Pixiewps: wps pixie dust attack tool

[DetmL]

Some Realtek chipsets are pretty secure I guess.

[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 00:00:3c:10:00:00:53:d4:00:00:74:ed:00:00:0c:48
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Realtek Semiconductor Corp.
[P] WPS Model Name: DG-BG4100NU
[P] WPS Model Number: EV-2006-07-27
[P] Access Point Serial Number: 123456789012347
[+] Received M1 message
[P] R-Nonce: c8:4b:9c:51:3d:52:23:df:ce:8e:18:d5:4b:89:1a:b3
[P] PKR: af:f1:92:37:1c:2a:0a:39:45:43:61:12:f5:4f:e0:17:e5 :a7:87:fd:cc:2c:e2:12:bd:ea:d3:81:f5:78:69:af:d4:6 6:92:96:1e:8a:80:1e:dc:b5:0a:78:9f:61:44:46:aa:5e: 9c:be:cd:f9:9a:52:62:c6:95:8a:e2:01:66:03:fd:9c:41 :53:b5:db:b0:09:04:01:37:6f:75:35:4b:e2:07:59:15:1 2:47:70:3b:be:5c:c4:5c:34:9a:9f:d3:cf:a6:dc:e7:fb: fa:a8:b9:7b:19:ae:6f:fd:ef:82:e1:ab:ad:00:5c:29:c7 :23:10:83:9c:cc:a5:ee:dc:ff:d1:7e:a2:21:ae:43:09:7 f:7f:13:71:52:ab:fb:f1:b7:7a:8a:8f:55:4b:d6:a9:70: de:35:d0:9a:2d:24:26:8c:08:71:a0:f4:2f:2c:96:6d:be :23:17:24:1b:fa:fd:d7:27:19:d5:37:06:c5:27:d1:70:7 d:5f:34:ea:29:c7:5e:cd:d8
[P] AuthKey: 3f:dc:87:64:38:9d:7b:fa:61:8e:c7:66:ad:5a:da:60:59 :3e:f3:c3:0b:98:24:a0:37:e7:fa:ef:7e:bc:d5:53
[+] Sending M2 message
[P] E-Hash1: 25:46:44:c3:0d:4c:ad:b9:02:34:77:47:d0:93:04:aa:18 :52:7b:87:aa:cf:74:4f:32:aa:c6:60:d9:d5:4f:6d
[P] E-Hash2: eb:64:f8:14:7c:fc:e3:ba:06:a5:e8:42:c7:36:d7:98:63 :fd:f2:f1:d6:f0:e9:8d:e9:81:2d:88:db:87:13:65
[+] Running pixiewps with the information, wait ...
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.1
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust][*] Time taken: 0 s 660 ms
[Pixie-Dust]
[Pixie-Dust] [!] The AP /might be/ vulnerable. Try again with --force or with another (newer) set of data.
[Pixie-Dust]
[+] Pin not found, trying -f (full PRNG brute force), this may take around 30 minutes
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.1
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]

[kcdtv]

It looks like it uses the same PKE as the suported realtek chipset :

Code:

[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b

Which chipset/model is it?

[DetmL]

This model is Digisol DG-BG4100NU
The E-Nonce is always generated in that format.
E-Nonce: 00:00:xx:xx:00:00:xx:xx:00:00:xx:xx:00:00:xx:xx

[soxrok2212]

Some Realtek chipsets are pretty secure I guess.

