It uses the so-called “pixie-dust attack” which works by exploiting the low or non-existing entropy of software implementations. Unlike traditional attacks, this attack can get the PIN in only a matter of seconds or minutes, depending on the target.

OpenSSL has also been re-introduced as optional to achieve better speeds.



git clone


wget && unzip


cd pixiewps*/

Optionally, you can run make OPENSSL=1 to use faster OpenSSL SHA-26 functions.


sudo make install


Usage: pixiewps <arguments>

Required arguments:
  -e, --pke         : Enrollee public key
  -r, --pkr         : Registrar public key
  -s, --e-hash1     : Enrollee hash 1
  -z, --e-hash2     : Enrollee hash 2
  -a, --authkey     : Authentication session key
  -n, --e-nonce     : Enrollee nonce

Optional arguments:
  -m, --r-nonce     : Registrar nonce
  -b, --e-bssid     : Enrollee BSSID
  -v, --verbosity   : Verbosity level 1-3, 1 is quietest           [3]
  -o, --output      : Write output to file

  -j, --jobs        : Number of parallel threads to use         [Auto]

  -h                : Display this usage screen
  --help            : Verbose help and more usage examples
  -V, --version     : Display version

  --mode N[,... N]  : Mode selection, comma separated           [Auto]
  --start [mm/]yyyy : Starting date             (only mode 3) [+1 day]
  --end   [mm/]yyyy : Ending date               (only mode 3) [-1 day]
  -f, --force       : Bruteforce full range     (only mode 3)

Miscellaneous arguments:
  -7, --m7-enc      : Recover encrypted settings from M7 (only mode 3)
  -5, --m5-enc      : Recover secret nonce from M5       (only mode 3)

Source link


Please enter your comment!
Please enter your name here