Page 8 of 12 FirstFirst 123456789101112 LastLast
Results 351 to 400 of 583

Thread: WPS Pixie Dust Attack (Offline WPS Attack)

  1. #351
    Join Date
    2015-Mar
    Posts
    141
    @nuroo already checked, completely unavailable, only way to get it is dump a live device. Same with the xfinity arris routers, found on a website that the firmware is "closely guarded".

  2. #352
    Join Date
    2013-Jun
    Posts
    70
    I am trying my best to figure this out, I have been testing on a broadcom and zyxel router, It never spits out the 2 hashes for them, am I missing something simple here? Of course you need the 2 hashes to get the pin. It spits out the other necessary keys/info. My kali was updated this evening. Edit-I figure its because router is not supported.
    Last edited by undersc0re; 2015-05-05 at 15:49.

  3. #353
    Join Date
    2014-Mar
    Posts
    1
    so then guys & gals....
    WPS blackjack attack next?
    http://xn--mric-bpa.fr/blog/blackjack.html

  4. #354
    Join Date
    2015-Apr
    Posts
    28
    Wps Pixie Dust Attack is VULNERABLE for all ZTE modems...

  5. #355
    Join Date
    2015-Apr
    Posts
    39
    Quote Originally Posted by some1 View Post
    so then guys & gals....
    WPS blackjack attack next?
    http://xn--mric-bpa.fr/blog/blackjack.html
    The person who prepared this attack(blackjack) is a bit confused how things work.

    First RS-1 is a random value generated by the Registrar, and it is different from ES-1

    ES-1 remains unknown.

    The generation of the registrar R-Hash1 has always been known.

    What the author is confusing about this PSK1 and on the data traveling on the WPS protocol, the ES-1 and ES-2 are never sent to the registrar

    The R-Hash1 is generated with PSK1 the registrar using a RS-1 Random number generated by registrar.

    A check of R-Hash1 is made by the Enrollee but using the Enrollee PSK1, the Enrollee PSK1 is correct.

    Then the Enrollee R-Hash1 will be different from the registrar R-Hash1 because PSK1 is different, and if you have to check all 11,000 possibilities, then you are doing what the reaver does, which is to test all known pin.

    It is not possible to repeat the message M4 indefinitely because there is a protocol to be followed, it is necessary to go through M1 M2 M3 to then send the M4, then it is the same thing as reaver is to test all pins.

    Apparently the author was confused where the keys will and who checks them.

    The author of this error here

    "The Enrollee sens the first secret nonce, E-S1. The Register knows if the Enrollee knows the first half of the PIN."

    This is is done on the contrary, Register sends the R-S1 and the enrolle know if the registrar knows the first half of the pin



    Another error in the functioning of things

    "Pixie Dust attack blah blah, we have to pretend que the Register crates predictable random number."

    The random number is generated in the registrar, the registrar in this case is Linux Kali. How will you generate a random number which you already know him? It has much wrong this article
    Last edited by t6_x; 2015-05-05 at 15:54.

  6. #356
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    ... and according to my Jedi skills there are no "gals" here. If there are, please someone introduce me!

    Welcome some1, to the new Kali Kitchen (thanks g0tmilk), where strange things are cooked and weird things happen. Cheers!!!
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  7. #357
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by Quest View Post
    ... and according to my Jedi skills there are no "gals" here. If there are, please someone introduce me!

    Welcome some1, to the new Kali Kitchen (thanks g0tmilk), where strange things are cooked and weird things happen. Cheers!!!
    Haha I love that ^^ Anyways, I need some help from some of you really smart experienced guys out there. I still have a lot of homework to do with the topic but I was looking into tkiptun-ng... more specifically injecting "arbitrary packets." Does anyone know what kind of stuff we can inject? I'm wondering is we can somehow maybe magically with a little bit of "pixie dust" initialize PBC or something similar? I'm really not sure, just thinking

  8. #358
    Join Date
    2015-Apr
    Posts
    28
    Quote Originally Posted by some1 View Post
    so then guys & gals....
    WPS blackjack attack next?
    http://xn--mric-bpa.fr/blog/blackjack.html
    Yeah . He is absolutaly right...

  9. #359
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by Saydamination View Post
    Yeah . He is absolutaly right...
    The blackjack attack is wrong. He got the WPS specification backwards. If the AP were the Registrar and the Client were the Enrollee, then it would work fine but unfortunately that is not the case.

