Results 1 to 17 of 17

Thread: Data gathering for pixiewps (pixie dust attack)

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1

    Data gathering for pixiewps (pixie dust attack)

    Hi everyone,
    we have decided to start collecting data again for the WPS pixie dust attack (pixiewps), however we will be thorough this time:
    1. The data must be collected with Reaver 1.6.3 and with the new -vvv debug option (now included in kali)
    2. A set of data must contain a full transaction from M1 to M7 (thus you MUST know the PIN)
    3. 2 consecutive transactions (2 sets of data close in time) would be ideal (run reaver once, grab the data, then run reaver again, grab the new data)
    4. The data should be filtered with logfilter.py
    5. Please include the model / name of the router (possibly using wash --json for the specific router, you can edit out the BSSID and ESSID for privacy reasons)
    6. DO NOT use -S (--dh-small)
    7. Which data we want? See below:

    • Realtek that pixiewps can't pwn (some RTL8671 ?)
    • Data where nonces (E-nonce) follow a weird pattern like xx:xx:00:00..., 00:00:xx:xx... etc. (eg. 00:00:42:b4:00:00:6a:2e:00:00:07:80:00:00:43:45)

    The latest pixiewps uses multi-threading so you may want to use that instead of the one included in kali. Some changes are still in the works so I won't push a new tag for now.

    To collect data you can use something like this (be sure to use the correct pin):
    Code:
    sudo -i
    reaver -vvv -i MONITOR -b BSSID -p PIN 2>&1 | tee reaver.log
    cat reaver.log | python2 logfilter.py 1>&2 2>PIXIEDATA.TXT
    wash -i MONITOR -j --scan -n 25 | grep -i BSSID | tee ROUTERDATA.JSON
    You can also copy and paste the full logs if you have problems following this procedure.

    Remember that in most cases WPS 2.0 locks after 10 FAILED attempts. After that a reboot is required to reset.

    Why collecting data again after all this time?
    Pixiewps has improved overtime, now it's more mature and so is Reaver. But there are still potential vulnerable devices out there and margins for improvement overall.

    Please keep the thread related to gathering data only. Post questions only if important. That is also the reason why I'm starting a new thread, the others are too much clogged up. Hope mods don't mind
    Last edited by wiire; 2017-12-24 at 18:13. Reason: fixed example commands

Similar Threads

  1. WPS Pixie Dust Attack (Offline WPS Attack)
    By soxrok2212 in forum Project Archive
    Replies: 582
    Last Post: 2018-01-07, 11:58
  2. Pixiewps: wps pixie dust attack tool
    By wiire in forum Project Archive
    Replies: 243
    Last Post: 2017-11-09, 19:31
  3. WPS Pixie Dust Attack (Offline WPS Attack)
    By soxrok2212 in forum General Archive
    Replies: 353
    Last Post: 2015-05-05, 08:32
  4. Pixiewps: wps pixie dust attack tool
    By wiire in forum General Archive
    Replies: 89
    Last Post: 2015-05-04, 19:32

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •