1

I was testing how WPS works on my home router and tried to gain access with a tool I found on github called airgeddon. Problem is, I got the PIN down (the PIN I wrote down below is made up, it's actually another one), and I got the key back which is a 8 digit number, not my WPA2 password.

My output looks like this:

  • PIN: 12345670
  • Key: 12312312

while it should look like this:

  • PIN: 12345670
  • Key: "mypassword"

Is this a IPS that comes with the router? I can't use that key to connect when I press the button as well.

schroeder
  • 123,438
  • 55
  • 284
  • 319
leroy_jenkins
  • 11
  • 1

1 Answers1

0

To use airgeddon is exactly the same as using reaver or bully for wps stuff. The tool will use any of them based on your selection on menu (it is shown if reaver or bully will be used).

If you already know the pin, you can choos the custom pin association attack just to test. In theory, the WPA password should be retrieved if your router has WPS enabled and if it is not wps-locked due many attempts or if the router has no PBC (Push Button Connect) enabled.

It works for me like a charm.

OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48
  • I used the custom PIN association attack and tried the PIN I usually use. I received the key which is not the key I use to login. I am asking if this developed on purpose as a security mechanism. As I have two routers at home, I tried on both of them (different models) and one of them answers me with a pin which is not correct. I am also wondering if this is a security mechanism to back off potential malicious attacks by sending a fake pin. Thank you for your reply. – leroy_jenkins Jan 13 '21 at 15:09
  • Interesting... I never saw a behaviour like that. Usually it answers with the right PIN and the right WPA/WPA2 password – OscarAkaElvis Jan 14 '21 at 16:02
  • Well, thanks for the help! – leroy_jenkins Jan 18 '21 at 12:01