NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check first incase it's already been processed.

Home - Wireless Cracking - WPS Pixie Dust Attack: collecting data

2 Results - Page 1 of 1 -
Author Message

Status: Member
Joined: Mon, 19 Aug 2013
Posts: 257
Reputation: 307 Reputation
Sat, 28 Mar 2015 @ 11:00:22

Hi. It's been a while since I've kinda... 'disappeared'. Sorry to everyone who expected to hear news from me sooner.

But I'll get to the point of this thread. A friend of mine, wiire, is collecting data to release a first tool that implements the WPS Pixie Dust Attack described by Dominique Bongard. So, he'd need some data to play with. If you don't know what this attack is about, well, it's basically an offline attack aimed to crack the WPS PIN offline, exploiting the non-existing or low entropy of some APs (it's not like Reaver/Bully which are used for online bruteforce attack). This attack should take a few seconds to crack the PIN.

The vulnerable devices should be:
- Ralink based ones
- The ones based on Broadcom's BCM43xx wireless chipset

There's a *partial* list here on possibily affected devices (don't know how much accurate it is) which is gradually being updated:

He'd specifically needs Broadcom's.

The data needed are:
- PKE (Public Key Enrollee)
- PKR (Public Key Registrar)
- E-Hash1
- E-Hash2
- Authkey
- Enrollee nonce

It's an easy job. All this values can be taken from a wireshark capture from M1, M2, M3 messages of a WPS transaction except for Authkey. There are a couple of posts describing how to do it on the Kali forum and on Hackforums.

If you someone wish to contribute I'll also make a mini step-by-step guide here. You can send me the data via PM (including vendor, model number and ISP possibly).

Original post:

NOTE: the new tool is not available for testing. It will be released as soon as it is completed and working.

Thank you for your attention.

Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3204
Team: HashKiller
Reputation: 7744 Reputation
Sat, 28 Mar 2015 @ 12:36:04

Welcome back and very interesting. Keep up the good work.

Please read the forum rules | Please read the paid section rules

2 Results - Page 1 of 1 -

We have a total of 210672 messages in 25869 topics.
We have a total of 22925 registered users.
Our newest registered member is castro.