Hi Stuart, Am Mittwoch, März 20, 2019 12:32 CET, Stuart Henderson <[email protected]> schrieb:
> On 2019/03/19 23:17, Sebastian Reitenbach wrote: > > Hi, > > > > attached port implements the pixie-dust attack against WPS keys. > > Yes, that attack is old, but vulnerable APs are still out there. > > > > tested on i386 with reaver with athn(4) interface. > > > > cat pkg/DESCR > > Pixiewps is a tool written in C used to bruteforce offline the WPS PIN > > exploiting the low or non-existing entropy of some software > > implementations, the so-called "pixie-dust attack" discovered by Dominique > > Bongard in summer 2014. It is meant for educational purposes only. > > > > As opposed to the traditional online brute-force attack, implemented in > > tools like Reaver or Bully which aim to recover the pin in a few hours, > > this method can get the PIN in only a matter of seconds or minutes, > > depending on the target, if vulnerable. > > > > comments, concerns, tests or OKs welcome. > > > > cheers, > > Sebastian > > > > Pixiewps 1.4 > > > > [?] Mode: 3 (RTL819x) > > [*] Seed N1: 1368013235 (Wed May 8 11:40:35 2013 UTC) > > [*] Seed ES1: 1368013238 (Wed May 8 11:40:38 2013 UTC) > > [*] Seed ES2: 1368013238 (Wed May 8 11:40:38 2013 UTC) > > [*] PSK1: 326138cf082aad7bb7b48e9f912e398c > > [*] PSK2: dd86e6f4a2fced0080b3b66ffdcff6c8 > > [*] ES1: 50401527275f5eb53fdb296f519d419d > > [*] ES2: 50401527275f5eb53fdb296f519d419d > > [+] WPS pin: 46681348 > > > > [*] Time taken: 552 s 640 ms > > > > "Don't hardcode -O3 and allow overriding CFLAGS and MANDIR" > > - just pass them both in MAKE_FLAGS and/or FAKE_FLAGS, you don't need to > patch for this in the usual case. > Indeed, I forgot about the power of the MAKE_FLAGS. Updated version attached.
pixiewps.tar.gz
Description: application/gzip
