Closed GoogleCodeExporter closed 9 years ago
I'm using the Atheros Communications Inc. AR9285 Wireless Network Adapter
(PCI-Express) (rev 01) as well. So far the pin never changed except for 2 times
where I got lucky, I guess. It always gives me a timeout after trying a pin.
- Reaver r35
- backtrack 5 32bit (ubuntu 10.04, Kernel 2.6.38, GNOME 2.30.2)
- Atheros AR9285 adaptor with ath9k driver
Original comment by basti.me...@googlemail.com
on 2 Jan 2012 at 12:53
Have you run Reaver with -vv to get more output? What is the make/model of your
target AP? Do you have pcaps of the attack so we can try to track down the
issue, if any?
Original comment by cheff...@tacnetsol.com
on 2 Jan 2012 at 1:34
I always run reaver with the -vv switch.
Apart from two times (which left me kinda puzzled) the output looks like this:
[+] Waiting for beacon from 00:23:08:9E:E4:03
[+] Switching mon0 to channel 1
[+] Associated with 00:23:08:9E:E4:03 (ESSID: EasyBox?-9EE451)
[+] Trying pin 08334572
[!] WARNING: Receive timeout occurred
[+] Trying pin 08334572
[!] WARNING: Receive timeout occurred
[+] Trying pin 08334572
[!] WARNING: Receive timeout occurred
[+] Trying pin 08334572
[!] WARNING: Receive timeout occurred
[+] Trying pin 08334572
[!] WARNING: Receive timeout occurred
[+] Trying pin 08334572
[!] WARNING: Receive timeout occurred
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 08334572
[!] WARNING: Receive timeout occurred
[+] Trying pin 08334572
I will do a few captures once I get home.
Original comment by basti.me...@googlemail.com
on 2 Jan 2012 at 2:20
Any more info on this?
Original comment by cheff...@tacnetsol.com
on 4 Jan 2012 at 2:44
BT4 R2 rt2800usb
Reaver 1.3 r55
root@bt:~# walsh -i mon0 -s -C
Scanning for supported APs...
00:1D:19:F5:86:F5 WLAN-F58613
root@bt:~# reaver -i mon0 -b 00:1D:19:F5:86:F5 -c 1 -b WLAN-F58613 -vv
Reaver v1.3 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetso
l.com>
[+] Waiting for beacon from 00:1D:19:F5:86:F5
[+] Switching mon0 to channel 1
[+] Associated with 00:1D:19:F5:86:F5 (ESSID: WLAN-F58613)
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2012-01-04 10:58:47 (0 seconds/attempt)
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[!] WARNING: 10 failed connections in a row
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2012-01-04 10:59:18 (0 seconds/attempt)
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2012-01-04 10:59:49 (0 seconds/at
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Failed to associate with 00:1D:19:F5:86:F
^C
[+] Nothing done, nothing to save.
[+] Session saved.
root@bt:~#
pcap file
http://www.load.to/E9tGjnKtl5/capture_BT4R2_rt2800usb
Original comment by hurenhan...@googlemail.com
on 4 Jan 2012 at 4:05
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:1D:19:F5:86:F5 28 2 0 0 1 54e WPA2 CCMP PSK WLAN-F58613
Original comment by hurenhan...@googlemail.com
on 4 Jan 2012 at 4:16
I have exactly the same issue you have with a Ralink card and a Belkin router
Original comment by kaotik2...@gmail.com
on 5 Jan 2012 at 12:07
hurenhannes, from the pcap it looks like Reaver is having trouble getting an
EAP session started, which is *usually* an indication of connectivity problems.
It's hard to tell from the pcap/airodump output what the actual RSSI is (it's
certainly not 30dbm as reported in the radio tap headers!) so I'm not sure if
that's the issue or not. Is this an AP that is very close to you?
Original comment by cheff...@tacnetsol.com
on 5 Jan 2012 at 1:00
i have the same problem it always tries the same pin and then it says WARNING:
Receive timeout occurred. i tried to see what happen on wireshark but i can´t
seem to see anything i try to filter with eth.addr the mac address of the AP
but nothing appears im using mon0 to do the capture am i doing it right?
Original comment by fabiogfe...@gmail.com
on 5 Jan 2012 at 12:10
i forgot to say that i tried with my router so im very close to it and a
strange thing happened when i do reset to the router it works the pin brute
force for some time.
Original comment by fabiogfe...@gmail.com
on 5 Jan 2012 at 12:30
@ fabio
Have you tried different APs? Some routers like Dlink 655, in my case, lock you
out permanently after a few failed attempts. That's why it starts cracking pins
when you reset your router. It will work up until that same number.
Reaver works fine with the other APs I tested.
I hope this is of any help to you.
Original comment by bramrob...@gmail.com
on 5 Jan 2012 at 2:40
fabio, can you verify that your AP supports WPS and has it enabled? When in
wireshark you can use the display filter "eap || eapol" to see the WPS messages
(WPS operates over EAP). If your device has WPS enabled and you are still
getting these timeouts, can you please provide a pcap file of the attack? It's
nearly impossible for me to debug issues like these without pcaps.
Original comment by cheff...@tacnetsol.com
on 5 Jan 2012 at 5:35
ive tried on another router but it has the same result.
i was saying that it works when i disconnect the power cord from the router and
then connect again but then it doesnt work its a little strange i will try to
capture that situation to see the differences.
im using backtrack 5 on vmware
ive captured the pcap while using reaver
this is the program output:
root@bt:~# reaver -i mon0 -b 00:22:6B:8A:E9:0B -vv
Reaver v1.3 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[?] Restore previous session? [n/Y] n
[+] Waiting for beacon from 00:22:6B:8A:E9:0B
[+] Switching mon0 to channel 2
[+] Switching mon0 to channel 3
[+] Switching mon0 to channel 4
[+] Switching mon0 to channel 5
[+] Switching mon0 to channel 6
[+] Switching mon0 to channel 7
[+] Switching mon0 to channel 8
[+] Switching mon0 to channel 11
[+] Associated with 00:22:6B:8A:E9:0B (ESSID: scarface)
[+] Trying pin 22975058
[!] WARNING: Receive timeout occurred
[+] Trying pin 22975058
[!] WARNING: Receive timeout occurred
[+] Trying pin 22975058
[!] WARNING: Receive timeout occurred
[+] Trying pin 22975058
[!] WARNING: Receive timeout occurred
^C
[+] Nothing done, nothing to save.
[+] Session saved.
Original comment by fabiogfe...@gmail.com
on 5 Jan 2012 at 9:18
Attachments:
Same issue here with VMWare Fusion an the Backtrack 5 vmware image.
Using a Bus 001 Device 002: ID 0cf3:7015 Atheros Communications, Inc. TP-Link
TL-WN821N v3 802.11n [Atheros AR7010+AR9287]
Tried it with 4 different wifi access points. Netgear/Linksys/ASUS/Sitecom
Original comment by erick.va...@gmail.com
on 7 Jan 2012 at 9:26
[deleted comment]
[deleted comment]
already tried with 3 different wifi cards rt2800pci rt73usb rtl8187 same result
on rt2860pci rt73usb walsh displays the FCS error
Original comment by fabiogfe...@gmail.com
on 7 Jan 2012 at 1:48
@fabio: After looking at your pcap, the AP is not responding after Reaver sends
the identity request packet (this packet tells the AP that we are a WPS
registrar). This indicates that the AP has disabled WPS registrar functionality
(some APs allow for this, specifically Netgears) which means the AP is not
vulnerable.
@erick, et al: Other causes of these errors typically are:
1) Poor signal strength or lots of interference (this applies to both the
attacker AND the AP)
2) MAC spoofing (known bug in Reaver where MAC spoofing doesn't work properly)
Original comment by cheff...@tacnetsol.com
on 9 Jan 2012 at 6:40
Original issue reported on code.google.com by
tiger2...@abv.bg
on 2 Jan 2012 at 11:04