Maurie Posted March 21, 2017 Share Posted March 21, 2017 Hi! This seems so obvious to me - how can I retrieve the wifi configuration/password from a router with the WPS push button pressed? Not only is it hard to find how that protocol really works (while there's nice writeups about the PIN method and M1-M6 messages etc.), I also haven't found a tool. What I imagined is a kind of "wash -i mon0 -WPSbutton" - a tool that monitors all WPS networks in reach and as soon as one of them has the WPS button pressed retrieves that password. Does an AP advertise the button pressed or would such monitoring require active client requests to all APs in range every 30s or so? Am I missing something or is there no tool available to do that? Not even with a specified target bssid? Like "reaver -i mon0 -b 02:02:02:02:02:02 -wpsbutton" and then spits out the same result as when supplied with the correct PIN. I also never read about this passive attack vector other than in a sidenote. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.