WPS Pixie Dust Attack (Offline WPS Attack)

[wiire]

Normally the router should correct the checksum and just admit valide PIN (that respects the rules of the wifi aliance) also a few routers showed to admit non-legitmate PIN (without checksum)

Let me quote part the WPS specification document (hope I'm allowed):

"For 8-digit numeric PINs, the last digit in the PIN is used as a checksum of the other digits. This has the disadvantage of reducing the entropy of the PIN. It has the advantage, however, of enabling errors in user input of the PIN to be detected and potentially corrected before the PIN is actually used in the Registration Protocol. Users of course are not expected to compute checksums for passwords they choose, so user-specified Device Passwords do not include a checksum digit."

"Checksum digits are only included and validated for the Default (PIN) device password type, and only if an 8-digit PIN is used."

You may be right but of course, vendors do what they want... we know. I saw PINs that didn't match the checksum too. I'll add the checksum optimization soon.

People says english is easy but they are wrong, or it is because they don not mind to speak with faults or imprecisly.

English IS difficult, a new language is. That's why Esperanto was invented By the way, I'm a non-native speaker. I learned english (mostly) on the Internet so my speaking could be a bit misleading sometimes.