[OpenWrt-Tickets] [OpenWrt] #17955: The default WPS pin (12345670)

Mon, 22 Sep 2014 19:44:09 -0700 

#17955: The default WPS pin (12345670)
----------------------+------------------------
 Reporter:  morfik    |      Owner:  developers
     Type:  defect    |     Status:  new
 Priority:  normal    |  Milestone:
Component:  packages  |    Version:  Trunk
 Keywords:            |
----------------------+------------------------
 I've configured the WPS feature on my router just for tests, and there's
 some things that I don't get. I know that you know the WPS protocol isn't
 secure, and I know this as well, but this mostly concerns the pin method.
 I wanted to configure PBC as described on the wiki so I added the
 following to `/etc/config/wireless` file:

 {{{
 option wps_pushbutton '1'
 option wps_device_type '6-0050F204-1'
 option wps_config 'push_button'
 option wps_device_name 'OpenWrt AP'
 }}}

 There's no pin option specified -- I don't even know if it's possible.
 Besides, the wiki says there's just one method supported: `push_button`.
 Anyways I checked if everything works well, and it does -- the WPS works,
 tested via two commands: `hostapd_cli wps_pbc` and `wpa_cli wps_pbc` .

 But there's one thing -- the reaver tool can hack my wifi without a
 problem... It used the pin `12345670`, and it got the wifi key.

 After googling, I changed some lines in the file `/lib/netifd/hostapd.sh`:

 {{{
 ...
 config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin
 ...
 wps_device_type wps_device_name wps_manufacturer wps_pin \
 ...
 set_default wps_pin "12345670"
 ...
 append bss_conf "ap_pin=$wps_pin" "$N"
 ...
 }}}

 I removed `wps_pin` from the first two lines and deleted the other two
 completely. There's no `pin` option in the file `/var/run/hostapd-
 phy0.conf ` now, and WPS works without a problem. I also checked if reaver
 can hack this setting, and it gives me just the following log:

 {{{
 [!] WPS transaction failed (code: 0x04), re-trying last pin
 }}}

 I'm not sure if this default pin 12345670 is acceptable and expected, but
 this setting sucks, and I think most people aren't even aware of how easy
 they can be hacked by using WPS/PBC in OpenWRT, and the best thing is that
 there's no info on the wiki page that would say something about this issue
 and warn people.

--
Ticket URL: <https://dev.openwrt.org/ticket/17955>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets

Reply via email to