Posted: Thu Jan 05, 2012 21:31 Post subject: are dd-wrt routers vulnerable to REAVER?
Are routers with dd-wrt vulnerable to reaver? Supposedly it can pull the WPS pin off just about any router pretty quick. It looks like the article in arstechnica used a wrt54g2 with stock linksys firmware. and even if the WPS function was turned off it was still actually on.
Can wps be removed from dd-wrt entirely to close this hole?
Does anyone know if the Buffalo version of dd-wrt has wps support that would be vulnerable? I've never actually used it but it has a tab in the web interface about WPS and AOSS.
There have been a couple people asking on the Buffalo forum and I don't have the answer myself. I've never used WPS or read about it until I read about the attack.
Joined: 04 Jan 2007 Posts: 11564 Location: Wherever the wind blows- North America
Posted: Fri Jan 06, 2012 14:11 Post subject:
OK...I asked BrainSlayer to look at this and he is aware of the issue.
He indicated that there is no WPS support in our normal firmware builds (we already knew that)...but it IS in the builds he supplies to Buffalo directly for preinstalled dd-wrt units (Buffalo insisted it be implemented). He is aware of the issue and will be submitting a repair for the problem in the future....but only for preinstalled builds on the Buffalo units....you will likely need to get support from Buffalo directly once the patch is available....you won't find it here.
redhawk _________________ The only stupid question....is the unasked one.
I have a buffalo AG300h router, and I can confirm that the router supports wps. I have tried to attack it with the reaver tool, however I get messages from reaver about lockout periods following my initial attempt.
I haven't had a chance to run an overnight attack on my buffalo router, but on the surface it appears that it will be a bit tougher to crack them some.
The bad news is that I can't find anyway to disable the wps on this router, which is pretty lame. It may be possible, but I haven't figured it out yet.
Hope this helps, and I'll report back if I do manage to break the wps on this router with the reaver tool.
Are there any news on the "disable WPS on Buffalo"-issue?
I am running a couple of Buffalo WHR-HP-G300N on Buffalo dd-wrt 19154 and I am really happy with the performance, range and stability - so therefore I would like to keep that Buffalo build. Unfortunately I would like to run a Hotspot and would really like to disable WPS instead of telling everyone "No, you need to click the other option" - but there seems to be no direct way to disable it (so that the AP does not advertise/offer it anymore).
Would be great to get some feedback on this - I am also happy with a script-workaround if there is a way.
I'd like to know more as well... How do I obtain the patch from BrainSlayer or Buffalo if one has been released? I am pretty much an outside to this community right now
I noticed recently that their firmware isn't updated much, and requires a serial number to download (a minor annoyance).
...My password was sent to me in plaintext in an email... :U
I was thinking of buying a Buffalo in the future so this thread was of interest. Its good to know that one can always install the generic DD-WRT firmware without WPS. Any implications on router warranty though?
Incidentally, LolThisSiteIsntHTTPS, I noticed that too (as stated in your username ID that is), and it would appear that applies to the login dialogue as well. The login dialogue at least ought to be HTTPS, but then CA issued SSL certificates do carry a cost....
These days I use a password manager that generates a unique strong password for each site I use so I'm not so worried about an individual password being compromised. Unfortunately, many people tend to use the same password for multiple sites, which puts them at greater risk should any site they are registered on get compromised.
From what I gather, most of the Buffalo routers come with a modified and branded form of DD-WRT installed on them. But if it is "subjected to misuse, abuse, or non-Buffalo Technology / (Melco Inc.) authorized alteration, modifications or repair" the device won't be replaced if it gets faulty.
I have two routers operating, one which is under warranty, and the other which has an expired warranty. It happens to be the one with the warranty that is giving me the WPS problems... It's still running 2010 Buffalo/DD-WRT firmware (I have yet to find time to update it to 2012 firmware).
But when I tried to run a Reaver crack against it, I couldn't succeed (something about rate limiting). So I think it might not be a serious issue.
edit: I see there's a certificate in use here: https://secure.dd-wrt.com/site/index
It activates when a product is added to a cart and you are sent to checkout.
Joined: 06 Jun 2006 Posts: 7492 Location: Dresden, Germany
Posted: Sun May 26, 2013 23:40 Post subject:
we know the reaver attack and we immediatly modified the code to solve that issue at the time reaver was comming out. no dd-wrt based product is affected of it _________________ "So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