  10. #360
    Join Date
    2015-Mar
    Posts
    141
    The author knows he was wrong, right at the top of the page it says:

    Erratum : I thought the Enrollee was the client, and the Registrar the AP (see spec :

    Enrollee: A Device seeking to join a WLAN Domain. Once an Enrollee obtains a valid credential, it becomes a Member.
    Registrar: An entity with the authority to issue and revoke Domain Credentials. A Registrar may be integrated into an AP, or it may be separate from the AP. A Registrar may not have WLAN capability. A given Domain may have multiple Registrars.

    , but I was wrong. Thus, what I wrote below contains errors. Correction and implementation are left as an exercise to the reader.

    Love that we have our own little "kitchen" now

  11. #361
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    So anyways, is anyone familiar with tkiptun-ng and packetforge-ng?

  12. #362
    Join Date
    2015-Mar
    Posts
    141
    Like send it malformed packets and make it trigger a PBC? That's an interesting idea. I remember a while ago i was doing some packet maniulation scripting and i found scapy to be VERY useful for the project i was doing. Probably be a good tool to use for that.

  13. #363
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by aanarchyy View Post
    Like send it malformed packets and make it trigger a PBC? That's an interesting idea. I remember a while ago i was doing some packet maniulation scripting and i found scapy to be VERY useful for the project i was doing. Probably be a good tool to use for that.
    You took the words right out of my mouth, thats exactly what I was thinking. I actually had 3 ideas.

    1: Trigger PBC
    2: Trigger AP to accept a client's WPS pin
    3: Send an M8 packet to attempt to reconfigure the AP

    I'm not so sure that any of these ideas will work since I'm no super hacker or programmer, but it is just something I see possible

    Also, there has been updates to tkiptun-ng: http://download.aircrack-ng.org/wiki...kip_master.pdf
    Last edited by soxrok2212; 2015-05-05 at 21:10.

  14. #364
    Join Date
    2015-Mar
    Posts
    141
    Hrm, that gave me an idea. I can hook up to a router(uart, spi sniffing, or whatever) and see what goes on inside the router during a wps transaction. See if there is anything exploitable.

  15. #365
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by aanarchyy View Post
    Hrm, that gave me an idea. I can hook up to a router(uart, spi sniffing, or whatever) and see what goes on inside the router during a wps transaction. See if there is anything exploitable.
    Do it! Lemme know if you find anything.

    --If we find something, I'll start a new thread since its not really Pixie Dust related.
    Last edited by soxrok2212; 2015-05-05 at 21:20.

  16. #366
    Join Date
    2015-Mar
    Posts
    141
    Quote Originally Posted by soxrok2212 View Post
    Do it! Lemme know if you find anything.

    --If we find something, I'll start a new thread since its not really Pixie Dust related.
    I'll see what i can get done tonight, even if i can find a way to freeze/reset/dos the router it would be useful for reseting wps locks

  17. #367
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by aanarchyy View Post
    I'll see what i can get done tonight, even if i can find a way to freeze/reset/dos the router it would be useful for reseting wps locks
    Yeah, a reset would be excellent. I've been trying a bunch of ways but haven't been successful. I've been thinking about probing an AP hundreds of times per second with invalid characters in order to reset it... haven't been able to try that yet (MDK3 doesn't support this operation... yet )

  18. #368
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    never a dull moment..
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  19. #369
    Join Date
    2015-Mar
    Posts
    141
    If the knoppix-std forum was still up, I could direct you to the script i wrote that used scapy. Wasn't much, it just watched an ap, and dynamically disassoc/deauthed any clients that tried to connect to the ap that weren't on the "whitelist", sort of an active ap protection. Wish i still had a copy of it so i could see how i did it :-/
    Oh well, off to do my favorive thing, hardware hacking!
    If i come up with anything usefull, I'll start a new thread to hopefully get some R&D into it :-D

  20. #370
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by aanarchyy View Post
    If the knoppix-std forum was still up, I could direct you to the script i wrote that used scapy. Wasn't much, it just watched an ap, and dynamically disassoc/deauthed any clients that tried to connect to the ap that weren't on the "whitelist", sort of an active ap protection. Wish i still had a copy of it so i could see how i did it :-/
    Oh well, off to do my favorive thing, hardware hacking!
    If i come up with anything usefull, I'll start a new thread to hopefully get some R&D into it :-D
    So its like MDK3's WPA downgrade mode?? Thats essentially the same thing it does... just deauth until the owner reboots/downgrades to WEP/tries no security at all.

  21. #371
    Join Date
    2015-Mar
    Posts
    141
    Nope, it was a straight up DOS, it could be set up to protect an AP from any unknown clients, or set up to deny a specified client(s) from assoc/auth to any AP I could see.

    More or less it was just used to either protect an AP, or just troll someone ;-)
    Last edited by aanarchyy; 2015-05-05 at 23:50.

  22. #372
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by aanarchyy View Post
    Nope, it was a straight up DOS, it could be set up to protect an AP from any unknown clients, or set up to deny a specified client(s) from assoc/auth to any AP I could see.
    Ah interesting. Well theres really 3 things on my mind right now.

    1: Have t6_x's Reaver print PKE, PKR all that stuff with -vvv (as well as sending M1, M2, etc). I've already contacted him about that, hopefully we will see it soon
    2: Get someone who knows C (or who can modify MDK3) and try to probe an AP with invalid SSID characters to try to reset/reboot the AP.
    3: Figure out how to forge a packet that could possibly open up an opportunity for one (or more) of the 3 things I listed earlier on APs configured with WPA+TKIP or WPA+WPA2 TKIP+CCMP

    Thats basically my agenda... if anyone wants to assist me that would be great
    Last edited by soxrok2212; 2015-05-06 at 02:49.

  23. #373
    Join Date
    2015-Mar
    Posts
    141
    Quote Originally Posted by soxrok2212 View Post
    Ah interesting. Well theres really 3 things on my mind right now.

    1: Have t6_x's Reaver print PKE, PKR all that **** with -vvv (as well as sending M1, M2, etc). I've already contacted him about that, hopefully we will see it soon
    2: Get someone who knows C (or who can modify MDK3) and try to probe an AP with invalid SSID characters to try to reset/reboot the AP.
    3: Figure out how to forge a packet that could possibly open up an opportunity for one (or more) of the 3 things I listed earlier on APs configured with WPA+TKIP or WPA+WPA2 TKIP+CCMP

    Thats basically my agenda... if anyone wants to assist me that would be great
    As said earlier, probably best to open a new thread about this, as it is not really pixie related. Put all your ideas in the OP and everyone can collectively(hopefully) make something of it.

    But for now, im still poking at this effin router to make it do something interesting D-:<
    Last edited by aanarchyy; 2015-05-06 at 00:04.

  24. #374
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by aanarchyy View Post
    As said earlier, probably best to open a new thread about this, as it is not really pixie related. Put all your ideas in the OP and everyone can collectively(hopefully) make something of it.
    If I can find a little more open time I will... I'll do a big writeup about it.

  25. #375
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Just a quick note on the original post, DH Keys are not calculated with a PRNG, its modular arithmetic with the function described below... I updated that. Sorry for the confusion.

  26. #376
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    I also forgot to note, MediaTek is vulnerable too! Same problem as Ralink (since MediaTek took over Ralink a few years ago.)

  27. #377
    Join Date
    2015-Apr
    Posts
    9
    Hay #soxrok2212 ..Thanks for pixiewps 1.1 ..it works on TD5130 V 1 but TD5130 V 3 not works why?

  28. #378
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by iliass View Post
    Hay #soxrok2212 ..Thanks for pixiewps 1.1 ..it works on TD5130 V 1 but TD5130 V 3 not works why?
    I don't know I don't have one to try.

  29. #379
    Join Date
    2015-Apr
    Posts
    9
    Ok i will send you a handshake For TD5130 V 3 ..ok For add this realtek in pixiewps and reaver

  30. #380
    Join Date
    2015-Apr
    Posts
    9
    Give my Your GMAIL pllz

  31. #381
    Join Date
    2015-May
    Posts
    1
    lol.jpg

    it keeps looping :S

  32. #382
    Join Date
    2015-Apr
    Posts
    28
    Quote Originally Posted by iliass View Post
    Hay #soxrok2212 ..Thanks for pixiewps 1.1 ..it works on TD5130 V 1 but TD5130 V 3 not works why?
    Pixiwps is vulnerable if ES1=ES2 ...if not , invulnerable.. You can look all results...

