Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Allow bruteforce for last digit instead of computing the checksum #49
Hi, I stumbled upon this issue where reaver can't get the correct 2nd half of the pin. I found this issue (see coment#40) on google code archive and would like to know if there has been a fix for this or a feature that can accommodate manual brute force on the last digit of the pin. Thanks
The only time this would be useful is if a user specifies the PIN. For example, if a user configures the 8 digit pin, it may not follow the checksum rule. I'd make a bet that if someone were smart enough to change the WPS PIN, they'd just disable the feature as a whole as it is a severely flawed protocol.
If you were to brute force the last 4 digits without a checksum, it would take another 9,000 guesses totaling at 20,000 for the whole PIN.
The AP will NEVER send a client the M5 message if the first half of the PIN is correct (unless there is a bug in the code or there is no PIN defined and WPS is enabled, but not configured).