My router got a button on the back. With the normal firmware it will trigger wps if I click it short and a firmware reset if I click it long. But at the moment it does a reboot instead of wps. I've installed a package for wps support before. After installing it I got the following option in my wireless configuration:
However it didn't change anything. I've got the following system:
I didn't solve it yet because I only saw the answer on my phone before I went to sleep. However I will try it soon (after upgrading) and write the results here.
@JW0914
How insecure is it in the push button mode? I am using it just because it's easier to connect on phones or gaming consoles.
WPS hasn't been secure for almost, if not over, a decade... the only secure means of personal authentication is WPA2 CCMP [AES] only. This is covered in the Wireless Overview: Wireless Security wiki.
WPS is like UPnP... While convenient, both are lax on security, are fully exploitable, and should not be utilized.
/etc/config/wireless should contain the following:
@marakasmalan
I don't think someone will go into my house, push the wps button and hack my wifi. Actually I guess it would be easier to just put in a lan cable instead of pressing the wps button.
As I am not too concerned either, and do not know exactly how the tools work, I did not know if setting it to Push-Button only defeats the pixieWPS or if it still allows. ButI do remember reading there is a great variance in different routers/firmware susceptibility to that pixie "tool"
Insecure enough that the WiFi Alliance has completely replaced it in current recommendations. Insecure enough that your router can be compromised without ever touching it.
How hard is it to use a passphrase compared to the damage that an intruder could do to all your files on your machines, your user names and passwords that you use with financial institutions or to protect your personal information, or that your router could be responsible in an attack on another as part of the control network of a botnet, or as a transit pathway that hides an attacker working on a global scale?
If you don't like random passwords, then just use a memorable phrase. "OpenWRT is the best router firmware out there!", as an example, is pretty random, should be easy to remember, and shouldn't be hard to type into any device you need to connect to your network. How often do you really add a new device to your network? In the time it has taken you to start to "fix" WPS, you could have had a dozen devices connected
@mike Reaver is bruteforcing the wps pin. How shall this work the router only accepts pins in the seconds after clicking the button?
--
Regarding the OP:
It seems like openwrt looks for an extra wps button which does not exist on the tl-wr1043nd v2. There is only one button on the back which should perform wps on a short click and a factory reset at a long click.
I fixed it by putting the code from /etc/rc.button/wps at the correct place in /etc/rc.button/reset. It now looks like:
released)
if [ "$SEEN" -lt 1 ] # Button pressed for <1 sec = WPS
then
#Start of WPS code
cd /var/run/hostapd
for socket in *; do
[ -S "$socket" ] || continue
hostapd_cli -i "$socket" wps_pbc
done
#End of WPS code
elif [ "$SEEN" -ge 10 -a -n "$OVERLAY" ] # Button pressed for >10sec = Factory reset
then
echo "FACTORY RESET" > /dev/console
jffs2reset -y && reboot &
fi
;;```
Ahh, that's right, it's been so long since I used it I forgot OpenWrt allows the push button only option, I still agree with others that the risks outweigh the benefits and that a long, easily remembered password is the better choice, but push button only should be relatively secure.
Why take the chance? I have never cared to do research on WPS because it shouldn't be used because it's so insecure (it's a 10 or 12 digit number, that's all the password is), so perhaps one should start with researching whether there's an exploit that can result in simulating the GPIO push of the WPS button.
Considering one's router is the literal vault to all of one's digital life, why someone would intentionally make their router less secure is beyond comprehension.... but it's your router, your data. If you don't care about your data, then neither do I =]