    Some manufacturer use really easy way to create PIN... Serial numbers , Ad-hoc or other..

    They can create new -K options like -K 4 , -K 5 , -K 6 or -W 3 -W 4 ...

    Pixiewps is great project .. User friendly , costumer friendly.....

  33. #383
    Join Date
    2015-Mar
    Posts
    47
    I just checked the database and no broadcom units are vulnerable. I was sure someone posted that only some broadcoms are. Have there been any such cases?

  34. #384
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by scorpius View Post
    I just checked the database and no broadcom units are vulnerable. I was sure someone posted that only some broadcoms are. Have there been any such cases?
    I think someone reported success but they didn't list any specifics.

  35. #385
    Join Date
    2015-Apr
    Posts
    9
    #Saydamination .yes but i have a have handshake.cap ..i wil send to #soxrok2212 ..just give my your email plz

  36. #386
    Join Date
    2015-Mar
    Posts
    127
    TRENDnet TEW-691GR - VULNERABLE

    Pixie:
    [+] Manufacturer: TRENDnet Technology, Corp.
    [+] Model Name: TRENDnet Router
    [+] Model Number: TEW-691GR
    [+] Serial: 12345678

    chipset, ralink RT3883

    wikidevi

  37. #387
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by nuroo View Post
    TRENDnet TEW-691GR - VULNERABLE

    Pixie:
    [+] Manufacturer: TRENDnet Technology, Corp.
    [+] Model Name: TRENDnet Router
    [+] Model Number: TEW-691GR
    [+] Serial: 12345678

    chipset, ralink RT3883

    wikidevi
    Thanks I'll add it later

  38. #388
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    I added some thoughts about Atheros. Potentially the same thing goes for Broadcom... anyone have any ideas or comments?

  39. #389
    Join Date
    2014-Oct
    Posts
    44
    Quote Originally Posted by soxrok2212 View Post
    I added some thoughts about Atheros. Potentially the same thing goes for Broadcom... anyone have any ideas or comments?
    where?
    ......

  40. #390
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by wn722 View Post
    where?
    ......
    Vendor implementations.

  41. #391
    Join Date
    2015-Mar
    Posts
    127
    @wn722
    I'm glad u asked. I had the same question. Didn't realize main page updated.

    @soxrof2212
    I'll help test if u guys come up with something.

  42. #392
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by nuroo View Post
    @wn722
    I'm glad u asked. I had the same question. Didn't realize main page updated.

    @soxrof2212
    I'll help test if u guys come up with something.
    I usually update the main page regularly....depends on what I find. It's usually just errors or something stupid but yeah it should say on the bottom when the last update was.

  43. #393
    Join Date
    2014-Oct
    Posts
    44
    cheers. good on Atheros for keeping it safe.

  44. #394
    Join Date
    2015-May
    Posts
    3

    Bruteforce See idea?

    why not use untwister to bruteforce the original seed and find the pin?
    its available on github, its a seed "recovery" tool

  45. #395
    Join Date
    2015-Apr
    Posts
    39
    Quote Originally Posted by dragood View Post
    why not use untwister to bruteforce the original seed and find the pin?
    its available on github, its a seed "recovery" tool
    The reason is because not supported routers use the /dev/urandom to generate the random numbers.

    The Untwister, only supports basic PRNG of certain libraries (Glibc's, Mersenne Twister, PHP's MT-variant, Ruby's). These are simple and easy to crack PRNG.

    But not supported routers use the /dev/urandom, which is safer and complicated to manage to find the seed.

  46. #396
    Join Date
    2015-May
    Posts
    3
    Quote Originally Posted by t6_x View Post
    The reason is because not supported routers use the /dev/urandom to generate the random numbers.

    The Untwister, only supports basic PRNG of certain libraries (Glibc's, Mersenne Twister, PHP's MT-variant, Ruby's). These are simple and easy to crack PRNG.

