2024年09月29日

A bruteforce attack to WPA WPS-PIN (External Registrar) by guessing the first half of the PIN (because M4 sends EAP-NACK message) and 2nd half of PIN (M6 sends EAP-NACK). The 8th digit PIN is always the checksum of digit 1 to 7. Thereby, reducing the number of attempts to 11,000 (10⁴ + 10³).