Why was the brute force PRNG attack removed? Granted, it never worked for me but it felt good to keep trying. lol
It is not removed.
What happens is that wiire automatized it in the last version of pixiewps.
We have 3 cases
- Ralink chipset : no brute force of PRNG is required as the value of ES1 and ES2 is always 0. Crack of hashes is inmediate.
- Broadcom chipset: brute force of PRNG is trivial and immediate because the seed use to randomize is very week
- Last case : Realtek
For the two first first cases everything is automatic since day one as there is no entropy (ralink) or a very weak one. (broadcom)
Last case (realteck) is the one that can requires a longer brute force.
1) The seed used is the value in second at the time of the WPS exchange = no brute force
2) Or the time in seconds of the last firmware installation-activation = in this case a little brute force is needed.
A fact to know is that the realteck devices use permanently in every device the same PKE:
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: Realtek
Pixiewps does now detect that automatically.
If this PKE is founded it will automatically launch the brute force of PRNG if the case that the PIN is not found straightforward (with the actual time as a value for the seed.)
So the -f switch was changed as it is not necessary any more to specify that you want the PRNG brute force.
, it never worked for me but it felt good to keep trying. lol
I think that you can still try it but you would have to copy paste the stdout of reaver to grab the hashes and lauch pixiewps with the brute force option.
But it won't work for sure... This is jut for realteck devices from "RTL819X project", the devices that are built using the realteck SDK for this chipsets (rtl819something)