How To Offline WPS Attack using PixieWPS

Published on: Apr 4, 2015 @ 5:08 pm by Matthew Knight

Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack). It is meant for educational purposes only. All credits for the research go to Dominique Bongard.

This attack only works for the default WPS implementation of several wireless chip makers, Ralink, Realtek, and Broadcom. The attack focuses on a lack of randomization when generating the E-S1 and E-S2 "secret" nonces.
If the attacker can figure out those two nonces, they can crack the pin within 1 second for some devices to about 30 minutes. A tool has been developed named pixiewps and a new version of Reaver has been developed in order to automate the process.

Since both the access point and client (Enrollee and Registrar respectively) need to prove they know the pin (in order to make sure the client is not connecting to an Evil AP,) the attacker already has two hashes that contain each half of the PIN, all they need to do is brute force the actual pin. The access point sends two hashes, E-Hash1 and E-Hash2 to the client in order to prove that it also knows the pin. E-Hash1 and E-Hash2 are hashes of (E-S1 | PSK1 | PKe | PKr) and (E-S2 | PSK2 | PKe | PKr) respectively. The hashing function is HMAC-SHA-256 and uses the "Authkey" which is the key used to hash the data.

You will need a Compatible Wireless card i recommend one of these Compatible Wireless Cards:


Compatible Wireless Cards:

Alfa Networks AWUS036H - Works! Alfa Network AWUS036NH - Untested! TP-LINK TL-WN722N - Works!

Did this video help you?

Make a Donation



Last edited by Matthew Knight on July 19, 2015 at 8:41 pm