This presentation discusses a strategy for reverse-engineering router firmware to analyze algorithms used to generate default WPA2 PSKs, and demonstrates how such passwords can be recovered within minutes. Further, we describe a procedure that can instantly gather a complete wireless authentication trace, which enables an off-line password recovery attack.
Eduardo is a Security Analyst who specializes in embedded device security. He is known for messing around with wireless routers, and has published research on EMV-CAP and WirelessHART during his studies. He holds a BS in CS from Universitat Politécnica de Valencia (Spain), and a Masters in Computer Security from The Kerckhoffs Institute at Radboud University Nijmegen (The Netherlands).