stuck at 99.9%, keeps trying the same pin

[GoogleCodeExporter]

0. What version of Reaver are you using?  (Only defects against the latest
version will be considered.)

version 1.3

1. What operating system are you using (Linux is the only supported OS)?

bactrack 5 (reaver installed with " apt-get install reaver"

2. Is your wireless card in monitor mode (yes/no)?

yes

3. What is the signal strength of the Access Point you are trying to crack?

pwr : -55
rxq : 70

5. What is the entire command line string you are supplying to reaver?

"reaver -i mon0 -b 00:25:XX:XX:XX:XX -vv"

6. Please describe what you think the issue is.

gets to 99.9% then keeps trying the same pin over and over.
after waiting for half an hour, stopped with ctrl+c and saved.
restarted, restored the session but keeps trying same pin over again

Original issue reported on code.google.com by ismailce...@gmail.com on 12 Jan 2012 at 11:37

[GoogleCodeExporter]

0. What version of Reaver are you using?  (Only defects against the latest
version will be considered.)

version 1.4 r_84

1. What operating system are you using (Linux is the only supported OS)?

Back|Track5 r1 (reaver dowload with "svn checkout 
http://reaver-wps.googlecode.com/svn/trunk/ reaver"
And installed : 
root@bt:~/reaver/src# ./configure && make && make install

2. Is your wireless card in monitor mode (yes/no)?

yes.
Note the wireless network card:
root@bt:~# lspci -v

"03:04.0 Ethernet controller: Atheros Communications Inc. Atheros AR5001X+ 
Wireless Network Adapter (rev 01)
    Subsystem: D-Link System Inc Device 3a13
    Flags: bus master, medium devsel, latency 168, IRQ 16
    Memory at fbff0000 (32-bit, non-prefetchable) [size=64K]
    Capabilities: [44] Power Management version 2
    Kernel driver in use: ath5k
    Kernel modules: ath5k
"

3. What is the signal strength of the Access Point you are trying to crack?

root@bt:~# iwlist mon0 scanning
" Cell 04 - Address: 00:B0:0C:XX:XX:XX
                    Channel:6
                    Frequency:2.437 GHz (Channel 6)
                    Quality=27/70  Signal level=-83 dBm  
                    Encryption key:on
                    ESSID:"Tenda"
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 9 Mb/s
                              18 Mb/s; 36 Mb/s; 54 Mb/s
                    Bit Rates:6 Mb/s; 12 Mb/s; 24 Mb/s; 48 Mb/s
                    Mode:Master
                    Extra:tsf=000001b496a94a42
                    Extra: Last beacon: 612ms ago
                    IE: Unknown: 000554656E6461
                    IE: Unknown: 010882848B961224486C
                    IE: Unknown: 030106
                    IE: Unknown: 2A0104
                    IE: Unknown: 32040C183060
                    IE: Unknown: 2D1AEE1117FF000000010000000000000000000000000C0000000000
                    IE: Unknown: 3D1606050000000000000000000000000000000000000000
                    IE: Unknown: 3E0100
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : CCMP
                        Pairwise Ciphers (1) : CCMP
                        Authentication Suites (1) : PSK
                    IE: Unknown: DD180050F2020101000003A4000027A4000042435E0062322F00
                    IE: Unknown: 7F0101
                    IE: Unknown: DD07000C4304000000
                    IE: Unknown: 0706434E20010E10
                    IE: Unknown: DD1E00904C33EE1117FF000000010000000000000000000000000C0000000000
                    IE: Unknown: DD1A00904C3406050000000000000000000000000000000000000000
                    IE: Unknown: DD9A0050F204104A0001101044000101103B000103104700102880288028801880A88000B00C482D881021001852616C696E6B20546563686E6F6C6F67792C20436F72702E10230011576972656C6573735F4E20526F75746572102400065254323836301042000831323334353637381054000800060050F204000110110011576972656C6573735F4E20526F75746572100800020084103C000101
"

5. What is the entire command line string you are supplying to reaver?

"eaver -i mon0 -b 00:B0:0C:48:2D:88 -c 6 -e Tenda -S -w -vv"

6. Please describe what you think the issue is.

gets to 90.90% then keeps trying the same pin (13695675) over and over.
after waiting for half an hour, stopped with ctrl+c and saved.
restarted, restored the session but keeps trying same pin over again.
Attached files .cap .png referring to the problems.

I am wait response.

Original comment by suzuk_1...@hotmail.com on 12 Jan 2012 at 1:49

Attachments:

• [Faithless with tcpdump](https://storage.googleapis.com/google-code-attachments/reaver-wps/issue-129/comment-1/Faithless with tcpdump)

[GoogleCodeExporter]

@ismailcemoz: this sounds like a dup of issue 88. I would also suggest using 
the latest SVN code instead of 1.3 (1.4 will be released soon!) as 1.3 had some 
bugs with false pin matches.

@suzuk: looking at your iwlist output you have a pretty low signal strength and 
receive quality, which is reflected in the pcap file. Reaver is having trouble 
even establishing a WPS session. However, with that said, I'm seeing some 
strange behavior from Reaver in that it is sending M6 packets out of order. I 
think I know what might be causing this, I'll take a look at the code and let 
you know when I have a fix.

Original comment by cheff...@tacnetsol.com on 12 Jan 2012 at 2:46

[GoogleCodeExporter]

I have the exact same issue but at 90.90% :
Output:
reaver -i mon0 -b 00:26:11:22:33:44 -L -E -vv

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner

[?] Restore previous session? [n/Y] y
[+] Restored previous session
[+] Waiting for beacon from 00:26:11:22:33:44
[+] Switching mon0 to channel 1
[+] Associated with 00:26:11:22:33:44 (ESSID: AP_NAME)
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] 90.90% complete @ 2012-01-12 15:24:15 (5 seconds/attempt)
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response

Version:
Version 1.4_88

Back|Track5 r1 (reaver dowload with "svn checkout 
http://reaver-wps.googlecode.com/svn/trunk/ reaver"
And installed : 
root@bt:~/reaver/src# ./configure && make && make install

I'm using a AWUS036H adapter (RTL8187) in monitor mode. I've now had this issue 
against 2 AP's. 1 is a Thomson the other I'm not sure about.

I have a pcap of this with a eap display filter as suggested in issue 94. 
Please let me know where I can send it to.

Original comment by alphe...@gmail.com on 12 Jan 2012 at 3:04

[GoogleCodeExporter]

Just mailed the pcap file to Craig.

Original comment by alphe...@gmail.com on 12 Jan 2012 at 3:09

[GoogleCodeExporter]

@suzuk: I just checked in some code that should fix your issue, but I can't 
reproduce it on my end so please verify.

@alphenit: From Reaver's output it seems that the first half of the pin is 
incorrect. I just got your pcap, will look it over.

Original comment by cheff...@tacnetsol.com on 12 Jan 2012 at 3:10

[GoogleCodeExporter]

@alphenit: Yes, looking at the pcap the first four of the pin that Reaver is 
trying is definitely wrong, but it looks like Reaver has run out of pins to 
test so it keeps trying the last one. Can you give Reaver the correct pin with 
the --pin option and make sure that it works?

Original comment by cheff...@tacnetsol.com on 12 Jan 2012 at 3:13

[GoogleCodeExporter]

@Craig
The AP belongs to a neighbor of mine who went abroad for work a couple of days 
back. I asked him if I could "play" with his router which he was fine with. (so 
I don't have physical access to the bloody thing)
He's on a flexible contract abroad so could be weeks or months before he 
returns :( .

Original comment by alphe...@gmail.com on 12 Jan 2012 at 3:24

[GoogleCodeExporter]

i have same problem in 90.90% its repeat same pin 

Original comment by 1achr...@gmail.com on 12 Jan 2012 at 3:30