NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - WPS Pixie Dust Attack: collecting data


2 Results - Page 1 of 1 -
1
Author Message
Avatar
hash-ire

Status: Member
Joined: Mon, 19 Aug 2013
Posts: 257
Team:
Reputation: 307 Reputation
Offline
Sat, 28 Mar 2015 @ 11:00:22

Hi. It's been a while since I've kinda... 'disappeared'. Sorry to everyone who expected to hear news from me sooner.

But I'll get to the point of this thread. A friend of mine, wiire, is collecting data to release a first tool that implements the WPS Pixie Dust Attack described by Dominique Bongard. So, he'd need some data to play with. If you don't know what this attack is about, well, it's basically an offline attack aimed to crack the WPS PIN offline, exploiting the non-existing or low entropy of some APs (it's not like Reaver/Bully which are used for online bruteforce attack). This attack should take a few seconds to crack the PIN.

The vulnerable devices should be:
- Ralink based ones
- The ones based on Broadcom's BCM43xx wireless chipset

There's a *partial* list here on possibily affected devices (don't know how much accurate it is) which is gradually being updated: https://docs.google.com/spreadsheets/d/1tSlbqVQ59kGn8hgmwcPTHUECQ3o9YhXR91A_p7Nnj5Y/edit?pli=1#gid=2048815923

He'd specifically needs Broadcom's.

The data needed are:
- PKE (Public Key Enrollee)
- PKR (Public Key Registrar)
- E-Hash1
- E-Hash2
- Authkey
- Enrollee nonce

It's an easy job. All this values can be taken from a wireshark capture from M1, M2, M3 messages of a WPS transaction except for Authkey. There are a couple of posts describing how to do it on the Kali forum and on Hackforums.

If you someone wish to contribute I'll also make a mini step-by-step guide here. You can send me the data via PM (including vendor, model number and ISP possibly).

Original post: https://forums.kali.org/showthread.php?24286-WPS-Pixie-Dust-Attack-(Offline-WPS-Attack)&p=42961&viewfull=1#post42961

NOTE: the new tool is not available for testing. It will be released as soon as it is completed and working.

Thank you for your attention.


Avatar
blandyuk
Administrator
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3204
Team: HashKiller
Reputation: 7744 Reputation
Offline
Sat, 28 Mar 2015 @ 12:36:04

Welcome back and very interesting. Keep up the good work.



Please read the forum rules | Please read the paid section rules


2 Results - Page 1 of 1 -
1

We have a total of 210261 messages in 25832 topics.
We have a total of 22908 registered users.
Our newest registered member is voztok94.