Hi, I'm new here and i don't know if this is the right forum. anyways. Does anyone faced a network that keeps changing the pin after a reboot ? I have new STC ( Saudi Telecom Company ) adsl modem. That actually is HG658 V2 and i notice that there is no default pin for it. non even behind the modem. there is only SSID and PASS. but there is no pin. the only way to check pin is from settings. and the pin keep changing after reboot. and it locksout after 3 attempts. i tried to reduce the attack by adding "-r 2:60" first i thought its okay i can keep it like this but after 9 attempts. the 10th locksout. even if i left it for 2 days. i think the limit is 10 wrong pin after that it locksout.. I can make the modem reboot if i attack it with MDK3 WIDS attack. but if it reboot then the pin will change So. reaver + bully + pixie dust + empty string check.. all useless changing mac won't help. any ideas ? EDIT: i forgot to mention that when i attack it with reaver 1.3 it says pin cracked. even if i put any pin. it will say pin is cracked but the password won't appear --- Double Post Merged, 16 Feb 2017, Original Post Date: 1 Feb 2017 --- UP...
Is the router set to use AP-PIN in the wps settings ? Have you tried logging in using the wps pin with linux, or I use wps connect for android if it connects to the router it will reveal the password.
it's set to PBC. i tried to set it to AP-PIN. then it shows 8 stars like this (********). and two button appear. one says pin. and the other says default pin. i tried both default and pin. when i take that pin and try it. it works. but the problem is when i reboot the router. it will automatically change the pin to another random numbers. so when trying the old pin. it won't work . See the picture... is there anyway that could make reaver use ******** as pin ? i remember someone has created a patch .diif he makes reaver uses an empty pin to crack hg658b/c
The 8 stars are just random numbers or 12345670 it's just encrypted by your browser I think the diff is the emptystringpin.diff here which affects a few broadcom routers. If rebooted is wps enabled pbc mode I've tried a few routers which return to pbc mode on reboot so mdk is useless for rebooting the router.
Okay sorry, but the method I use is the same, for my pentest router, Thomson old router (is called now Technicolor), I block the user file from rewrite itself when reboot.
Hmm... Yes that is the diff file. and no i don't think it's encrypted. when i click save while pin field is ******** then it says wrong pin please choose a valid pin... and it doesn't changes to PBC. still ap-pin. It seems it's highly protected against this attack oh i forgot. the chipset is RTL871 --- Double Post Merged, 18 Feb 2017, Original Post Date: 18 Feb 2017 --- I'm sorry but i think you misunderstand me. .diff file is not in the router. anyways. STC does not allow me to connect via telnet or ssh. they close it on their firmware
I'm sorry but i don't know how being my router supported by openwrt will solve this problem ? --- Double Post Merged, 19 Feb 2017, Original Post Date: 19 Feb 2017 --- Nope. my router is out of box.
