As you may know, WiFi Protected Setup (WPS) has recently been broken.
I downloaded and tested Reaver-WPS, the tool that implements the WPS attack. The tool's README file states:
Reaver performs a brute force attack against an access point's WiFi Protected
Setup pin number.
Once the WPS pin is found, the WPA PSK can be recovered and alternately the
AP's wireless settings can be reconfigured.
While Reaver does not support reconfiguring the AP, this can be accomplished
with wpa_supplicant once the WPS pin is known.
I managed to find the AP's WPS pin without any problem (it took about 4 hours).
I would now like to try to reconfigure the AP's wireless settings using wpa_supplicant. I tried to find how to do this in wpa_supplicant's man page, but there's no mention of WPS. I tried to Google this, but I could not find anything.
Does anyone know how to reconfigure an AP's wireless settings with wpa_supplicant (or any other tool) knowing the AP's WPS pin?
BTW, what does the WPS protocol itself allow you to reconfigure? Just the WPA passphrase? Or even the SSID or other parameters?
Please don't think that I'm trying to hack my neighbour's network. This is purely a professional research (measuring the risk for my company and our customers).
Thank you very much.