wps pin

WPS PIN frame exchange

WPS (WiFi Protected Setup): Allows home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases. WPS_PIN : PIN must then be entered at the “representant” of the network, usually the network’s access point. Alternately, a PIN provided by the access point may be entered into the new device. This method is the mandatory baseline mode and everything must support it. When the PIN matches on both side, connection will start between both devices.

The following is a resprestaion of WPS_PIN handshake

Hostapd(AP) wpa_supplicant(station)

|<<-----------------------Auth_Req---------------------------|

|-------------------------Auth_Resp------------------------>>|

|<<-----------------------Assoc_Req--------------------------|

|-------------------------Assoc_Resp----------------------->>|

|-------------------------EAP_Req_Identity----------------->>|

|<<-----------------------EAP_Resp_Identity------------------|

|-------------------------EAP_EXP_WSC_START---------------->>|

|<<-----------------------EAP_EXP_WSC_M1---------------------|

|-------------------------EAP_EXP_WSC_M2------------------->>|

|<<-----------------------EAP_EXP_WSC_M3---------------------|

|-------------------------EAP_EXP_WSC_M4------------------->>|

|<<-----------------------EAP_EXP_WSC_M5---------------------|

|-------------------------EAP_EXP_WSC_M6------------------->>|

|<<-----------------------EAP_EXP_WSC_M7---------------------|

|-------------------------EAP_EXP_WSC_M8------------------->>|

|<<-----------------------EAP_EXP_WSC_DONE-------------------|

|-------------------------EAP_Failure---------------------->>|

|<<-----------------------Deauth-----------------------------|

|<<-----------------------Auth_Req---------------------------|

|-------------------------Auth_Resp------------------------>>|

|<<-----------------------Assoc_Req--------------------------|

|-------------------------Assoc_Resp----------------------->>|

|-------------------------EAPOL-M1------------------------->>|

|<<-----------------------EAPOL-M2---------------------------|

|-------------------------EAPOL-M3------------------------->>|

|<<-----------------------EAPOL-M4---------------------------|

Test bed

Inorder to execute below practical example, two Linux machines are needed with ubuntu version >= 16.04.
Check the Ubuntu version on your machine. Ubuntu version used for in this site is 20.04
$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.2 LTS
Release:	20.04
Codename:	focal

wpa_supplicant compilation

The daemon process that runs in the client stations. It implements WPA key negotiation with a WPA Authenticator and EAP authentication with Authentication Server. In addition, it controls the roaming and IEEE 802.11 authentication/association of the wireless LAN driver. Following are the steps to download and compiling wpa_supplicant from source code

Download latest wpa_supplicant

$ wget https://w1.fi/releases/wpa_supplicant-2.9.tar.gz

Install required packages

$ sudo apt install libnl-genl-3-dev libnl-3-dev libdbus-glib-1-dev

below messages indicate that packages are installed successfully

The following NEW packages will be installed:
  libdbus-glib-1-dev libdbus-glib-1-dev-bin libnl-3-dev libnl-genl-3-dev
0 upgraded, 4 newly installed, 0 to remove and 4 not upgraded.
Need to get 212 kB of archives.
After this operation, 1,235 kB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libdbus-glib-1-dev-bin amd64 0.110-5fakssync1 [39.5 kB]
Get:2 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libdbus-glib-1-dev amd64 0.110-5fakssync1 [69.2 kB]
Get:3 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libnl-3-dev amd64 3.4.0-1 [92.2 kB]
Get:4 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libnl-genl-3-dev amd64 3.4.0-1 [10.7 kB]
Fetched 212 kB in 1s (293 kB/s)             
Selecting previously unselected package libdbus-glib-1-dev-bin.
(Reading database ... 385264 files and directories currently installed.)
Preparing to unpack .../libdbus-glib-1-dev-bin_0.110-5fakssync1_amd64.deb ...
Unpacking libdbus-glib-1-dev-bin (0.110-5fakssync1) ...
Selecting previously unselected package libdbus-glib-1-dev:amd64.
Preparing to unpack .../libdbus-glib-1-dev_0.110-5fakssync1_amd64.deb ...
Unpacking libdbus-glib-1-dev:amd64 (0.110-5fakssync1) ...
Selecting previously unselected package libnl-3-dev:amd64.
Preparing to unpack .../libnl-3-dev_3.4.0-1_amd64.deb ...
Unpacking libnl-3-dev:amd64 (3.4.0-1) ...
Selecting previously unselected package libnl-genl-3-dev:amd64.
Preparing to unpack .../libnl-genl-3-dev_3.4.0-1_amd64.deb ...
Unpacking libnl-genl-3-dev:amd64 (3.4.0-1) ...
Setting up libdbus-glib-1-dev-bin (0.110-5fakssync1) ...
Setting up libnl-3-dev:amd64 (3.4.0-1) ...
Setting up libdbus-glib-1-dev:amd64 (0.110-5fakssync1) ...
Setting up libnl-genl-3-dev:amd64 (3.4.0-1) ...
Processing triggers for man-db (2.9.1-1) ...

Extract the tar file
$ tar -xvf wpa_supplicant-2.9.tar.gz
Go to wpa_supplicant directory
$ cd wpa_supplicant-2.9/wpa_supplicant
Copy the default configuration into .conf file
$ cp defconfig .config

Enable below configs in .config

$ vim .config
CONFIG_DRIVER_NL80211=y
CONFIG_WPA_PSK=y
CONFIG_WPS=y

Build the wpa_supplicant

$ make

Below is the list of files compiled based on the features enabled in “.config”

  CC  config.c
  CC  notify.c
  CC  bss.c
  CC  eap_register.c
  CC  ../src/utils/common.c
  CC  ../src/utils/wpa_debug.c
  CC  ../src/utils/wpabuf.c
  CC  ../src/utils/bitfield.c
  CC  op_classes.c
  CC  rrm.c
  CC  wmm_ac.c
  CC  ../src/utils/os_unix.c
  CC  ../src/utils/eloop.c
  CC  config_file.c
  CC  ../src/rsn_supp/wpa_ft.c
  CC  ../src/common/sae.c
  CC  ../src/common/dpp.c
  CC  dpp_supplicant.c
  CC  ../src/rsn_supp/wpa.c
  CC  ../src/rsn_supp/preauth.c
  CC  ../src/rsn_supp/pmksa_cache.c
  CC  ../src/rsn_supp/wpa_ie.c
  CC  ../src/common/wpa_common.c
  CC  ibss_rsn.c
  CC  p2p_supplicant.c
  CC  p2p_supplicant_sd.c
  CC  ../src/p2p/p2p.c
  CC  ../src/p2p/p2p_utils.c
  CC  ../src/p2p/p2p_parse.c
  CC  ../src/p2p/p2p_build.c
  CC  ../src/p2p/p2p_go_neg.c
  CC  ../src/p2p/p2p_sd.c
  CC  ../src/p2p/p2p_pd.c
  CC  ../src/p2p/p2p_invitation.c
  CC  ../src/p2p/p2p_dev_disc.c
  CC  ../src/p2p/p2p_group.c
  CC  ../src/ap/p2p_hostapd.c
  CC  wifi_display.c
  CC  hs20_supplicant.c
  CC  interworking.c
  CC  ../src/eap_peer/eap_tls.c
  CC  ../src/eap_peer/eap_peap.c
  CC  ../src/eap_common/eap_peap_common.c
  CC  ../src/eap_peer/eap_ttls.c
  CC  ../src/eap_peer/eap_md5.c
  CC  ../src/eap_peer/eap_mschapv2.c
  CC  ../src/eap_peer/mschapv2.c
  CC  ../src/eap_peer/eap_gtc.c
  CC  ../src/eap_peer/eap_otp.c
  CC  ../src/eap_peer/eap_leap.c
  CC  ../src/eap_peer/eap_fast.c
  CC  ../src/eap_peer/eap_fast_pac.c
  CC  ../src/eap_common/eap_fast_common.c
  CC  ../src/eap_peer/eap_pax.c
  CC  ../src/eap_common/eap_pax_common.c
  CC  ../src/eap_peer/eap_sake.c
  CC  ../src/eap_common/eap_sake_common.c
  CC  ../src/eap_peer/eap_gpsk.c
  CC  ../src/eap_common/eap_gpsk_common.c
  CC  ../src/eap_peer/eap_pwd.c
  CC  ../src/eap_common/eap_pwd_common.c
  CC  wps_supplicant.c
  CC  ../src/utils/uuid.c
  CC  ../src/eap_peer/eap_wsc.c
  CC  ../src/eap_common/eap_wsc_common.c
  CC  ../src/wps/wps.c
  CC  ../src/wps/wps_common.c
  CC  ../src/wps/wps_attr_parse.c
  CC  ../src/wps/wps_attr_build.c
  CC  ../src/wps/wps_attr_process.c
  CC  ../src/wps/wps_dev_attr.c
  CC  ../src/wps/wps_enrollee.c
  CC  ../src/wps/wps_registrar.c
  CC  ../src/eap_peer/eap_ikev2.c
  CC  ../src/eap_peer/ikev2.c
  CC  ../src/eap_common/eap_ikev2_common.c
  CC  ../src/eap_common/ikev2_common.c
  CC  ../src/eap_peer/eap_tnc.c
  CC  ../src/eap_peer/tncc.c
  CC  ../src/eapol_supp/eapol_supp_sm.c
  CC  ../src/eap_peer/eap.c
  CC  ../src/eap_peer/eap_methods.c
  CC  ap.c
  CC  ../src/ap/hostapd.c
  CC  ../src/ap/wpa_auth_glue.c
  CC  ../src/ap/utils.c
  CC  ../src/ap/authsrv.c
  CC  ../src/ap/ap_config.c
  CC  ../src/utils/ip_addr.c
  CC  ../src/ap/sta_info.c
  CC  ../src/ap/tkip_countermeasures.c
  CC  ../src/ap/ap_mlme.c
  CC  ../src/ap/ieee802_1x.c
  CC  ../src/eapol_auth/eapol_auth_sm.c
  CC  ../src/ap/ieee802_11_auth.c
  CC  ../src/ap/ieee802_11_shared.c
  CC  ../src/ap/drv_callbacks.c
  CC  ../src/ap/ap_drv_ops.c
  CC  ../src/ap/beacon.c
  CC  ../src/ap/bss_load.c
  CC  ../src/ap/eap_user_db.c
  CC  ../src/ap/neighbor_db.c
  CC  ../src/ap/rrm.c
  CC  ../src/ap/ieee802_11_ht.c
  CC  ../src/ap/ieee802_11_vht.c
  CC  ../src/ap/ctrl_iface_ap.c
  CC  ../src/eap_server/eap_server.c
  CC  ../src/eap_server/eap_server_identity.c
  CC  ../src/eap_server/eap_server_methods.c
  CC  ../src/ap/wmm.c
  CC  ../src/ap/ap_list.c
  CC  ../src/ap/ieee802_11.c
  CC  ../src/ap/hw_features.c
  CC  ../src/ap/dfs.c
  CC  ../src/ap/wps_hostapd.c
  CC  ../src/eap_server/eap_server_wsc.c
  CC  ../src/ap/dpp_hostapd.c
  CC  ../src/ap/gas_query_ap.c
  CC  ../src/ap/gas_serv.c
  CC  ../src/ap/hs20.c
  CC  ../src/ap/wpa_auth.c
  CC  ../src/ap/wpa_auth_ie.c
  CC  ../src/ap/pmksa_cache_auth.c
  CC  ../src/common/dragonfly.c
  CC  ../src/crypto/ms_funcs.c
  CC  ../src/eap_common/chap.c
  CC  ../src/eap_peer/eap_tls_common.c
  CC  ../src/crypto/tls_openssl.c
  CC  ../src/crypto/tls_openssl_ocsp.c
  CC  ../src/crypto/crypto_openssl.c
  CC  ../src/crypto/aes-siv.c
  CC  ../src/crypto/aes-ctr.c
  CC  ../src/crypto/aes-omac1.c
  CC  ../src/crypto/sha256-kdf.c
  CC  ../src/crypto/sha384-kdf.c
  CC  ../src/crypto/sha512-kdf.c
  CC  ../src/crypto/sha256-prf.c
  CC  ../src/crypto/sha256-tlsprf.c
  CC  ../src/crypto/sha384-prf.c
  CC  ../src/crypto/sha512-prf.c
  CC  ../src/crypto/dh_groups.c
  CC  ../src/crypto/random.c
  CC  ../src/common/ctrl_iface_common.c
  CC  ctrl_iface.c
  CC  ctrl_iface_unix.c
  CC  dbus/dbus_dict_helpers.c
  CC  dbus/dbus_new_helpers.c
dbus/dbus_new.c: In function ‘wpas_dbus_unregister_p2p_group’:
dbus/dbus_new.c:4793:3: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
 4793 |   wpa_printf(MSG_DEBUG,
      |   ^~~~~~~~~~~~~~~~~~~~~
 4794 |       "%s: Group object '%s' already unregistered",
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 4795 |       __func__, wpa_s->dbus_groupobj_path);
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  CC  dbus/dbus_new.c
  CC  dbus/dbus_new_handlers.c
  CC  dbus/dbus_common.c
  CC  dbus/dbus_new_handlers_wps.c
  CC  dbus/dbus_new_handlers_p2p.c
  CC  dbus/dbus_new_introspect.c
  CC  ../src/utils/base64.c
  CC  sme.c
  CC  ../src/common/ieee802_11_common.c
  CC  ../src/common/hw_features_common.c
  CC  ../src/eap_common/eap_common.c
  CC  ../src/crypto/sha1-prf.c
  CC  ../src/crypto/sha1-tprf.c
  CC  ../src/crypto/sha1-tlsprf.c
  CC  bgscan_simple.c
  CC  bgscan.c
  CC  ../src/common/gas_server.c
  CC  ../src/common/gas.c
  CC  gas_query.c
  CC  offchannel.c
  CC  ../src/utils/json.c
  CC  ../src/drivers/driver_common.c
  CC  wpa_supplicant.c
  CC  events.c
  CC  blacklist.c
  CC  wpas_glue.c
  CC  scan.c
  CC  main.c
  CC  ../src/drivers/driver_wired.c
  CC  ../src/drivers/driver_wired_common.c
  CC  ../src/drivers/driver_nl80211.c
  CC  ../src/drivers/driver_nl80211_capa.c
  CC  ../src/drivers/driver_nl80211_event.c
  CC  ../src/drivers/driver_nl80211_monitor.c
  CC  ../src/drivers/driver_nl80211_scan.c
  CC  ../src/drivers/netlink.c
  CC  ../src/drivers/linux_ioctl.c
  CC  ../src/drivers/rfkill.c
  CC  ../src/utils/radiotap.c
  CC  ../src/drivers/driver_wext.c
  CC  ../src/drivers/drivers.c
  CC  ../src/l2_packet/l2_packet_linux.c
  LD  wpa_supplicant
  CC  wpa_cli.c
  CC  ../src/common/wpa_ctrl.c
  CC  ../src/common/cli.c
  CC  ../src/utils/edit_simple.c
  LD  wpa_cli
  CC  wpa_passphrase.c
  LD  wpa_passphrase

Install the compiled commands (optional)
$ make install

hostapd compilation

The hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server. Following are the steps to download and compiling hostapd from source code

Download latest hostapd

$ wget http://w1.fi/releases/hostapd-2.9.tar.gz

Install required packages

$ sudo apt install libnl-genl-3-dev libnl-3-dev libdbus-glib-1-dev

below messages indicate that packages are installed successfully

The following NEW packages will be installed:
  libdbus-glib-1-dev libdbus-glib-1-dev-bin libnl-3-dev libnl-genl-3-dev
0 upgraded, 4 newly installed, 0 to remove and 4 not upgraded.
Need to get 212 kB of archives.
After this operation, 1,235 kB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libdbus-glib-1-dev-bin amd64 0.110-5fakssync1 [39.5 kB]
Get:2 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libdbus-glib-1-dev amd64 0.110-5fakssync1 [69.2 kB]
Get:3 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libnl-3-dev amd64 3.4.0-1 [92.2 kB]
Get:4 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libnl-genl-3-dev amd64 3.4.0-1 [10.7 kB]
Fetched 212 kB in 1s (293 kB/s)             
Selecting previously unselected package libdbus-glib-1-dev-bin.
(Reading database ... 385264 files and directories currently installed.)
Preparing to unpack .../libdbus-glib-1-dev-bin_0.110-5fakssync1_amd64.deb ...
Unpacking libdbus-glib-1-dev-bin (0.110-5fakssync1) ...
Selecting previously unselected package libdbus-glib-1-dev:amd64.
Preparing to unpack .../libdbus-glib-1-dev_0.110-5fakssync1_amd64.deb ...
Unpacking libdbus-glib-1-dev:amd64 (0.110-5fakssync1) ...
Selecting previously unselected package libnl-3-dev:amd64.
Preparing to unpack .../libnl-3-dev_3.4.0-1_amd64.deb ...
Unpacking libnl-3-dev:amd64 (3.4.0-1) ...
Selecting previously unselected package libnl-genl-3-dev:amd64.
Preparing to unpack .../libnl-genl-3-dev_3.4.0-1_amd64.deb ...
Unpacking libnl-genl-3-dev:amd64 (3.4.0-1) ...
Setting up libdbus-glib-1-dev-bin (0.110-5fakssync1) ...
Setting up libnl-3-dev:amd64 (3.4.0-1) ...
Setting up libdbus-glib-1-dev:amd64 (0.110-5fakssync1) ...
Setting up libnl-genl-3-dev:amd64 (3.4.0-1) ...
Processing triggers for man-db (2.9.1-1) ...

Extract the tar file
$ tar -xzvf hostapd-2.9.tar.gz
Go to Hostapd directory
$ cd hostapd-2.9/hostapd
Copy the default configuration into .conf file
$ cp defconfig .config

Enable below configs in .config

$ vim .config
CONFIG_DRIVER_NL80211=y
CONFIG_WPA_PSK=y
CONFIG_WPS=y

Build the Hostapd

$ make

Below is the list of files compiled based on the features enabled in “.config”

  CC  main.c
  CC  config_file.c
  CC  ../src/ap/hostapd.c
  CC  ../src/ap/wpa_auth_glue.c
  CC  ../src/ap/drv_callbacks.c
  CC  ../src/ap/ap_drv_ops.c
  CC  ../src/ap/utils.c
  CC  ../src/ap/authsrv.c
  CC  ../src/ap/ieee802_1x.c
  CC  ../src/ap/ap_config.c
  CC  ../src/ap/eap_user_db.c
  CC  ../src/ap/ieee802_11_auth.c
  CC  ../src/ap/sta_info.c
  CC  ../src/ap/wpa_auth.c
  CC  ../src/ap/tkip_countermeasures.c
  CC  ../src/ap/ap_mlme.c
  CC  ../src/ap/wpa_auth_ie.c
  CC  ../src/ap/preauth_auth.c
  CC  ../src/ap/pmksa_cache_auth.c
  CC  ../src/ap/ieee802_11_shared.c
  CC  ../src/ap/beacon.c
  CC  ../src/ap/bss_load.c
  CC  ../src/ap/neighbor_db.c
  CC  ../src/ap/rrm.c
  CC  ../src/drivers/drivers.c
  CC  ../src/utils/eloop.c
  CC  ../src/utils/common.c
  CC  ../src/utils/wpa_debug.c
  CC  ../src/utils/wpabuf.c
  CC  ../src/utils/os_unix.c
  CC  ../src/utils/ip_addr.c
  CC  ../src/common/ieee802_11_common.c
  CC  ../src/common/wpa_common.c
  CC  ../src/common/hw_features_common.c
  CC  ../src/eapol_auth/eapol_auth_sm.c
  CC  ../src/eapol_auth/eapol_auth_dump.c
  CC  ../src/radius/radius.c
  CC  ../src/radius/radius_client.c
  CC  ../src/radius/radius_das.c
  CC  ../src/ap/accounting.c
  CC  ../src/ap/vlan_init.c
  CC  ../src/ap/vlan_ifconfig.c
  CC  ../src/ap/vlan.c
  CC  ../src/common/ctrl_iface_common.c
  CC  ctrl_iface.c
  CC  ../src/ap/ctrl_iface_ap.c
  CC  ../src/ap/iapp.c
  CC  ../src/drivers/driver_hostap.c
  CC  ../src/drivers/driver_nl80211.c
  CC  ../src/drivers/driver_nl80211_capa.c
  CC  ../src/drivers/driver_nl80211_event.c
  CC  ../src/drivers/driver_nl80211_monitor.c
  CC  ../src/drivers/driver_nl80211_scan.c
  CC  ../src/drivers/netlink.c
  CC  ../src/drivers/linux_ioctl.c
  CC  ../src/drivers/rfkill.c
  CC  ../src/utils/radiotap.c
  CC  ../src/l2_packet/l2_packet_linux.c
  CC  ../src/eap_server/eap_server_md5.c
  CC  ../src/eap_server/eap_server_tls.c
  CC  ../src/eap_server/eap_server_peap.c
  CC  ../src/eap_common/eap_peap_common.c
  CC  ../src/eap_server/eap_server_ttls.c
  CC  ../src/eap_server/eap_server_mschapv2.c
  CC  ../src/eap_server/eap_server_gtc.c
  CC  eap_register.c
  CC  ../src/eap_server/eap_server.c
  CC  ../src/eap_common/eap_common.c
  CC  ../src/eap_server/eap_server_methods.c
  CC  ../src/eap_server/eap_server_identity.c
  CC  ../src/crypto/ms_funcs.c
  CC  ../src/eap_common/chap.c
  CC  ../src/eap_server/eap_server_tls_common.c
  CC  ../src/crypto/tls_openssl.c
  CC  ../src/crypto/tls_openssl_ocsp.c
  CC  ../src/crypto/crypto_openssl.c
  CC  ../src/crypto/aes-omac1.c
  CC  ../src/crypto/sha1-prf.c
  CC  ../src/crypto/sha1-tlsprf.c
  CC  ../src/crypto/sha256-prf.c
  CC  ../src/crypto/sha256-tlsprf.c
  CC  ../src/crypto/sha256-kdf.c
  CC  ../src/crypto/random.c
  CC  ../src/ap/wmm.c
  CC  ../src/ap/ap_list.c
  CC  ../src/ap/ieee802_11.c
  CC  ../src/ap/hw_features.c
  CC  ../src/ap/dfs.c
  CC  ../src/drivers/driver_common.c
  LD  hostapd
  CC  hostapd_cli.c
  CC  ../src/common/wpa_ctrl.c
  CC  ../src/common/cli.c
  CC  ../src/utils/edit_simple.c
  LD  hostapd_cli

Install the compiled commands (optional)
$ make install

Running hostapd

Check if wifi interface with the name “wlan0” is available. This is created on boot up of the ubuntu machine or by installing wifi driver manually

$ iwconfig 
wlan0     IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

$ iw dev 
phy#1
	Interface wlan0
		ifindex 5
		wdev 0x100000001
		addr 02:00:00:00:00:00
		type managed
		txpower 20.00 dBm

Create a hostapd.conf file in /etc/hostapd/ folder with below content

$ sudo vim /etc/hostapd/hostapd.conf

Copy below content

interface=wlan0
driver=nl80211
ssid=test_wps_pin
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0

wpa=2
wpa_passphrase=12345678
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
group_cipher=CCMP

eap_server=1
wps_state=2
ap_setup_locked=1
ctrl_interface=/var/run/hostapd
uuid=e22ecb71-2706-5c5b-9521-e1cd7dbf8e11

Go to hostapd directory
$ cd hostapd-2.9/hostapd

Run hostapd by issuing follwing command

$ sudo ./hostapd /etc/hostapd/hostapd.conf

Below log messages are seen on console after running hostapd

Configuration file: /etc/hostapd/hostapd.conf
Using interface wlan0 with hwaddr 02:00:00:00:00:00 and ssid "test_wps_pin"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED 

Verify that AP is working in WPS security mode in beacon frame
Beacon->Wireless_Managment->tagged_parameter->Vendor_spec=WPS

Mode of “wlan0” interface is now assigned as “AP/Master”. Check this by querying information via iwconfig/iw command

$ iwconfig 
wlan0     IEEE 802.11  Mode:Master  Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

$ iw dev
phy#1
	Interface wlan0
		ifindex 5
		wdev 0x100000001
		addr 02:00:00:00:00:00
		ssid test_wps_pin
		type AP
		channel 6 (2437 MHz), width: 20 MHz (no HT), center1: 2437 MHz
		txpower 20.00 dBm

Running wpa_supplicant

Check if wifi interface with the name “wlan1” is available. This is created on boot up of the ubuntu machine or by installing wifi driver manually
$ iwconfig 
wlan1     IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

$ iw dev
phy#2
	Interface wlan1
		ifindex 6
		wdev 0x200000001
		addr 02:00:00:00:01:00
		type managed
		txpower 20.00 dBm
Go to wpa_supplicant directory
$ cd wpa_supplicant-2.9/wpa_supplicant
Create wpa_supplicant.conf file without a network block
$ vim wpa_supplicant.conf  # add the following contents
ctrl_interface=/run/wpa_supplicant
update_config=1
Run wpa_supplicant without network block in wpa_supplicant.conf file
$ sudo ./wpa_supplicant -Dnl80211 -i wlan1 -c wpa_supplicant.conf

