[Release] pixiewps 1.1 & reaver 1.5.2

[Sebkinne]

Released a video on how to do this for anyone curious...

Nice video ZaraByte! Just a heads-up though, to install pixiwps, you can simply execute "opkg update && opkg install pixiwps" via SSH (as long as your WiFi Pineapple has an internet connection).

Best Regards,

Sebkinne

[DataHead]

Yeah thank you for the video man, i will get around to better formatting the original topic, and if you would like you video tutorial on installing and or one on usage, id be glad to put it up on the original post. But as it stands now, seb has updated the repository for pixiewps to be installed through:

opkg update && opkg install pixiewps

Reaver 1.5.2 openwrt port is still in its testing phases, and we are planning to update the master fork on t6x's github rather soon. with some needed bug fixes That have been carried on through the years of reavers early builds. So while things are still in this stage, i will provide pre-compiled packages here for you guys.

But some answers to questions you had on your video:

pixiewps doesnt need -S , but if you do use -S, you also need to reflect that in reavers command line with -S (small dh keys )

but it will only work with its vector of attack to the supporting chipset(s). I recommend not using -S in reaver / pixiewps, as you will get better results With all available chipset attacks currently implemented.

And as for PKR, that ties in with -S. Using dh small keys eliminates PKR while PKR is not needed for some, it will be with others. So yes, PKR is an important hash to gather if not using -S.

Now about autopixiewps, looking at the code, it should work great, but it needs a must have change in the way it calls wash (otherwise the results will come up empty ). You have to open up autopixiewps, and remove its -C from the wash call within. And will Also want to add the proper in line checks for R-NONCE.

Edited May 29, 2015 by DataHead

[ZaraByte]

Sebkinne my issues with installing this was that once you do the opkg update like datahead say you will have to reboot the pineapple due to a md5 mismatch im sure that will be corrected maybe later but for now that's the way i figured would be best.

I do apologize for the rants and adding stuff that isn't needed i did make that aware that factory reset is optional i did the factory reset for a couple reasons

1. Because i already had them installed for a test run.

2. I wanted to avoid any issues by doing a factory reset.

Skipping to 11:50 in the video is basically where you need to start.

Edited May 29, 2015 by ZaraByte

[Fallen Archangel]

Now about autopixiewps, looking at the code, it should work great, but it needs a must have change in the way it calls wash (otherwise the results will come up empty ). You have to open up autopixiewps, and remove its -C from the wash call within. And will Also want to add the proper in line checks for R-NONCE.

I know basically nothing about Reaver and WPS, so I don't know how to add the check for R-Nonce, but I've noticed that with the -C removed from both autopixiewps and wifite-ng, wifite works just fine, and autopixiewps is able to pickup wps clients now. I've looked online and I can't find anything about R-Nonce aside from it's man file entry. (Which basically says nothing)

Is there anywhere I should be looking for this? Thanks

[DataHead]

wifite-ng (should) check for rnonce, as its been updated quite frequent. But opposed to autopixiewps, its just a few lines needed to be added where in the reaver function where it checks if in line PKE PKR etc etc, then at the end of the loop it does a check if the hashes are completed and there need to be a check for the rnonce variable in there as wel. I can do this when i get some free time, maybe tomorrow or the next day

[Primz]

When is this going to be available for the pineapple bar as if only way to get new infusions or updated infusions is via the ssh route and opkg update && opkg install pixiwps don't that kind of make the pineapple bar a bit redundant? Pineapple bar is a great idea so don't know why it's not being used to it's fullest capacity?

[DataHead]

Well, it all starts with something like this being done.

Most of the infusions rely on the packages aquired through opkg, or third party packages.

And once its available as such, infusion developers can then start making infusions to take full advange of these packages and their commands, and put it in an easy to use gui and obtained through the pineapple Bar.

If you would like it as an infusion, maybe you can create a thread in the infusion sub-forum, or contact an infusion developer and just simply make a request. They may or may not choose to make it available as of yet, because my reaver builds are still in an experimental stage. And may choose to wait and see if it becomes stable enough to be put into the official markv package repositories.

I'd like to see them put into an infusion also :-)

[Fallen Archangel]

Most of the infusions rely on the packages aquired through opkg, or third party packages.

Also, wouldn't the modified Reaver also have to be in the pineapple packages?

Sure it could be downloaded from somewhere else, but I'm not sure how well that would go over with Hak5.

[DataHead]

The hak5 team will decide whether or not if it is stable enough later in its progression, if they want to put it in their official repos.

As far as an infusion being made and obtaining reaver elsewhere other than their official repos, you have to state it is not an official package to the user and that it is not a supported package by hak5. and it is all done at the users own risk. And they have to of acknowledged that and soforth.

Im not sure if it still stands that way or not, but at one point in time, the infusion PortalAuth had to do this to be able to be put on the pineapple bar.

Edited June 2, 2015 by DataHead

[DataHead]

But i do promise you that i am working hard to get things ironed out with reaver to make it as stable as possible, and Seb is well aware of this project, as i keep him rather updated on my progress and changes, and as does he on his end.

And at this point in time, i wouldnt advise him to put it in the repos in it current state, but it is getting better. Just because it works fine right now, does not mean their aren't some underlying problems that need to be sorted before considering to put it on the official repos.

and its not just this version of reaver, its also bugs persistent from reaver 1.3 onward. And not just with openwrt / pineapple versions of it either.

But hopefully this can all be worked out and said as a stable release sooner than later

Edited June 2, 2015 by DataHead

[raz0r]

Not to sure about you lot but since they updated aircrack-ng suite its broken soooooo many things that i frequentley use its crazy, but i managed to find a work around thank god i back Kali up here is what i do.

apt-get update

echo "aircrack-ng hold"|dpkg --set-selections

apt-get dist-upgrade

Hope this helps you guys out

Kind Regards

Ed

Edited June 2, 2015 by raz0r

[fringes]

You are probably referring to the fact that the aircrack-ng suite has replaced the original airmon-ng with airmon-zc (from ZeroChaos). It has some clear advantages, but there are certainly a lot of external scripts that don't "like" the new (improved) monitor interface naming convention, but that will hopefully be sorted out soon.

Are there other issues too?

[DataHead]

Good news, lots of bug fixes and improvements, and will be stable enough for us to put in the master github branch and we will create a sub branch for openwrt big endian, and we've added logging Of pixie hashes (great feature, and eliminates the need of resource hog scripts redirect and to grep them out, so wardrivers get ready!) in the openwrt versions and that will be merged over to the master aswel.

Bug fixes, tons of bug fixes done!

[ZaraByte]

Am I the only one having an issue with pixiewps on the Mark 5 appears when i copypasta the PKE part of the PKE is cut off plus you can't type or add on to the PKE that's missing its like the max characters have been reached. You know how like Twitter only allows like what 140 characters before you can't type anymore well this is happening with the Mark 5 cuts off half the PKE you type to append to it won't let you add anything.

Connected to the Pineapple over SSH via putty not sure if its a bug or what.

Edited June 4, 2015 by ZaraByte

[DataHead]

You must be in a bash shell within the ssh session

[DataHead]

pineapples default shell is ash, not bash.

so ssh into the pineapple, then

Type:

bash

Thats all, and it will allow for larger arguments ( to copy and paste the large amount of hashes for pixiewps )

[DataHead]

Also zarabyte, check your pm's

[DataHead]

First post updated, new build up, with new features and bug fixes.

important note, -vvv (yes that 3 v's) is now used to display "PixieHashes" you must use this now instead of -vv.

also, ive added auto hash logging with the -H switch.

so if coupled with -vvv and or -P or -K 1 etc, it will save a log of all the hashes gathered with a filename of the target bssid [macaddress].pixie

this file also includes a full command ready for putting into pixiewps, or you can chmod +x the file, and just run it as a script to auto crack the hashes.

there has also been a new default pin generator added :)

[ZaraByte]

Saw your messages data head thanks for clearing some things up with how modded reaver and pixiewps work will help me hopefully explain stuff a little better when i release some videos on pixie dust attack here in the next couple weeks working on getting a vulnerable router that i can test with so i can leave the people on my street alone and avoid ticking them off or going to jail over it.

[crazyclown]

First post updated, new build up, with new features and bug fixes.

important note, -vvv (yes that 3 v's) is now used to display "PixieHashes" you must use this now instead of -vv.

also, ive added auto hash logging with the -H switch.

so if coupled with -vvv and or -P or -K 1 etc, it will save a log of all the hashes gathered with a filename of the target bssid [macaddress].pixie

this file also includes a full command ready for putting into pixiewps, or you can chmod +x the file, and just run it as a script to auto crack the hashes.

there has also been a new default pin generator added :)

Very useful update, it's doesn't get simpler than this.

[DataHead]

I have made memory improvements in reaver, i will post the compiled binary a bit later :-)

[DataHead]

reaver_Big_endian-2_ar71xx

https://mega.nz/#!C9oiSDxI!aaZa7MacA1FpFlanz7mLF4RF7QDw86ldK731Iy5e9Q8

This update reflects some needed memory improvements

[Bob_]

I set up and installed as the OP said, but i keep getting hangs in Reaver and Wash. More specifically wash does not show any APs and Reaver says its waiting for a beacon response. Do any packages or dependencies for pixie have incompatibilities with any infusions possibly?

[crazyclown]

I set up and installed as the OP said, but i keep getting hangs in Reaver and Wash. More specifically wash does not show any APs and Reaver says its waiting for a beacon response. Do any packages or dependencies for pixie have incompatibilities with any infusions possibly?

Sounds to me like wlan1 is in use, Reaver and Wash won't work if it is.

[Bob_]

Sounds to me like wlan1 is in use, Reaver and Wash won't work if it is.

It seems to be working after fiddling about with airmon-ng for a while. I think the bug may lay there as i re-enabled mon0 on wlan1 multiple times immediately after restart and im not exactly sure what i did to make wash print APs. Anyways, it works fine for now, thanks for the help