Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Introducing a new way to crack WPS: Option p with an Arbitrary String
We are very happy to present you the improved argument -p.
`-p, --pin=<wps pin> Use the specified pin (may be arbitrary string or 4/8 digit WPS pin)`
It can be used against Access Points that do not follow the WPS checksum on the last digit of the PIN.
For example: D-Link used
22222222 as a default PIN in some devices. It is not a "legitimate" WPS PIN.
If you try to use -p to send this PIN with a version prior to 1.6b, Reaver would automatically correct it and send the "correct" WPS PIN (
2222228 for instance).
As of version 1.6b, any pin can be sent, including a non legitimate PIN such as
22222222. Even an "empty" PIN can be sent!
That sounds crazy, right?...
... Have a look at this document!: Obtaining the WiFi password in a few seconds using WPS
The author shows how he manages to crack a Huawei router immune to pixiewps and the standard WPS brute force. He does so by sending a empty PIN.
And he also shows in the document the faulty configuration:
BusyBox vv1.9.1 (2014-02-08 20:26:13 CST) built-in shell (ash) Enter 'help' for a list of built-in commands. # nvram show | grep wps_device_pin size: 2659 bytes (30109 left) wps_device_pin= #
As you can see the variable
wps_device_pin is declared but is not defined. "Logically" the PIN value is "NULL" (none, an "empty" PIN).
This is not a unique case... In this video you will see how we managed to crack a ZTE router immune to known methods by sending a blank string with
-p "": Cracking ZTE ZXHN H218N (jazztel) with new option "arbitrary strings" from Reaver 1.6b
- The screen shot below shows that sending a PIN for a brute force does not lead anywhere against this AP:
- Pixie dust attack is pointless too:
- But if I send a blank PIN, I crack the device in 2 seconds!
Thanks to binarymaster for proposing and coding - see #133 - this exciting new feature!