Open GoogleCodeExporter opened 8 years ago
You beat me to it mo, i was thinking of that vector also for a couple of days,
and was about to comment, until i saw your post. ;)
Haha so guess i'll comment here.
Along with extremely weak manufacturer default wps-codes 012345670 and the
like(which could be put into a database of shame maybe? ;) I'm betting theres
the possibility that a manufacturer wps algorithm generator was used, creating
the wps code from one of the many fields that are readily available whilst
viewing wireshark. In a similar way some manufacturers like thomson (i think)
used a wpa password generator using parts of the ssid name.
Good call mo.
Perhaps we can do some respective recon and see if any of our collective
routers wps pin is any way similar to a field which is readily viewable when
sending the first 4 'm' packets, serial number, that sorta thing ;). Would
drastically reduce time if any such vulnerabilties were unveiled.
Just a thought anyways, good call mo! ;)
Original comment by ObiDanKi...@googlemail.com
on 30 Jan 2012 at 3:24
Thx! :D .... Have a look here. Unfortunately in german. But perhapbs you can
read and understand it. Look for SPEEDPORT for eg.
http://www.wardriving-forum.de/wiki/Standardpassw%C3%B6rter
Theyre building a databse with ssid, bssid, wps key, snr etc.
and documenting how some models build up their keys.
Including some of that stuff would increase the speed reaver works massivly!
Original comment by mo.latte...@gmail.com
on 31 Jan 2012 at 2:10
[deleted comment]
You can try WPSPIN, a simple script i made with default WPS PIN for many devices
click this link tpo cee de online updated supòrted device list
http://wpspinupdate.auditoriaswireless.org/BSSID.txt
to download the script (spanish, i will make an english versión theses days
and put it here)
http://ubuntuone.com/50hTnKWl9tyG5gkm74e05j
Original comment by kcdt...@gmail.com
on 11 Jan 2013 at 4:06
Veeeeery nice work! Cant wait for an english version. *thumbs up*
Original comment by mo.latte...@gmail.com
on 14 Jan 2013 at 12:06
Sorry for the long delay, i forgot about this post, here is the version 1.4
with english language
http://wpspinupdate.auditoriaswireless.org/WPSPIN.zip
enjoy!
If you want to contribute send me
snapshot of reaver attack
snapshot of routeur configuration.
the reaquired datas are exactly
default essid
bssid
manufacturer
model
hardware version
firmware version
default WPS PIN
default WPA passphrase
serial number
Is the WPS enabled by fefault?
Is there any AP rate limit?
Is there any thing relevant, a trick for the attack, as more information better.
take care
Original comment by kcdt...@gmail.com
on 26 Jul 2013 at 7:41
Original issue reported on code.google.com by
mo.latte...@gmail.com
on 29 Jan 2012 at 3:51