reckah202425
Eternal Poster
- Joined
- Mar 16, 2020
- Posts
- 1,078
- Reaction
- 1,214
- Points
- 416
So guys dagdag kaalaman lng para sa mga gustong mag häçk ng wifi with wps enabled
WPS uses a pre shared PIN to provide access. This PIN is 8 digit long and the total number of combination of passwords using these digits sum up to 100,000,000 combinations.
So, if you brute force 1 pin per second, it would take 1157 days in the worst possible case. Obviously this isn't a viable attack, but fortunately for us, there are some flaws in the WPS protocol that we can exploit to speed things up.
The 8th digit of the PIN isn't actually used as part of the PIN but is instead a checksum for the prior 7 digits. This reduces the possible combinations from 100,000,000 to 10,000,000. This instantly reduces the attack to 115.7 days to try all possible combinations or 57.8 days to try 50% based on a rate of 1 PIN per second.
Ok, so 58 days, that's not too bad. It's certainly faster than trying to cr@ćk a strong WPA PSK, but it's still not fast enough to be considered a viable attack vector. Fortunately there is another flaw in the WPS protocol that can be exploited to reduce these times even further.
When presenting the PIN number for verification it is actually sent in 2 halves, the first 4 digits and the last 4 digits. These separate halves are then verified independently. This presents a huge weakness in what would otherwise be a much stronger key as the effective key space has now been reduced considerably. The first half of the PIN only has 10,000 possible combinations and at our rate of 1 PIN per second would only take 2.7 hours to guess all possible combinations.
The second half of the PIN, due to the checksum value, only has 1,000 combinations and would take a meager 16 minutes to guess all possible combinations. To go from a total time of 4 months down to 3 hours to try all possible combinations shows how the WPS protocol does not take advantage of the security offered by an 8 digit PIN. This is one of the main reasons WPS presents a weak link in the chain of your WiFi security.
WPS uses a pre shared PIN to provide access. This PIN is 8 digit long and the total number of combination of passwords using these digits sum up to 100,000,000 combinations.
So, if you brute force 1 pin per second, it would take 1157 days in the worst possible case. Obviously this isn't a viable attack, but fortunately for us, there are some flaws in the WPS protocol that we can exploit to speed things up.
The 8th digit of the PIN isn't actually used as part of the PIN but is instead a checksum for the prior 7 digits. This reduces the possible combinations from 100,000,000 to 10,000,000. This instantly reduces the attack to 115.7 days to try all possible combinations or 57.8 days to try 50% based on a rate of 1 PIN per second.
Ok, so 58 days, that's not too bad. It's certainly faster than trying to cr@ćk a strong WPA PSK, but it's still not fast enough to be considered a viable attack vector. Fortunately there is another flaw in the WPS protocol that can be exploited to reduce these times even further.
When presenting the PIN number for verification it is actually sent in 2 halves, the first 4 digits and the last 4 digits. These separate halves are then verified independently. This presents a huge weakness in what would otherwise be a much stronger key as the effective key space has now been reduced considerably. The first half of the PIN only has 10,000 possible combinations and at our rate of 1 PIN per second would only take 2.7 hours to guess all possible combinations.
The second half of the PIN, due to the checksum value, only has 1,000 combinations and would take a meager 16 minutes to guess all possible combinations. To go from a total time of 4 months down to 3 hours to try all possible combinations shows how the WPS protocol does not take advantage of the security offered by an 8 digit PIN. This is one of the main reasons WPS presents a weak link in the chain of your WiFi security.