-
Default Configuration Behaviors
WPS STATE PBC PIN NACK MSG (wpa_supplicant) ENABLED (2) TRIGGER DISABLED msg=5 config_error=15 - wps_ap_setup_locked = 0/null
- Responds to all WPS Pin attempts with error (
WPS_FAIL msg=5 config_error=15
) - Dosent lockout WPS (even after bruteforcing pins)
- PBC can be triggered by software (hostapd_cli wps_pbc)
-
PIN-Manually-Enabled Behavior (
hostapd_cli wps_ap_pin random
)WPS STATE PBC PIN NACK MSG (wpa_supplicant) ENABLED (2) TRIGGER ENABLED msg=8 config_error=18 - Responds to wrong pins with (
WPS_FAIL msg=8 config_error=18
) - Locks AP after few attempts, next pins will error out with (
WPS_FAIL msg=5 config_error=15
) (maybe has short limit ~10pin/30s) - Turns pin mode off after 5mins (defualt timeout of wps_ap_pin cmd)
- Responds to wrong pins with (
-
PIN MODE HIDDEN LOCK DETECTION
- NACK/WPS_FAIL msg
# 15 = Setup Locked, 18 = Auth Fail (WPS Spec <2.0.58) (wps_fail_config_error == 15 && wps_ap_setup_locked != 1) AP doesnt accept pins if NACK has a error 15 and AP isnt wps locking. If ap does accept pins itll send msg=8 with NACK.
- BruteForce
bruteforce random pins. AP with pin mode disabled wont lockout. (prepare some dos tech beforehand, otherwise some ap's will stay locked for a long time)
- NACK/WPS_FAIL msg
- https://github.com/fulvius31/OneShot/commit/8aeaec21728db42e423d9f483cad9e2099a3b100
- https://web.archive.org/web/20230416125351/https://www.wi-fi.org/download.php?file=/sites/default/files/private/Wi-Fi_Protected_Setup_Specification_v2.0.8.pdf?page=110
WPS pin connect is disabled by default but it still replies to wps pin attempts, even if its gonna deny everything. (how do I know its not simply using a different pin, it doesnt lockout even after multiple fail attempts, while when wps pin connect is turned on. itll WPS-AP-SETUP-LOCKED after few attempts). NACK code is different when pin connect is on. ap locks after 2-5 pin attempts (WPS-AP-SETUP-LOCKED) and unlocks after a while (WPS-AP-SETUP-UNLOCKED) (~30-40s). ap turns off pin automatically after a while (WPS-AP-PIN-DISABLED) (5min after turining it on with hostapd_cli wps_ap_pin random)