pixiewps v1.4.2 releases, An offline Wi-Fi Protected Setup brute-force utility

Pixiewps

Pixiewps is a tool written in C used to bruteforce offline the WPS PIN exploiting the low or non-existing entropy of some software implementations, the so-called “pixie-dust attack” discovered by Dominique Bongard in summer 2014. It is meant for educational purposes only.

As opposed to the traditional online brute-force attack, implemented in tools like Reaver or Bully which aim to recover the pin in a few hours, this method can get the PIN in only a matter of seconds or minutes, depending on the target, if vulnerable.

pixiewps_screenshot_1

Since version 1.4, it can also recover the WPA-PSK from a complete passive capture (M1 through M7) for some devices (currently only some devices which work with --mode 3).

pixiewps_screenshot_2

It all started as a project from the community, more details can be found here:

You can also visit the wiki.

Changelog v1.4.2

Added

  • Huge performance optimizations (--mode 1,3@1yura.

Fixed

  • Segmentation fault when --authkey is not supplied.
  • Issue with PRNG bruteforce (--mode 2).
  • Incorrect N1 seed displayed (--mode 2).
  • Incorrect seeds displayed when PRNG is not bruteforced (--mode 3).

Changed

  • Switched from mbedtls and libtommath to libtomcrypt and tomsfastmath @rofl0r.
  • Moved Makefile to top directory.
  • Added installation of man page on make install.

Removed

  • Android.mk

Install

Download

git clone https://github.com/wiire/pixiewps

or

wget https://github.com/wiire/pixiewps/archive/master.zip && unzip master.zip

Build

cd pixiewps*/
make

Optionally, you can run make OPENSSL=1 to use faster OpenSSL SHA-256 functions.

Install

sudo make install

Usage

Pixiewps

pixiewps <arguments>


Required arguments:

-e, --pke : Enrollee public key
-r, --pkr : Registrar public key
-s, --e-hash1 : Enrollee hash 1
-z, --e-hash2 : Enrollee hash 2
-a, --authkey : Authentication session key
-n, --e-nonce : Enrollee nonce

Optional arguments:

-m, --r-nonce : Registrar nonce
-b, --e-bssid : Enrollee BSSID
-v, --verbosity : Verbosity level 1-3, 1 is quietest [3]
-o, --output : Write output to file
-j, --jobs : Number of parallel threads to use [Auto]

-h : Display this usage screen
--help : Verbose help and more usage examples
-V, --version : Display version

--mode N[,... N] : Mode selection, comma separated [Auto]
--start [mm/]yyyy : Starting date (only mode 3) [+1 day]
--end [mm/]yyyy : Ending date (only mode 3) [-1 day]
-f, --force : Bruteforce full range (only mode 3)

Miscellaneous arguments:

-7, --m7-enc : Recover encrypted settings from M7 (only mode 3)
-5, --m5-enc : Recover secret nonce from M5 (only mode 3)

Pixiewps Copyright (C) 2015 wiire-a

Source: https://github.com/wiire-a/