Feature request: WPS PBC capture functionality #129
Comments
|
i could implement this. however im not sure if the ESP-IDF Supports the pin method in newer versions of its framework when i was messing around with WPS before i found out that they removed or deprecated PIN Method support after a certain version requiring me to edit the ESP IDF Source Code directly to expose variables and functions that would normally not be accessible in ESP IDF that being said it is still possible to add the pin method back through other means however that would require me to to tweak the WPS Implementation that is currently in ESP IDF that also being said doing it myself and remaking the entire thing from scratch would be not feasible due to how complicated the handshakes can get (I've looked into the source for the current WPS Implementation it is far from simple) maybe in the future i can add this via forking the ESP IDF branch and building off of that but until then ill leave this open as a later possibility |
I can still see it here: https://github.com/espressif/esp-idf/blob/master/components/wpa_supplicant/esp_supplicant/include/esp_wps.h#L42 But what i am talking about is not the pin. There are enough tools out there that discovered security issues in the wps pin method. The thing i am talking about is named in ESP IDF 'WPS_TYPE_PBC'. Its here: https://github.com/espressif/esp-idf/blob/master/components/wpa_supplicant/esp_supplicant/include/esp_wps.h#L41 To my understanding there is no Pin inside this method. To simplify it with other words then in the first post: When you press the WPS button on your router, the router open up for everyone and then the first person connecting to the device gets the WPA-PSK password transmitted without any authentication. Its like opening the doors of your home for everyone out there and if you count one person joining in, you close the door of your home again. I know personal people who still think this is a secure method to use their wifi. I would like to prove them wrong and they told me that i am free to try to get their password using this method. They think this is impossible for people 'outside their home' and they seem to not understand how wifi is working. |
|
after relooking at it again yes it is possible however this feature would likely be something i would add later down the line i shall keep this issue open until this has been added |
Could you add support for the silent attack that is nearly nowhere implemented to decrypt the password by a pushed WPS button?
Pushing a button that temporary disable the security of a network is always a bad idea. I try to demonstrate this to people but there is still no simple, power efficient solution for that.
The idea is out there for a longer time: https://github.com/FattusRattus/WPS-PBC-Truffle
Could you add this to Ghost_ESP? Running a ESP32 24/7 for endless time waiting for someone to press the WPS button is one of the most energy efficient ways for this. Also the name of this project fits perfectly. Its the silent ghost that is living unseen listening the whole time for someone to press the WPS button to reveal the WPA PSK passphrase.
The text was updated successfully, but these errors were encountered: