WPS Tick Tock Attack

[vlan]

In versions v0.5.9 to v2.0.0, Hostapd uses the following function for comparison:

Code:

int os_memcmp (const void * s1, const void * s2, size_t n)

The function is described below

Code:

int os_memcmp (const void * s1, const void * s2, size_t n)
{
    const unsigned char * p1 = s1 * s2 = P2;

    if (n == 0)
        return 0;

    while (* p1 == * p2) {
        p1 ++;
        p2 ++;
        n--;
        if (n == 0)
            return 0;
    }

    return * p1 - p2 *;
}

This function is vulnerable by checking the execution time.

Therefore, with a sufficient amount of data, it is possible to find out the first byte of each hash tested.


The newer versions past v2.0.0, do not have this flaw, since it checks the hashes in a different way in order to correct this problem, but most routers use older versions of Hostapd.

Basically, what occurs.

The m4 message is sent to the router with R-Hash1 and the R-S1.

After the M4 message is sent, the router will take RS-1 and the correct pin, and will generate a hash. Then will compare the hash it generates with R-Hash1 and will do the same process for R-Hash2.

The check is done by the function as described above.


The function attempts to verify byte by byte if the generated hash is equal to R-Hash1, so if the first byte is equal, the function tests the second and thus spend more time in processing.



In this specific case, we don’t need to find all the hash bytes, we only need to find the necessary amount so the Pixie Dust attack can find an equal hash.


The reason for this is because we are sending the R-s1 in m4 message, then we know that r-s1'll be using.

Therefore it is possible to use the pixiedust attack to find an equivalent hash







We are creating this post to find people who can help in these tests.


For now the attack is theoretical, we are performing tests and we need help to get more results


*Excuse my English, soxrok2212 is helping me with the post

I have time , and willing to do tests,
also I send (replay to soxrok) some data related to
[P] WPS Manufacturer: Realtek Semiconductor Corp.
[P] WPS Model Name: RTL8671
[P] WPS Model Number: EV-2006-07-27
[P] Access Point Serial Number: 123456789012347
[+] Received M1 message

cannot open this thing, trying almost 3 weeks now , with data from internet, it do not respond to MDK3 attacks,
pixie do not work, router locks itself after 8-10 pins and unlocks only with power off button,
there is AP connected to it with same name essid, no wps enabled, I assume just repeater, changing my mac to that AP and attacking main AP they exchange beacons long time after MDK3 attack finish, ( i can see it with airodump )
also bully gives me this

Code:

