WPS Pixie Dust Attack (Offline WPS Attack)

**soxrok2212** · 2015-02-04

Originally Posted by datahead

You are on the right track
I do have a complete and working PoC program that I use. while it says few routers, I've found a lot more are vulnerable than one would think. All through trial and error of testing which router has which chipset, broadcom, ralink, atheros etc. around 12 of the 20 I've tested on, have been vulnerable.

Would you mind sharing? I can give you an email address... Thanks!

**Cyb3rg0d** · 2015-02-04

Yea share the knowledge if you know something we do not. Thanks

**some1** · 2015-05-05

so then guys & gals....
WPS blackjack attack next?
http://xn--mric-bpa.fr/blog/blackjack.html

**t6_x** · 2015-05-05

Originally Posted by some1

so then guys & gals....
WPS blackjack attack next?
http://xn--mric-bpa.fr/blog/blackjack.html

The person who prepared this attack(blackjack) is a bit confused how things work.

First RS-1 is a random value generated by the Registrar, and it is different from ES-1

ES-1 remains unknown.

The generation of the registrar R-Hash1 has always been known.

What the author is confusing about this PSK1 and on the data traveling on the WPS protocol, the ES-1 and ES-2 are never sent to the registrar

The R-Hash1 is generated with PSK1 the registrar using a RS-1 Random number generated by registrar.

A check of R-Hash1 is made by the Enrollee but using the Enrollee PSK1, the Enrollee PSK1 is correct.

Then the Enrollee R-Hash1 will be different from the registrar R-Hash1 because PSK1 is different, and if you have to check all 11,000 possibilities, then you are doing what the reaver does, which is to test all known pin.

It is not possible to repeat the message M4 indefinitely because there is a protocol to be followed, it is necessary to go through M1 M2 M3 to then send the M4, then it is the same thing as reaver is to test all pins.

Apparently the author was confused where the keys will and who checks them.

The author of this error here

"The Enrollee sens the first secret nonce, E-S1. The Register knows if the Enrollee knows the first half of the PIN."

This is is done on the contrary, Register sends the R-S1 and the enrolle know if the registrar knows the first half of the pin

Another error in the functioning of things

"Pixie Dust attack blah blah, we have to pretend que the Register crates predictable random number."

The random number is generated in the registrar, the registrar in this case is Linux Kali. How will you generate a random number which you already know him? It has much wrong this article

**Saydamination** · 2015-05-05

Originally Posted by some1

so then guys & gals....
WPS blackjack attack next?
http://xn--mric-bpa.fr/blog/blackjack.html

Yeah . He is absolutaly right...

**soxrok2212** · 2015-05-05

Originally Posted by Saydamination

Yeah . He is absolutaly right...

The blackjack attack is wrong. He got the WPS specification backwards. If the AP were the Registrar and the Client were the Enrollee, then it would work fine but unfortunately that is not the case.

Thread: WPS Pixie Dust Attack (Offline WPS Attack)

Thread Tools

Search Thread

Display

Hybrid View

Similar Threads

WPS Pixie Dust Attack (Offline WPS Attack)

Reaver modfication for Pixie Dust Attack

Pixiewps: wps pixie dust attack tool

Posting Permissions