Today I tried a program called Dumpper and the program showed me default WPS of all of my neighbor access points without bruteforcing them, see screenshot below:
How does this program work?
Asked
Active
Viewed 2.0k times
14
-
Well, without having used the program, the key word here seems to be "default." What router someone is using isn't difficult to determine from its MAC, and from there it probably just looks up the default... Did you actually try these, and did they work? This also looks similar to [this tool](http://xiaopan.co/forums/threads/default-wps-pin-generator.5397/) – KnightOfNi Apr 09 '15 at 11:42
-
@KnightOfNi Yes I tested it on 8 different APs and it worked. as far as I know we can only understand manufacturer of a router using it's MAC address. what specifies exact router's model? – Amirreza Nasiri Apr 09 '15 at 12:11
1 Answers
7
WPS does not seem to be a well implemented technology. If you reverse engineer the firmware, you may find that the algorithm is MAC based, etc (such as in the case of some D-Link Routers or Belkin).
It also looks like in many cases that implementation weaknesses also permit brute forcing (also see CERT VU#723755) to be done easily.
This is supposedly open source software, so you can examine it to see what is going on exactly, but the code doesn't seem to actually be upon on SF.
Eric G
- 9,691
- 4
- 31
- 58
-
Reaver is a Linux tool which does similar types of attacks: https://code.google.com/p/reaver-wps/wiki/Resources so you could review the source to this app to get a better conceptual overview. – Eric G Apr 09 '15 at 14:49