Skip to content

int03h/pixiewps

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
src
src
 
 
.editorconfig
.editorconfig
 
 
Android.mk
Android.mk
 
 
LICENSE.md
LICENSE.md
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
version.mk
version.mk
 
 

Repository files navigation

Overview License

Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some Access Points, the so-called "pixie dust attack" discovered by Dominique Bongard in summer 2014. It is meant for educational purposes only.

As opposed to the traditional online bruteforce attack, implemented in tools like Reaver or Bully which aim to recover the pin in a few hours, this method can get the pin in only a matter of milliseconds to minutes, depending on the target, if vulnerable.

pixiewps_screenshot

More details can be found here:

A non-exhaustive list of vulnerable devices (not maintained by me):

Requirements

apt-get -y install build-essential

Prior versions of 1.2 require libssl-dev.

Setup

Download

git clone https://github.com/wiire/pixiewps

or

wget https://github.com/wiire/pixiewps/archive/master.zip && unzip master.zip

Build

cd pixiewps*/
cd src/
make

Install

sudo make install

Usage

Usage: pixiewps <arguments>

Required Arguments:

  -e, --pke         : Enrollee public key
  -r, --pkr         : Registrar public key
  -s, --e-hash1     : Enrollee hash 1
  -z, --e-hash2     : Enrollee hash 2
  -a, --authkey     : Authentication session key
  -n, --e-nonce     : Enrollee nonce

Optional Arguments:

  -m, --r-nonce     : Registrar nonce
  -b, --e-bssid     : Enrollee BSSID
  -S, --dh-small    : Small Diffie-Hellman keys (PKr not needed)  [No]
  -v, --verbosity   : Verbosity level 1-3, 1 is quietest           [3]

  -h                : Display this usage screen
  --help            : Verbose help and more usage examples
  -V, --version     : Display version

  --mode N[,... N]  : Mode selection, comma separated           [Auto]
  --start [mm/]yyyy : Starting date (only mode 3)       [Current time]
  --end   [mm/]yyyy : Ending date   (only mode 3)            [-3 days]

Usage example

A common usage example is:

pixiewps --pke <pke> --pkr <pkr> --e-hash1 <e-hash1> --e-hash2 <e-hash2> --authkey <authkey> --e-nonce <e-nonce>

which requires a modified version of Reaver or Bully which prints the Authentication Session key (--authkey, -a). The recommended version is reaver-wps-fork-t6x.

Supported OS

Pixiewps can be compiled and installed on a wide variety of platforms including OpenWrt and Android.

Acknowledgements

  • Part of the code was inspired by Bully and its WPS functionality written by Jouni Malinen
  • The crypto libraries were taken from mbed TLS
  • Special thanks to: soxrok2212, datahead, t6_x, aanarchyy, kcdtv and the Kali Linux community

References

Pixiewps is based on the work of Dominique Bongard:

About

An offline WPS bruteforce utility

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages

  • C 98.6%
  • Makefile 1.4%