NEW: security/pixiewps

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

NEW: security/pixiewps

Sebastian Reitenbach
Hi,

attached port implements the pixie-dust attack against WPS keys.
Yes, that attack is old, but vulnerable APs are still out there.

tested on i386 with reaver with athn(4) interface.

cat pkg/DESCR
Pixiewps is a tool written in C used to bruteforce offline the WPS PIN exploiting the low or non-existing entropy of some software implementations, the so-called "pixie-dust attack" discovered by Dominique Bongard in summer 2014. It is meant for educational purposes only.

As opposed to the traditional online brute-force attack, implemented in tools like Reaver or Bully which aim to recover the pin in a few hours, this method can get the PIN in only a matter of seconds or minutes, depending on the target, if vulnerable.

comments, concerns, tests or OKs welcome.

cheers,
Sebastian

 Pixiewps 1.4

 [?] Mode:     3 (RTL819x)
 [*] Seed N1:  1368013235 (Wed May  8 11:40:35 2013 UTC)
 [*] Seed ES1: 1368013238 (Wed May  8 11:40:38 2013 UTC)
 [*] Seed ES2: 1368013238 (Wed May  8 11:40:38 2013 UTC)
 [*] PSK1:     326138cf082aad7bb7b48e9f912e398c
 [*] PSK2:     dd86e6f4a2fced0080b3b66ffdcff6c8
 [*] ES1:      50401527275f5eb53fdb296f519d419d
 [*] ES2:      50401527275f5eb53fdb296f519d419d
 [+] WPS pin:  46681348

 [*] Time taken: 552 s 640 ms

pixiewps.tar.gz (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/pixiewps

Stuart Henderson
On 2019/03/19 23:17, Sebastian Reitenbach wrote:

> Hi,
>
> attached port implements the pixie-dust attack against WPS keys.
> Yes, that attack is old, but vulnerable APs are still out there.
>
> tested on i386 with reaver with athn(4) interface.
>
> cat pkg/DESCR
> Pixiewps is a tool written in C used to bruteforce offline the WPS PIN exploiting the low or non-existing entropy of some software implementations, the so-called "pixie-dust attack" discovered by Dominique Bongard in summer 2014. It is meant for educational purposes only.
>
> As opposed to the traditional online brute-force attack, implemented in tools like Reaver or Bully which aim to recover the pin in a few hours, this method can get the PIN in only a matter of seconds or minutes, depending on the target, if vulnerable.
>
> comments, concerns, tests or OKs welcome.
>
> cheers,
> Sebastian
>
>  Pixiewps 1.4
>
>  [?] Mode:     3 (RTL819x)
>  [*] Seed N1:  1368013235 (Wed May  8 11:40:35 2013 UTC)
>  [*] Seed ES1: 1368013238 (Wed May  8 11:40:38 2013 UTC)
>  [*] Seed ES2: 1368013238 (Wed May  8 11:40:38 2013 UTC)
>  [*] PSK1:     326138cf082aad7bb7b48e9f912e398c
>  [*] PSK2:     dd86e6f4a2fced0080b3b66ffdcff6c8
>  [*] ES1:      50401527275f5eb53fdb296f519d419d
>  [*] ES2:      50401527275f5eb53fdb296f519d419d
>  [+] WPS pin:  46681348
>
>  [*] Time taken: 552 s 640 ms



"Don't hardcode -O3 and allow overriding CFLAGS and MANDIR"

- just pass them both in MAKE_FLAGS and/or FAKE_FLAGS, you don't need to
patch for this in the usual case.


Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/pixiewps

Sebastian Reitenbach
Hi Stuart,

Am Mittwoch, März 20, 2019 12:32 CET, Stuart Henderson <[hidden email]> schrieb:

> On 2019/03/19 23:17, Sebastian Reitenbach wrote:
> > Hi,
> >
> > attached port implements the pixie-dust attack against WPS keys.
> > Yes, that attack is old, but vulnerable APs are still out there.
> >
> > tested on i386 with reaver with athn(4) interface.
> >
> > cat pkg/DESCR
> > Pixiewps is a tool written in C used to bruteforce offline the WPS PIN exploiting the low or non-existing entropy of some software implementations, the so-called "pixie-dust attack" discovered by Dominique Bongard in summer 2014. It is meant for educational purposes only.
> >
> > As opposed to the traditional online brute-force attack, implemented in tools like Reaver or Bully which aim to recover the pin in a few hours, this method can get the PIN in only a matter of seconds or minutes, depending on the target, if vulnerable.
> >
> > comments, concerns, tests or OKs welcome.
> >
> > cheers,
> > Sebastian
> >
> >  Pixiewps 1.4
> >
> >  [?] Mode:     3 (RTL819x)
> >  [*] Seed N1:  1368013235 (Wed May  8 11:40:35 2013 UTC)
> >  [*] Seed ES1: 1368013238 (Wed May  8 11:40:38 2013 UTC)
> >  [*] Seed ES2: 1368013238 (Wed May  8 11:40:38 2013 UTC)
> >  [*] PSK1:     326138cf082aad7bb7b48e9f912e398c
> >  [*] PSK2:     dd86e6f4a2fced0080b3b66ffdcff6c8
> >  [*] ES1:      50401527275f5eb53fdb296f519d419d
> >  [*] ES2:      50401527275f5eb53fdb296f519d419d
> >  [+] WPS pin:  46681348
> >
> >  [*] Time taken: 552 s 640 ms
>
>
>
> "Don't hardcode -O3 and allow overriding CFLAGS and MANDIR"
>
> - just pass them both in MAKE_FLAGS and/or FAKE_FLAGS, you don't need to
> patch for this in the usual case.
>
Indeed, I forgot about the power of the MAKE_FLAGS.

Updated version attached.

pixiewps.tar.gz (1K) Download Attachment