I'm interested in your modified reaver version. Does it also test the pin to get the actual paraphrase as well?

Quote Originally Posted by t6_x View Post
Finally able to create my account in this forum

I already emailed the wiire on the tests I've done.

First of all I made a modified version of reaver to facilitate the tests, this modification is already do a pixie test when a pin is tested on reaver

[P] E-Nonce: 41: f2: 8c: 82: 53: 3b: df: ........
[P] PKE: 6b: 0e: 22: cb: cd: 21: ........
[P] WPS Manufacturer: Ralink Technology, Corp.
[P] WPS Model Number: RT2860
[+] Received message M1
[P] AuthKey: f7: fb: bc: 21: ab: 3b: 99: 70: 36: 8e: f1: a0: ........
[+] Sending message M2
[P] E-Hash1: 1e: d6: 12: 27: 8f: 12: 28: 21: 9a: 54: .........
[P] E-Hash2: d: f: 34: and: ac: 55: a4: 9e: b3: 95: 31: 7a: 61: b0: ........
[Pixie-Dust][*] ES-1: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00
[Pixie-Dust][*] ES-2: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00
[Pixie Dust-][*] PSK1: 76: 46: 96: c7: 5d: e4: 8a: 86: .......
[Pixie-Dust][*] PSK2: 1b: 5e: 3e: 6b: 19: 89: 4b: 5c: .......
[Pixie-Dust] [+] WPS pin: 41368541
[Pixie-Dust][*] Time taken: 0 s
[+] Received message M3
[+] Sending message M4

If someone want this version, tell me

Now with relation to the TP-Link.

I believe it may be vulnerable to another type of problem.

I have a TP-Link 740N v1, is a very old router, think it 2004-2005

It has the Atheros chipset, Linux runs and uses the hostap together with the / dev / random.

But this firmware version for example has a problem in the generation of random numbers, it may be that this firmware version is with this problem.

The seed for generating the random number is based on the date (date, time, seconds) router

Every time I restart the modem, the seed to generate the random number is the same. So it is possible to make bruteforce on all dates, hours, seconds to find the current state of the seed. This makes it possible to generate future seeds to make bruteforce the pin.

It may be that this problem is only in this firmware version, do not have other routers to test or compare and without having them in the hands is difficult to make the tests.

But this problem certainly is present in many other models of routers.

Today I met a router where the E-Hash1 and the E-Hash2 was identical and there needed to make a modification in pixie for him to do the bruteforce correctly.

I will continue to develop and when I have more news come back to post.

Sorry for the English, I used a translator