WPS key restarts router instead of doing wps

Installing and Using OpenWrt Network and Wireless Configuration
1

My router got a button on the back. With the normal firmware it will trigger wps if I click it short and a firmware reset if I click it long. But at the moment it does a reboot instead of wps. I've installed a package for wps support before. After installing it I got the following option in my wireless configuration:

screenshot

However it didn't change anything. I've got the following system:

screenshot
a4iW911×200

Do I need to configure the buttons manually or so? I found some guides about configuring button, however I don't know what I shall set them to.

2

https://openwrt.org/toh/tp-link/tl-wr1043nd#buttons

Also consider upgrading to version 18.

3

I've downloaded the one suggested in the post about the tl-wr1043nd. Am I just to blind to find the version 18 upgrade?^^

4

The links I find in the post lead to version 18, I'm not sure what issue there may be.

Did you solve your button issue, noted in the OP?

5

Why are you utilizing WPS (as it's not even remotely secure)?

1 Like
6

Yes, I must agree, there are things like reaver and bully deploying pixiewps, though I am not sure how push-button only affects those

7

@lleachii Can I upgrade from 15 to 18?

I didn't solve it yet because I only saw the answer on my phone before I went to sleep. However I will try it soon (after upgrading) and write the results here.

@JW0914
How insecure is it in the push button mode? I am using it just because it's easier to connect on phones or gaming consoles.

8

Give reaver or bully a try, then you will know. I believe some routers are resistant to these attacks? Please let us know.

9

WPS hasn't been secure for almost, if not over, a decade... the only secure means of personal authentication is WPA2 CCMP [AES] only. This is covered in the Wireless Overview: Wireless Security wiki.

  • WPS is like UPnP... While convenient, both are lax on security, are fully exploitable, and should not be utilized.
  • /etc/config/wireless should contain the following:
    config wifi-iface
    option  wpa_disable_eapol_key_retries   '1'
    option  encryption                      'psk2+ccmp'
10

@marakasmalan
I don't think someone will go into my house, push the wps button and hack my wifi. Actually I guess it would be easier to just put in a lan cable instead of pressing the wps button.

1 Like
11

The button doesn't need to be pushed, just look up reaver and you'll never use wps again.

12

:sweat_smile:

As I am not too concerned either, and do not know exactly how the tools work, I did not know if setting it to Push-Button only defeats the pixieWPS or if it still allows. ButI do remember reading there is a great variance in different routers/firmware susceptibility to that pixie "tool"

13

Insecure enough that the WiFi Alliance has completely replaced it in current recommendations. Insecure enough that your router can be compromised without ever touching it.

How hard is it to use a passphrase compared to the damage that an intruder could do to all your files on your machines, your user names and passwords that you use with financial institutions or to protect your personal information, or that your router could be responsible in an attack on another as part of the control network of a botnet, or as a transit pathway that hides an attacker working on a global scale?

If you don't like random passwords, then just use a memorable phrase. "OpenWRT is the best router firmware out there!", as an example, is pretty random, should be easy to remember, and shouldn't be hard to type into any device you need to connect to your network. How often do you really add a new device to your network? In the time it has taken you to start to "fix" WPS, you could have had a dozen devices connected :wink:

14

@mike Reaver is bruteforcing the wps pin. How shall this work the router only accepts pins in the seconds after clicking the button?

--
Regarding the OP:
It seems like openwrt looks for an extra wps button which does not exist on the tl-wr1043nd v2. There is only one button on the back which should perform wps on a short click and a factory reset at a long click.

I fixed it by putting the code from /etc/rc.button/wps at the correct place in /etc/rc.button/reset. It now looks like:

released)
        if [ "$SEEN" -lt 1 ] # Button pressed for <1 sec = WPS
        then 
                #Start of WPS code
                cd /var/run/hostapd
                for socket in *; do
                        [ -S "$socket" ] || continue
                        hostapd_cli -i "$socket" wps_pbc
                done
                #End of WPS code
        elif [ "$SEEN" -ge 10 -a -n "$OVERLAY" ] # Button pressed for >10sec = Factory reset
        then
                echo "FACTORY RESET" > /dev/console
                jffs2reset -y && reboot &
        fi
;;```
1 Like
15

Ahh, that's right, it's been so long since I used it I forgot OpenWrt allows the push button only option, I still agree with others that the risks outweigh the benefits and that a long, easily remembered password is the better choice, but push button only should be relatively secure.

1 Like
16

Why take the chance? I have never cared to do research on WPS because it shouldn't be used because it's so insecure (it's a 10 or 12 digit number, that's all the password is), so perhaps one should start with researching whether there's an exploit that can result in simulating the GPIO push of the WPS button.

Considering one's router is the literal vault to all of one's digital life, why someone would intentionally make their router less secure is beyond comprehension.... but it's your router, your data. If you don't care about your data, then neither do I =]

1 Like