September 19, 2017, 10:32:08 PM
Welcome, Guest. Please login or register.

You Did *NOT* Just Win a Nigerian Lottery...

Author Topic: Reaver Pro Revisited  (Read 4283 times)

Offline syntropic

  • Prospect
  • *
  • Posts: 37
  • Internets: +4/-0
Reaver Pro Revisited
« on: November 16, 2014, 05:45:17 PM »
I have a copy of Reaver Pro I (software only, ~1GB, and also a modified version created by TH3CRACK3R ) from last year. 

I used the original Reaver when it came out back in 1/2012, and it was a pretty interesting exploit.  I had some successes early on, and as time progressed, it became a bit more of a challenge to "become one with the router" (or course by doing a few
Code: [Select]
iw dev wlan1 scan commands to learn what you can about the router.

But I have not used it in awhile... I have been mostly improving my python scapy skills which are quite useful.

Lately however, I have two reasons to look back at Reaver... one, which is more mundane, is that I need to see if a particular Netgear router (WND1000v3) is vulnerable (and one other router actually), but also, because I would like to take a look at the the code.  I am not sure if Mr. Heffner has released his Reaver Pro in source format, but even if not, I would like to just play with it and make not of any improvements.

This ties especially into the announcement last September by 0xcite at Password-Con, where he explained that a substantial falw was present in the chipsets of many many routers (and given the ominous silence and details, I suspect it is quite a big deal.  Basically, if you weren't paying attention back then...  he stated that the E-S1 and E-S2 128 bit nonces in M3, and R-S1 and R-S2, the two 128 bit nonces in M4 are based on a PRNG that is substantially vulnerable.  He mentioned that broadcom was a chipset manufacturer that has a variation of this vulnerability, but would not even disclose the manufacturer of the chipsets with even more serious vulnerabilities.... like a PRNG generating a null for the aforementioned hashes.  To me this sounds like trouble.

Even if you tried to hunt down the youtube presentation (and I am not even sure it is still up), the sound was very conspicuously absent  from his presentation.  Soon after the video was uploaded, some commenters complained about the audio (one early viewer I noticed was Tacnetsol, the company the Craig Heffner is with (who created Reaver) expressing his disappointment that there was no sound to the presentation...  The uploader responded by saying "ummm... he just stepped away from the mic, so we missed the sound".  This is complete bullshit... and it is something that there are small pockets of people working on to try and figure out.  If you think about it...even if the manufacturer in question created chipsets for 65% of the WPS routers available (which is all of them, considering you must have WPS to by Wi-Fi Certified by the Wi-Fi Alliance)....if that was the case, the entire security infrastructure for internet wireless communication would essentially collapse.

Now I don't understand a great deal about cryptography... I know a but about it.... I spent 3 hours last night combing the web trying to find in-depth technical specifications for WPS, and they are strangely absent.... there are a lot of dead links.  Apparently they can be purchased for $199, but I was hoping to find an older version to study.

What I wanted to ask is if anyone has investigated this at all, and for those who are programmers and those who understand Registrar-Enrollee handshakes (or any TCP - type handshakes), and the encryption that might be used, we should try and not only learn something, but maybe even find out what they are trying to hide.

Anyway, I have the modified Reaver Pro... and though I doubt the source code is on it, I still would like to look through the files...

Does anyone know if it can unpacked from its iso and installed separately?  Are there any good reverse engineers here who could help a group of us get our hands dirty trying to learn the highly technical details of WPS, and how the pseudo-random-number generators are used and how they might be hacked to determine their flaws???  Of course we would have to find some routers to play with as well...

But if anyone has any interest in this -- if at least for a learning exercise as WPS is still a significant vulnerability no matter the future firmware updates.   Just by the way it is designed, WPS is difficult to turn off (at least turn off completely without any other wireless hacks (potentially yet to be discovered)), and even with the new NFC concept of triggering the PIN... there is a lot of holes still waiting to be found.  WPA2 is getting easier, I admit, but WPS, when one takes the time to really learn it, is going to be the wireless exploit to know for the next 2 or 3 years....

And that is another reason people like Heffner are trying to improve and monitize it... there is no magic bullet that will make this problem go away. 

Offline 0E 800

  • If something can corrupt you, you're corrupted already.
  • Top Hat Member
  • Elite
  • ********
  • Posts: 961
  • Internets: +154/-0
  • ??? ???????? ?s ?? ??c?c??-???
Re: Reaver Pro Revisited
« Reply #1 on: November 17, 2014, 09:23:50 AM »
Here is Reaver 1.4 source.
https://code.google.com/p/reaver-wps/downloads/list

 I doubt there is much difference besides a GUI between the free and paid for versions.

Here is information about the WPS vulnerability:
http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

I have used both reaver 1.4 and the reaver pro 2 with the same results. Most of the current routers use rate limiting which defeats the reaver unless the router is tricked with various mdk attacks.

Most of the Netgear routers I have tried to crack prevented reaver and reaver pro from attempting pins because of rate limiting.

"He who passes not his days in the realm of dreams is the slave of the days."

Offline syntropic

  • Prospect
  • *
  • Posts: 37
  • Internets: +4/-0
Re: Reaver Pro Revisited
« Reply #2 on: November 17, 2014, 01:49:03 PM »
I know the original flaw... I have Viehboeck's white paper.  I am looking for some other documents that are about WPS itself....  I don't care about he flaw everyone knows about... I want to study it.  I am referring to the recent report of a flaw (granted it is similar to the one Viehboeck and Heffner discovered, but this one relates to the chipsets that generate the mechanism (specifically the PRNGs) that create the cryptographic nonces (which are arbitrary numbers used in the initial idenity exchange and EAPs between Registrar and Enrollee in the WPS process.  This is basic WPS mechanics though... as with everything, there is a great deal more detail involved...the detail involved in the recently revealed WPS vulnerability )that the PRNGs were crap (PRNG's create the so-called random number by use of a programmatic "entropy" which seeds the PRNG and creates the random number. 

The real problem is that computers really cannot generate random numbers... there is always a pattern... and if the pattern is weak, so is the PRNG.  And if the PRNG is weak, it can dramatically cut down the number of pins per router.

So this guy 0xcite in September said... "OK, they already screwed up how they generated the number by splitting it into two pieces.... let's see what else they did wrong.  He found (amazingly) that a dramatically significant number of chipset manufacturers (or just a few who make chips for a good majority of routers) used a weak PRNG... and that this PRNG can be hacked and figured out.

So if I told you that you only needed to invert each hex byte of the routers's  Mac address, then compare it to a SHA1 of thedecimal conversion of the mac address, using the larger of the two, then taking the larger of the two, and divide each digit in the sequence by the last nine digits of the decimal conversion of the MAC address.... you could basically figure out every PIN (for those routers, which seems to be exceedingly large based on the way they are all behaving) for let's say conservatively 50% of the WPS enabled routers.... no Reaver even necessary!!!

The main points here is the fact that WPS is a standard... it is not going away.  And the standard for its implementation was codified in 2007... There are weaknesses already in it... and if you understand how it works, use your imagination, learn a little about the cryptographic methods specified in the original standards you could find a treasure trove of hacks.

Think about hot-wiring a car.... when someone first figured out how to do that in the 1920s, did they fix it so you could never hot-wire a car again??? No!!!  Because of the design of the combustion engine and the ignition of it, there was no way to fundamentally change it... They made it harder to get to the wires...or maybe they used little tricks to  make it  more cumbersome to time the ignition sequence... but who cares????!!!??  That little bit of work is trivial compared to having the ability to steal a car. 

Obviously WPS is not oging to be around for 30 years....but I guarantee you, because it is WIFI Alliance standard, meaning no router can be certified without having WPS as a part of it, some form of WPS will be around for at least another 3 years.  People don't change things like this very easily.

Note:  I tried to attach some reference documents that took me awhile to find but the upload directory must not have its permissions set correctly as I could not upload it.

The article/white paper I am looking for is this:  Wi-Fi Protected Setup, Technical Specification, ver. 1.0.0
But it has been scrubbed from the web just about.... There are some Asian sites like Scribd that offer it, but other than screenshots, I don't know how to get it.

In the meantime.... this is a good link to get some background... it also includes more links.

http://www.hackforums.net/printthread.php?tid=4425809

Offline 0E 800

  • If something can corrupt you, you're corrupted already.
  • Top Hat Member
  • Elite
  • ********
  • Posts: 961
  • Internets: +154/-0
  • ??? ???????? ?s ?? ??c?c??-???
Re: Reaver Pro Revisited
« Reply #3 on: November 17, 2014, 03:12:16 PM »
My bad.

Man I cant believe the Wifi Alliance charges $99 for the whitepaper you are looking for.

Ill keep looking but dang. Do you suppose at one time it was free? Maybe the internet archive?

I found this:
http://cfile28.uf.tistory.com/attach/16132E3C50FCFFCB3EC74E



Is it what you are looking for?
« Last Edit: November 17, 2014, 05:20:22 PM by 0E 800 »
"He who passes not his days in the realm of dreams is the slave of the days."

Offline p3kk3rw00d

  • Prospect
  • *
  • Posts: 1
  • Internets: +0/-0
Re: Reaver Pro Revisited
« Reply #4 on: November 18, 2014, 02:25:31 PM »
Did you google pixie dust wifi exploit

Offline alltsbb

  • Prospect
  • *
  • Posts: 1
  • Internets: +0/-0
Re: Reaver Pro Revisited
« Reply #5 on: March 04, 2015, 10:06:58 AM »
Here is a different presentation video with sound: http://video.adm.ntnu.no/pres/549931214e18d
And the actual slide presentation: http://archive.hack.lu/2014/Hacklu2014_offline_bruteforce_attack_on_wps.pdf

Any progress on this?