Data gathering for pixiewps (pixie dust attack)
Hi everyone,
we have decided to start collecting data again for the WPS pixie dust attack (pixiewps), however we will be thorough this time:
- The data must be collected with Reaver 1.6.3 and with the new -vvv debug option (now included in kali)
- A set of data must contain a full transaction from M1 to M7 (thus you MUST know the PIN)
- 2 consecutive transactions (2 sets of data close in time) would be ideal (run reaver once, grab the data, then run reaver again, grab the new data)
- The data should be filtered with logfilter.py
- Please include the model / name of the router (possibly using wash --json for the specific router, you can edit out the BSSID and ESSID for privacy reasons)
- DO NOT use -S (--dh-small)
- Which data we want? See below:
- Realtek that pixiewps can't pwn (some RTL8671 ?)
- Data where nonces (E-nonce) follow a weird pattern like xx:xx:00:00..., 00:00:xx:xx... etc. (eg. 00:00:42:b4:00:00:6a:2e:00:00:07:80:00:00:43:45)
The latest pixiewps uses multi-threading so you may want to use that instead of the one included in kali. Some changes are still in the works so I won't push a new tag for now.
To collect data you can use something like this (be sure to use the correct pin):
Code:
sudo -i
reaver -vvv -i MONITOR -b BSSID -p PIN 2>&1 | tee reaver.log
cat reaver.log | python2 logfilter.py 1>&2 2>PIXIEDATA.TXT
wash -i MONITOR -j --scan -n 25 | grep -i BSSID | tee ROUTERDATA.JSON
You can also copy and paste the full logs if you have problems following this procedure.
Remember that in most cases WPS 2.0 locks after 10 FAILED attempts. After that a reboot is required to reset.
Why collecting data again after all this time?
Pixiewps has improved overtime, now it's more mature and so is Reaver. But there are still potential vulnerable devices out there and margins for improvement overall.
Please keep the thread related to gathering data only. Post questions only if important. That is also the reason why I'm starting a new thread, the others are too much clogged up. Hope mods don't mind :)