pixiewps v1.4.2 releases, An offline Wi-Fi Protected Setup brute-force utility

Pixiewps is a tool written in C used to bruteforce offline the WPS PIN exploiting the low or non-existing entropy of some software implementations, the so-called “pixie-dust attack” discovered by Dominique Bongard in summer 2014. It is meant for educational purposes only.

As opposed to the traditional online brute-force attack, implemented in tools like Reaver or Bully which aim to recover the pin in a few hours, this method can get the PIN in only a matter of seconds or minutes, depending on the target, if vulnerable.

Since version 1.4, it can also recover the WPA-PSK from a complete passive capture (M1 through M7) for some devices (currently only some devices which work with --mode 3).

It all started as a project from the community, more details can be found here:

• https://forums.kali.org/showthread.php?25018-Pixiewps-wps-pixie-dust-attack-tool
• https://forums.kali.org/showthread.php?24286-WPS-Pixie-Dust-Attack-(Offline-WPS-Attack)

You can also visit the wiki.

Changelog v1.4.2

Added

• Huge performance optimizations (--mode 1,3) @1yura.

Fixed

• Segmentation fault when --authkey is not supplied.
• Issue with PRNG bruteforce (--mode 2).
• Incorrect N1 seed displayed (--mode 2).
• Incorrect seeds displayed when PRNG is not bruteforced (--mode 3).

Changed

• Switched from mbedtls and libtommath to libtomcrypt and tomsfastmath @rofl0r.
• Moved Makefile to top directory.
• Added installation of man page on make install.

Removed

• Android.mk

Install

Download

git clone https://github.com/wiire/pixiewps

or

wget https://github.com/wiire/pixiewps/archive/master.zip && unzip master.zip

Build

Optionally, you can run make OPENSSL=1 to use faster OpenSSL SHA-256 functions.

Install

sudo make install

Usage

pixiewps <arguments>



Required arguments:



  -e, --pke         : Enrollee public key

  -r, --pkr         : Registrar public key

  -s, --e-hash1     : Enrollee hash 1

  -z, --e-hash2     : Enrollee hash 2

  -a, --authkey     : Authentication session key

  -n, --e-nonce     : Enrollee nonce



Optional arguments:



  -m, --r-nonce     : Registrar nonce

  -b, --e-bssid     : Enrollee BSSID

  -v, --verbosity   : Verbosity level 1-3, 1 is quietest           [3]

  -o, --output      : Write output to file

  -j, --jobs        : Number of parallel threads to use         [Auto]



  -h                : Display this usage screen

  --help            : Verbose help and more usage examples

  -V, --version     : Display version



  --mode N[,... N]  : Mode selection, comma separated           [Auto]

  --start [mm/]yyyy : Starting date             (only mode 3) [+1 day]

  --end   [mm/]yyyy : Ending date               (only mode 3) [-1 day]

  -f, --force       : Bruteforce full range     (only mode 3)



Miscellaneous arguments:



  -7, --m7-enc      : Recover encrypted settings from M7 (only mode 3)

  -5, --m5-enc      : Recover secret nonce from M5       (only mode 3)

Pixiewps Copyright (C) 2015 wiire-a

Source: https://github.com/wiire-a/