Pixie Dust Attack is an attack on the WPS protocol that focuses on capturing the exchange of packets between the victim router and the attacker, to later crack the PIN offline, so it is much faster than attacking the WPS by dictionary or force brute, since, being able to crack it offline, it is much faster than relying on the exchange of messages between the router and the attacker. Depending on the PIN that the router has, we can take from minutes to about 48 hours, it depends on the behavior of the WiFi network card with WPS, and also the WPS router, the distance against the WiFi access point, etc. Other characteristics of this program is that it will allow us to continue the WPS attack for the number that we want. Attacking the WPS by brute force is compatible both for PINs that do not incorporate a checksum in the last digit of PIN2, as well as for those that incorporate the checksum, calculating it completely automatically.Detect the WPS in all the routers around us.However, it is worth trying to brute-force the router to check whether or not we have the limit of PIN attempts. If our router has a firmware with a limit of PIN attempts, depending on how the firmware is programmed, we will no longer be able to try PIN by brute force until the router is restarted, although in some cases they only leave the WPS inoperative for a while (one hour, one day etc). This method of attacking the WPS has two main problems: the time, which can last up to 72 hours if you have bad luck with the PIN, and the limit of PIN attempts by the router firmware.
With this dictionary attack, even if the router has a limit of attempts by WPS, it is very likely that we will get the WPA-PSK or WPA2-PSK key in very few attempts, before the router limits our attempts, therefore, this attack is one of the fastest we can do, as long as the router has default PINs by default. The only thing we will need is that our WiFi card supports WPS and is compatible with the operating system, currently the vast majority of cards with Realtek chipset are compatible. The operation of this program is really simple, since we will simply have to follow the configuration wizard via the console that you can see there. Currently, in WiFiSlax we have a large number of tools to attack the WPS by different methods, either by brute force, by dictionary with the PIN generator, and also with other methods such as the Pixie Attack attack. WiFiSlax is one of the Linux-based distributions most used for auditing wireless networks, whether they are networks with WEP, WPA, WPA2 encryption and can also attack WPS (Wi-Fi Protected Setup). WiFiSlax: The Swiss Army Knife to Crack WPS There are currently programs that you can leave running and they could automatically connect to the router when we press the WPS button, and obtain the WPA-PSK or WPA2-PSK key, therefore, using the WPS with a button is also a risk for 60 or 120 seconds. This also has an intrinsic security problem, and it is that during this time we will be “vulnerable” to an intruder connecting to our network. The other connection method is by pressing a button on the router, by pressing this button, any device that connects in a time between 60 and 120 seconds will be able to access the wireless network without the need to enter any PIN or password. However, we have found that many operator routers do not have this protection, so we could easily and quickly violate them. Some router manufacturers have incorporated into their routers a limit of unsuccessful attempts in the WPS, depending on the manufacturer and how they have programmed the firmware, we can enter the PIN about 5 times, later the router will block access to the WiFI network by WPS PIN definitively, and it can no longer be used. Taking into account that we have 11,000 possibilities, brute force cracking is very feasible, and can be achieved in about 48 hours maximum. Finally, according to the standard, the last digit of the PIN2 serves for the checksum of the rest of the PIN, therefore, it is not a key digit but is calculated based on the other 7 digits, for this reason, the number of combinations that a WPS PIN has is only 11,000 possibilities.
PIN separately, which greatly facilitates its brute force attack. However, by the very construction of the WPS, this WPS PIN is divided into two subPINs of four digits each, therefore, the probabilities are 10,000 for the first PIN and 10,000 for the second PIN, and these can be cracked. The big problem with WPS comes with the introduction of the PIN number, because it can only have a minimum of 8 digits and at most, in this way, we would have a number of combinations of 100,000,000 possibilities.
0 kommentar(er)
