Musket Teams are finding TP Link routers where the WPS Pin is also the WPA PSK passphrase.

AS this has been found in several routers MTeams are unsure if this is an operator error or has been induced by the firmware during setup.

If reaver collects the WPS pin simply test the wps pin as the WPA Passphrase to see if this condtion exists. Best just attempt to associate to the router or test a pmkid handshake thru aircrack-ng or hashcat. Less reliable is to test a non-pmkid handshake.

Furthermore is you do not have the wps pin running a wordlist or crunch pass-thru composed of a numeric string eight(8) characters in length against a collected handshake is also very easy.

crunch 8 8 "0123456789" | aircrack-ng handshake.cap -b bssidofnetwork -w -