To Soxrox2212
We see your written reaver program provides the Enrollee nonce
The problem we are having is with the -pke and -pkr keys. When we capture the M1 and M2 message with wireshark the message is too long. Note in the working example published in these threads the length of the -pke string was 384. Our captures are twice that long.
The string length of the -ak -hash1 and -hash2 is 64
A breakdown of M1 and M2 can be found at:
https://briolidz.wordpress.com/2012/...ted-setup-wps/
Enrollee -> Registrar: M1 = Version || N1 || Description || PKE
Enrollee <- Registrar: M2 = Version || N1 || N2 || Description || PKR [ || ConfigData ] || HMAC_AuthKey(M1 || M2*)
• || this symbol means concatenation of parameters to form a message.
• Mn* is message Mn excluding the HMAC-SHA-256 value.
• Version identifies the type of Registration Protocol message.
• N1 is a 128-bit random number (nonce) specified by the Enrollee.
• N2 is a 128-bit random number (nonce) specified by the Registrar.
• Description contains a human-readable description of the sending device (UUID, manufacturer, model number, MAC address, etc.) and device capabilities such as supported algorithms, I/O channels, Registration Protocol role, etc. Description data is also included in 802.11 probe request and probe response messages
Our understanding is we must strip off parts of the M1 and M2 message is this correct?
Originally Posted by mmusket33
