WPS Overview

• Introduced by Cisco in 2006 to simplify Wi-Fi setup for non-technical users.
• Allows device connection using:
  • Push Button Configuration (PBC)
  • 8-digit PIN
• Designed for convenience… but comes with serious security weaknesses.

Why WPS Is Weak

1. Small PIN Space

• WPS PIN = 8 digits, but:

  • Last digit = checksum → 7 real digits

  • Protocol validates the first and second half separately

    ➡️ Effective complexity is 10⁴ + 10³ = 11,000 combinations

    → Much weaker than WPA/WPA2 password strength.

2. Online PIN Cracking

• Traditional attack (e.g., using Reaver).
• Takes hours, but still feasible due to small PIN space.

3. Offline PIN Cracking

• Extremely dangerous when the AP leaks required info.

• Uses intercepted WPS EAP exchanges:

  • EAP-M1, M2, M3, M4...

  • Leaked nonces + HMAC-SHA256 data

    → Allows cracking the WPS PIN in minutes without brute forcing AP directly.

• Tools: pixiewps, reaver with Pixie Dust attack, etc.

Why Offline Cracking Is Possible

WPS uses:

• HMAC-SHA-256 (strong in theory)
• But weaknesses come from:
  • Limited PIN combinations
  • Predictable or weak nonce generation
  • Information disclosure in EAP messages