In versions v0.5.9 to v2.0.0, Hostapd uses the following function for comparison:
Code:
int os_memcmp (const void * s1, const void * s2, size_t n)
The function is described below
Code:
int os_memcmp (const void * s1, const void * s2, size_t n)
{
const unsigned char * p1 = s1 * s2 = P2;
if (n == 0)
return 0;
while (* p1 == * p2) {
p1 ++;
p2 ++;
n--;
if (n == 0)
return 0;
}
return * p1 - p2 *;
}
This function is vulnerable by checking the execution time.
Therefore, with a sufficient amount of data, it is possible to find out the first byte of each hash tested.
The newer versions past v2.0.0, do not have this flaw, since it checks the hashes in a different way in order to correct this problem, but most routers use older versions of Hostapd.
Basically, what occurs.
The m4 message is sent to the router with R-Hash1 and the R-S1.
After the M4 message is sent, the router will take RS-1 and the correct pin, and will generate a hash. Then will compare the hash it generates with R-Hash1 and will do the same process for R-Hash2.
The check is done by the function as described above.
The function attempts to verify byte by byte if the generated hash is equal to R-Hash1, so if the first byte is equal, the function tests the second and thus spend more time in processing.
In this specific case, we don’t need to find all the hash bytes, we only need to find the necessary amount so the Pixie Dust attack can find an equal hash.
The reason for this is because we are sending the R-s1 in m4 message, then we know that r-s1'll be using.
Therefore it is possible to use the pixiedust attack to find an equivalent hash
We are creating this post to find people who can help in these tests.
For now the attack is theoretical, we are performing tests and we need help to get more results
*Excuse my English, soxrok2212 is helping me with the post