WPS vulnerability?

[Agent Smith]

I was reading about WPS vulnerability and I learned that even with WPS off you can hack a router's WIFI password. I have a N66u and the WPS feature is off. My question is: Does the ASUS Merlin firmware prevent a WPS crack even when it's off? Has anyone tried hacking their own router to see if this was a vulnerability?

Thanks!

 

[ColinTaylor]

and I learned that even with WPS off you can hack a router's WIFI password!

I seem to remember that this was specific case for certain routers only. Can you provide a link to the article you were reading please.

 

[netware5]

In any case I keep WPS off on my router as a rule. But recently I've discovered that after one of the last updates of Merlin's FW (I didn't noticed which version exactly) the WPS has been set ON again. I don't know why it happened.

So, be careful and check regularly the status of WPS

 

[sentinelvdx]

In any case I keep WPS off on my router as a rule. But recently I've discovered that after one of the last updates of Merlin's FW (I didn't noticed which version exactly) the WPS has been set ON again. I don't know why it happened.

So, be careful and check regularly the status of WPS

Well, it's a known issue that on AC87U (if that's the router you have) that you can turn off WPS but after a reboot it'll become enabled again (even if the WPS shows disabled on WebGUI) you'll have to set it on and off again to disable it.

Sent from my SM-G935FD using Tapatalk

 

[netware5]

Well, it's a known issue that on AC87U (if that's the router you have) that you can turn off WPS but after a reboot it'll become enabled again (even if the WPS shows disabled on WebGUI) you'll have to set it on and off again to disable it.

Sent from my SM-G935FD using Tapatalk

My router is RT-N66U - see my signature I have no problem with WPS and reboots. I just noticed that after some FW update it changed to ON

 

[sentinelvdx]

Oh, sorry I was reading the thread through tapatalk app haha.
I have that model, but I can't tell you after firm update because I always reset config after flashing. Good thing is that on that model doesn't turn on after reboots

 

[netware5]

Oh, sorry I was reading the thread through tapatalk app haha.
I have that model, but I can't tell you after firm update because I always reset config after flashing. Good thing is that on that model doesn't turn on after reboots

I also do reset after major updates as a rule. So that means it turned ON after some minor update, i.e. update incrementing version by only 1 or 2 and update that has not been explicitly advised by Merlin to do a reset after.

 

[thelonelycoder]

In any case I keep WPS off on my router as a rule. But recently I've discovered that after one of the last updates of Merlin's FW (I didn't noticed which version exactly) the WPS has been set ON again. I don't know why it happened.

So, be careful and check regularly the status of WPS

Some time ago I posted a script snippet to turn WPS off if it is wrongly enabled.
My 87U has that habit as well.

 

[Agent Smith]

I seem to remember that this was specific case for certain routers only. Can you provide a link to the article you were reading please.

Sure.

In this Null Byte, let's go over how to use both tools to crack WPS. As of yet, no router is safe from this attack, and yet none of the vendors have reacted and released firmware with mitigations in place. Even disabling WPS still allows this attack on most routers.

https://null-byte.wonderhowto.com/how-to/hack-wpa-wifi-passwords-by-cracking-wps-pin-0132542/


I tried running the commands in Kali to test my router, but as always when I mess with Linux, the commands didn't work. Said something like wlan0 was a bad command or some crap. I'm not very good in Linux. If anyone can get this to work, spend the 2-10 hours trying to crack their Asus Marlin firmware with WPS and post the results back that would be great. That way if there is a vulnerability, the firmware should be updated to not have this WPS vulnerability.

 

[ColinTaylor]

https://null-byte.wonderhowto.com/how-to/hack-wpa-wifi-passwords-by-cracking-wps-pin-0132542/

That article was originally written 5 years ago! The WPS vulnerability is now common knowledge which is why it's recommended (in these forums) that you don't use it.

There is no further explanation of their statement "Even disabling WPS still allows this attack on most routers." But I'd hope it's been addressed in the last 5 years. Certainly on my AC68U WPS is properly disabled, and from what I've read on the internet the same was true of the N66U back in 2013.

 

[thelonelycoder]

I use this on my AC87U to be on the save side.
In /jffs/scripts/services-start I have this bit of code:

# make sure WPS is set to off after reboot
if [ "$(nvram get wl0_wps_mode)" != "disabled" ] || [ "$(nvram get wps_enable)" != "0" ] || [ "$(nvram get wps_enable_x)" != "0" ];then
    sleep 5
    logger "WPS has been disabled by $0"
    nvram set wl0_wps_mode=disabled
    nvram set wps_enable=0
    nvram set wps_enable_x=0
    nvram commit
    service restart_wireless
fi

 

[Agent Smith]

I use this on my AC87U to be on the save side.
In /jffs/scripts/services-start I have this bit of code:

# make sure WPS is set to off after reboot
if [ "$(nvram get wl0_wps_mode)" != "disabled" ] || [ "$(nvram get wps_enable)" != "0" ] || [ "$(nvram get wps_enable_x)" != "0" ];then
    sleep 5
    logger "WPS has been disabled by $0"
    nvram set wl0_wps_mode=disabled
    nvram set wps_enable=0
    nvram set wps_enable_x=0
    nvram commit
    service restart_wireless
fi

Yeah, I just discovered in my N66u the WPS button was on after I last updated back in May! Didn't think it would get reactivated for god sakes. I looked in the list of clients and don't see anything rouge. Was considering changing the WIFI password after I discovered that crap.

So I'm not familiar with running scripts. Can I get a step by step process on doing this?

 

[Agent Smith]

That article was originally written 5 years ago! The WPS vulnerability is now common knowledge which is why it's recommended (in these forums) that you don't use it.

There is no further explanation of their statement "Even disabling WPS still allows this attack on most routers." But I'd hope it's been addressed in the last 5 years. Certainly on my AC68U WPS is properly disabled, and from what I've read on the internet the same was true of the N66U back in 2013.

It was written five years ago, but updated last month. The vulnerability may still be there and since I didn't code Asus Merlin, I have no idea if this has been fixed or not. Would be nice to hear from the code author/s.

 

[RMerlin]

Would be nice to hear from the code author/s.

That would be Asus and Broadcom. I didn't write any of the WPS code.

 

[Agent Smith]

I see. Well, I guess I have to see if I can crack the WPS with it off and see if there is a vulnerability.

 

[john9527]

It was written five years ago, but updated last month.

It looks as if the 'update' was either someone adding a comment or them auto-updating the link to their pitch for 'best adapters'.....there's no indication anything else was changed and the tools links are dead.