WPSPin.sh

raz0r · February 27, 2014

Dont know if any one has come accross this yet but looking to use this on the pinapple as soon as it arrives.

Credits out to zaoChunsheng and the orignal post can be found below

WPSPIN.sh is the linux version of the tool taken by the working group www.lampiweb.com.

It uses various algorithms have more details in the readme and below.

WPSPIN mode incorporates "Essid unknown" to FTE (automatically activated, will display three pins)
Its use and implementation are simple, they will have to cut and paste data from your window airopdump-ng, wash, walsh, wireshark etc ...

You can obtain the default PIN (3 if essid is changed FTE) of routeurs directly affected and you can try your luck with reaver.

To do this you must have activated mon0 in monitor mode (which means having installed aircrack-ng) and reaver wps course.

Having a version with option "- p" functional revaer reaver 1.3 or 1.4 FIX 113)

Note that the script will return the PIN obtained by applying the algorithm "zaoChunsheng" for any unsupported or unknown router ... Perhaps you are lucky!

They have integrated generic wire pins
Patterns of PINs for WPA

The work is based on several algorithms that could be divided into two categories, as regards HUAWEI HG532c with essid FTE-XXX (knowing the way essid essid or unknown) and "other". (A few BSSID list and models supported is very lejo from exhaustive)

As you can see from the list of supported bssid, we have a Chinese brand routeur "tenda" with essid unknown.

If I give credits zaoChunsheng should give them to colleagues also:

HG566 Compote vodafoneXXX,
Maripuri (and Zeiffel went around erca ) In telnet Wlan_XXX,
Dirneet in tenda and Zyxel
Found the algorithm beklin-XXXX and FTE FTE unknown mode has been changed so it's hard to say the group was working

Crack-wifi.com Antares_145 wrote him checksum function in bash, generation and testing. Merci l'ami.
With the function and our compilation scripts in our forum 1camarón1 linux've had everything under the hand to do it.

This finding is somewhat intriguing. That one manufacturer uses two algorithms close in two different models routers means ... And even if you use the same for several models, also conceived.

But encountering the same algorithm in a multinational China (huawei) and other U.S. (Beklin) seems like a joke.

WPSPIN:
http://ubuntuone.com/50hTnKWl9tyG5gkm74e05j

WPSPIN (Xubuntu / Ubuntu)
http://ubuntuone.com/5v4LkZZU0cBodulojZrRvq

-------------------------------------------------- -
Manufacturer> HUAWEI
essid> FTE-XXXX
model> HG532c "Echo Life"
--------------------------------------------------
Supported bssid
04:C0:6F
20:2B:C1
28:5FB
80:B6:86
84:A8:E4
B4:74:9F
BC:76:70
CC:96:A0
--------------------------------------------------
Manufacturer> HUAWEI
essid> vodafoneXXXX
model> HG566a
--------------------------------------------------
Supported bssid
5C:4C:A9:
62:A8:E4:
62:C0:6F:
62:C6:1F:
6A:55:9C:
6A:C7:14:
72:C0:6F:
72:C7:14:
72:E8:7B:
--------------------------------------------------
Manufacturer> Belkin
essid> Belkin_N + _XXXXXX
model> F5D8235-4 v 1000
--------------------------------------------------
Supported bssid
00:22:75:
--------------------------------------------------
Manufacturer> Belkin
essid> belkin.XXX
model> F9K1104 (N900 DB Wireless N + Router)
--------------------------------------------------
Supported bssid
08:86:3B:
--------------------------------------------------
Manufacturer> Belkin
essid> belkin.XXX
model> F5D8231-4 ver. 5000
--------------------------------------------------
Supported bssid
00:1CF
--------------------------------------------------
Manufacturer> Teldat
essid> WLAN_XXXX
essid> WLAN_XX
model> iRouter1104-W
--------------------------------------------------
Supported bssid
00:A0:B6:
--------------------------------------------------
Manufacturer> Zyxel
essid> ZyXEL
model> ZyXEL NBG-419N
--------------------------------------------------
Supported bssid
50:57:F0:
-------------------------------------------------
Manufacturer> Tenda
essid>?
model> W309R
-------------------------------------------------
Supported bssid
C8:3A:35:
NEW! They have integrated generic wire pins http://lampiweb.com/foro/index.php/topic, 8188.0.html

ROUTERS MODELS WITH GENERIC INTEGRATED PINS
-----------------------------------------------
Fagricante> NOTES TELECOM
essid> WLAN_XXXX
model> AW4062
-----------------------------------------------
Supported bssid
00:19:15
-----------------------------------------------
Manufacturer> ZYXELL
essid> WLAN_XXXX
model> P-870HW-51A V2
-----------------------------------------------
Supported bssid
40:4A:03:
-----------------------------------------------
Manufacturer> OEM Shenzhen Electronics Gongjin
essid> WLAN_XXXX
Model> Encore ENDSL-4R5G
-----------------------------------------------
Supported bssid
F4: 3E: 61:
00:1F:A4:
-----------------------------------------------
Manufacturer> Comtrend
essid> JAZZTELL_XXXX
Model> AR-5387un
-----------------------------------------------
Supported bssid
38:72:C0:
-----------------------------------------------
Manufacturer> ADB-Broadband
essid> WLAN_XXXX
model> PDG-A4001N
-----------------------------------------------
Supported bssid
30:39:F2:
DC:0B:1A:
-----------------------------------------------
Manufacturer> Comtrend
essid> WLAN_XXXX
model> Gigabit 802.11n
-----------------------------------------------
Supported bssid
00:1A:2B:

Source of Original Thread: