Closed GoogleCodeExporter closed 8 years ago
0. What version of Reaver are you using? (Only defects against the latest
version will be considered.)
version 1.4 r_84
1. What operating system are you using (Linux is the only supported OS)?
Back|Track5 r1 (reaver dowload with "svn checkout
http://reaver-wps.googlecode.com/svn/trunk/ reaver"
And installed :
root@bt:~/reaver/src# ./configure && make && make install
2. Is your wireless card in monitor mode (yes/no)?
yes.
Note the wireless network card:
root@bt:~# lspci -v
"03:04.0 Ethernet controller: Atheros Communications Inc. Atheros AR5001X+
Wireless Network Adapter (rev 01)
Subsystem: D-Link System Inc Device 3a13
Flags: bus master, medium devsel, latency 168, IRQ 16
Memory at fbff0000 (32-bit, non-prefetchable) [size=64K]
Capabilities: [44] Power Management version 2
Kernel driver in use: ath5k
Kernel modules: ath5k
"
3. What is the signal strength of the Access Point you are trying to crack?
root@bt:~# iwlist mon0 scanning
" Cell 04 - Address: 00:B0:0C:XX:XX:XX
Channel:6
Frequency:2.437 GHz (Channel 6)
Quality=27/70 Signal level=-83 dBm
Encryption key:on
ESSID:"Tenda"
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 9 Mb/s
18 Mb/s; 36 Mb/s; 54 Mb/s
Bit Rates:6 Mb/s; 12 Mb/s; 24 Mb/s; 48 Mb/s
Mode:Master
Extra:tsf=000001b496a94a42
Extra: Last beacon: 612ms ago
IE: Unknown: 000554656E6461
IE: Unknown: 010882848B961224486C
IE: Unknown: 030106
IE: Unknown: 2A0104
IE: Unknown: 32040C183060
IE: Unknown: 2D1AEE1117FF000000010000000000000000000000000C0000000000
IE: Unknown: 3D1606050000000000000000000000000000000000000000
IE: Unknown: 3E0100
IE: IEEE 802.11i/WPA2 Version 1
Group Cipher : CCMP
Pairwise Ciphers (1) : CCMP
Authentication Suites (1) : PSK
IE: Unknown: DD180050F2020101000003A4000027A4000042435E0062322F00
IE: Unknown: 7F0101
IE: Unknown: DD07000C4304000000
IE: Unknown: 0706434E20010E10
IE: Unknown: DD1E00904C33EE1117FF000000010000000000000000000000000C0000000000
IE: Unknown: DD1A00904C3406050000000000000000000000000000000000000000
IE: Unknown: DD9A0050F204104A0001101044000101103B000103104700102880288028801880A88000B00C482D881021001852616C696E6B20546563686E6F6C6F67792C20436F72702E10230011576972656C6573735F4E20526F75746572102400065254323836301042000831323334353637381054000800060050F204000110110011576972656C6573735F4E20526F75746572100800020084103C000101
"
5. What is the entire command line string you are supplying to reaver?
"eaver -i mon0 -b 00:B0:0C:48:2D:88 -c 6 -e Tenda -S -w -vv"
6. Please describe what you think the issue is.
gets to 90.90% then keeps trying the same pin (13695675) over and over.
after waiting for half an hour, stopped with ctrl+c and saved.
restarted, restored the session but keeps trying same pin over again.
Attached files .cap .png referring to the problems.
I am wait response.
Original comment by suzuk_1...@hotmail.com
on 12 Jan 2012 at 1:49
Attachments:
@ismailcemoz: this sounds like a dup of issue 88. I would also suggest using
the latest SVN code instead of 1.3 (1.4 will be released soon!) as 1.3 had some
bugs with false pin matches.
@suzuk: looking at your iwlist output you have a pretty low signal strength and
receive quality, which is reflected in the pcap file. Reaver is having trouble
even establishing a WPS session. However, with that said, I'm seeing some
strange behavior from Reaver in that it is sending M6 packets out of order. I
think I know what might be causing this, I'll take a look at the code and let
you know when I have a fix.
Original comment by cheff...@tacnetsol.com
on 12 Jan 2012 at 2:46
I have the exact same issue but at 90.90% :
Output:
reaver -i mon0 -b 00:26:11:22:33:44 -L -E -vv
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
[?] Restore previous session? [n/Y] y
[+] Restored previous session
[+] Waiting for beacon from 00:26:11:22:33:44
[+] Switching mon0 to channel 1
[+] Associated with 00:26:11:22:33:44 (ESSID: AP_NAME)
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] 90.90% complete @ 2012-01-12 15:24:15 (5 seconds/attempt)
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
Version:
Version 1.4_88
Back|Track5 r1 (reaver dowload with "svn checkout
http://reaver-wps.googlecode.com/svn/trunk/ reaver"
And installed :
root@bt:~/reaver/src# ./configure && make && make install
I'm using a AWUS036H adapter (RTL8187) in monitor mode. I've now had this issue
against 2 AP's. 1 is a Thomson the other I'm not sure about.
I have a pcap of this with a eap display filter as suggested in issue 94.
Please let me know where I can send it to.
Original comment by alphe...@gmail.com
on 12 Jan 2012 at 3:04
Just mailed the pcap file to Craig.
Original comment by alphe...@gmail.com
on 12 Jan 2012 at 3:09
@suzuk: I just checked in some code that should fix your issue, but I can't
reproduce it on my end so please verify.
@alphenit: From Reaver's output it seems that the first half of the pin is
incorrect. I just got your pcap, will look it over.
Original comment by cheff...@tacnetsol.com
on 12 Jan 2012 at 3:10
@alphenit: Yes, looking at the pcap the first four of the pin that Reaver is
trying is definitely wrong, but it looks like Reaver has run out of pins to
test so it keeps trying the last one. Can you give Reaver the correct pin with
the --pin option and make sure that it works?
Original comment by cheff...@tacnetsol.com
on 12 Jan 2012 at 3:13
@Craig
The AP belongs to a neighbor of mine who went abroad for work a couple of days
back. I asked him if I could "play" with his router which he was fine with. (so
I don't have physical access to the bloody thing)
He's on a flexible contract abroad so could be weeks or months before he
returns :( .
Original comment by alphe...@gmail.com
on 12 Jan 2012 at 3:24
i have same problem in 90.90% its repeat same pin
Original comment by 1achr...@gmail.com
on 12 Jan 2012 at 3:30
Original issue reported on code.google.com by
ismailce...@gmail.com
on 12 Jan 2012 at 11:37