WEP hardware utilize a more secure method(basically allowing hardware designed for WEP only to use WPA).  AES is hardware based.  AES is more secure than TKIP and has less of an impact on the router's and PC's CPU, but TKIP is obviously more compatible.  TKIP basically allowed hardware that didn't support WPA to work with the WPA protocol.

In terms of what WPA and WPA2 support, AES support was optional for WPA hardware, AES support was required for WPA2 hardware.


----------



## slyfox2151 (Apr 11, 2011)

newtekie1 said:


> As I understand it: TKIP is basically a software solution, implemented to allow old WEP hardware utilize a more secure method(basically allowing hardware designed for WEP only to use WPA).  AES is hardware based.  AES is more secure than TKIP and has less of an impact on the router's and PC's CPU, but TKIP is obviously more compatible.  TKIP basically allowed hardware that didn't support WPA to work with the WPA protocol.
> 
> In terms of what WPA and WPA2 support, AES support was optional for WPA hardware, AES support was required for WPA2 hardware.



ah  this would be why i thort AES was not supported on WPA. it is supported but it would be a router by router basis as its not requierd.


----------



## streetfighter 2 (Apr 11, 2011)

slyfox2151 said:


> if i read what you said correctly, your implying setting AES or TKIP is what people set there security as without worrying about weather they use WPA or WPA2...


This is NOT what I am implying.  In fact, I aint implying a damn thing .  I'm asserting that if you use AES with WPA you're still using TKIP, you're just NOT using RC4.  WPA2 uses CCMP and AES, though according to the WPA2 standard it still supports TKIP.  AES is not mandatory in the WPA specification, but I have yet to find an adapter that supports WPA but not WPA+AES, and that includes several adapters that have no support for WPA2.

So if WPA2 uses CCMP-AES and some WPA networks use AES, what protocol is a WPA+AES network using?
I believe the answer is CCMP because apparently CCM is part of the AES standard.  If this is the case then could we not say that WPA2->CCMP-AES=WPA->CCMP-AES?

In other words-
Assuming _Certificate->Protocol-Encryption_ then:
_WPA2->CCMP-AES_​Therefore:
_WPA->_____-AES_ (Fill in the blank.)​


----------



## 1freedude (Apr 12, 2011)

May sound silly, but are you trying to log into the correct router?  If you are connecting wirelessly, there is a slim chance you are not on your own router.  I've done it...that's why I changed the default ip address (security too).


----------



## slyfox2151 (Apr 12, 2011)

DSLrgm said:
			
		

> WPA and WPA2 have 3 security components:
> 
> Authentication
> Key Establishment
> ...



http://www.dslreports.com/forum/remark,12691890?


according to this guy there is no security difference between WPA-AES and WPA2-AES... only improvements to the pipeline, unless im missing somthing?


----------



## digibucc (Apr 12, 2011)

1freedude said:


> May sound silly, but are you trying to log into the correct router?  If you are connecting wirelessly, there is a slim chance you are not on your own router.  I've done it...that's why I changed the default ip address (security too).



that's a really good point.  I always try to be wired, but if adminning wirelessly, you have to make sure your on the right device.


----------



## Bo$$ (Apr 12, 2011)

CCMP encryption cannot be hacked as of yet


----------

