Pixie Dust Attack (WPS Enabled Routers)
-
- Newbie..
- Posts: 1
- Joined: Thu Mar 19, 2015 11:45 am
Pixie Dust Attack (WPS Enabled Routers)
is their any Tool Available for pixie Dust Attack ?? i want to check This Pixie Dust Thingy on my Own Router (my Router is of Fiberhome which have Broadcom Chipset inside). so is their any tool available yet or this attack is just an fairy tale or some kind of story............ ???
- XaneXXXX
- Special
- Posts: 113
- Joined: Sun May 08, 2011 11:19 pm
- Custom: My Trainers: https://sethioz.com/market/index.php?ro ... eller_id=4
- Location: Dark Zone
Re: Pixie Dust Attack (WPS Enabled Routers)
I found this: https://forums.kali.org/showthread.php? ... -Attack%29
Some info about the pixie dust attack. Personally i have never heard about it before. So i can't provide you any more info atm, seems really interesting tho, so i might read about it! :)
Some info about the pixie dust attack. Personally i have never heard about it before. So i can't provide you any more info atm, seems really interesting tho, so i might read about it! :)
- Sethioz
- Admin
- Posts: 4768
- Joined: Fri Jul 27, 2007 5:11 pm
- Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz - Location: unknown
- Contact:
Re: Pixie Dust Attack (WPS Enabled Routers)
never heard of this before, but seems interesting. wonder if they add it into Kali.
- XaneXXXX
- Special
- Posts: 113
- Joined: Sun May 08, 2011 11:19 pm
- Custom: My Trainers: https://sethioz.com/market/index.php?ro ... eller_id=4
- Location: Dark Zone
Re: Pixie Dust Attack (WPS Enabled Routers)
I added two interesting documents that you should look at! :)
- Sethioz
- Admin
- Posts: 4768
- Joined: Fri Jul 27, 2007 5:11 pm
- Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz - Location: unknown
- Contact:
Re: Pixie Dust Attack (WPS Enabled Routers)
I took a quick look into this, I see why there's no working concept yet, it is highly based on chipsets, so there's no generic way of doing this, but i understand the concept.
Basically nothing in computer is "random", if you get a hold of the source, you can always replicate the so called "random" result. Whatever algorithm they use, once you get to know how it works, you will be able to guess what it will do next and based on that you can re-generate the WPS pin, so basically it is not "cracking", it's just replicating the pin or cloning.
At least that's my understanding of this.
However it says you have to go as far as M3 message, but with wrong pin i never get further than M2 or was it up to M4? I'm quite sure I only get up to M2 if i enter wrong pin.
Basically nothing in computer is "random", if you get a hold of the source, you can always replicate the so called "random" result. Whatever algorithm they use, once you get to know how it works, you will be able to guess what it will do next and based on that you can re-generate the WPS pin, so basically it is not "cracking", it's just replicating the pin or cloning.
At least that's my understanding of this.
However it says you have to go as far as M3 message, but with wrong pin i never get further than M2 or was it up to M4? I'm quite sure I only get up to M2 if i enter wrong pin.
Re: Pixie Dust Attack (WPS Enabled Routers)
Update2: More PixieWPS Tools.
https://github.com/nxxxu/AutoPixieWps (Tested On Kali Linux 1.1.0)
https://github.com/aanarchyy/wifite-mod-pixiewps (Tested On Kali Linux 1.1.0)
Update1: Since more options continue to occur, figured it would be best to simply attach the link of where to look for updates.
https://github.com/t6x/reaver-wps-fork-t6x
Delete\Replace the old 'reaver-wps-fork-t6x-master' folder & simply re-run 'modifiedreaver+pixiewps-install.sh'
Update0: No more copying and pasting. Install this Modified Reaver, needed dependencies, & pixiewps.
Newly Attached: ModifiedReaver&PixieWPS1.zip
First Order of Business: Place all folders/files on /root/
Secondly: chmod +x, modifiedreaver+pixiewps-install.sh & execute it.
It simply contains a bunch of shell commands without having to do it manually.
Launch this modified reaver against the AP, it prints the needed values for pixiewps.
Afterwards, pixiewps is launched automatically.
New Arguments for reaver:
-K (run ./reaver and have a look!)
reaver example: ./reaver -i mon0 -b APBSSID -vv -d 15 -c 1 -T .20 -K 3
Credit to whomever it's due:
Dominique Bongard
wiire
soxrok2212
DataHead
Espresso_Boy
t6x
dudux
etc.
Original:
Offline WPS Vulnerability Assessment Tool (pixiewps)
Supports: Ralink & Broadcom Routers
Attached: Modified Reaver, pixiewps, needed dependencies & a bash script to install everything in one fell swoop! (Tested on Kali Linux 1.1.0)
First Order of Business: Place all folders/files on /root/
Secondly: chmod +x, modifiedreaver+pixiewps-install.sh & execute it. (It simply contains a bunch of shell commands without having to do it manually.)
Reaver has been modified to print the below needed values for pixiewps. (Run reaver & let it complete one pin transaction attempt.)
PKE
E-Hash1
E-Hash2
AuthKey
E-Nonce
Reaver Example In A New Terminal: reaver -i mon0 -b APBSSID -vv -d 15 -S -c 6 -T .20
Pixiewps Command Arguments:
-e PKE
-s E-Hash1
-z E-Hash2
-a AuthKey
-S dh-small
-n E-Nonce (Try to use this on Bcm3xxx/Bcm6xxx chip routers if pin not found.)
