So many of you probably know that I was looking into Realtek recently, and I noticed some fishy stuff that they do. First of all, Realtek APs ALL generated the SAME PKe. Not just on 1 occasion, not just on 1 AP, but multiple. All generated the same PKe. This seemed very strange and insecure. A person could find the secret number used in the DH Key exchange and this could be used for a MITM attack for instance, but it is not the actual problem.
Anyways, I contacted Dominique, send him some test data from a Realtek AP, a firmware blablabla, and he came back to me with the conclusion that Realtek can be cracked in 2 different, but similar ways.
1- Assuming the attacker does a WPS exchange in 1 second, E-S1 = E-S2 = N1 Enrollee Nonce
Wow, stupid engineering right? The actual PRNG is found here: https://github.com/skristiansson/uCl...lib/random_r.c
The seed that this generator uses is the time. So assuming everything happens in 1 second, your E-S1 and E-S1 will equal the N1 Enrollee Nonce.
2- If your exchange doesn't happen within 1 second, you can simply brute force the seed for the PRNG (kinda similar to Broadcom). All you have to do is input different times. Then, you will have E-S1 and E-S2.
Amazing. And they thought this was a secure implementation? Nope.
The only drawback for this attack is you can't use small PKr DH Keys so at the moment, you need Wireshark or just do a hex dump to get the PKr. Not that big of a deal though. Wiire updated pixiewps within about 10 minutes of me telling him all the info and has already released it, what a champ!
