WPSCrack.py I guess only works with Atheros wireless adapters. Try this to get more info.. comes from Hack Forums:
Code:
int wpa_debug_level = MSG_INFO; // change it to MSG_DEBUG
2: Or, manually add some prints in the (wpa_supplicant) source. Let's take as an example bully (you could try reaver if you wish):
- Download the zip file. Unzip it.
- Go to bully-master/src/wps and open wps_common.c with a text editor.
- Go to line 122 and add something similar (just a print):
Code:
os_memcpy(wps->emsk, keys + WPS_AUTHKEY_LEN + WPS_KEYWRAPKEY_LEN,
WPS_EMSK_LEN);
/****** ADD THIS PART ******/
printf(" > AuthKey: ");
int pixiecnt = 0;
for (; pixiecnt < WPS_AUTHKEY_LEN; pixiecnt++) {
printf("%02x", *(wps->authkey + pixiecnt));
if (pixiecnt != WPS_AUTHKEY_LEN - 1) {
printf(":");
}
}
printf("\n");
/******/
wpa_hexdump_key(MSG_DEBUG, "WPS: AuthKey",
- Now open wps_registrar.c.
- Go to line 1719 (inside wps_process_e_hash1 function) and add:
Code:
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", wps->peer_hash1, WPS_HASH_LEN);
/****** ADD THIS PART ******/
printf(" > E-Hash1: ");
int pixiecnt = 0;
for (; pixiecnt < WPS_HASH_LEN; pixiecnt++) {
printf("%02x", *(wps->peer_hash1 + pixiecnt));
if (pixiecnt != WPS_HASH_LEN - 1) {
printf(":");
}
}
printf("\n");
/******/
return 0;
- Then in the function below (inside wps_process_e_hash2) add:
Code:
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", wps->peer_hash2, WPS_HASH_LEN);
/****** ADD THIS PART ******/
printf(" > E-Hash2: ");
int pixiecnt = 0;
for (; pixiecnt < WPS_HASH_LEN; pixiecnt++) {
printf("%02x", *(wps->peer_hash2 + pixiecnt));
if (pixiecnt != WPS_HASH_LEN - 1) {
printf(":");
}
}
printf("\n");
/******/
return 0;
Then please post this here:
Code:
AP Manufacturer:
Model name/number:
Chipset:
N1 Nonce:
Authkey:
PKE:
PKR:
E-Hash1:
E:Hash2:
First 3 are optional, last 6 are mandatory to crack.