[+] Rx( Auth ) = 'Timeout'   Next pin '65533147'
[+] Rx( Auth ) = 'Timeout'   Next pin '65533147'
[+] Rx( Auth ) = 'Timeout'   Next pin '65533147'
[!] Unexpected packet received when waiting for EAP Req Id
[!] >000012002e48000000026c09a000c701000008023a01f079599cab0164517e23695764517e23695740d6aaaa03000000888e010001d1010e01d1fe00372a000000010400104a0001101022000104104700106304125310192006122864517e2369571020000664517e236957101a00104ddcc09557e79e22273ef74416dba57d103200c0d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a328c0e1baf8cf91664371174c08ee12ec92b0519c54879f21255be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1af1db0c481ead9852c519bf1dd429c163951cf69181b132aea2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661beb73b414032798dadee32b5dd61bf105f18d89217760b75c5d966a5a490472ceba9e3b4224f3d89fb2b10040002002710100002000f100d00010110080002008610440001021021001b5265616c74656b2053656d69636f6e647563746f7220436f72702e1023000752544c383637311024000d45562d323030362d30372d32371042000f3132333435363738393031323334371054000800060050f204000110110020334242204144534c20726f757465722031204c414e202b20576972656c657373103c000101100200020000101200020000100900020000102d000410000000[+] Rx(  ID  ) = 'EAPFail'   Next pin '65533147'
[!] Unexpected packet received when waiting for EAP Req Id
[!] >000012002e48000000026c09a000c7010000080a3a01f079599cab0164517e23695764517e23695740d6aaaa03000000888e010001d1010e01d1fe00372a000000010400104a0001101022000104104700106304125310192006122864517e2369571020000664517e236957101a00104ddcc09557e79e22273ef74416dba57d103200c0d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a328c0e1baf8cf91664371174c08ee12ec92b0519c54879f21255be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1af1db0c481ead9852c519bf1dd429c163951cf69181b132aea2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661beb73b414032798dadee32b5dd61bf105f18d89217760b75c5d966a5a490472ceba9e3b4224f3d89fb2b10040002002710100002000f100d00010110080002008610440001021021001b5265616c74656b2053656d69636f6e647563746f7220436f72702e1023000752544c383637311024000d45562d323030362d30372d32371042000f3132333435363738393031323334371054000800060050f204000110110020334242204144534c20726f757465722031204c414e202b20576972656c657373103c000101100200020000101200020000100900020000102d000410000000[+] Rx(  ID  ) = 'EAPFail'   Next pin '65533147'
[+] Rx( Auth ) = 'Timeout'   Next pin '65533147'
[+] Rx(  M1  ) = 'Timeout'   Next pin '65533147'
[+] Rx(  M1  ) = 'Timeout'   Next pin '65533147'
[+] Rx(  ID  ) = 'Timeout'   Next pin '65533147'
[+] Rx(  M1  ) = 'Timeout'   Next pin '65533147'
[+] Rx(  M1  ) = 'Timeout'   Next pin '65533147'
[+] Rx( Auth ) = 'Timeout'   Next pin '65533147'
[!] Unexpected packet received when waiting for EAP Req Id

resending some data
as you can see short packet and long packet

Code:

2002e48000000026c09a000c901000008023a0100eebd905e4 a64517e23695764517e2369572019aaaa03000000888e01000 1d1012701d1fe00372a000000010400104a000110102200010 4104700106304125310192006122864517e236957102000066 4517e236957101a0010474526b30cefd65355dfe9c75f6d33d c103200c0d0141b15656e96b85fcead2e8e76330d2b1ac1576 bb026e7a328c0e1baf8cf91664371174c08ee12ec92b0519c5 4879f21255be5a8770e1fa1880470ef423c90e34d7847a6fcb 4924563d1af1db0c481ead9852c519bf1dd429c163951cf691 81b132aea2a3684caf35bc54aca1b20c88bb3b7339ff7d56e0 9139d77f0ac58079097938251dbbe75e86715cc6b7c0ca945f a8dd8d661beb73b414032798dadee32b5dd61bf105f18d8921 7760b75c5d966a5a490472ceba9e3b4224f3d89fb2b1004000 2002710100002000f100d00010110080002008610440001021 021001b5265616c74656b2053656d69636f6e647563746f722 0436f72702e1023000752544c383637311024000d45562d323 030362d30372d32371042000f3132333435363738393031323 334371054000800060050f2040001101100203342422041445 34c20726f757465722031204c414e202b20576972656c65737 3103c000101100200020000101200020000100900020000102 d000410000000[+] Rx( ID ) = 'EAPFail' Next pin '21907593'
[+] Rx( Assn ) = 'Timeout' Next pin '21907593'
[+] Rx( M1 ) = 'Timeout' Next pin '21907593'
[+] Rx( ID ) = 'EAPFail' Next pin '21907593'
[!] Unexpected packet received when waiting for WPS Message
[!] >000012002e480000000c6c09c000cf0100000802360000eeb d905e4a64517e23695764517e236957001baaaa03000000080 046000020e47c000001029eb0c0a80101e0000001940400001 164ee9b00000000<
[+] Rx( M1 ) = 'WPSFail' Next pin '21907593'
[!] Unexpected packet received when waiting for EAP Req Id