Page 3 of 25 FirstFirst 1234513 ... LastLast
Results 21 to 30 of 243

Thread: Pixiewps: wps pixie dust attack tool

  1. #21
    Senior Member
    Join Date
    Sep 2013
    Posts
    262
    Quick answer
    I don't know if it is necessary but i did like this and it worked
    That's actually a question that i had in mind too

  2. #22
    Senior Member
    Join Date
    Mar 2015
    Posts
    138
    Quote Originally Posted by kcdtv View Post
    Quick answer
    I don't know if it is necessary but i did like this and it worked
    That's actually a question that i had in mind too
    Hah! That was quick! I'll see if I can test this later on. Awesome work wiire, so far this seems to work great.

  3. #23
    Senior Member
    Join Date
    Jul 2013
    Location
    United States
    Posts
    516
    Yes. Then you don't need to dig for the PKR in wireshark

  4. #24
    Senior Member
    Join Date
    Jul 2013
    Posts
    788
    Since the help vid is down MTeams provides the following:

    This assumes you have a working reaver modded for pixie-dust
    This assumes you can run reaver and wash
    This will only show you how to quickly find the five(5) variables required.

    The modified reaver obtains three(3) of the five(5) variables. The only other problem is finding the corresponding or paired --pke and --pkr in wireshark.

    After you have put your wifi device in monitor mode.

    1. Start wireshark
    2. Select Capture
    3. Select Interface and choose your capture interfaces.
    4. Start the capture
    5. Click capture filters
    6. Type or/select wps.public_key[Enter]

    When you hit enter the wireshark screen may go blank as it filters the output.

    7. Start reaver
    8. As reaver obtains M1 and M2 data only these lines will appear in wireshark.
    9. When you have collected enough data stop reaver and wireshark.
    10. Copy your reaver output from the terminal window and save it to a text file. You will need it latter.

    The N1 Enrollee Nonce links the output in reaver to the correct M1 and M2 packets in wireshark.

    11. Go to wireshark, Click on the top screen showing No. Time Source......Info WPS M1

    The --pke is located in the WPS M1 packets.


    12 Select Ctrl-f. A drop down menu will appear = Wireshark Find Packet

    Select String

    Select Packet Details

    In the Filter Block type public key then select find


    13 Your cursor should now be over Public Key in the middle wireshark window and you should be in a WPS M1 packet(top screen info),

    14. Scroll up in the middle wireshark block and find the Enrollee Nonce Go to your reaver text file you saved and find the same N1 Enrollee Nonce. If it is followed by a:

    1. Authkey
    2. E-Hash1
    3. E-Hash2

    You can use this packet in wireshark.

    15 Scroll down in the same middle block in wireshark and find Public Key: hex string

    16 Click on the Pubic key, then right click, select copy, follow the > to the right, select value. The --pke value is now on the clipboard. Copy it to a text file.

    17 Go to wireshark, click on the top screen showing No. Time Source......Info WPS M2

    18 Again make sure the Enrollee Nonce is the same and copy the Public Key from the M2 packet. Do not confuse the Registrar Nonce with the Enrollee Nonce in the M2 packet. You now have the paired --pkr hex string.


    As long as the enrollee nonce is the same in both reaver output and wireshark M1 and M2 you have picked the right packets in wireshark.

    Put the five(5) variables in your pixie dust program and try your luck.

    Currently we type in leafpad the following at the bottom of our reaver output file we made in item 10 above and then just paste in the hex strings. When completed we paste the entire text string into a terminal window and type [Enter]

    pixiewps --e-nonce --pke --pkr --authkey --e-hash1 --e-hash 2

    After a few runs you can do this is less then three(3) minutes.,

  5. #25
    Senior Member
    Join Date
    Jul 2013
    Location
    United States
    Posts
    516
    Video is back up in full HD just search "WPS Pixie Dust" on youtube and you'll find it.

  6. #26
    Junior Member
    Join Date
    Mar 2015
    Posts
    2
    Quote Originally Posted by soxrok2212 View Post
    Video is back up in full HD just search "WPS Pixie Dust" on youtube and you'll find it.
    Awesome work soxrok2212! I have been playing with this for some time now, unfortunately I only have BCM* based chipsets available for testing, and have had 0% success. Models range from D-Link DSL2 series, Netgear WDNR series, and Linksys E series. Very awesome work just the same though, and a whole new era for WPS auditing. Let me know if you would like any of the results I have capture for analysis.

    My command for all tests was:
    Code:
    #~: pixiewps -e <pke> -s <ehash-1> -z <ehash-2> -a <auth-key> -S -n <e-nonce>

  7. #27
    Member
    Join Date
    Mar 2015
    Posts
    47
    @mmusket33, FurqanHanif
    I don't know which version of the modded Reaver you are using. The description of the youtube video contains the latest (download). It prints all the info needed (see the '[P]' tag) apart PKR which can be gathered in the M2 message (under Public Key), or can be avoided if the -S option is specified in both Reaver and Pixiewps. This option is used only to "ease the burden of a 10 seconds copy and paste work".

    While I was still working on the program I made a tutorial on another forum to print some information not all (Authkey, E-Hash1, E-Hash2) with the ' > ' tag at the beginning of every print. So maybe you guys are using the 'old version'?


    Changing topic, Bongard tweeted my tool.

  8. #28
    Member
    Join Date
    Mar 2013
    Posts
    40
    in Wireshark Public key in Both M2 Message is
    000000000000000............
    . So is This Normal . Should i continue with This ?? Router Chipset is BroadCom..

  9. #29
    Senior Member
    Join Date
    Sep 2013
    Posts
    262
    Quote Originally Posted by wiire View Post
    Changing topic, Bongard tweeted my tool.
    Very nice !

    if the -S option is specified in both Reaver and Pixiewps
    That's answers the previous question of aanarchyy and that i was not so sure about

  10. #30
    Member
    Join Date
    Mar 2015
    Posts
    47
    Quote Originally Posted by FurqanHanif View Post
    in Wireshark Public key in Both M2 Message is . So is This Normal . Should i continue with This ?? Router Chipset is BroadCom..
    You get PKR = 00:00 ... 00:02 when using the '-S' ('--dh-small') option on Reaver. You can use the same option on Pixiewps so you don't need to specify the PKR.

    @kcdtv
    Fixed the dependency issue. Should compile fine now on Ubuntu and derivatives.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •