Search:

Type: Posts; User: wiire

Page 1 of 2 1 2

Search: Search took 0.14 seconds.

  1. Replies
    11
    Views
    4,432

    OK, thank you! Meanwhile I think @binarymaster...

    OK, thank you! Meanwhile I think @binarymaster was adding some features to RS, to make it easier for testing / gathering data.
  2. Replies
    2
    Views
    1,280

    Not true. Since version 1.0.0 you can format...

    Not true. Since version 1.0.0 you can format with: -, :, space, or without (it's written in the README too). Of course, you need double quotes if you use space. See image below.
    ...
  3. Replies
    11
    Views
    4,432

    @ForumKali2016 Thank you very much! The router...

    @ForumKali2016 Thank you very much!

    The router seems to be bugged, but not broken since the protocol goes through correctly (to M7).


    0000497b 000030cf 00003b58 000042cb
    00001003 000015ae...
  4. Replies
    11
    Views
    4,432

    Yes, thank you. Enrollee nonce, the 2 secret...

    Yes, thank you. Enrollee nonce, the 2 secret nonces and details like brand, model etc. are the most important data :)

    Sorry I haven't replied sooner, I had problems logging in on the forum.
    ...
  5. Replies
    582
    Views
    592,927

    We started a new thread for collecting data:...

    We started a new thread for collecting data: https://forums.kali.org/showthread.php?38127-Data-gathering-for-pixiewps-(pixie-dust-attack)&p=75368&viewfull=1#post75368
  6. Replies
    243
    Views
    283,509

    We started a new thread for collecting data:...

    We started a new thread for collecting data: https://forums.kali.org/showthread.php?38127-Data-gathering-for-pixiewps-(pixie-dust-attack)&p=75368&viewfull=1#post75368
  7. Replies
    11
    Views
    4,432

    Data gathering for pixiewps (pixie dust attack)

    Hi everyone,
    we have decided to start collecting data again for the WPS pixie dust attack (pixiewps), however we will be thorough this time:

    The data must be collected with Reaver 1.6.3 and with...
  8. Replies
    582
    Views
    592,927

    The fake AP attack to get the first half of the...

    The fake AP attack to get the first half of the pin is nothing new. The procedure is described in the specification (2.02) as well in Bogard's slides. The problem with it is that usually one is never...
  9. Replies
    582
    Views
    592,927

    Just to clarify, the PBC method is -...

    Just to clarify, the PBC method is - protocol-wise - identical to the PIN method. The only difference is the method of activation (a button) and that the PIN is already known, being '00000000'.

    I...
  10. Replies
    582
    Views
    592,927

    That's what I suspected. It's Realtek without a...

    That's what I suspected. It's Realtek without a doubt.

    What do you mean pixiewps didn't launched the full bruteforce? I'm pretty confident it found the seed but couldn't recover the pin if it...
  11. Replies
    582
    Views
    592,927

    The new pixiewps when modes are not specified...

    The new pixiewps when modes are not specified uses the Pke to try to determine the target. This means it's trying only for Realtek. You should trying manually specifying all the modes --mode...
  12. Replies
    243
    Views
    283,509

    From December 2015 to August 2012 would be (it's...

    From December 2015 to August 2012 would be (it's not correct, please continue reading): --start 12/2015 --end 08/2012

    In CLI programs square parenthesis usually denote some optional...
  13. Replies
    243
    Views
    283,509

    I released version 1.2.2...

    I released version 1.2.2 of pixiewps.

    Most of the work was done to clean up the code, support more platforms, remove OpenSSL dependency (finally!) and add more options. This version has been...
  14. Replies
    243
    Views
    283,509

    @mmusket Thank you offering your help. I...

    @mmusket

    Thank you offering your help. I already got the data I needed and forgot to check back on the forum. Hopefully won't be too long for the final release.

    About RTL867x I (and others)...
  15. Replies
    243
    Views
    283,509

    Hi, I'm currently testing some features I've...

    Hi,
    I'm currently testing some features I've introduced in pixiewps however I still have some troubles with some.

    I wanted to ask if some of you has a Ralink device and can get me some data....
  16. Replies
    243
    Views
    283,509

    We are still looking into RTL816x chipset. We...

    We are still looking into RTL816x chipset. We have have some information about how the nonce might be 'built'. However it's still not enough to implement a feasible bruteforce.
  17. Replies
    582
    Views
    592,927

    The WPS protocol uses the Diffie-Hellman key...