[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 00:00:3c:10:00:00:53:d4:00:00:74:ed:00:00:0c:48
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Realtek Semiconductor Corp.
[P] WPS Model Name: DG-BG4100NU
[P] WPS Model Number: EV-2006-07-27
[P] Access Point Serial Number: 123456789012347
[+] Received M1 message
[P] R-Nonce: c8:4b:9c:51:3d:52:23:df:ce:8e:18:d5:4b:89:1a:b3
[P] PKR: af:f1:92:37:1c:2a:0a:39:45:43:61:12:f5:4f:e0:17:e5 :a7:87:fd:cc:2c:e2:12:bd:ea:d3:81:f5:78:69:af:d4:6 6:92:96:1e:8a:80:1e:dc:b5:0a:78:9f:61:44:46:aa:5e: 9c:be:cd:f9:9a:52:62:c6:95:8a:e2:01:66:03:fd:9c:41 :53:b5:db:b0:09:04:01:37:6f:75:35:4b:e2:07:59:15:1 2:47:70:3b:be:5c:c4:5c:34:9a:9f:d3:cf:a6:dc:e7:fb: fa:a8:b9:7b:19:ae:6f:fd:ef:82:e1:ab:ad:00:5c:29:c7 :23:10:83:9c:cc:a5:ee:dc:ff:d1:7e:a2:21:ae:43:09:7 f:7f:13:71:52:ab:fb:f1:b7:7a:8a:8f:55:4b:d6:a9:70: de:35:d0:9a:2d:24:26:8c:08:71:a0:f4:2f:2c:96:6d:be :23:17:24:1b:fa:fd:d7:27:19:d5:37:06:c5:27:d1:70:7 d:5f:34:ea:29:c7:5e:cd:d8
[P] AuthKey: 3f:dc:87:64:38:9d:7b:fa:61:8e:c7:66:ad:5a:da:60:59 :3e:f3:c3:0b:98:24:a0:37:e7:fa:ef:7e:bc:d5:53
[+] Sending M2 message
[P] E-Hash1: 25:46:44:c3:0d:4c:ad:b9:02:34:77:47:d0:93:04:aa:18 :52:7b:87:aa:cf:74:4f:32:aa:c6:60:d9:d5:4f:6d
[P] E-Hash2: eb:64:f8:14:7c:fc:e3:ba:06:a5:e8:42:c7:36:d7:98:63 :fd:f2:f1:d6:f0:e9:8d:e9:81:2d:88:db:87:13:65
[+] Running pixiewps with the information, wait ...
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.1
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust][*] Time taken: 0 s 660 ms
[Pixie-Dust]
[Pixie-Dust] [!] The AP /might be/ vulnerable. Try again with --force or with another (newer) set of data.
[Pixie-Dust]
[+] Pin not found, trying -f (full PRNG brute force), this may take around 30 minutes
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.1
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]

What it could be is that the router's time is set ahead... aka it is in the future. I forget the wiggle room that pixiewps is programmed with, but I don't think it goes into the future. I might have an older version that counts up from January 1, 1970, but it probably got erased when I reinstalled Kali... and on 10.10.4 beta my Mac kernel panics when a VM shuts down :/

This model is Digisol DG-BG4100NU
The E-Nonce is always generated in that format.
E-Nonce: 00:00:xx:xx:00:00:xx:xx:00:00:xx:xx:00:00:xx:xx

That is actually quite strange, I've never seen that before... Its always like that? The reason I ask is because before the Realtek flaw was discovered, I noticed that the PKE was static for Realtek devices (confirmed with help from kcdtv and some other users ) which made me question Realtek's implementation. I sent some data up to Dominique and he worked his magic and got back to me right away with his findings.

--Perhaps this could mean something else....?

That's my first time using kali linux and this kind of tools. I have successfull retrived the PIN for a BSSID, but every time i get the PIN code for a Wifi Network, the network does not show anymore @ Wash -i interfacename. With that, i could not use reaver to retrieve the password.

I tried it 3 times, and everytime i use pixiewps, the network disappear from Wash list.

By the way, i have another doubt, i tried to send some packets to a AP and now it show as WPS Locked, but its staying in this stats forever. I tried to change my MAC address but didn't work. I must force it to reconnect right (and maybe the router is invulnerable for this kind of command)?

Thank you guys.

Some ISPs/Manufacturers have actually taken notice of the Pixie Dust attack and they lock WPS after 1 exchange, even if it fails. I also have a network where WPS disappears at random times and I can't figure that out. It might be that the owner disabled it in the firmware and it doesn't take effect until an attack but don't quote me on that, I'm really stumped as to why I can't figure it out. I can't even get to an M2 message...

[DetmL]

That is actually quite strange, I've never seen that before... Its always like that? The reason I ask is because before the Realtek flaw was discovered, I noticed that the PKE was static for Realtek devices (confirmed with help from kcdtv and some other users ) which made me question Realtek's implementation. I sent some data up to Dominique and he worked his magic and got back to me right away with his findings.

--Perhaps this could mean something else....?

Yes, always in that format. A google search on EV-2006-07-27 shows that it's a Realtek 8186 chipset. However, I'm not 100% sure that it is the correct chipset as the router is not in WikiDevi database.

[soxrok2212]

Yes, always in that format. A google search on EV-2006-07-27 shows that it's a Realtek 8186 chipset. However, I'm not 100% sure that it is the correct chipset as the router is not in WikiDevi database.

I just looked up the RTL8671, it is a CPU chip and not a NIC. Do you know the exact mode number of the AP and can you provide a firmware/open source code for it? Thanks.

[DetmL]

There is no FCC ID printed on the router. The PIN is also not printed on the router. The exact model of the AP is DIGISOL DG-BG4100NU which uses RTL8186 and not the newer RTL8671. Firmware of the router can be downloaded here https://dl.dropboxusercontent.com/u/..._11OCT2014.zip Firmware of the chipset http://sourceforge.net/projects/rtl8186/

[soxrok2212]

There is no FCC ID printed on the router. The PIN is also not printed on the router. The exact model of the AP is DIGISOL DG-BG4100NU which uses RTL8186 and not the newer RTL8671. Firmware of the router can be downloaded here https://dl.dropboxusercontent.com/u/..._11OCT2014.zip Firmware of the chipset http://sourceforge.net/projects/rtl8186/

Thanks, we'll look into it!

[phoenix!]

Yes, always in that format. A google search on EV-2006-07-27 shows that it's a Realtek 8186 chipset. However, I'm not 100% sure that it is the correct chipset as the router is not in WikiDevi database.

Hi, @DetmL, @soxrok2212,
I ,recently came to know about the vulnerabilities of Realtek and other chipsets and thought to check if my router was vulnerable and ran reaver with pixie dust mode -K 1
where I got to know that the model number EV-2006-07-27 belongs to RTL8671 chipset(D-link router).

However I'm getting that

"WPS pin not found"

The output is given below:

[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 7b:37:51:7f:6c:c7:a8:0b:27:e9:a1:f8:5b:88:b5:40
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Realtek Semiconductor Corp.
[P] WPS Model Name: RTL8671
[P] WPS Model Number: EV-2006-07-27
[P] Access Point Serial Number: 123456789012347
[+] Received M1 message
[P] R-Nonce: c2:ed:e2:d6:80:81:48:fd:7e:13:7b:d2:3e:6c:a0:98
[P] PKR: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:02
[P] AuthKey: ef:eb:93:91:fc:f0:16:3a:3e:b4:fe:dd:8f:b6:a8:fe:a6 :6a:7e:70:55:e5:20:78:c4:3a:c5:55:66:60:be:d0
[+] Sending M2 message
[P] E-Hash1: be:74:91:eb:c3:38:e0:59:7c:e1:de:5c:07:d5:1b:d3:d7 :e6:15:9e:06:09:96:f9:7c:08:4a:84:cc:df:35:0e
[P] E-Hash2: 90:bf:2e:36:f0:65:0e:f6:41:e7:97:f8:71:02:8b:11:92 :c1:89:f1:99:63:2b:fa:01:12:6c:c5:04:b6:ec:cc
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.1
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust][*] Time taken: 3 s
[Pixie-Dust]
[Pixie-Dust] [!] The AP /might be/ vulnerable to mode 4. Try again with --force or with another (newer) set of data.
[Pixie-Dust]


So I ran pixiewps seperately instead of reaver and it is giving me a strange error :

[!] Bad enrollee public key -- d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:

I don't know what it means.
I hope you'd shed some light on that and help....

[soxrok2212]

Hi, @DetmL, @soxrok2212,
I ,recently came to know about the vulnerabilities of Realtek and other chipsets and thought to check if my router was vulnerable and ran reaver with pixie dust mode -K 1
where I got to know that the model number EV-2006-07-27 belongs to RTL8671 chipset(D-link router).

However I'm getting that

"WPS pin not found"

The output is given below:

[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 7b:37:51:7f:6c:c7:a8:0b:27:e9:a1:f8:5b:88:b5:40
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2 c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea: 2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f :f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:d b:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61: be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f :18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a 9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Realtek Semiconductor Corp.
[P] WPS Model Name: RTL8671
[P] WPS Model Number: EV-2006-07-27
[P] Access Point Serial Number: 123456789012347
[+] Received M1 message
[P] R-Nonce: c2:ed:e2:d6:80:81:48:fd:7e:13:7b:d2:3e:6c:a0:98
[P] PKR: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 :00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0 0:00:00:00:00:00:00:00:02
[P] AuthKey: ef:eb:93:91:fc:f0:16:3a:3e:b4:fe:dd:8f:b6:a8:fe:a6 :6a:7e:70:55:e5:20:78:c4:3a:c5:55:66:60:be:d0
[+] Sending M2 message
[P] E-Hash1: be:74:91:eb:c3:38:e0:59:7c:e1:de:5c:07:d5:1b:d3:d7 :e6:15:9e:06:09:96:f9:7c:08:4a:84:cc:df:35:0e
[P] E-Hash2: 90:bf:2e:36:f0:65:0e:f6:41:e7:97:f8:71:02:8b:11:92 :c1:89:f1:99:63:2b:fa:01:12:6c:c5:04:b6:ec:cc
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.1
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust][*] Time taken: 3 s
[Pixie-Dust]
[Pixie-Dust] [!] The AP /might be/ vulnerable to mode 4. Try again with --force or with another (newer) set of data.
[Pixie-Dust]


So I ran pixiewps seperately instead of reaver and it is giving me a strange error :

[!] Bad enrollee public key -- d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63:

I don't know what it means.
I hope you'd shed some light on that and help....

First, you can not use -S in your reaver command for Realtek devices. Nobody really knows why but somehow it stops pixiewps from recovering the pin.

Second, the RTL8671 chip is strange. It seems to use a different RNG or something. I know a few people are looking into it though

--I've also noticed that your nonce doesn't follow the 00:00:XX:XX:00:00:XX:XX pattern seen in other RTL8671 chips... hmmm. Would you be able to send me a cap containing a few WPS exchanges?

As for the Bad enrollee key, its probably just a space somewhere in your syntax that is screwing it up. Actually I just found it:

Code:

d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b :1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:4 3:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25: 5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78 :47:a6:fc:b4:92:45:63

Try this instead (you'll probably have to do this for every piece of data)

Code:

d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63

Welcome to the forums by the way

[DetmL]

Is it A DSL-2730U/DSL-2750U?

[kcdtv]

Hi DetmL
For the two models you speak about we could gathered generic PIN ( cf WPSPIN > Générateur PIN WPS par défaut routeurs Huawei, Belkin ...)

DSL-2730U > 20172527
DSL-2750U > 21464065

If there is a common PIN we already now that we deal with a "weak" WPS implementation and so there is hope... it could be "pixie dusted" somehow...
If you have one of this models could you please send to soxrok2212 / wiire (or you can send it to me and i wil share with them) a *.cap file with the reaver 1.5.2 stdout?
Maybe if that is not asking too much you can add some screenshot /copy-paste from the administration interface with Wifi-WPS security parameter and information about device ?
Thanks in advance

[phoenix!]

Hi DetmL
For the two models you speak about we could gathered generic PIN ( cf WPSPIN > Générateur PIN WPS par défaut routeurs Huawei, Belkin ...)

DSL-2730U > 20172527
DSL-2750U > 21464065

If there is a common PIN we already now that we deal with a "weak" WPS implementation and so there is hope... it could be "pixie dusted" somehow...
If you have one of this models could you please send to soxrok2212 / wiire (or you can send it to me and i wil share with them) a *.cap file with the reaver 1.5.2 stdout?
Maybe if that is not asking too much you can add some screenshot /copy-paste from the administration interface with Wifi-WPS security parameter and information about device ?
Thanks in advance

Hi kcdtv,
I can send you the pcap files to your email,if you wish.
cannot upload pcap filese in here.