如何在 DD-WRT 上停用 WPS?

tag-icon tag-icon dd-wrt
如何在 DD-WRT 上停用 WPS?

我有一個 Buffalo AirStation 路由器DD-WRT安裝。

我的版本是Firmware: DD-WRT v24SP2-EU-US (08/19/10) std(我的裝置上今天最新的),但我認為這個問題對於任何 DD-WRT 來說基本上都是相同的:

有什麼方法可以禁用 WPS在無線配置中?
我找不到它在哪裡。

附加資訊:

  • 有些人報告此設定位於Wireless --> AOSS --> Disable,但這對我不起作用(WPS 保持活動狀態,或因此報告附近的任何 Android 裝置)。

答案1

摘自這個線程在 DD-WRT 論壇上:

簡短回答:您的 WPS 可能已在 DD-WRT 裝置上停用,即使它看起來處於活動狀態。它僅取決於 文件wps_state​​中的值/tmp/path[0-9]_hostap.conf1表示活動,02表示不活動。

是時候測試一下真實的東西了AirCrack-NG。如果我掃描使用 AiroDump-NG:

luis@Frambuesio:~$ sudo airodump-ng wlan1mon --wps -c 2

 CH  2 ][ Elapsed: 1 min ][ 2015-12-15 00:48

 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH WPS     ESSID

 XX:XX:XX:XX:XX:XX  -35 100      435       20    0   2  54e. WPA2 CCMP   PSK  Locked  MyWiFiNetWork

似乎有些WPS, 但在鎖定狀態。

如果我嘗試攻擊透過 WPS,例如,霸凌:

luis@Frambuesio:~$ sudo bully wlan1mon --bssid 00:24:A5:XX:XX:XX -v 3 -c 2
[!] Bully v1.0-22 - WPS vulnerability assessment utility
[+] Switching interface 'wlan1mon' to channel '2'
[!] Using '00:1c:f0:9f:fc:84' for the source MAC address
[+] Datalink type set to '127', radiotap headers present
[+] Scanning for beacon from '00:24:a5:XX:XX:XX' on channel '2'
[!] Excessive (3) FCS failures while reading next packet
[!] Excessive (3) FCS failures while reading next packet
[!] Excessive (3) FCS failures while reading next packet
[!] Disabling FCS validation (assuming --nofcs)
[+] Got beacon for 'MyWiFiNetWork' (00:24:a5:XX:XX:XX)
[!] Beacon information element indicates WPS is locked
[+] Loading randomized pins from '/root/.bully/pins'
[!] Restoring session from '/root/.bully/0024a5c816a2.run'
[+] Index of starting pin number is '0000000'
[+] Last State = 'NoAssoc'   Next pin '64121635'
[!] WPS lockout reported, sleeping for 43 seconds ...
^C
Saved session to '/root/.bully/0024a5c816a2.run'

它的確是鎖定。如果我力量即使是鎖定狀態的攻擊:

luis@Frambuesio:~$ sudo bully wlan1mon --bssid 00:24:A5:XX:XX:XX -v 3 -L -c 2
[!] Bully v1.0-22 - WPS vulnerability assessment utility
[+] Switching interface 'wlan1mon' to channel '2'
[!] Using '00:1c:f0:9f:fc:84' for the source MAC address
[+] Datalink type set to '127', radiotap headers present
[+] Scanning for beacon from '00:24:a5:XX:XX:XX' on channel '2'
[!] Excessive (3) FCS failures while reading next packet
[!] Excessive (3) FCS failures while reading next packet
[!] Excessive (3) FCS failures while reading next packet
[!] Disabling FCS validation (assuming --nofcs)
[+] Got beacon for 'MyWiFiNetWork' (00:24:a5:XX:XX:XX)
[!] Beacon information element indicates WPS is locked
[+] Loading randomized pins from '/root/.bully/pins'
[!] Restoring session from '/root/.bully/0024a5c816a2.run'
[+] Index of starting pin number is '0000000'
[+] Last State = 'NoAssoc'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'
[+] Rx(  M1  ) = 'EAPFail'   Next pin '64121635'

所以,沒有WPS,或至少無 WPS可以攻擊。

在啟用/停用狀態下進行了測試Wireless --> AOSS(有人報告它可以更改 WPS 狀態):

在此輸入影像描述

無論如何,如果您想對WPS Enabled在 Android 等裝置上看到的訊息保持完全冷靜,請按照以下步驟操作:

1.-hostapd.conf在 中找到您的無線卡的檔案/tmp。我的是:

root@DD-WRT:/tmp# ls /tmp/*hostap.conf -la
-rw-r--r--    1 root     root          580 Dec 15 00:48 /tmp/ath0_hostap.conf

2.- 檢查wps_state值:

root@DD-WRT:/tmp# cat ath0_hostap.conf | grep "wps" -i
wps_state=2

筆記:

  • 0表示 WPS 已停用。
  • 1表示 WPS 已啟用。
  • 2表示 WPS 鎖定。

3.-改變它到0.您可以編輯該文件。我更喜歡使用sed指令直接2交換0

/bin/sed s/wps_state\=2/wps_state\=0/g -i /tmp/ath0_hostap.conf

4.- 找到hostapd進程(及其參數):

root@DD-WRT:/tmp# ps | grep "apd" -i
   60 root         0 SW<  [kswapd0]
 2093 root      1340 S    hostapd -B /tmp/ath0_hostap.conf

5.-殺死並重新啟動它(具有完全相同的參數):

root@DD-WRT:/tmp# kill 2093
root@DD-WRT:/tmp# hostapd -B /tmp/ath0_hostap.conf

這應該就是全部了。
這次AirCrack-NG:

luis@Frambuesio:~$ sudo airodump-ng wlan1mon --wps -c 2

 CH  2 ][ Elapsed: 12 s ][ 2015-12-15 00:57

 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH WPS     ESSID

 00:24:A5:XX:XX:XX  -35 100       50        3    0   2  54e. WPA2 CCMP   PSK          MyWiFiNetWork

 BSSID              STATION            PWR   Rate    Lost    Frames  Probe

可以看出,它顯示未啟用 WPS在柱子上。
而且,這一次,Bully-WPS 甚至不會嘗試攻擊它:

luis@Frambuesio:~$ sudo bully wlan1mon --bssid 00:24:A5:XX:XX:XX -v 3 -c 2
[sudo] password for luis:
[!] Bully v1.0-22 - WPS vulnerability assessment utility
[+] Switching interface 'wlan1mon' to channel '2'
[!] Using '00:1c:f0:9f:fc:84' for the source MAC address
[+] Datalink type set to '127', radiotap headers present
[+] Scanning for beacon from '00:24:a5:XX:XX:XX' on channel '2'
[!] Excessive (3) FCS failures while reading next packet
[!] Excessive (3) FCS failures while reading next packet
[!] Excessive (3) FCS failures while reading next packet
[!] Disabling FCS validation (assuming --nofcs)
[+] Got beacon for 'MyWiFiNetWork' (00:24:a5:XX:XX:XX)
[X] The AP doesn't appear to be WPS enabled (no WPS IE)

所以,最後我們可以說 WPS 是在 DD-WRT 上停用路由器。

使用 Buffalo WHR-HP-GN 進行測試。預計適用於任何型號(請確認)。

更多細節:

  • 只要/tmpdir對應RAM,這種變化是暫時的,除非你編寫腳本每次重新啟動時以任何方式進行。
  • 在上述 DD-WRT 論壇上提到的線程中,有一些/bin/ps | /bin/grep '[h]ostapd' | /usr/bin/awk -F" " {'print $1'} | /usr/bin/xargs /bin/kill -HUP命令列直接替換了步驟 5。

相關內容