2

So I’ve been messing around with learning and trying to get into WPS networks (solely for educational / research purposes. I own the network) for a bit now and have run into a good number of roadblocks.

  1. None of the tools work anymore it seems. I’ve tried Bully and Reaver. I’ve even tried Reavers method of just entering in the correct pin (-p)..and I know the correct PIN, but still no luck with actually establishing a connection. So I figured I’d just use Windows 7 (because I think they did away with WPS PIN entry in Win 10) to connect to the network with a WPS PIN, catch the exchange in Wireshark, and attempt to write my own tools with scapy...which brings me to my next point...

  2. I literally cannot find an OS or device that will freaking connect to WPS using the PIN method. And I’m not talking the dual pin where both the enrollee and registrar enter a PIN..I mean the method where I just enter a single PIN on the client device and it pulls the settings from the AP to connect.

So I guess I’m just wondering a few things:

  1. Has anyone had any luck lately getting into WPS networks? And if so, what router model and NIC/OS were you using?

  2. Does anyone have any recommendations about how to connect legitimately (see my second point above) to WPS networks?

  3. Any comments about the current state of WPS?

Thanks guys!!

Oh and I’m using a NETGEAR Wireless G Router Model WGR614v10, a Lenovo Thinkpad with Windows 7, MBP with OS X, and Kali as all the gear I’ve tried so far

Improve this question
2
  • Please limit this to a single question. Read our handy HELP section to learn what makes Superuser unique and why we do things like this.
    – music2myear
    Commented Oct 7, 2019 at 3:13
  • Test the cards injection capability with aireplay-ng. It sounds like injection isn't working properly. (I.e your cards monitor mode may not be able to transmit properly)
    – Tim_Stewart
    Commented Oct 9, 2019 at 18:16

1 Answer 1

Reset to default
2

Has anyone had any luck lately getting into WPS networks? And if so, what router model and NIC/OS were you using?

This I can't comment on.

Does anyone have any recommendations about how to connect legitimately (see my second point above) to WPS networks?

There are four different WPS methods:

  • The PIN method. Previously mandatory for all devices, now only mandatory for devices with a screen and input of some sort. Usage of this one is generally discouraged due to the security implications, and many routers good routers no longer support it for that reason.
  • The Push-Button method. Previously required only for AP's, now required to be supported by any device claiming to be WPS compliant. This is what most people use anymore. It's still insecure, but at least requires physical presence (to push the button on the AP) or a lot of luck to attack.
  • The NFC method. Optional, not widely implemented (I think Android supports it but almost nothing else).
  • The USB method. Optional and now deprecated (used a flash drive to transfer the info from one device to another).

As for support:

  • The USB method never took off. It wasn't a horrible idea, but realities of production meant that it would have rolled out no quicker than the PIN and push-button methods, both of which are easier to use.
  • The NFC method is largely a niche use case. The only things I've seen that use it were small embedded devices that utilized Wi-Fi Direct.
  • Routers and AP's have largely stopped supporting the PIN method (it's been 8 years since it was proven insecure), but mostly continue to support the push-button method.
  • Windows 10 definitely supports the push-button method (it will actually prompt you to use it if you try to connect to a secured AP that supports it). It does not support the PIN method.
  • Android 9 and earlier support the push-button method, and I think they support the NFC method as well.
  • Android 10 does not support WPS at all unless the support is added in by the vendor producing the ROM (see below for more on this).
  • macOS appears to support the push-button method but not the PIN method.
  • iOS appears to be the same case as macOS.
  • Linux and BSD support is dependent entirely on the user-space software stack they choose to use for driving the connection setup.
  • wpa_supplicant (the most widely used tool for wifi setup on Linux) supports the push-button, PIN, and NFC methods
  • Most desktop setup tools on Linux use wpa_supplicant internally, but do not themselves support the PIN method.

Any comments about the current state of WPS?

Officially, WPS has been deprecated by the Wi-Fi Alliance in favor of Wi-Fi Easy Connect which uses a QR-Code to embed a special URI that is used for setup. If I remember correctly, this happened as part of the standardization of WPA3 (which officially does not support WPS). It's officially supported by Android 10 (which has deprecated WPS in favor of it), and I believe it's also supported by iOS.

I suspect that we will continue to see WPS push-button support on AP's for at least a few years though, as there are a lot of legacy devices still using it (I'd be willing to bet that WPA3 and IEEE 802.11ax become mostly ubiquitous before WPS dies off completely).

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .