我有一台 Buffalo AirStation 路由器DD-WRT已安装。
我的版本是Firmware: DD-WRT v24SP2-EU-US (08/19/10) std(我的设备上今天是最新的),但我认为这个问题对于任何 DD-WRT 来说基本都是一样的:
有什么方法可以禁用 WPS在无线配置中?
我找不到它在哪里。
附加信息:
- 有些人报告此设置在
Wireless --> AOSS --> Disable,但这对我来说不起作用(WPS 保持活动状态,或者报告附近的任何 Android 设备)。
答案1
摘自此主题在 DD-WRT 论坛上:
简短回答:即使 WPS 似乎处于活动状态,您的 DD-WRT 设备上的 WPS 也可能已被禁用。这取决于 文件
wps_state中的值:表示活动,或表示不活动。/tmp/path[0-9]_hostap.conf102
是时候测试真实的东西了AirCrack-NG。 如果我扫描使用 AiroDump-NG:
luis@Frambuesio:~$ sudo airodump-ng wlan1mon --wps -c 2
CH 2 ][ Elapsed: 1 min ][ 2015-12-15 00:48
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH WPS ESSID
XX:XX:XX:XX:XX:XX -35 100 435 20 0 2 54e. WPA2 CCMP PSK Locked MyWiFiNetWork
似乎有一些WPS, 但在已锁定状态。
如果我尝试攻击通过 WPS 进行,例如,欺负:
luis@Frambuesio:~$ sudo bully wlan1mon --bssid 00:24:A5:XX:XX:XX -v 3 -c 2
[!] Bully v1.0-22 - WPS vulnerability assessment utility
[+] Switching interface 'wlan1mon' to channel '2'
[!] Using '00:1c:f0:9f:fc:84' for the source MAC address
[+] Datalink type set to '127', radiotap headers present
[+] Scanning for beacon from '00:24:a5:XX:XX:XX' on channel '2'
[!] Excessive (3) FCS failures while reading next packet
[!] Excessive (3) FCS failures while reading next packet
[!] Excessive (3) FCS failures while reading next packet
[!] Disabling FCS validation (assuming --nofcs)
[+] Got beacon for 'MyWiFiNetWork' (00:24:a5:XX:XX:XX)
[!] Beacon information element indicates WPS is locked
[+] Loading randomized pins from '/root/.bully/pins'
[!] Restoring session from '/root/.bully/0024a5c816a2.run'
[+] Index of starting pin number is '0000000'
[+] Last State = 'NoAssoc' Next pin '64121635'
[!] WPS lockout reported, sleeping for 43 seconds ...
^C
Saved session to '/root/.bully/0024a5c816a2.run'
它的确是锁定。 如果我力量即使是锁定状态,攻击也是如此:
luis@Frambuesio:~$ sudo bully wlan1mon --bssid 00:24:A5:XX:XX:XX -v 3 -L -c 2
[!] Bully v1.0-22 - WPS vulnerability assessment utility
[+] Switching interface 'wlan1mon' to channel '2'
[!] Using '00:1c:f0:9f:fc:84' for the source MAC address
[+] Datalink type set to '127', radiotap headers present
[+] Scanning for beacon from '00:24:a5:XX:XX:XX' on channel '2'
[!] Excessive (3) FCS failures while reading next packet
[!] Excessive (3) FCS failures while reading next packet
[!] Excessive (3) FCS failures while reading next packet
[!] Disabling FCS validation (assuming --nofcs)
[+] Got beacon for 'MyWiFiNetWork' (00:24:a5:XX:XX:XX)
[!] Beacon information element indicates WPS is locked
[+] Loading randomized pins from '/root/.bully/pins'
[!] Restoring session from '/root/.bully/0024a5c816a2.run'
[+] Index of starting pin number is '0000000'
[+] Last State = 'NoAssoc' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
[+] Rx( M1 ) = 'EAPFail' Next pin '64121635'
因此,没有 WPS,或者至少没有 WPS可供攻击。
在启用/禁用状态下进行了测试Wireless --> AOSS(有人报告它可以改变 WPS 状态):
无论如何,如果您想对WPS Enabled在 Android 上看到的消息保持完全冷静,请按照以下步骤操作:
1.-hostapd.conf在 找到你的无线网卡的文件/tmp。我的是:
root@DD-WRT:/tmp# ls /tmp/*hostap.conf -la
-rw-r--r-- 1 root root 580 Dec 15 00:48 /tmp/ath0_hostap.conf
2.- 检查wps_state值:
root@DD-WRT:/tmp# cat ath0_hostap.conf | grep "wps" -i
wps_state=2
笔记:
0表示 WPS 已禁用。1表示 WPS 已启用。2表示 WPS 已锁定。
3.-改变将其更改为0。您可以编辑文件。我更喜欢使用命令sed直接2交换0:
/bin/sed s/wps_state\=2/wps_state\=0/g -i /tmp/ath0_hostap.conf
4.- 定位hostapd进程(及其参数):
root@DD-WRT:/tmp# ps | grep "apd" -i
60 root 0 SW< [kswapd0]
2093 root 1340 S hostapd -B /tmp/ath0_hostap.conf
5.-终止并重新启动它(具有完全相同的参数):
root@DD-WRT:/tmp# kill 2093
root@DD-WRT:/tmp# hostapd -B /tmp/ath0_hostap.conf
这就是全部了。
这次是 AirCrack-NG:
luis@Frambuesio:~$ sudo airodump-ng wlan1mon --wps -c 2
CH 2 ][ Elapsed: 12 s ][ 2015-12-15 00:57
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH WPS ESSID
00:24:A5:XX:XX:XX -35 100 50 3 0 2 54e. WPA2 CCMP PSK MyWiFiNetWork
BSSID STATION PWR Rate Lost Frames Probe
可以看出,它显示没有启用 WPS在柱子上。
而且,这一次,Bully-WPS 甚至不会尝试攻击它:
luis@Frambuesio:~$ sudo bully wlan1mon --bssid 00:24:A5:XX:XX:XX -v 3 -c 2
[sudo] password for luis:
[!] Bully v1.0-22 - WPS vulnerability assessment utility
[+] Switching interface 'wlan1mon' to channel '2'
[!] Using '00:1c:f0:9f:fc:84' for the source MAC address
[+] Datalink type set to '127', radiotap headers present
[+] Scanning for beacon from '00:24:a5:XX:XX:XX' on channel '2'
[!] Excessive (3) FCS failures while reading next packet
[!] Excessive (3) FCS failures while reading next packet
[!] Excessive (3) FCS failures while reading next packet
[!] Disabling FCS validation (assuming --nofcs)
[+] Got beacon for 'MyWiFiNetWork' (00:24:a5:XX:XX:XX)
[X] The AP doesn't appear to be WPS enabled (no WPS IE)
所以,最后我们可以说 WPS 是已在 DD-WRT 上禁用路由器。
已使用 Buffalo WHR-HP-GN 进行测试。预计适用于任何型号(请确认)。
更多细节:
- 只要
/tmp目录对应于RAM,这一变化是暂时的,除非你编写脚本每次重启时以任何方式。 - 在 DD-WRT 论坛上上述提到的主题中,有一些
/bin/ps | /bin/grep '[h]ostapd' | /usr/bin/awk -F" " {'print $1'} | /usr/bin/xargs /bin/kill -HUP命令行直接替换了步骤 5。