    But not supported routers use the /dev/urandom, which is safer and complicated to manage to find the seed.
    as far as i can tell, only Atheros us /dev/random. Also Dominique boguard Clearly stated that these seeds could be found in seconds with a decent computer. which algorithm the prng uses is stated anywhere as far as i have read.
    also Dominique pointed out that the seed was very low entropy, only 32 bits!!, its nothing impossible to crack in minutes with any home computer. the only reason we can't is because someone hasn't figured out how to write the code yet. Everything is literally written down for us in Boguard's Presentation....Literally....the only reason we're able to get the pin now is because we assume ES-1 = ES-2 = 0. which really not much of "hacking". the only problem we are facing now, is someone needs to know how to write a code to find the state of the PRNG, once that's found we generate random numbers, hash the result with hmac_sha-256. and then simply compare the results to what the router gave us. once we see they are the same, we know we have the correct seed, from that we can find ES-1 and ES-2 (im using broadcom as an exemple since it generates both nounces right after M1 message). This is by far the simplest thing, im honestly very surprised broadcom hasn't been cracked yet. its really not that complicated. Lets not forget Dominique Boguard was able to pwn every router out there. even Atheros with their "hard to crack" /dev/radom prng.

  47. #397
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by dragood View Post
    as far as i can tell, only Atheros us /dev/random. Also Dominique boguard Clearly stated that these seeds could be found in seconds with a decent computer. which algorithm the prng uses is stated anywhere as far as i have read.
    also Dominique pointed out that the seed was very low entropy, only 32 bits!!, its nothing impossible to crack in minutes with any home computer. the only reason we can't is because someone hasn't figured out how to write the code yet. Everything is literally written down for us in Boguard's Presentation....Literally....the only reason we're able to get the pin now is because we assume ES-1 = ES-2 = 0. which really not much of "hacking". the only problem we are facing now, is someone needs to know how to write a code to find the state of the PRNG, once that's found we generate random numbers, hash the result with hmac_sha-256. and then simply compare the results to what the router gave us. once we see they are the same, we know we have the correct seed, from that we can find ES-1 and ES-2 (im using broadcom as an exemple since it generates both nounces right after M1 message). This is by far the simplest thing, im honestly very surprised broadcom hasn't been cracked yet. its really not that complicated. Lets not forget Dominique Boguard was able to pwn every router out there. even Atheros with their "hard to crack" /dev/radom prng.
    Where did you hear he could crack any router? I've been talking a lot with him and he has said that Atheros looked pretty secure. The thing with /dev/random is that it has external sources of entropy that with get increasingly more difficult to crack. It's not just find the seed and we're done, it's a whole lot more complicated than that

  48. #398
    Join Date
    2015-Mar
    Posts
    127
    Interesting reading on this thread.....

    Here's another router
    Linksys WRT110

    Vulnerable

    [P] WPS Manufacturer: Linksys Inc.
    [P] WPS Model Name: Linksys Wireless Router
    [P] WPS Model Number: WRT110
    [P] Access Point Serial Number: 12345678

    CPU1: Ralink RT2780

    wikidevi

  49. #399
    Join Date
    2013-Jul
    Location
    United States
    Posts
    519
    Quote Originally Posted by nuroo View Post
    Interesting reading on this thread.....

    Here's another router
    Linksys WRT110

    Vulnerable

    [P] WPS Manufacturer: Linksys Inc.
    [P] WPS Model Name: Linksys Wireless Router
    [P] WPS Model Number: WRT110
    [P] Access Point Serial Number: 12345678

    CPU1: Ralink RT2780

    wikidevi
    Ahh thanks I was waiting for someone to comfirm it.

  50. #400
    Join Date
    2015-May
    Location
    UK
    Posts
    2
    Hello and thanks for the info.

    The following router is vulnerable

    Code:
    [P] WPS Manufacturer: BUFFALO INC.
    [P] WPS Model Name: WBMR-HP-GN
    [P] WPS Model Number: RT2860
    [P] Access Point Serial Number: 12345678
    https://wikidevi.com/wiki/Buffalo_WBMR-HP-GN

Similar Threads

  1. WPS Pixie Dust Attack (Offline WPS Attack)
    By soxrok2212 in forum General Archive
    Replies: 353
    Last Post: 2015-05-05, 08:32
  2. Pixiewps: wps pixie dust attack tool
    By wiire in forum General Archive
    Replies: 89
    Last Post: 2015-05-04, 19:32
  3. Implement new WPS Pixie Dust Attack into Reaver
    By six in forum General Archive
    Replies: 24
    Last Post: 2015-01-28, 20:31

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •