@soxrok2212
Thank you for the explaination. I'll be sure to study the subject thoroughly when I'll have a bit more time. I'm a bit busy at them moment
Anyway, while we're waiting for someone able to modifiy reaver/bully, I've made a little program.
For now it just tries to bruteforce the PIN going throught all 20'000 combination (it doesn't use the checksum for now), assuming ES1 = ES2 = 0. Just feed it all the things needed:
- PKe
- PKr
- AuthKey
- E-Hash1
- E-Hash2
Tried on a TP-LINK (Ralink) and it just works. Bongard was right.
<link removed>
Here's a sample image:
EDIT: added the image properly. Removed link.