Reference the use of the VMR-MDK script.
1. VMR-MDK is only effective against a SMALL number of routers.
2. Users should read the help files before employing.
3. Procedure for testing for the flaw are outlined there.
Reference the attack outlined by machx
ATTEMPT 1
Reaver is running the default pin 12345670 attack
Attempt 2
Reaver starts the brute force attack against a the WPS system. Status of WPS unclear but pin count increased.
ATTEMPT 3 thru 5
Router appears partially locked
If the router provides more pins after resetting then this approach may work.
If the router stays locked and no more pins collected the VMR-MDK approach will not work.
Suggestion if VMR-MDK does not work
Test to see if the router automatically unlocks the WPS system after x number of seconds
From the command line(CL) run reaver
Make sure the -L is NOT in the CL.
Add the -l or --lock-delay to 100 "Set the time to wait if AP locks WPS pin attempt"
With a -l 100 reaver will attempt to collect pins every 100 seconds.
Run reaver and wait. If pin collection restarts just count the number of times reaver attempts to collect pins before pin count restarts.
For example if reaver tries 10 times before pin count retarted then 100 times 10 = 1000 seconds.
Now set your -l to 1200 run reaver from the CL and sit back.
You can tweak the 1200 lower if the attack develops a pattern.
MTeams