WPS-PIN connection commands

Steps	AP	Station
Step 1 : Start hostapd_cli	sudo ./hostapd_cli -i wlan0
Step 2 : Start wpa_cli		sudo ./wpa_cli -i wlan1
Step 3 : Start enrollee		> wps_pin any
		86559560
Step 4 : Get UUID of station	> status
	uuid=572cf82f-c957-5653-9b16-b5cfb298abf1
Step 4 : Start registrar	> wps_pin 572cf82f-c957-5653-9b16-b5cfb298abf1 86559560

hostapd_cli logs after connecition

$ sudo ./hostapd_cli -i wlan0
> 
> 
> <3>WPS-ENROLLEE-SEEN 02:00:00:00:01:00 572cf82f-c957-5653-9b16-b5cfb298abf1 0-00000000-0 0x3108 0 1 [ ]
<3>WPS-ENROLLEE-SEEN 02:00:00:00:01:00 572cf82f-c957-5653-9b16-b5cfb298abf1 0-00000000-0 0x3108 0 1 [ ]
<3>WPS-ENROLLEE-SEEN 02:00:00:00:01:00 572cf82f-c957-5653-9b16-b5cfb298abf1 0-00000000-0 0x3108 0 1 [ ]
<3>CTRL-EVENT-EAP-STARTED 02:00:00:00:01:00
<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=254
<3>WPS-PIN-NEEDED 572cf82f-c957-5653-9b16-b5cfb298abf1 02:00:00:00:01:00 [ | | | | |0-00000000-0]
<3>CTRL-EVENT-EAP-FAILURE 02:00:00:00:01:00
<3>WPS-ENROLLEE-SEEN 02:00:00:00:01:00 572cf82f-c957-5653-9b16-b5cfb298abf1 0-00000000-0 0x3108 0 1 [ ]
<3>CTRL-EVENT-EAP-STARTED 02:00:00:00:01:00
<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=254
<3>WPS-PIN-NEEDED 572cf82f-c957-5653-9b16-b5cfb298abf1 02:00:00:00:01:00 [ | | | | |0-00000000-0]
<3>CTRL-EVENT-EAP-FAILURE 02:00:00:00:01:00

> 
> <3>WPS-ENROLLEE-SEEN 02:00:00:00:01:00 572cf82f-c957-5653-9b16-b5cfb298abf1 0-00000000-0 0x3108 0 1 [ ]
wps_pin 572cf82f-c957-5653-9b16-b5cfb298abf1 86559560
OK
> <3>CTRL-EVENT-EAP-STARTED 02:00:00:00:01:00
<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=254
<3>WPS-REG-SUCCESS 02:00:00:00:01:00 572cf82f-c957-5653-9b16-b5cfb298abf1
<3>WPS-SUCCESS 
<3>CTRL-EVENT-EAP-FAILURE 02:00:00:00:01:00
<3>AP-STA-CONNECTED 02:00:00:00:01:00

> 
> status
state=ENABLED
phy=phy1
freq=2437
num_sta_non_erp=0
num_sta_no_short_slot_time=0
num_sta_no_short_preamble=0
olbc=0
num_sta_ht_no_gf=0
num_sta_no_ht=0
num_sta_ht_20_mhz=0
num_sta_ht40_intolerant=0
olbc_ht=0
ht_op_mode=0x0
cac_time_seconds=0
cac_time_left_seconds=N/A
channel=6
secondary_channel=0
ieee80211n=0
ieee80211ac=0
ieee80211ax=0
beacon_int=100
dtim_period=2
supported_rates=02 04 0b 16 0c 12 18 24 30 48 60 6c
max_txpower=20
bss[0]=wlan0
bssid[0]=02:00:00:00:00:00
ssid[0]=test_wps_pin
num_sta[0]=1
> 

hostapd logs after connection

Configuration file: /etc/hostapd/hostapd.conf
Using interface wlan0 with hwaddr 02:00:00:00:00:00 and ssid "test_wps_pin"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED 
wlan0: STA 02:00:00:00:01:00 IEEE 802.11: authenticated
wlan0: STA 02:00:00:00:01:00 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 02:00:00:00:01:00
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=254
wlan0: WPS-PIN-NEEDED 572cf82f-c957-5653-9b16-b5cfb298abf1 02:00:00:00:01:00 [ | | | | |0-00000000-0]
wlan0: CTRL-EVENT-EAP-FAILURE 02:00:00:00:01:00
wlan0: STA 02:00:00:00:01:00 IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
wlan0: STA 02:00:00:00:01:00 IEEE 802.1X: Supplicant used different EAP type: 254 (expanded)
wlan0: STA 02:00:00:00:01:00 IEEE 802.11: authenticated
wlan0: STA 02:00:00:00:01:00 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 02:00:00:00:01:00
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=254
wlan0: WPS-PIN-NEEDED 572cf82f-c957-5653-9b16-b5cfb298abf1 02:00:00:00:01:00 [ | | | | |0-00000000-0]
wlan0: CTRL-EVENT-EAP-FAILURE 02:00:00:00:01:00
wlan0: STA 02:00:00:00:01:00 IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
wlan0: STA 02:00:00:00:01:00 IEEE 802.1X: Supplicant used different EAP type: 254 (expanded)
wlan0: STA 02:00:00:00:01:00 IEEE 802.11: authenticated
wlan0: STA 02:00:00:00:01:00 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 02:00:00:00:01:00
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=254
wlan0: WPS-REG-SUCCESS 02:00:00:00:01:00 572cf82f-c957-5653-9b16-b5cfb298abf1
wlan0: WPS-SUCCESS 
wlan0: CTRL-EVENT-EAP-FAILURE 02:00:00:00:01:00
wlan0: STA 02:00:00:00:01:00 IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
wlan0: STA 02:00:00:00:01:00 IEEE 802.1X: Supplicant used different EAP type: 254 (expanded)
wlan0: STA 02:00:00:00:01:00 IEEE 802.11: authenticated
wlan0: STA 02:00:00:00:01:00 IEEE 802.11: associated (aid 1)
wlan0: AP-STA-CONNECTED 02:00:00:00:01:00
wlan0: STA 02:00:00:00:01:00 RADIUS: starting accounting session 4EBE44CFD424AAB1
wlan0: STA 02:00:00:00:01:00 WPA: pairwise key handshake completed (RSN)

wpa_cli logs after connection

$ sudo wpa_cli -i wlan1
>
> wps_pin any
86559560
<3>CTRL-EVENT-SCAN-STARTED 
<3>CTRL-EVENT-SCAN-RESULTS 
<3>WPS-AP-AVAILABLE 
<3>CTRL-EVENT-SCAN-STARTED 
<3>CTRL-EVENT-SCAN-RESULTS 
<3>WPS-AP-AVAILABLE 
<3>CTRL-EVENT-SCAN-STARTED 
<3>CTRL-EVENT-SCAN-RESULTS 
<3>WPS-AP-AVAILABLE 
<3>SME: Trying to authenticate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
<3>Trying to associate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
<3>Associated with 02:00:00:00:00:00
<3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
<3>CTRL-EVENT-EAP-STARTED EAP authentication started
<3>CTRL-EVENT-EAP-STATUS status='started' parameter=''
<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=1
<3>CTRL-EVENT-EAP-STATUS status='accept proposed method' parameter='WSC'
<3>CTRL-EVENT-EAP-METHOD EAP vendor 14122 method 1 (WSC) selected
<3>WPS-M2D dev_password_id=0 config_error=15
<3>CTRL-EVENT-EAP-STATUS status='completion' parameter='failure'
<3>CTRL-EVENT-EAP-FAILURE EAP authentication failed
<3>CTRL-EVENT-DISCONNECTED bssid=02:00:00:00:00:00 reason=3 locally_generated=1
<3>CTRL-EVENT-SCAN-STARTED 
<3>CTRL-EVENT-SCAN-RESULTS 
<3>WPS-AP-AVAILABLE 
<3>SME: Trying to authenticate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
<3>CTRL-EVENT-SCAN-STARTED 
<3>CTRL-EVENT-SCAN-RESULTS 
<3>WPS-AP-AVAILABLE 
<3>Trying to associate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
<3>Associated with 02:00:00:00:00:00
<3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
<3>CTRL-EVENT-EAP-STARTED EAP authentication started
<3>CTRL-EVENT-EAP-STATUS status='started' parameter=''
<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=1
<3>CTRL-EVENT-EAP-STATUS status='accept proposed method' parameter='WSC'
<3>CTRL-EVENT-EAP-METHOD EAP vendor 14122 method 1 (WSC) selected
<3>WPS-M2D dev_password_id=0 config_error=15
<3>CTRL-EVENT-EAP-STATUS status='completion' parameter='failure'
<3>CTRL-EVENT-EAP-FAILURE EAP authentication failed
<3>CTRL-EVENT-DISCONNECTED bssid=02:00:00:00:00:00 reason=3 locally_generated=1
<3>CTRL-EVENT-SCAN-STARTED 
<3>CTRL-EVENT-SCAN-RESULTS 
<3>WPS-AP-AVAILABLE 
<3>SME: Trying to authenticate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
<3>CTRL-EVENT-SCAN-STARTED 
<3>CTRL-EVENT-SCAN-RESULTS 
<3>WPS-AP-AVAILABLE 
<3>Trying to associate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
<3>Associated with 02:00:00:00:00:00
<3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
<3>CTRL-EVENT-EAP-STARTED EAP authentication started
<3>CTRL-EVENT-EAP-STATUS status='started' parameter=''
<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=1
<3>CTRL-EVENT-EAP-STATUS status='accept proposed method' parameter='WSC'
<3>CTRL-EVENT-EAP-METHOD EAP vendor 14122 method 1 (WSC) selected
<3>WPS-CRED-RECEIVED 
<3>WPS-SUCCESS 
<3>CTRL-EVENT-EAP-STATUS status='completion' parameter='failure'
<3>CTRL-EVENT-EAP-FAILURE EAP authentication failed
<3>CTRL-EVENT-DISCONNECTED bssid=02:00:00:00:00:00 reason=3 locally_generated=1
<3>SME: Trying to authenticate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
<3>Trying to associate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
<3>Associated with 02:00:00:00:00:00
<3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
<3>WPA: Key negotiation completed with 02:00:00:00:00:00 [PTK=CCMP GTK=CCMP]
<3>CTRL-EVENT-CONNECTED - Connection to 02:00:00:00:00:00 completed [id=0 id_str=]
<3>CTRL-EVENT-SCAN-STARTED 
<3>CTRL-EVENT-SCAN-RESULTS 
> 
> 
> status
bssid=02:00:00:00:00:00
freq=2437
ssid=test_wps_pin
id=0
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA2-PSK
wpa_state=COMPLETED
address=02:00:00:00:01:00
uuid=572cf82f-c957-5653-9b16-b5cfb298abf1

wpa_supplicant logs after connection

Successfully initialized wpa_supplicant
wlan1: SME: Trying to authenticate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
wlan1: Trying to associate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
wlan1: Associated with 02:00:00:00:00:00
wlan1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlan1: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=1
wlan1: CTRL-EVENT-EAP-METHOD EAP vendor 14122 method 1 (WSC) selected
wlan1: WPS-M2D dev_password_id=0 config_error=15
wlan1: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wlan1: CTRL-EVENT-DISCONNECTED bssid=02:00:00:00:00:00 reason=3 locally_generated=1
wlan1: SME: Trying to authenticate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
wlan1: Trying to associate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
wlan1: Associated with 02:00:00:00:00:00
wlan1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlan1: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=1
wlan1: CTRL-EVENT-EAP-METHOD EAP vendor 14122 method 1 (WSC) selected
wlan1: WPS-M2D dev_password_id=0 config_error=15
wlan1: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wlan1: CTRL-EVENT-DISCONNECTED bssid=02:00:00:00:00:00 reason=3 locally_generated=1
wlan1: SME: Trying to authenticate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
wlan1: Trying to associate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
wlan1: Associated with 02:00:00:00:00:00
wlan1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlan1: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=1
wlan1: CTRL-EVENT-EAP-METHOD EAP vendor 14122 method 1 (WSC) selected
wlan1: WPS-CRED-RECEIVED 
wlan1: WPS-SUCCESS 
wlan1: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wlan1: CTRL-EVENT-DISCONNECTED bssid=02:00:00:00:00:00 reason=3 locally_generated=1
wlan1: SME: Trying to authenticate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
wlan1: Trying to associate with 02:00:00:00:00:00 (SSID='test_wps_pin' freq=2437 MHz)
wlan1: Associated with 02:00:00:00:00:00
wlan1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlan1: WPA: Key negotiation completed with 02:00:00:00:00:00 [PTK=CCMP GTK=CCMP]
wlan1: CTRL-EVENT-CONNECTED - Connection to 02:00:00:00:00:00 completed [id=0 id_str=]

Run data traffic

Steps	AP	Station
Step 1 : Assign IP address	$ ifconfig wlan0 192.168.3.1 up	$ ifconfig wlan1 192.168.3.10 up
Step 2 : Check IP address	$ ifconfig wlan0 wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.3.1 netmask 255.255.255.0 broadcast 192.168.3.255 ether 02:00:00:00:00:00 txqueuelen 1000 (Ethernet) RX packets 61 bytes 11085 (11.0 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 130 bytes 25688 (25.6 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0	$ ifconfig wlan1 wlan1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.3.10 netmask 255.255.255.0 broadcast 192.168.3.255 ether 02:00:00:00:01:00 txqueuelen 1000 (Ethernet) RX packets 73 bytes 13119 (13.1 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 65 bytes 13111 (13.1 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Step 3 : Check ping	$ ping 192.168.3.10 PING 192.168.3.10 (192.168.3.10) 56(84) bytes of data. 64 bytes from 192.168.3.10: icmp_seq=1 ttl=64 time=0.092 ms 64 bytes from 192.168.3.10: icmp_seq=2 ttl=64 time=0.036 ms 64 bytes from 192.168.3.10: icmp_seq=3 ttl=64 time=0.094 ms 64 bytes from 192.168.3.10: icmp_seq=4 ttl=64 time=0.105 ms 64 bytes from 192.168.3.10: icmp_seq=5 ttl=64 time=0.094 ms	$ ping 192.168.3.1 PING 192.168.3.1 (192.168.3.1) 56(84) bytes of data. 64 bytes from 192.168.3.1: icmp_seq=1 ttl=64 time=0.121 ms 64 bytes from 192.168.3.1: icmp_seq=2 ttl=64 time=0.091 ms 64 bytes from 192.168.3.1: icmp_seq=3 ttl=64 time=0.090 ms 64 bytes from 192.168.3.1: icmp_seq=4 ttl=64 time=0.097 ms 64 bytes from 192.168.3.1: icmp_seq=5 ttl=64 time=0.243 ms
Step 4 : Run iperf TCP DL	$ iperf -c 192.168.3.10 -i 1 -t 5	$ iperf -s -i 1
Step 5 : Run iperf TCP UL	$ iperf -s -i 1	$ iperf -c 192.168.3.1 -i 1 -t 5
Step 6 : Run iperf UDP DL	$ iperf -c 192.168.3.10 -u -b 1000M -i 1 -t 5	$ iperf -s -u -i 1
Step 7 : Run iperf UDP UL	$ iperf -s -u -i 1	$ iperf -c 192.168.3.1 -u -b 1000M -i 1 -t 5