Closed GoogleCodeExporter closed 9 years ago
Put the card in monitor mode
$airmon-ng start wlan0
and then
$./reaver -i mon0 -b 58:6d:8f:07:62:0d -c 11 -vv
Original comment by gorilla....@gmail.com
on 2 Jan 2012 at 5:10
I'm having the same issues, testing on a Thomson TG 787 router and using the
latest svn.
Procedure:
airmon-ng start wlan1 11
./reaver -i mon2 -b 08:76:ff:04:a8:ea -vv -c 11 > reaver-svn-thomson-787
aireplay-ng -1 manages to authenticate successfuly with the ap.
Original comment by mikfishe...@gmail.com
on 2 Jan 2012 at 5:32
Attachments:
These issues are indicative of poor connectivity.
Looking at the RSSI in the radio tap headers from both of these pcaps, you both
have signal strengths in the -55 to -60dbm range. I would suggest getting in
the -45dbm range or better, which you should be able to get by using a
directional antenna and/or amplifiers.
Reaver isn't using a "reliable" protocol like TCP, it's sending and receiving
raw EAP packets. Even if you can see the AP, you have no idea what kind of
interference may be present at the AP's location, how sensitive its receiver
is, how selective (or not selective...) its RF front end is, etc. Unfortunately
this is one of the biggest drawbacks to preforming an active attack such as
this one. I suspect that if you can get closer or increase your signal strength
you will see better results.
Original comment by cheff...@tacnetsol.com
on 2 Jan 2012 at 6:32
Thanks, I'll try it closer and report.
Original comment by pah...@gmail.com
on 2 Jan 2012 at 6:37
I'm testing this on my router, right close to it in the same room. I've heard
that being to much close might actually produce interference, so I'll try this
at other distances.
Thanks.
Original comment by mikfishe...@gmail.com
on 2 Jan 2012 at 6:41
Let me know how it goes pahtzo. I have not tested the E3200 specifically, but
Reaver works well with Linksys routers in general.
Original comment by cheff...@tacnetsol.com
on 2 Jan 2012 at 6:46
Craig, sure thing. FWIW, I tested the other day from an IBM T42 laptop against
a Cisco E2500 with success.
Original comment by pah...@gmail.com
on 2 Jan 2012 at 7:05
No luck on the E3200. I'm in the 1 meter range. I also tried it from a
different laptop and hardware, also Backtrack 5, with the same errors. I'll
see if I can test against the known E2500 with my current set up.
Original comment by pah...@gmail.com
on 2 Jan 2012 at 7:31
Managed to test with another wireless card/drivers and it's working.
Btw has anyone started compiling a list of tested/vulnerable AP's?
Original comment by mikfishe...@gmail.com
on 2 Jan 2012 at 7:33
I have an E2500 also and it works very well for me too. I assume you're using
the latest code from SVN? Have you tried the --win7 option? This seemed to help
with some other APs that were having similar (but not quite identical) issues.
Original comment by cheff...@tacnetsol.com
on 2 Jan 2012 at 7:35
mikfisher, what wireless card and drivers did and did not work? I'll update the
wiki with them.
pahtzo, from the pcaps it looks like you are having the exact same issues as
mikfisher; do you have another wireless card you can try to see if it fixes
your problems as well?
Original comment by cheff...@tacnetsol.com
on 2 Jan 2012 at 8:28
Craig, yes, svn r38. I did try the --win7 option, and changing some timings as
well, no luck. I'll see if I can update the drivers and try again, I don't
have a different card on hand though. I can't imagine the codebase between
E2500 and E3200 is all that different to cause issues.
Original comment by pah...@gmail.com
on 2 Jan 2012 at 8:41
@Craig Ralink 2570 USB stick using rt2500 USB driver.
Original comment by mikfishe...@gmail.com
on 2 Jan 2012 at 9:06
pahtzo, to confirm: using the same set-up you can attack the E2500, but not the
E3200?
Original comment by cheff...@tacnetsol.com
on 3 Jan 2012 at 12:36
Craig, negative, the E2500 I was able to attack with different hardware than
what I'm using against the E3200. I'll have access to the E2500 at some point
tomorrow so I'll hit it with the same hardware that's failing on the E3200.
Original comment by pah...@gmail.com
on 3 Jan 2012 at 2:38
FYI, I've had others report that the E3200 does implement a lock out period,
but it is a temporary lock (reported to be 60 seconds).
Original comment by cheff...@tacnetsol.com
on 4 Jan 2012 at 1:05
Original comment by cheff...@tacnetsol.com
on 4 Jan 2012 at 2:44
I can confirm the 60 seconds/3 PINs cycle on firmware 1.0.02. I used
--ignore-locks to overcome this using 1.3 non svn. Will try the SVN updates.
