Find us on Facebook
More keeppies by alexey
Key Reinstallation Attacks - KRACK by alexey ,  Dec 10, 2017

What is KRACK?

KRACK is a recently discovered Wi-Fi vulnerability allowing an intruder to compromise an encrypted Wi-Fi traffic.  KRACK stands for Key Reinstallation Attack.  It is probably the largest vulnerability discovered in the Internet history affecting most Wi-Fi devices, most operating systems and most users. Mathy Vanhoef and Frank Piessens who discovered the vulnerability submitted a paper to a conference in April 2017.  The paper defined technical details how KRACK can be exploited.  The paper was made public in October 2017, but prior to that Wi-Fi manufactures were notified about the Key Reinstallation Attack in the August 2017 timeframe to give them some time to react to the vulnerability.

The Key Reinstallation Attack works against all modern Wi-Fi networks protected by WPA2 security protocol.  The main idea of KRACK is to compromise the WPA2 handshake when a device gets connected to a Wi-Fi. The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations.  While all operating systems are affected by KRACK, the paper authors described the attack as “exceptionally devastating” against Android 6.0.

A software patch/update required to fix the issue while changing Wi-Fi password does not help.


The Key Reinstallation Attack is based on a simple idea.  KRACK attacks the WPA2 4-way handshake forcing to reset the message counter and reinstall the previously installed encryption key.  This causes the Wi-Fi encryption algorithm to reinitialize itself multiple times.  Encryption starts with the same key after each reinitialization, as a result multiple messages having different content are encrypted with the same key.  Since encryption is just applying XOR operation between the original content and the key, it becomes a trivial task to decrypt such messages.  The whole traffic then can be decrypted by the attacker.  Even more, the attacker can inject malicious scripts into the Wi-Fi traffic inducing farther damage.

What is WPA2 4-way handshake?

WPA2 4-way handshake is an initial message exchange between a Wi-Fi client and Access Point or Router occurring when a device connecting to the Wi-Fi network.

WPA2 4-way handshake has several purposes:

·       Mutual authentication without transmitting the secret password

·       Establishing encryption keys unique for each client-router pair and for each session

·       Refreshing encryption keys for each session

Normal WPA2 4-wayhandshake

The normal WPA2 4-way handshake consists of four messages:

1)      Wi-Fi Access Point sends Message #1 with a random number, which will be used in encryption key generation

2)      The client generates another random number and sends the number to the Access Point.  Now both sides can generate same encryption key derived from both random numbers and pre-shared Wi-Fi secret password.   Note, that an intruder can’t recover the encryption key because the secret password is not known to the intruder.

3)      The Access Point receives message #2, generates additional keys and send them to the client in an encrypted form.

4)      The client sends an acknowledgement of received keys, installs the encryption key and resets the message counter.


This concludes the normal 4-way handshake.  Now the client starts sending encrypted data packages to the Wi-Fi Access point incrementing the message counter after each package sent. According to the encryption protocol the key gets transformed after each packet transmission, such as no two packets are encrypted with the same key.  The receiving party transforms the encryption key in the same way and decode incoming messages. 

Hacked WPA2 4-way Handshake

The first three messages of the 4-way handshake are sent in the same manner as during the normal handshake.  Then the intruder introduces some noise and blocks the 4th message from the client to the Wi-Fi Access Point.  Message #4 never received by the Access Point, but the client does not know that and installs the encryption key, resets the message counter and starts sending data packages. 


Since message #4 has never been received, the Wi-Fi Access Point resends message #3 after a timeout (usually 1 sec).    Upon receiving message #3, the client repeats the procedure again as prescribed by the handshake protocol: it reinstalls the same encryption key, resets the message counter, sends back message #4, and continues sending data packets.  The key point here is that the client does not restart sending previously sent messages but just continues where it left of.   As a result, more than one data packets get encoded with the same encryption key.  The content of the data packets can be decrypted by XOR operation.


The intruder can repeat this procedure by blocking message #4 again and again.     The Wi-Fi Access Point and the client get stuck in the indefinite loop of resetting the encryption key and message counter, making the whole traffic visible to the intruder.  The intruder is now capable of inserting malicious software into the traffic inducing more damage.  


·       KRACK is a very real attack against WPA2 which can compromise the confidentiality and integrity of packets sent over a secured Wi-Fi

·       This is a sophisticated attack which requires tools, timing and resources to perform

·       Even if Wi-Fi is broken by KRACK, if you are using secure protocols such as VPN, SSH or HTTPS, your connections will still remain secure

·       As of today, since there are no public exploits that we know of