Close Menu
Honi Soit
    Facebook X (Twitter) Instagram
    Trending
    • Strawmanning in the chat at the July SRC Council
    • Folk Reimagined, East In Symphony at the Sydney Opera House
    • Graeme Turner’s ‘Broken’ assesses our ailing university sector
    • MAPW addresses USyd’s retreat from “obligation to promote peace” in open letter
    • 2025–26 State Budget Unpacked
    • Antisemitism review puts universities, festivals, and cultural centres under threat
    • Macquarie University axes Sociology, cuts more jobs & courses
    • UTS elects new Chancellor
    • About
    • Print Edition
    • Student Journalism Conference 2025
    • Writing Comp
    • Advertise
    • Locations
    • Contact
    Facebook Instagram X (Twitter) TikTok
    Honi SoitHoni Soit
    Wednesday, July 16
    • News
    • Analysis
    • Culture
    • Opinion
    • University
    • Features
    • Perspective
    • Investigation
    • Reviews
    • Comedy
    • Student Journalism Conference 2025
    Honi Soit
    Home»Tech

    How I’d hack your Wi-Fi

    By Alexander HogueAugust 15, 2016 Tech 5 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Once, when I was a teenager, I was staying in a hotel. I was all like, “Oh, I’d like to have Wi-Fi now please because I feel weirdly uncomfortable not having it at all times.” There were all these Wi-Fi networks around, but I didn’t know the password to any of them. Which made me think… what if I could… use it anyway? This prompted a lot of research and devastated that particular family holiday.

    This article is the 100 per cent code-free explanation of one way someone might hack your home Wi-Fi. By the end it’s okay to feel afraid, insecure, or even cripplingly alone. It’s okay. We’ve all been there.

    The first thing I’d do is take out my laptop and run airodump-ng, a suite of software tools for exactly the job of hacking Wi-Fi. It would show me the names of Wi-Fi networks and also their “BSSID”, which is a bit like an ID for Wi-Fi networks. It’s actually exactly like that.

    Once I know the BSSID of your Wi-Fi, it’s time to try and get your password hash. A password hash is like a scrambled version of the password. You can’t unscramble it. Kinda like how you can’t unscramble scrambled eggs back into the white and the yolk. Stop trying, it’s embarrassing. Okay, so let’s get the hash and then worry about getting the password out of it.

    We’re going to find it by watching the secret handshake.

    You heard me. I can’t believe that this is a real thing, but there actually is a secret handshake that happens when you connect to a Wi-Fi network.

    You might be wondering why there’s a secret handshake happening every time you connect to Wi-Fi. And that’s fair enough, I’m glad you asked.

    Let’s say you’re a legitimate businessperson just connecting to their home Wi-Fi. No funny business. You know the password. But you need to prove to the Wi-Fi network that you know the password. But everyone else can hear you.

    It’s kinda like if you came up to me at a party and you said “I know your Facebook password”. It gets real tense. I nervously glance up at you and choke trying to chuckle. I want to know if you really do know my Facebook password, but I also don’t want you to just say “Your Facebook password is cooldude99” because everyone else at the party is listening.

    So, the secret handshake lets you and the Wi-Fi router both prove you know the password without saying it. Here’s how it works:

    Screen Shot 2016-08-15 at 3.02.17 pm

    Did you spot the trick? What can an eavesdropper do here? The trick here is that if you’re an eavesdropper, you get to see the following things:

    Screen Shot 2016-08-15 at 3.02.25 pm

    Well what if I just encrypt the text “memes” with “cooldad1964” as the key, and it happens to encrypt to “b8%&G”?

    Then I know that the password was “cooldad1964”. And if “memes” encrypts to something else, then I know my guess was wrong.

    So what we’re going to do here is just guess the password. The trick is that we’re going to be able

    to guess passwords way faster than if we were just typing them into the “Enter the password for this Wi-Fi network” box.

    So, get out your pen and paper and blow the dust off that compass and straightedge because it’s time to do some encryption.

    Just kidding, we’re not going to use pen and paper you big bozo. We’re going to use a graphics card.

    Graphics cards are the part inside a computer that lets the computer be able to play 3D games such as Fallout 4 and Viva Piñata: Party Animals. They also happen to be really fast at encrypting stuff.

