Offline bruteforce attack on wi fi protected setup
ASF-WS
2,362 views
76 slides
Dec 03, 2014
Slide 1 of 76
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
About This Presentation
Offline bruteforce attack on wi fi protected setup
Slide Content
Offline bruteforce attack on
WiFi Protected Setup
Dominique Bongard
Founder
0xcite, Switzerland
@reversity
WiFi Protected Setup
Dominique Bongard
Founder
0xcite, Switzerland
@reversity
IntroductiontoWPS
WPS PIN ExternalRegistrarProtocol
Online Bruteforceattackon WPS PIN
Offline Bruteforceattackon WPS PIN
Vendorreponses
Bonus
WPS PIN ExternalRegistrarProtocol
Online Bruteforceattackon WPS PIN
Offline Bruteforceattackon WPS PIN
Vendorreponses
Bonus
Wi-FiProtectedSetup (WPS) orWi-FiSimple Configuration(WSC)
„Aspecificationforeasy, securesetupandintroductionofdevicesinto
WPA2-enabled 802.11 networks"
OffersseveralmethodsforIn-Band orOut-of-Band devicesetup
Severelybrokenprotocol!
The technicalspecificationcanbepurchasedonline for$99
Someoldversionscanbefoundfloatingon thenet
„Aspecificationforeasy, securesetupandintroductionofdevicesinto
WPA2-enabled 802.11 networks"
OffersseveralmethodsforIn-Band orOut-of-Band devicesetup
Severelybrokenprotocol!
The technicalspecificationcanbepurchasedonline for$99
Someoldversionscanbefoundfloatingon thenet
USB Flash Drive (Deprecated)
Ethernet (Deprecated)
StaticPIN on devicelabel
Display
NFC Token
Push Button
Keypad
Ethernet (Deprecated)
StaticPIN on devicelabel
Display
NFC Token
Push Button
Keypad
ToregisterwithWPS youdon‘tneedtoknow
thePIN andpress theWPS button
YouneedtoknowthePIN ORpress theWPS
button
thePIN andpress theWPS button
YouneedtoknowthePIN ORpress theWPS
button
Enrollee: A deviceseekingtojoina WLAN domain
Registrar: An entitywiththeauthoritytoissueWLAN credentials
ExternalRegistrar: A registrarthatisseparate fromtheAP
AP: An infrastructure-mode 802.11 Access Point
HeadlessDevice : A devicewithouta screenordisplay
Registrar: An entitywiththeauthoritytoissueWLAN credentials
ExternalRegistrar: A registrarthatisseparate fromtheAP
AP: An infrastructure-mode 802.11 Access Point
HeadlessDevice : A devicewithouta screenordisplay
An Enrolleecanbea stationoran AP
A Registrarcanbea station(externalregistrar) oran AP
A Registrardoesn‘tneedtobein theWiFinetwork
A WiFinetworkcanhavemorethanoneWPS Registrar
A Registrarcanbea station(externalregistrar) oran AP
A Registrardoesn‘tneedtobein theWiFinetwork
A WiFinetworkcanhavemorethanoneWPS Registrar
In themostcommoncase, theRegistrarisa stationoutside
theWiFinetworkandtheEnrolleeistheAP, not theotherway
around.
theWiFinetworkandtheEnrolleeistheAP, not theotherway
around.
WPS PIN External
Registrar Protocol
Registrar Protocol
The recommended length for a manually entered device password is
an 8-digit numeric PIN. This length does not provide a large amount
of entropy for strong mutual authentication, but the design of the
Registration Protocol protects against dictionary attacks on PINs if a
fresh PIN or a rekeying key is used each time the Registration
Protocol is run.
If the Registrar runs the Protocol multiple times using the same PIN
an attacker will be able to discover the PIN through brute force. To
address this vulnerability, if a PIN authentication error occurs, the
Registrar SHALL warn the user and SHALL NOT automatically
reuse the PIN.
The [sticker] PIN contains approximately 23 bits of entropy… It is
susceptible to active attack.
an 8-digit numeric PIN. This length does not provide a large amount
of entropy for strong mutual authentication, but the design of the
Registration Protocol protects against dictionary attacks on PINs if a
fresh PIN or a rekeying key is used each time the Registration
Protocol is run.
If the Registrar runs the Protocol multiple times using the same PIN
an attacker will be able to discover the PIN through brute force. To
address this vulnerability, if a PIN authentication error occurs, the
Registrar SHALL warn the user and SHALL NOT automatically
reuse the PIN.
The [sticker] PIN contains approximately 23 bits of entropy… It is
susceptible to active attack.
PSK1 PSK2
E ->RM1 N1 ||Description ||PKE
N1isa 128-bit randomnoncegeneratedbytheEnrollee
PKEistheDH publickeyoftheEnrollee
N1isa 128-bit randomnoncegeneratedbytheEnrollee
PKEistheDH publickeyoftheEnrollee
Upon receptionofM1 theRegistrargeneratesPKR andN2
The RegistrarcanthencomputetheDHKey:
DHKey= SHA-256 (zeropad(g
AB
modp, 192))
AndcalculatetheKey Derivation Key :
KDK = HMAC-SHA-256DHKey (N1 || EnrolleeMAC|| N2)
FinallyAuthKey, KeyWrapKey, andEMSK arederived:
AuthKey|| KeyWrapKey|| EMSK =
kdf(KDK, “Wi-FiEasy andSecure Key Derivation”, 640)
The RegistrarcanthencomputetheDHKey:
DHKey= SHA-256 (zeropad(g
AB
modp, 192))
AndcalculatetheKey Derivation Key :
KDK = HMAC-SHA-256DHKey (N1 || EnrolleeMAC|| N2)
FinallyAuthKey, KeyWrapKey, andEMSK arederived:
AuthKey|| KeyWrapKey|| EMSK =
kdf(KDK, “Wi-FiEasy andSecure Key Derivation”, 640)
AuthKey: used to authenticate the Registration Protocol
messages (256 bits)
KeyWrapKey: used to encrypt secret noncesand ConfigData
(128 bits)
EMSK : Extended Master Session Key that is used to derive
additional keys (256 bits)
messages (256 bits)
KeyWrapKey: used to encrypt secret noncesand ConfigData
(128 bits)
EMSK : Extended Master Session Key that is used to derive
additional keys (256 bits)
R ->EM2 N1 || N2 ||Desc. ||PKR || Auth
N2isa 128-bit randomnoncegeneratedbytheRegistrar
PKRistheDH publickeyoftheRegistrar
Auth= HMAC
AuthKey(M1 || M2)
N2isa 128-bit randomnoncegeneratedbytheRegistrar
PKRistheDH publickeyoftheRegistrar
Auth= HMAC
AuthKey(M1 || M2)
E ->RM3 E-Hash1 || E-Hash2
E-Hash1 = HMAC
AuthKey(E-S1 || PSK1 || PKE || PKR)
E-Hash2 = HMAC
AuthKey(E-S2 || PSK2 || PKE || PKR)
PSK1ismadeofthefirst4 digitsofthePIN
PSK2ismadeofthelast 4 digitsofthePIN
E-S1 andE-S2 aretwo128 bitrandomnonces
E-Hash1 = HMAC
AuthKey(E-S1 || PSK1 || PKE || PKR)
E-Hash2 = HMAC
AuthKey(E-S2 || PSK2 || PKE || PKR)
PSK1ismadeofthefirst4 digitsofthePIN
PSK2ismadeofthelast 4 digitsofthePIN
E-S1 andE-S2 aretwo128 bitrandomnonces
R ->EM4
R-Hash1 || R-Hash2 ||
E
Kwk(R-S1)
R-Hash1 = HMAC
AuthKey(R-S1 || PSK1 || PKE || PKR)
R-Hash2 = HMAC
AuthKey(R-S2 || PSK2 || PKE || PKR)
R-S1 andR-S2 aretwo128 bitrandomnonces
R-Hash1 || R-Hash2 ||
E
Kwk(R-S1)
R-Hash1 = HMAC
AuthKey(R-S1 || PSK1 || PKE || PKR)
R-Hash2 = HMAC
AuthKey(R-S2 || PSK2 || PKE || PKR)
R-S1 andR-S2 aretwo128 bitrandomnonces
The Enrollee decrypts R-S1
The Enrollee verifies :
HMAC
AuthKey(R-S1 || PSK1 || PKE || PKR) = R-Hash1
?
The Enrollee verifies :
HMAC
AuthKey(R-S1 || PSK1 || PKE || PKR) = R-Hash1
?
E ->RM5 E
kwk(E-S1)
The Enrolleeopensitsfirstcommitment
kwk(E-S1)
The Enrolleeopensitsfirstcommitment
The Registrar decrypts E-S1
The Registrar verifies :
HMAC
AuthKey(E-S1 || PSK1 || PKE || PKR) = E-Hash1
?
The Registrar verifies :
HMAC
AuthKey(E-S1 || PSK1 || PKE || PKR) = E-Hash1
?
R ->EM6 E
Kwk(R-S2)
The registraropensitssecondcommitment
HMAC
AuthKey(R-S2 || PSK2 || PKE || PKR) = E-Hash2 ?
Kwk(R-S2)
The registraropensitssecondcommitment
HMAC
AuthKey(R-S2 || PSK2 || PKE || PKR) = E-Hash2 ?
E ->RM7 E
kwk(E-S2|| Credentials)
The Enrolleeopensitssecondcommitmentandalso sends
thenetworkcredentials
kwk(E-S2|| Credentials)
The Enrolleeopensitssecondcommitmentandalso sends
thenetworkcredentials
WPS AP as Registrar
attack
attack
WhyistheAP theRegistrarresp.theStation the
Enrolleeandnot theotherwayaround?
The WiFiAlliance probablyfoundout thatthe
protocolwouldotherwisebetotallyinsecurein the
scenariowithHeadlessdevices
Enrolleeandnot theotherwayaround?
The WiFiAlliance probablyfoundout thatthe
protocolwouldotherwisebetotallyinsecurein the
scenariowithHeadlessdevices
E ->RM1 N1 ||Description ||PKE
N1isa 128-bit randomnoncegeneratedbytheEnrollee
PKEistheDH publickeyoftheEnrollee
N1isa 128-bit randomnoncegeneratedbytheEnrollee
PKEistheDH publickeyoftheEnrollee
R ->EM2 N1 || N2 ||Desc. ||PKR || Auth
N2isa 128-bit randomnoncegeneratedbytheRegistrar
PKRistheDH publickeyoftheRegistrar
Auth= HMAC
AuthKey(M1 || M2)
N2isa 128-bit randomnoncegeneratedbytheRegistrar
PKRistheDH publickeyoftheRegistrar
Auth= HMAC
AuthKey(M1 || M2)
E ->RM3 E-Hash1 || E-Hash2
E-Hash1 = Random
E-Hash2 = Random
E-Hash1 = Random
E-Hash2 = Random
R ->EM4
R-Hash1 || R-Hash2 ||
E
Kwk(R-S1)
The EnrolleecandecryptR-S1 andthenbruteforcePSK1
withR-Hash1
The EnrolleethenrestartstheprotocolknowingPSK1
R-Hash1 || R-Hash2 ||
E
Kwk(R-S1)
The EnrolleecandecryptR-S1 andthenbruteforcePSK1
withR-Hash1
The EnrolleethenrestartstheprotocolknowingPSK1
E ->RM5 E
kwk(E-S1)
In thesecondrunoftheprotocol, theEnrolleecansend valid
valuessinceitknowsPSK1
kwk(E-S1)
In thesecondrunoftheprotocol, theEnrolleecansend valid
valuessinceitknowsPSK1
R ->EM6 E
Kwk(R-S2)
The EnrolleecandecryptR-S2 andthenbruteforcePSK2
withR-Hash2
The Enrolleethenrestartstheprotocolonelast time
knowingbothPSK1 andPSK2
Kwk(R-S2)
The EnrolleecandecryptR-S2 andthenbruteforcePSK2
withR-Hash2
The Enrolleethenrestartstheprotocolonelast time
knowingbothPSK1 andPSK2
WPS online
bruteforceattack
bruteforceattack
Looks OK aslongasthereisonlyonetryper PIN
ProofofpossessionallowsdetectionofrogueAPs and
stations
The DH keyexchangeprotectsagainsteavesdropping
ProofofpossessionallowsdetectionofrogueAPs and
stations
The DH keyexchangeprotectsagainsteavesdropping
Attackpublishedin 2011 byStefan Viehböck
The ideaistobruteforcePSK1 andthenPSK2
Takes atmost11‘000 trialsforstickerPIN
Atmost20‘000 trialsforuserselectedPIN
FindsthePIN in a fewhours(dependson AP)
Most AP implementednosecurityagainstBF
Implementedin toolslikeReaverandBully
The ideaistobruteforcePSK1 andthenPSK2
Takes atmost11‘000 trialsforstickerPIN
Atmost20‘000 trialsforuserselectedPIN
FindsthePIN in a fewhours(dependson AP)
Most AP implementednosecurityagainstBF
Implementedin toolslikeReaverandBully
Changes in the specification
2.0.2 Public release version
-
Change Headless Devices section to mandate
implementation of strong mitigation against a
brute force attack on the AP that uses a static PIN.
Some devices have a WPS lockout delay
This only slows down the attack a bit
Other lock WPS until the next reboot
2.0.2 Public release version
-
Change Headless Devices section to mandate
implementation of strong mitigation against a
brute force attack on the AP that uses a static PIN.
Some devices have a WPS lockout delay
This only slows down the attack a bit
Other lock WPS until the next reboot
AP reboot scripts (mdk3, ReVdK3)
EAPOL-Start flood attack
DeauthDDoS
EAPOL-Start flood attack
DeauthDDoS
The initialusecaseseemstoberandomPIN on displaywithonetry
The specificationcontainscontradictorystatementsaboutPIN reuse
The protocollookssecureenoughifPINs arenot reused
Conclusion:
HeadlessdeviceswithstaticPINs wereprobablya last minuteadditionto
thespecification
The specificationcontainscontradictorystatementsaboutPIN reuse
The protocollookssecureenoughifPINs arenot reused
Conclusion:
HeadlessdeviceswithstaticPINs wereprobablya last minuteadditionto
thespecification
WPS offline
bruteforceattack
bruteforceattack
E ->RM1 N1 ||Description ||PKE
N1isa 128-bit randomnoncegeneratedbytheEnrollee
PKEistheDH publickeyoftheEnrollee
N1isa 128-bit randomnoncegeneratedbytheEnrollee
PKEistheDH publickeyoftheEnrollee
E ->RM3 E-Hash1 || E-Hash2
E-Hash1 = HMAC
AuthKey(E-S1 || PSK1 || PKE || PKR)
E-Hash2 = HMAC
AuthKey(E-S2 || PSK2 || PKE || PKR)
PSK1ismadeofthefirst4 digitsofthePIN
PSK2ismadeofthelast 4 digitsofthePIN
E-Hash1 = HMAC
AuthKey(E-S1 || PSK1 || PKE || PKR)
E-Hash2 = HMAC
AuthKey(E-S2 || PSK2 || PKE || PKR)
PSK1ismadeofthefirst4 digitsofthePIN
PSK2ismadeofthelast 4 digitsofthePIN
Ifwecanfind E-S1 andE-S2, wecanthebruteforce
PSK1 andPSK2 offline!
PSK1 andPSK2 offline!
Usuallywithpseudo-randomgenerators(PRNG)
OfteninsecurePRNG
Noorlowentropy
Small state(32 bits)
Can thePRNG stateberecovered?
OfteninsecurePRNG
Noorlowentropy
Small state(32 bits)
Can thePRNG stateberecovered?
reg_proto_create_m1(RegData*regInfo, BufferObj*msg)
{
uint32 ret = WPS_SUCCESS;
uint8 message;
DevInfo*enrollee = regInfo->enrollee;
/* First generate/gather all the required data. */
message = WPS_ID_MESSAGE_M1;
/* Enrollee nonce */
/*
* Hacking, do not generate new random enrollee nonce
* in case of we have prebuild enrollee nonce.
*/
if (regInfo->e_lastMsgSent== MNONE) {
RAND_bytes(regInfo->enrolleeNonce, SIZE_128_BITS);
}
/* It should not generate new key pair if we have prebuild enrollee nonce */
if (!enrollee->DHSecret) {
ret = reg_proto_generate_dhkeypair(&enrollee->DHSecret);
if (ret != WPS_SUCCESS) {
return ret;
}
}
...
{
uint32 ret = WPS_SUCCESS;
uint8 message;
DevInfo*enrollee = regInfo->enrollee;
/* First generate/gather all the required data. */
message = WPS_ID_MESSAGE_M1;
/* Enrollee nonce */
/*
* Hacking, do not generate new random enrollee nonce
* in case of we have prebuild enrollee nonce.
*/
if (regInfo->e_lastMsgSent== MNONE) {
RAND_bytes(regInfo->enrolleeNonce, SIZE_128_BITS);
}
/* It should not generate new key pair if we have prebuild enrollee nonce */
if (!enrollee->DHSecret) {
ret = reg_proto_generate_dhkeypair(&enrollee->DHSecret);
if (ret != WPS_SUCCESS) {
return ret;
}
}
...
#if (defined(__ECOS) || defined(TARGETOS_nucleus) || defined(TARGETOS_symbian))
void generic_random(uint8 * random, intlen)
{
inttlen= len;
while (tlen--) {
*random = (uint8)rand();
*random++;
}
return;
}
#endif
void generic_random(uint8 * random, intlen)
{
inttlen= len;
while (tlen--) {
*random = (uint8)rand();
*random++;
}
return;
}
#endif
intrand_r( unsigned int*seed ){
unsigned ints=*seed;
unsigned inturet;
s = (s * 1103515245) + 12345; // permutateseed
uret= s & 0xffe00000;// Only use top 11 bits
s = (s * 1103515245) + 12345; // permutateseed
uret+= (s & 0xfffc0000) >> 11;// Only use top 14 bits
s = (s * 1103515245) + 12345; // permutateseed
uret+= (s & 0xfe000000) >> (11+14);// Only use top 7 bits
retval= (int)(uret& RAND_MAX);
*seed= s;
return retval;
}
unsigned ints=*seed;
unsigned inturet;
s = (s * 1103515245) + 12345; // permutateseed
uret= s & 0xffe00000;// Only use top 11 bits
s = (s * 1103515245) + 12345; // permutateseed
uret+= (s & 0xfffc0000) >> 11;// Only use top 14 bits
s = (s * 1103515245) + 12345; // permutateseed
uret+= (s & 0xfe000000) >> (11+14);// Only use top 7 bits
retval= (int)(uret& RAND_MAX);
*seed= s;
return retval;
}
Linear CongruentialGenerator
32 bitsstate
Noexternalentropy
E-S1 andE-S2 generatedrightafter N1
Optimization: 7 bitsoftheseedcanbededuced
fromthelast outputbyte
32 bitsstate
Noexternalentropy
E-S1 andE-S2 generatedrightafter N1
Optimization: 7 bitsoftheseedcanbededuced
fromthelast outputbyte
Do theWPS protocoluptomessageM3
GettheNoncefromM1
BruteforcethestateofthePRNG
ComputeE-S1 andE-S2 fromthestate
BruteforcePSK1 / PSK2 fromE-Hash1 / E-Hash2
Do thefullWPS protocoltogetthecredentials
GettheNoncefromM1
BruteforcethestateofthePRNG
ComputeE-S1 andE-S2 fromthestate
BruteforcePSK1 / PSK2 fromE-Hash1 / E-Hash2
Do thefullWPS protocoltogetthecredentials
32 bitLinear Feedback ShiftRegister (LFSR)
Polynomial= 0x80000057
Trivial torecovertheLFSR statefromthenonce
Polynomial= 0x80000057
Trivial torecovertheLFSR statefromthenonce
E-S1 andE-S2 arenevergenerated
E-S1 = E-S2 = 0x0
E-S1 = E-S2 = 0x0
SomeAP havethesame stateateachboot
Makea listofcommonstatesafter reboot
AttacktheAP rightafter boot
As shown, therearemanywaystoforcea reboot
Makea listofcommonstatesafter reboot
AttacktheAP rightafter boot
As shown, therearemanywaystoforcea reboot
Looks okay
Uses/dev/random
Usedin AtherosSDK
But youneverknow
SeveralpapersattacktheentropyofthelinuxPRNG
in embeddedsystems
Uses/dev/random
Usedin AtherosSDK
But youneverknow
SeveralpapersattacktheentropyofthelinuxPRNG
in embeddedsystems
Marvell
Realtek
Intel
Qualcomm
...
Realtek
Intel
Qualcomm
...
It‘scomplicated
Manyoftheimplementations arethereferencecode
forthechipset
OnlytheGUI isreskinned
Thereforemanybrandsareaffected
Manyvendorsusedifferent chipset
Even forthesame modelnumber
Manyoftheimplementations arethereferencecode
forthechipset
OnlytheGUI isreskinned
Thereforemanybrandsareaffected
Manyvendorsusedifferent chipset
Even forthesame modelnumber
Vendor responses
Triedtofind a securityincidentcontact
Triedtocontactthemon Twitter
Triedtocontactthemthroughtheirwebsite
Triedtocontactthemon Twitter
Triedtocontactthemthroughtheirwebsite
Dominique Bongard discovered that Broadcom chips are
affected. Their random number generators apparently are so
easy to guess that an attacker can get your Wi-Fi access point to
give up its PIN code in less than a second.
-----------------------------------
This is the first we have heard of this. We’ll connect with your
security team.
Karen
affected. Their random number generators apparently are so
easy to guess that an attacker can get your Wi-Fi access point to
give up its PIN code in less than a second.
-----------------------------------
This is the first we have heard of this. We’ll connect with your
security team.
Karen
Thanks for checking. This is not a chip issue. The issue you
have identified can affect any Wi-Fi product.
Vulnerabilities can depend on the Wi-Fi standard that is
chosen for security. This may depend on the age of the
product.
Best regards,
Jennifer B.| Senior Manager, Corporate Communications
have identified can affect any Wi-Fi product.
Vulnerabilities can depend on the Wi-Fi standard that is
chosen for security. This may depend on the age of the
product.
Best regards,
Jennifer B.| Senior Manager, Corporate Communications
We do use the Broadcom chipset in some of our offerings, and
we're reaching out to Broadcom as we speak, to find out if any of
the ones we use are affected by this issue.
[...] Also, for your information -Cisco has a very limited number
of wireless products with support for WPS. Most of them are Small
and Medium business products, while others are sold to Service
Providers (not to end users) to be used as cable modem CPEs.
And some of those CPEs have wireless capabilities, and some
support WPS. We'll investigate them all, make our results public
by following our security policy.
we're reaching out to Broadcom as we speak, to find out if any of
the ones we use are affected by this issue.
[...] Also, for your information -Cisco has a very limited number
of wireless products with support for WPS. Most of them are Small
and Medium business products, while others are sold to Service
Providers (not to end users) to be used as cable modem CPEs.
And some of those CPEs have wireless capabilities, and some
support WPS. We'll investigate them all, make our results public
by following our security policy.
Triedtocontactthemvia theirwebsite
Thanks, Dominique. This is very helpful.
In the future, I encourage you to report any Wi-Fi-related vulnerabilities
directly to us. Wi-Fi Alliance reviews all submitted reports of security
vulnerabilities affecting Wi-Fi CERTIFIED programs. You can submit
vulnerabilities to [email protected] at https://www.wi-fi.org/secure .
Thanks again.
Regards,
Kevin R. | Director of Program Marketing | Wi-Fi Alliance
In the future, I encourage you to report any Wi-Fi-related vulnerabilities
directly to us. Wi-Fi Alliance reviews all submitted reports of security
vulnerabilities affecting Wi-Fi CERTIFIED programs. You can submit
vulnerabilities to [email protected] at https://www.wi-fi.org/secure .
Thanks again.
Regards,
Kevin R. | Director of Program Marketing | Wi-Fi Alliance
WPS static pin
generation attack
generation attack
PIN values should be randomly generated, and they
SHALL NOT be derivable from any information that can
be obtained by an eavesdropper or active attacker. The
device’s serial number and MAC address, for example,
are easily eavesdropped by an attacker on the in-band
channel.
SHALL NOT be derivable from any information that can
be obtained by an eavesdropper or active attacker. The
device’s serial number and MAC address, for example,
are easily eavesdropped by an attacker on the in-band
channel.
Arris
http://packetstormsecurity.com/files/123631/ARRIS-DG860A-WPS-PIN-Generator.html
Belkin
http://ednolo.alumnos.upv.es/?p=1295
Other
http://www.hackforums.net/printthread.php?tid=4146055
… *
Tenda,Sitecom, Linksys, FTE, Vodafone, ZTE, Zyxel
http://www.crack-wifi.com/forum/topic-8793-wpspin-
generateur-pin-wps-par-defaut-routeurs-huawei-belkin.html
http://packetstormsecurity.com/files/123631/ARRIS-DG860A-WPS-PIN-Generator.html
Belkin
http://ednolo.alumnos.upv.es/?p=1295
Other
http://www.hackforums.net/printthread.php?tid=4146055
… *
Tenda,Sitecom, Linksys, FTE, Vodafone, ZTE, Zyxel
http://www.crack-wifi.com/forum/topic-8793-wpspin-
generateur-pin-wps-par-defaut-routeurs-huawei-belkin.html
Conclusion
DisableWPS now!
Reverse engineers: Check otherAP forbadPRNG
Cryptographers: Check ifgoodPRNG areokay
Reverse engineers: Check otherAP forbadPRNG
Cryptographers: Check ifgoodPRNG areokay
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 2,362
- Slides 76
- Age 4020 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
33 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
36 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
33 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views