    The WPS protocol uses the Diffie-Hellman key exchange which is a method of securely exchanging cryptographic keys over a public channel. The AP wants to talk to the Client but they don't want anyone...
  18. Replies
    243
    Views
    283,509

    Just a quick update on the state of the...

    Just a quick update on the state of the 'project'.

    I'm really busy at the moment. I'll update/fix pixiewps when I'll be back (2-3 weeks), with (hopefully) some news.
  19. Replies
    243
    Views
    283,509

    The first example is the most general and what...

    The first example is the most general and what you would normally run.

    The second example only shows that you can avoid to specify the Pkr if you have selected small keys in Reaver.

    The last...
  20. Replies
    243
    Views
    283,509

    I've updated pixiewps. Changelog: - Mostly...

    I've updated pixiewps.

    Changelog:
    - Mostly fixes, there were also some leaks of memory (the cracking part was ok though, so don't worry)
    - Removed "modes" from the usage screen and from the...
  21. Replies
    122
    Views
    89,176

    It might be the same problem we had on Reaver due...

    It might be the same problem we had on Reaver due to me adding some extra 3 more spaces on the pixiewps pin print line.

    I think on line 3111 you have to change:


    to:
  22. Replies
    243
    Views
    283,509

    There's something utterly strange in that nonce....

    There's something utterly strange in that nonce. Try to capture a session with Wireshark and see if it matches the nonce reaver prints you.
  23. Replies
    243
    Views
    283,509

    Yes now that pixiewps 1.1 is out we can collect...

    Yes now that pixiewps 1.1 is out we can collect data and decide how to optimize it best in a future release. As I said I run it on my desktop PC which takes only 20 minutes to exaust the keyspace...
  24. Replies
    243
    Views
    283,509

    3 hours...? I can give it a go if you want. It...

    3 hours...?

    I can give it a go if you want. It takes at most 20 minutes on my PC. Send me your data via email or post it here. Of course I assume the router you're testing is yours.
  25. Replies
    243
    Views
    283,509

    I think soxrok is going to upload a new tutorial....

    I think soxrok is going to upload a new tutorial. There are some examples at the bottom of the usage screen. But basically what you want to do normally is launching pixiewps without --force. Then if...
  26. Replies
    243
    Views
    283,509

    @kcdtv You should try using -v 3. It prints the...

    @kcdtv
    You should try using -v 3. It prints the seed (Unix datetime) into human readable date and time.

    Also I've been told there a routers that after failing retrieving the right date and time...
  27. Replies
    582
    Views
    592,927

    QUOTE=psicomantis;44829]Hey guys, I am a little...

    QUOTE=psicomantis;44829]Hey guys, I am a little bit confused as to the usage of -f in the new pixiewps. It refers to mode4??? anyone kind enough to clarify?[/QUOTE]

    Yes sorry I should've...
  28. Replies
    582
    Views
    592,927

    Pixiewps 1.1 is out! :) See the original...

    Pixiewps 1.1 is out! :)

    See the original thread.
  29. Replies
    243
    Views
    283,509

    Pixiewps 1.1 is out! :) Download: GitHub...

    Pixiewps 1.1 is out! :)

    Download: GitHub

    What's new:
    - The previous attack now is fully implemented
    - AuthKey computation if --dh-small is specified (also in Reaver). The data can be...
  30. Replies
    582
    Views
    592,927

    You shouldn't look too much into this....

    You shouldn't look too much into this. Manufacturers put what they want in those fields. Sometimes they put the valid model number, name, serial or whatever, sometimes they put something else, for...
  31. Replies
    582
    Views
    592,927

    That's the WLAN MAC. I was asking for the WAN...

    That's the WLAN MAC.

    I was asking for the WAN MAC = 18:17:25:2C:0B:7A - 5 = 18:17:25:2C:0B:75
  32. Replies
    582
    Views
    592,927

    @aboulatif Hey just a curiosity of mine... Is...

    @aboulatif
    Hey just a curiosity of mine... Is the WAN MAC of that router 18:17:25:2C:0B:75?
  33. Replies
    582
    Views
    592,927

    PKr gets printed in little-endian when using...

    PKr gets printed in little-endian when using small keys (only). When adding the lines of code to print PKr I didn't test with -S, ops. If you sniff the traffic with Wireshark you see it's OK. BTW if...
  34. Replies
    582
    Views
    592,927

    I just want to point out that the tool is not...

    I just want to point out that the tool is not completed yet, it works only (for Realtek) if the 3 nonces are generated within THE SAME second. So we can't be sure wether --dh-small cause bugs. I...
  35. Replies
    243
    Views
    283,509

    Vendor: TP-LINK Model: TD-W8951ND Firmware:...

