h-eibot / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Randomization of PINs to speed up the penetration #310

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
To whom it shall concern:

Whilst, the use of a sequential pin attack is certainly one that can succeed (I 
test it on my own personal router recently), it might be worthy of 
consideration to try a randomized pin attack, where pins were chosen at random, 
attempted and then tagged as already having been chosen in case they get picked 
again.

If a sequential attack is going to be used, why not instead of starting at 
"00000000" start at the other end? Does it not seem reasonable that most WPS 
keys (default keys or ones changed by a user) would not have leading zeroes in 
them?

It might also be worthy of trying to figure out what manufacturer the router is 
(predicated upon is MAC or BSSID) and see what ranges of PINs were default used 
on such routers / models. As well, this might also expedite a potential 
penetration test. For example, I know that many of the MBR1200 CradlePoint 
routers default WPS keys started with "3045xxxx". Why not start there if you 
realize a router is of a particular brand and type? Starting a database of 
default pin numbers for routers and models might further predict what pins to 
start with as well.

Sincerely,

A reasonably happy user that appreciates your efforts thus far!
:)

Original issue reported on code.google.com by bh.mayor...@gmail.com on 14 May 2012 at 6:04

GoogleCodeExporter commented 8 years ago
second this :)

Original comment by bersebu...@gmail.com on 18 May 2012 at 6:21