Pixiewps Example In A New Terminal:
pixiewps -e PastePKEFromModifiedReaver -s PasteE-Hash1FromModifiedReaver -z PasteE-Hash2FromModifiedReaver -a PasteAuthKeyFromModifiedReaver -S -n PasteE-NonceFromModifiedReaver
PS:
I'm just a messenger & taking no credit to whomever it's due.
Dominique Bongard
wiire
soxrok2212
dudux
etc.
https://github.com/nxxxu/AutoPixieWps (Tested On Kali Linux 1.1.0)
https://github.com/aanarchyy/wifite-mod-pixiewps (Tested On Kali Linux 1.1.0)
Update1: Since more options continue to occur, figured it would be best to simply attach the link of where to look for updates.
https://github.com/t6x/reaver-wps-fork-t6x
Delete\Replace the old 'reaver-wps-fork-t6x-master' folder & simply re-run 'modifiedreaver+pixiewps-install.sh'
Update0: No more copying and pasting. Install this Modified Reaver, needed dependencies, & pixiewps.
Newly Attached: ModifiedReaver&PixieWPS1.zip
First Order of Business: Place all folders/files on /root/
Secondly: chmod +x, modifiedreaver+pixiewps-install.sh & execute it.
It simply contains a bunch of shell commands without having to do it manually.
Launch this modified reaver against the AP, it prints the needed values for pixiewps.
Afterwards, pixiewps is launched automatically.
New Arguments for reaver:
-K (run ./reaver and have a look!)
reaver example: ./reaver -i mon0 -b APBSSID -vv -d 15 -c 1 -T .20 -K 3
Credit to whomever it's due:
Dominique Bongard
wiire
soxrok2212
DataHead
Espresso_Boy
t6x
dudux
etc.
Original:
Offline WPS Vulnerability Assessment Tool (pixiewps)
Supports: Ralink & Broadcom Routers
Attached: Modified Reaver, pixiewps, needed dependencies & a bash script to install everything in one fell swoop! (Tested on Kali Linux 1.1.0)
First Order of Business: Place all folders/files on /root/
Secondly: chmod +x, modifiedreaver+pixiewps-install.sh & execute it. (It simply contains a bunch of shell commands without having to do it manually.)
Reaver has been modified to print the below needed values for pixiewps. (Run reaver & let it complete one pin transaction attempt.)
PKE
E-Hash1
E-Hash2
AuthKey
E-Nonce
Reaver Example In A New Terminal: reaver -i mon0 -b APBSSID -vv -d 15 -S -c 6 -T .20
Pixiewps Command Arguments:
-e PKE
-s E-Hash1
-z E-Hash2
-a AuthKey
-S dh-small
-n E-Nonce (Try to use this on Bcm3xxx/Bcm6xxx chip routers if pin not found.)
Pixiewps Example In A New Terminal:
pixiewps -e PastePKEFromModifiedReaver -s PasteE-Hash1FromModifiedReaver -z PasteE-Hash2FromModifiedReaver -a PasteAuthKeyFromModifiedReaver -S -n PasteE-NonceFromModifiedReaver
PS:
I'm just a messenger & taking no credit to whomever it's due.
Dominique Bongard
wiire
soxrok2212
dudux
etc.
- Attachments
-
- ModifiedReaver&PixieWPS.zip
- (1.73 MiB) Downloaded 3218 times
-
- ModifiedReaver&Pixiewps1.zip
- (2.99 MiB) Downloaded 3227 times
Last edited by 7Ds on Wed Apr 22, 2015 12:50 am, edited 4 times in total.
- Sethioz
- Admin
- Posts: 4768
- Joined: Fri Jul 27, 2007 5:11 pm
- Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz - Location: unknown
- Contact:
Re: Pixie Dust Attack (WPS Enabled Routers)
I gotta test this out, any idea if this is available on latest Kali? i gotta wipe my old BT5 and put Kali on netbook and test it out, looks nice. I'm trying to ask Elcomsoft to make a tool for this.
- Sethioz
- Admin
- Posts: 4768
- Joined: Fri Jul 27, 2007 5:11 pm
- Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz - Location: unknown
- Contact:
Re: Pixie Dust Attack (WPS Enabled Routers)
I tried something called AutoPixie, which automatically gathers the info and then should crack the network, but it gets stuck for no reason.
grab it here or google for it (for updated version) I like including stuff in my posts, so that ppl don't have to search, but downside is that you can get outdated version.
Anyway, I tried the thing and it seem to be going, but it gets stuck in either "Sending WSC NACK" or "Sending M4 Message"
I doubt it's because of network, because reaver works great on the network.
Also i didn't even know that latest reaver shows the E-Hash info and such.
Pixie Dust is based on the fact that most routers don't actually randomize the WPS right? ..but in computing, or well in universe, there is no such thing as random at all, there is just illusion of randomness. Isn't that correct? Every algorithm is made to do something and choose things somehow, wouldn't it be possible to reverse engineer every "random" event in computing? Just a thought tho.
grab it here or google for it (for updated version) I like including stuff in my posts, so that ppl don't have to search, but downside is that you can get outdated version.
Anyway, I tried the thing and it seem to be going, but it gets stuck in either "Sending WSC NACK" or "Sending M4 Message"
I doubt it's because of network, because reaver works great on the network.
Also i didn't even know that latest reaver shows the E-Hash info and such.
Pixie Dust is based on the fact that most routers don't actually randomize the WPS right? ..but in computing, or well in universe, there is no such thing as random at all, there is just illusion of randomness. Isn't that correct? Every algorithm is made to do something and choose things somehow, wouldn't it be possible to reverse engineer every "random" event in computing? Just a thought tho.