But since we are the registrar in the WPS transaction, wouldn't we already know the shared secret and the generator and the enrollee's public number and the prime modulus?
Printable View
Yes soxrok2212.I caught up focusing on the modulas equation you posted for the Diffie-Helman process...As a result I was commenting on the probability of decrypting Diffie-Helman process using a man in the middle attack......Sticking to this thread Now, i am thinking along codes to bruteforcet Pseudo random Generators in order to compute E-S1 and E-S2 ( I am of the opinion that this might include algorithmic codes that guess statiscal patterns in PRNGs-maths,maths,maths.)..However when this attack was proposed by Mr. Bongard,I was looking for books on PRNGS..I noticed amazon had a couple...I might see if there are torrent ebooks out there....all for now....
So for those of you having trouble understanding the video of the DH Key exchange I posted, here is how 3^15 mod 17 = 6. First, calculate 3^15, which is our "generator" times the private number of in our applied case, the enrollee... = 14,348,907. Now, we take 14,348,907 and divide it by our prime modulus (known by both the enrollee and registrar, (17) and get 844,053.3529. Now, we remove the remainder from that number, .3529, so we are left with only 844,053 and multiply it by our prime modulus... 844,053 * 17=14,348901. Now, take our initial value (3^15) which is 14,348,907 and subtract the value we just calculated, 14,348,901... 14,348,907 - 14,348,901 = 6!
Therefore:
3^15 mod 17 = 6
Now that the enrollee has generated a public number from its private number, it sends that to the registrar. Now it is the registrars turn to come up with its own private number (13) and make a public number.
3^13 mod 17 = 12
3^13 = 1,594,323
Now, divide by our prime modulus (17)... 1,594,323 / 17 = 93,783.70588. Remove the decimal and get 93,783. Now multiply that number by 17... 93,783 * 17 = 1,594,311. Now, take our initial value and subtract the value we just created to get the registrar's public number... 1,594,323 - 1,594,311 = 12! The registrar then sends this publicly to the enrollee.
Enrolee public number: 6
Enrolee private number: 15
Registrar public number: 12
Registrar private number: 13
Now, the registrar and the enrollee both know each others public numbers, 6 and 12. So what they do now is they take their public number from the other, and raise it to the power of their own private number.
So for the enrollee to calculate the shared secret, it would do 12^15 mod 17 = 10
And for the registrar to calculate the shared secret, it would do 6^13 mod 17 = 10
Now they both know the shared secret, which I THINK may also be the seed that the PRNG uses (as stated before) but I'm not sure yet, or maybe this shared secret in conjunction with something else is the seed.
Updated with all the latest information!!!! Just need someone who knows C now... :confused:
Nice explanation of modulus arithematic aspect...sorry dude i don't know C..hope someone with C experience and pentesting can contribute to this thread,,,I noticed in the Pixie Dust attack documentation there is a lack of certainty whether the PNRG state can be bruteforced..if this can be done then we can compute E-S1 and E-S2 and then bruteforce the first half and second half of the pin offline.....I tihnk we need to get Mr. Bongard and lock him down until he successfully complete his thesis (haha...just kidding);)..
It can be done, we just have to throw in seeds until we get a match. Very simple. The generator will make a long string of numbers/letters and only part of it in the PKE (Enrollee nonce), and then directly after it are the E-S1 and the E-S2
If anyone knows C, please leave a comment. Looking to find someone to build a tool with.
Or if there is anyone who knows python let me know please. I would like to get a project going.
WoW
thank you guys for this excellent theme
@ soxrok2212
i am not a programmer and seeding is a problem with bash which is the only thing i know very few about. I gues it can be done from the sacrtach but i am not sure baout the efficiency of the code, :D
I know to who ask for help, he should be interested in helping you.
If not i can help you to start something in python and we can see how to get support on the way. C is above my mind :)
I send a MP to this person right now and tell you as soon as possible.
thanks for all your sharing and explanations in this theme . See you
Yes, i guess it was me.... my first language is not spanish but i am definitely more fluent in spanish than in english,(i understand everything but my grammar and my syntaxes are horrible) :D
I write you a mail (in spanish)
I didn't receive an answer from my friend yet... But it is still a bit early for him :p
we keep in touch- i write you a mail right now and like this you have mine
cee you there :)