    Vendor: TP-LINK
    Model: TD-W8951ND
    Firmware: 3.0.1 Build 110720 Rel.40612
    Chipset: Ralink (RT2860)

    Confirmed vulnerable.
  36. Replies
    243
    Views
    283,509

    Pixiewps 1.0.5 is out! Added a partial...

    Pixiewps 1.0.5 is out!

    Added a partial implementation of a new attack! :)

    Vulnerable devices: Realtek (ES-1 = ES-2 = Enrollee nonce). This attack doesn't always work. Also be sure not to use...
  37. Replies
    582
    Views
    592,927

    Thank you. I think in the near future I might...

    Thank you.

    I think in the near future I might modify the program so that it won't depend on a modded version of Reaver but just on the standard one. :)
  38. Replies
    243
    Views
    283,509

    This attack could be potentially extended to more...

    This attack could be potentially extended to more routers if more research is done. There are some other manufacturers that have not been checked yet (like Marvell, Intel, Qualcomm, Realtek...)....
  39. Replies
    243
    Views
    283,509

    I don't undertand what you're trying to say here....

    I don't undertand what you're trying to say here. Ralink doesn't have a seed. It doesn't use a pseudo-random number for ES-1 and ES-2. It uses a constant (ES-1 = ES-2 = 0).

    Broadcom has a...
  40. Replies
    243
    Views
    283,509

    You get PKR = 00:00 ... 00:02 when using the '-S'...

    You get PKR = 00:00 ... 00:02 when using the '-S' ('--dh-small') option on Reaver. You can use the same option on Pixiewps so you don't need to specify the PKR.

    @kcdtv
    Fixed the dependency issue....
  41. Replies
    243
    Views
    283,509

    @mmusket33, FurqanHanif I don't know which...

    @mmusket33, FurqanHanif
    I don't know which version of the modded Reaver you are using. The description of the youtube video contains the latest (download). It prints all the info needed (see the...
  42. Replies
    243
    Views
    283,509

    See if it compiles and creates the executable....

    See if it compiles and creates the executable. Then try to run it from that folder (no make install).

    chmod +x configure
    ./configure
    make distclean && ./configure
    make
    ./reaver -i mon0 etc.
  43. Replies
    582
    Views
    592,927

    You could've just converted the last 6 bytes of...

    You could've just converted the last 6 bytes of the MAC to decimal to get the PIN. But whatever...

    10/10 for the drawing! ;)

    @wn722
    No.
  44. Replies
    582
    Views
    592,927

    Pixiewps is out! :) Link to the pixiewps...

    Pixiewps is out! :)

    Link to the pixiewps thread.
  45. Replies
    243
    Views
    283,509

    Pixiewps: wps pixie dust attack tool

    We started a new thread for collecting data: https://forums.kali.org/showthread.php?38127-Data-gathering-for-pixiewps-(pixie-dust-attack)&p=75368&viewfull=1#post75368

    Pixiewps is a tool written in...
  46. Replies
    582
    Views
    592,927

    Of course it works. I added the -S option to...

    Of course it works.

    I added the -S option to pixiewps so we don't need to print PKR on screen or get it on Wireshark.

    @wn722
    I only use my program, pixiewps.
  47. Replies
    582
    Views
    592,927

    You get PKR: 00:00 [...] 00:02 when using '-S'...

    You get PKR: 00:00 [...] 00:02 when using '-S' ('--dh-small') option.

    @wn722
    The very first AP I tested was a TP-LINK (see my first 2 posts). But I haven't written down the model.
  48. Replies
    582
    Views
    592,927

    Soon hopefully. I'm kinda busy at the moment....

    Soon hopefully. I'm kinda busy at the moment. I'll host the code on GitHub and make a new thread with tutorial when completed or available for "beta testing". Let's stick to the subject's thread for...
  49. Replies
    582
    Views
    592,927

    Let me quote part the WPS specification document...

    Let me quote part the WPS specification document (hope I'm allowed):

    "For 8-digit numeric PINs, the last digit in the PIN is used as a checksum of the other digits. This has the disadvantage of...
  50. Replies
    582
    Views
    592,927

    Read my last post(s). @soxrok2212 Don't think...

    Read my last post(s).

    @soxrok2212
    Don't think so but I have no idea how that works so... might be? Now you should see my request on Skype. It'll will be probabily faster via email (see your...
Results 1 to 50 of 54
Page 1 of 2 1 2