Modify

Opened 3 years ago

Closed 3 years ago

Last modified 2 years ago

#17955 closed defect (fixed)

The default WPS pin (12345670)

Reported by: morfik Owned by: developers
Priority: normal Milestone:
Component: packages Version: Trunk
Keywords: Cc:

Description

I've configured the WPS feature on my router just for tests, and there's some things that I don't get. I know that you know the WPS protocol isn't secure, and I know this as well, but this mostly concerns the pin method. I wanted to configure PBC as described on the wiki so I added the following to /etc/config/wireless file:

option wps_pushbutton '1'
option wps_device_type '6-0050F204-1'
option wps_config 'push_button'
option wps_device_name 'OpenWrt AP'

There's no pin option specified -- I don't even know if it's possible. Besides, the wiki says there's just one method supported: push_button. Anyways I checked if everything works well, and it does -- the WPS works, tested via two commands: hostapd_cli wps_pbc and wpa_cli wps_pbc .

But there's one thing -- the reaver tool can hack my wifi without a problem... It used the pin 12345670, and it got the wifi key.

After googling, I changed some lines in the file /lib/netifd/hostapd.sh:

...
config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin
...
wps_device_type wps_device_name wps_manufacturer wps_pin \
...
set_default wps_pin "12345670"
...
append bss_conf "ap_pin=$wps_pin" "$N"
...

I removed wps_pin from the first two lines and deleted the other two completely. There's no pin option in the file /var/run/hostapd-phy0.conf now, and WPS works without a problem. I also checked if reaver can hack this setting, and it gives me just the following log:

[!] WPS transaction failed (code: 0x04), re-trying last pin

I'm not sure if this default pin 12345670 is acceptable and expected, but this setting sucks, and I think most people aren't even aware of how easy they can be hacked by using WPS/PBC in OpenWRT, and the best thing is that there's no info on the wiki page that would say something about this issue and warn people.

Attachments (0)

Change History (3)

comment:1 Changed 3 years ago by swalker

  • Resolution set to duplicate
  • Status changed from new to closed

Dupe of #17873.

comment:2 Changed 3 years ago by anonymous

  • Resolution duplicate deleted
  • Status changed from closed to reopened

comment:3 Changed 3 years ago by cyrus

  • Resolution set to fixed
  • Status changed from reopened to closed

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.