So if the wps is just numbers and its always 8digits long, can you use crunch to create a dictionary of pins 00000000 to 99999999 and then run that dictionary agaist a 4way handshake ??
No, cause EAPOL data matches to the true WPA/WPA2 password, it's not related to WPS circuit. WPS just helps devices to be connected without long passwords. Thus, 4-way EAPOL handshakes will reveal the true WPA/WPA2 passwords, only.
What about the router showing time amount , you could have shown the delay command and which would allow you to give a set time between trying new pin attempts.
Have you tried ifconfig wlan0 down Ifconfig wlan0 mode monitor Ifconfig wlan0 up Or airmon-ng start wlanO Then kill any listed things that could cause issues. Example ... Network manager process id 888 Type kill 888 Run this as sudo
WPS is never letters , and wps is different than the psk, once you hack the wps you have controll, even if they change the psk "password" you still have the wps pin. Unless they disable it you will always access