    So we’re going to get a big list of millions of passwords, and try them all to try and guess the Wi-Fi password.

    For one reason or another, hackers have made available big lists of real passwords. By “real”, I mean “someone used this password on a site and that site got hacked so now everyone knows their password”. Sites that got hacked recently and had passwords exposed include LinkedIn, Adobe, and Myspace.

    I’m going to guess that your Wi-Fi password is probably in one of the heaps big lists of passwords I have. But to find out which one it is, we’re going to have to encrypt “memes” (in this example) with every single password in the list as the key, and see if any of them match what we saw the Wi-Fi password encrypt to (“b8%&G”).

    Hashcat is software that can take a password list and a hash (“b8%&G”) and try to “unhash” it by comparing it to all the passwords in the list. To give you an estimate of how long this takes, my computer can check 10 million passwords in about 10 minutes.

    And that’s it. Hashcat will spit out the password, and I can just type it in the Wi-Fi “Enter the password” box. The main part is furiously guessing millions of passwords until we find the right one.

    The reason this method of hacking works is because people pick easy-to-guess passwords. English word with the first letter maybe capitalised then one or two numbers? That pattern covers a LOT of people’s passwords and a computer can just quickly check all of them.

    If you’re an average internet user, your password for everything is the same, and it’s your pet’s name followed by your house number. What I’m saying is that on average, most Wi-Fi passwords don’t stand a chance against these password lists.

    And of course, if all that doesn’t work, I could just send you a fake email that says “Suspicious activity detected in your Netgear router – Log In  now to review” and get your password that way.

    Art includes elements by factor[e] design initiative and Viktor Vorobyev, used with permission through The Noun Project

    airodump BSSID decrypt hack hacker Hashcat password unhash wifi

    Keep Reading

    Road signs, Rubber, and Repatriation: ‘Yolŋu Power — The art of Yirrkala’ at the AGNSW

     Still Kicking, Still Kidding: Comedian Wil Anderson Talks 17 Seasons of Gruen

     “Like diaspora, pollen needs to be scattered to different places to survive and grow”: Dual Opening of ‘Germinate/Propagate/Bloom’, and ‘Last Call’ at 4A Centre of Contemporary Asian Art

    $50 million donation to set up endometriosis research institute at UNSW

    The Power of Choice: Capturing Compassion with Andrew Denton and Julian Kingma

    No Soap in the Box

    Just In

    Strawmanning in the chat at the July SRC Council

    July 14, 2025

    Folk Reimagined, East In Symphony at the Sydney Opera House

    July 14, 2025

    Graeme Turner’s ‘Broken’ assesses our ailing university sector

    July 13, 2025

    MAPW addresses USyd’s retreat from “obligation to promote peace” in open letter

    July 13, 2025
    Editor's Picks

    Part One: The Tale of the Corporate University

    May 28, 2025

    “Thank you Conspiracy!” says Capitalism, as it survives another day

    May 21, 2025

    A meditation on God and the impossible pursuit of answers

    May 14, 2025

    We Will Be Remembered As More Than Administrative Errors

    May 7, 2025
    Facebook Instagram X (Twitter) TikTok

    From the mines

    • News
    • Analysis
    • Higher Education
    • Culture
    • Features
    • Investigation
    • Comedy
    • Editorials
    • Letters
    • Misc

     

    • Opinion
    • Perspective
    • Profiles
    • Reviews
    • Science
    • Social
    • Sport
    • SRC Reports
    • Tech

    Admin

    • About
    • Editors
    • Send an Anonymous Tip
    • Write/Produce/Create For Us
    • Print Edition
    • Locations
    • Archive
    • Advertise in Honi Soit
    • Contact Us

    We acknowledge the traditional custodians of this land, the Gadigal people of the Eora Nation. The University of Sydney – where we write, publish and distribute Honi Soit – is on the sovereign land of these people. As students and journalists, we recognise our complicity in the ongoing colonisation of Indigenous land. In recognition of our privilege, we vow to not only include, but to prioritise and centre the experiences of Indigenous people, and to be reflective when we fail to be a counterpoint to the racism that plagues the mainstream media.

    © 2025 Honi Soit
    • Privacy Policy
    • Terms
    • Accessibility

    Type above and press Enter to search. Press Esc to cancel.