Brute force attack against Wifi Protected Setup

Probably most of you already heard about weakness in Wifi Protected Setup discovered recently.
Using it you can reduce PIN authentication probes from 100000000 to only 11000 making brute force attack possible and reveal password to network in about 4 hours (usually even sooner).

Most AccessPoints are vulnerable thus with this attack you can brute-force almost any network around. Doesn’t matter if it uses WPA/WPA2 nor which method PSK/Radius. It only needs to be WPS enabled and most of APs are.

I’ve just packaged reaver-wps tool for Debian (I’m also an author of its ArchLinux PKGBUILD) and it’s now waiting in new queue.

If you want to try it before it enters unstable I put it also on my account.
After installing it all you have to do is enable monitor mode in your wifi card (you need aircrack-ng package for that):

airmon-ng start wlan0

Then start attack:

reaver -i mon0 -b xx:xx:xx:xx:xx:xx -vv

Of course name of interfaces may differ as their depend on your wifi driver. After -b switch you have to enter BSSID of the target AP.

That’s all. Happy ha^Wcracking ;)

I wonder if it really enter Debian archive, cause it’s shipped with several libraries already included in Debian. Mainly Linux Wireless Extensions library, and some part of wpa-supplicant package (this are at least slightly modified).

In fact there are chances that reaver will became the part of the aircrack-ng suite (they discuss it already), but that won’t happen soon, so it still would be great to have this package in Debian.

  • Bookmark and Share

4 thoughts on “Brute force attack against Wifi Protected Setup

  1. rjc

    Hi fenio,

    You’ve mentioned aircrack-ng package which has been removed from Debian.
    Are you planning to package it as well again and put it into the pool prior to/with reaver?

    Having reaver without airmon-ng, which is a part of aircrack-ng, seems pointless otherwise.



  2. ctrix

    Yust to let you know that the correct build dependency is libpcap-dev, not libcap-dev as stated erroneusly in the control file.
    I don’t believe it will ever enter debian with that error.


Leave a Reply

Your email address will not be published. Required fields are marked *

four × = 32

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>