Original comment by philippe...@hotmail.com
on 4 Jan 2012 at 8:29
Thanks for the info on the E3200. I'm sure this is driver related. I have two
identical laptops, IBM T60 with the Intel PRO/Wireless 3945ABG (rev 02) card.
Laptop A: Fedora 14 2.6.35.14-106.fc14.x86_64 kernel with the iwl3945 driver.
Laptop B: BackTrack 5 2.6.39.4 i686 kernel with the iwl3945 driver.
Laptop A has no trouble attacking the E2500.
Laptop B fails with the same symptoms as above against the same E2500.
I'll try BT5R1 64 bit and report results.
Original comment by pah...@gmail.com
on 4 Jan 2012 at 8:32
No prob. Might add in my info though:
BT5-32 pretty much stock running VM, RT73usb device (Hawkings).
Original comment by philippe...@hotmail.com
on 4 Jan 2012 at 8:47
Confirmed driver issue. Fixed by patching BT5R1 with the latest
compat-wireless drivers. Instructions here:
http://www.backtrack-linux.org/wiki/index.php/Wireless_Drivers#rt2800usb I used
the latest compat-wireless from here:
http://linuxwireless.org/download/compat-wireless-2.6/
So, Intel 3945ABG works fine with patched drivers on BT5R1 i686. Thanks for
the help all.
Original comment by pah...@gmail.com
on 5 Jan 2012 at 2:48
Awesome, glad it's working now. :)
Original comment by cheff...@tacnetsol.com
on 5 Jan 2012 at 3:35
[deleted comment]
Could someone please elaborate on Comment 21 and show the specific commands
required to patch the latest compat-wireless drivers for an Intel 3945ABG on
BT5R1? I'm having a few difficulties installing this correctly. Thanks
Original comment by tezz...@gmail.com
on 19 Jan 2012 at 6:13
ln -s /usr/src/linux /lib/modules/2.6.39.4/build
cd /usr/src/
wget
http://linuxwireless.org/download/compat-wireless-2.6/compat-wireless-2011-07-14
.tar.bz2
tar jxpf compat-wireless-2011-07-14.tar.bz2
wget http://www.backtrack-linux.org/2.6.39.patches.tar
tar xpf 2.6.39.patches.tar
cd compat-wireless-2011-07-14
patch -p1 < ../patches/mac80211-2.6.29-fix-tx-ctl-no-ack-retry-count.patch
patch -p1 < ../patches/mac80211.compat08082009.wl_frag+ack_v1.patch
patch -p1 < ../patches/zd1211rw-2.6.28.patch
patch -p1 < ../patches/ipw2200-inject.2.6.36.patch
./scripts/driver-select
make
make install
make wlunload
reboot your system
this should work @ the line ./scripts/driver-select you can choose a specified
chipset but i do not do that because i have many adapters
it takes longer
it is not sure that it will work better after that. good luck
Original comment by patricks...@gmail.com
on 19 Jan 2012 at 6:22
@25 Thanks for the response,I'll give it a try. I found the same help from
http://www.backtrack-linux.org/wiki/index.php/Wireless_Drivers#rt2800usb. Am I
correct in saying that this doesn't work when using a Backtrack Live DVD? Sorry
if that's a stupid question!
Original comment by tezz...@gmail.com
on 19 Jan 2012 at 7:12
well you can not reboot your system... well it get lost because of live CD so
nothing can be destroyed.
Ive seen a way that you do not need to reboot you load the new drivers after
this
procedure.....
But why you do not try to install on a USB drive? If you do not want to install
it beside of Windows so every change will persist.
Original comment by patricks...@gmail.com
on 19 Jan 2012 at 7:20
I've installed to USB without any issues, thanks for the tip. However, I'm
still having the same problems after following the commands in Comment 25.
If I use the latest compat-wireless from
http://linuxwireless.org/download/compat-wireless-2.6/compat-wireless-2012-01-21
.tar.bz2 instead, do I use the same patch commands? To be clear, I only need
the latest drivers for Intel 3945ABG.
Sorry again for my noobishness everyone. Just trying to get my head around the
world of Linux drivers! Thanks for your help...
Original comment by tezz...@gmail.com
on 21 Jan 2012 at 11:25
@ tezz, I don't know if you need the driverspatch, you can do the compat
installation
twice once without the patches and once with those patches and see the
difference.
Just keep on experimenting, you will learn much moore...
A tip if reaver does not look like it should don't watch for houres on it or
dig too much into the OS system try other wireless adapters too see what
happens.
Original comment by patricks...@gmail.com
on 22 Jan 2012 at 8:11
That makes sense. Thanks for sparing the time to help a noob like me out.
Hopefully, I'll get there eventually! Congrats to cheffner for his work on this
tool!
Original comment by tezz...@gmail.com
on 22 Jan 2012 at 2:59
Original issue reported on code.google.com by
pah...@gmail.com
on 2 Jan 2012 at 5:06Attachments: