Pixiewps is a tool used for offline brute forcing of WPS pins, while exploiting the low or non-existing entropy of some wireless access points also known as the pixie dust attack, discovered by Dominique Bongard (slides and video). The pixiewps tool (developed by wiire), was born out of the Kali forums, and the development of the tool can be tracked throughout an interesting forum post. In the correct environment, pixiewps dramatically speeds up the WPS brute force attack time from what was taking up to 12 hours to a a few seconds. This new attack is mind numbing, and we are somewhat surprised that it hasn’t been discussed on a wider basis. Watch our following video closely, and see how we extract the WPA shared key of this EdiMAX wireless access point in a few seconds using updated versions of pixiewps and reaver, already packaged in Kali: Reaver is a tool to brute-force the WPS of a WIFi router. PixeWPS is a new tool to brute-force the exchanging keys during a WPS transaction. First, let’s get to know what is WPS WPS is Wifi Protected Setup designed to quickly & easily authenticate a client to an AP mainly aimed for home users. Basically in WPS, the Access Point & the Client exchange a series of EAP messages. At the end of this transaction, the Client will have the encryption key & the AP’s signature so that it’s ready to be connected to the encrypted network. After this is complete, the AP disassociates with the client. Then the client re-associates with the new credentials & signatures. One important thing to note here is, the actual passphrase is not exchanged during WPS initiation. Instead, an eight digit pin is used for authentication. Using such a pin, the client is first authenticated and then the actual passphrase is exchanged. I hope this helps! Ben Martin