Keeps trying the same pin

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Installed reaver correctly.
2. Lauched with command: "reaver -i mon0 -b 00:25:XX:XX:XX:XX -vv"
3. Wait.

What is the expected output? What do you see instead?
WPA2 key

Keeps trying the same pin over and over again pin: "12345670"

What version of the product are you using? On what operating system?
Tryed reaver 1.3 and the one from svn checkout, both seemed to do the same 
thing. On linux backtrack 5 R1.

Please provide any additional information below.
Please help, the router is a Dlink

Original issue reported on code.google.com by SpoofThi...@gmail.com on 5 Jan 2012 at 10:25

[GoogleCodeExporter]

try --ignore-locks but is isnt work for me either its stuck after some %

Original comment by An000000...@gmail.com on 5 Jan 2012 at 10:46

[GoogleCodeExporter]

Some routers like Dlink 655 for example lock you out permanently. The first 
time I tried, it would start cracking pins. Then after a certain number I would 
get "AP rate limited". And from that moment on reaver just keeps trying the 
same pin over and over. 
If you reboot the router, reaver starts cracking pins up to the same point and 
the error appears again. Using --ignore-locks won't work in this case. Also 
make sure you run walsh first to confirm this particular AP has WPS enabled. 

Original comment by bramrob...@gmail.com on 5 Jan 2012 at 11:01

[GoogleCodeExporter]

Spoof, what model D-Link is it? Does walsh list it as supported? If walsh does 
list it, can you provide a pcap of the Reaver attack?

Original comment by cheff...@tacnetsol.com on 5 Jan 2012 at 4:18

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Same issue here.

Reaver from checkout svn, rev 42.

Command:

sudo ./reaver -i mon0 -b XX.XX.XX.XX -vv -c 3

OS:
Ubuntu 10.4

Keep trying the same pin over and over every 5 attempts says 0% complete and 
some time Warning 10 failed connections in a row.

Wireless card: intel 5300, working perfectly with the correct drivers in mon 
mode.

Original comment by walterbo...@gmail.com on 9 Jan 2012 at 12:31

[GoogleCodeExporter]

walter, does walsh list your target AP as supported? If walsh does list it, can 
you provide a pcap of the Reaver attack?

Original comment by cheff...@tacnetsol.com on 9 Jan 2012 at 12:32

[GoogleCodeExporter]

Original comment by cheff...@tacnetsol.com on 9 Jan 2012 at 6:48

• Added labels: Priority-Low
• Removed labels: Priority-Medium

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Yes, the same for me as well. walsh lists the router. However the same pin is 
tried over and over again with the exact same issues. I have broken other wpa's 
with the same settings so there is no problem on my end.

Original comment by baba...@gmail.com on 10 Jan 2012 at 6:29

[GoogleCodeExporter]

I can't debug much without pcaps of the failed attacks guys.

Original comment by cheff...@tacnetsol.com on 10 Jan 2012 at 7:45

[GoogleCodeExporter]

I have the same issues.
Please let me know how to capture pcaps and i'll be happy to provide them.
Thanks for all the hard work.

Original comment by avri210...@gmail.com on 10 Jan 2012 at 7:57

[GoogleCodeExporter]

avri, the easiest way is probably to use Wireshark.

Original comment by cheff...@tacnetsol.com on 11 Jan 2012 at 4:55

• Changed state: NeedMoreInfo

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

I'm having the same or similar issue with a Belkin router.  I used r84 with the 
rt2800pci driver and Ubuntu 11.10.

Walsh output:

BSSID                  Channel       WPS Version       WPS Locked        ESSID
--------------------------------------------------------------------------------
--------------
08:86:3B:5E:85:02       3            1.0               N                 
belkin.502

The reaver output is attached, as well as the pcap of the session.

Many thanks.

Original comment by usnho...@gmail.com on 12 Jan 2012 at 3:44

Attachments:

• reaver.txt
• belkin.pcap

[GoogleCodeExporter]

It's also worth noting that I got to about 0.25% before it starting hanging up 
on this pin.  So, perhaps I was blacklisted by the router as mentioned above.

Original comment by usnho...@gmail.com on 12 Jan 2012 at 3:45

[GoogleCodeExporter]

usnhobbz, based on Reaver's difficulty in even associating to the target AP and 
the relatively low signal strength reported in the radio tap headers of your 
capture file, I'd suspect this is a connectivity issue. Did you get many errors 
while doing the first .25%? How long did it take? 

It could be that there was very little interference when you first started 
reaver, but then someone fired up their computer or an adjacent AP changed 
channels or something and now the interference is preventing you from 
completing the attack.

Original comment by cheff...@tacnetsol.com on 12 Jan 2012 at 4:20

[GoogleCodeExporter]

When it was working reaver was reporting around 8 seconds per PIN attempt.  
airomon-ng reports a steady -64 for the power.  A different AP in the next room 
about 30 feet away reports -67.

Thanks for the quick reply.

Original comment by usnho...@gmail.com on 12 Jan 2012 at 4:31

[GoogleCodeExporter]

The pcap headers show the power readings between -70 and -76dbm; these can be 
off though. It's easy to test: if you get closer to the AP does the attack 
resume, or does it still have problems even associating with the AP?

Original comment by cheff...@tacnetsol.com on 12 Jan 2012 at 4:40

[GoogleCodeExporter]

How are we blocked? By MAC address? If so, perhaps we could implement MAC 
address randomization or switching after some number of timeouts?

Original comment by ThomasEr...@gmail.com on 12 Jan 2012 at 9:12

[GoogleCodeExporter]

@Thomas: From all the APs that I've tested and all the testing that I've heard 
from others, when an AP locks WPS, it is a global lock. Once locked, all 
devices are blocked until WPS is unlocked.

Original comment by cheff...@tacnetsol.com on 16 Jan 2012 at 3:20

[GoogleCodeExporter]

Got almost the same problem, I'm sure if it's relevant to post it here, but the 
AP accepted all my requests up until now, and suddenly, at like 90.10%, reaver 
starts repeating the same PIn over and over, until it gets blocked by the AP :P

Original comment by hadwa...@gmail.com on 16 Jan 2012 at 5:20

[GoogleCodeExporter]

@ hadwa...

Yesterday I got up to 90.9% as well, from then on it kept repeating the same 
pin indefinitely (let it go overnight so about 10 hours total). It didn't seem 
that my MAC was blocked or the AP locks WPS (how can you distinguish either 
from normal operation?).

Part of the log:

[+] Trying pin 19962382
[+] Trying pin 19962382
[+] Trying pin 19962382
[+] Trying pin 19962382
[+] Trying pin 19962382
[+] 90.90% complete @ 2012-01-19 06:22:07 (6 seconds/attempt)
[+] Trying pin 19962382
[+] Trying pin 19962382
[!] WARNING: Receive timeout occurred
[+] Trying pin 19962382
[!] WARNING: Receive timeout occurred
[+] Trying pin 19962382
[+] Trying pin 19962382
[+] 90.90% complete @ 2012-01-19 06:22:36 (6 seconds/attempt)
[+] Trying pin 19962382
[+] Trying pin 19962382
[+] Trying pin 19962382
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Trying pin 19962382
[+] Trying pin 19962382
[+] 90.90% complete @ 2012-01-19 06:22:55 (6 seconds/attempt)

Original comment by alibo...@gmail.com on 19 Jan 2012 at 9:31

[GoogleCodeExporter]

alibobar, this was an issue that has already been addressed; use the latest 
code from the trunk.

Original comment by cheff...@tacnetsol.com on 19 Jan 2012 at 1:57

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Thank you cheff, I'll try the new code.

Original comment by alibo...@gmail.com on 22 Jan 2012 at 2:41

[GoogleCodeExporter]

Btw, with the current svn, is it possible to resume the scan done with reaver 
1.3? (where I'm stuck at 90.90%)

Original comment by alibo...@gmail.com on 22 Jan 2012 at 3:43

[GoogleCodeExporter]

Yes, the resume capability is backwards compatible with 1.3. 

Original comment by cheff...@tacnetsol.com on 22 Jan 2012 at 6:18

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

@ Cheff: hmm, it wasn't resuming my previous attempt with that AP so I'm 
starting over now.

Original comment by alibo...@gmail.com on 22 Jan 2012 at 10:33

[GoogleCodeExporter]

To all who are getting stuck at 90.9%, that is not the same issue that was 
originally reported here. I suspect it has to do with using the -L option in 
conjunction with AP-specific behavior, see issue 158.

Nothing heard from the original poster(s), closing.

Original comment by cheff...@tacnetsol.com on 23 Jan 2012 at 12:27

• Changed state: Invalid

[GoogleCodeExporter]

Yes, please do close it, asI said in the other thread:

"(...) ran without the -L switch and NOW reaver correctly found the key"

Thanks a lot.

Original comment by kub...@gmail.com on 25 Jan 2012 at 12:30

[GoogleCodeExporter]

I am having similar issues; however, I am stuck at 30+% of pins.  I am using 
the -L option.  Reaver just keeps retrying the same pin over and over again.  I 
stopped reaver for over an hour, retried, same thing.  I ran wash and still see 
the AP on the same channel and WPS is not locked.  That is, I can associated 
with the AP.  When I disable the -L option, I see:

Sending EAPOL START request
WARNING: Receive timeout occurred

I'm using latest 1.4 reaver build on Backtrack version 5 release 2.

Original comment by ribeyest...@gmail.com on 16 Jul 2012 at 6:07

[GoogleCodeExporter]

/99.99 hep bu şekilde reaver ilerlemiyor sürekli aynı sayıları sayıp 
duruyor
ne yapmalıyım

Original comment by rasim...@gmail.com on 18 Aug 2012 at 10:35

[GoogleCodeExporter]

When I run this command #reaver -i mon0 -b E0:46:9A:50:21:2C -e Carrie -a -v
It starts trying pins, but it keeps trying 12345670. It won't try any other 
number combinations.

Original comment by clapp2...@gmail.com on 28 Sep 2012 at 4:06

[GoogleCodeExporter]

The problem will be solved if you use the correct mac (default). Do not change 
mac address for mon0. 

Original comment by vijay.vi...@gmail.com on 9 Jan 2013 at 8:31

[GoogleCodeExporter]

 #36 vijay.vi...@gmail.com

What is the correct mac???

is not the wireless card??

Original comment by cmpfa...@gmail.com on 12 Feb 2013 at 4:23

[GoogleCodeExporter]

it seems that i've found a solution for the 90,90% nightmare :D 

suppose the bssid we are working on was 8C:0C:A3:2B:19:A7

this session file will be saved in folder as folder /usr/local/etc/reaver as 
8C0CA32B19A7.wpc

open it ; u'll notice that the file is written like this : 

9999
0
0
1234
0000
0123
1111
2222

change the 0 to 1 

it should be like this 

9999
1
1
1234
0000
0123
1111
2222

save it , run reaver , and tadaaa 90,91% 

 it will keep increasing until reaver find the correct pin ;

i hope that will help and sorry for my bad english ;) 

Original comment by anassd...@gmail.com on 6 Dec 2013 at 4:39

[GoogleCodeExporter]

Hi,

I did this move (to change 0 to 1 in my session file) and indeed it's unblock 
the 90.90% problem but I'm now stuck at 92.21% with the same PIN tried again 
and again.
Any idea ?

Original comment by ggd...@gmail.com on 7 Dec 2013 at 7:01

[GoogleCodeExporter]

I have Cracked WPA-Psk Network with Reaver Successfully. But when Run Wash 
Command i see a WIFI WPA2-PSK Network whose WPS-LOcked is "No". But when I run 
Reaver command it stuck at trying Pin 12345670 and Do not go Further.
That Wifi is Near my Flate and Signals strenghts are above 80%. as further i 
investigated i come to know that he is using SegamCom Router (Provided him by 
his ISP).
So in this matter what should i do to crack WPA2-PSK (SegamCom Router). any 
Idea Brothers

Original comment by farrukhb...@gmail.com on 22 Dec 2013 at 2:38

[GoogleCodeExporter]

thanks  anassd comment #38

Original comment by judehan...@gmail.com on 17 Aug 2014 at 9:22

[GoogleCodeExporter]

I have made a simple script for automating automating Reaver in Kali Linux when 
the AP blocks your MAC adress after many pins tried.

check this out! ;)

https://github.com/fafualex/Reaver_script

Original comment by lazyale...@gmail.com on 24 Aug 2014 at 1:18

[GoogleCodeExporter]

How do you use the script to install it on reaver? ( i am beginner)

Original comment by satellit...@gmail.com on 15 Jan 2015 at 1:17

[GoogleCodeExporter]

If you have kali linux give it full permission (chmod 777 script_4.sh) and
then launch it from terminal..

2015-01-15 14:17 GMT+01:00 <reaver-wps@googlecode.com>:

Original comment by lazyale...@gmail.com on 19 Jan 2015 at 6:01

[GoogleCodeExporter]

I've been trying to crack a router pin using reaver, it's gotten to 30.52℅ 
but now it just keeps trying the same pin giving me (0x02) & (0x04) errors over 
& over again. I'm using a wireless adapter that I ordered off amazon, its the 
signal king which uses the ralink 3070 chip set, I usually just run a (wash -i 
mon0 -C) then I input (reaver -i mon0 -b xx:xx:xx:xx:xx -vv -S -N -L -d 25 -r 
4:45 -x 360) it's been working fine up until today, which is when I've been 
getting the retying last pin errors. So I tried spoofing the Mac, and entered 
it into reaver, same thing happened, then it just kept switching channels, now 
when I go to exicute (wash -i mon0 -C) nothing pops up anymore, same with 
trying (airodump-ng mon0) if someone could help me out, please email me 
(bdoakley16@gmail.com) I'm trying everything without any success

Original comment by bdoakle...@gmail.com on 22 Jan 2015 at 7:42

[GoogleCodeExporter]

#44  i tried your script; 

here is the result after selecting my wlan0

"script_4.sh: 33: script_4.sh:Syntax error: "("unexpected (expecting "do")

Original comment by cris.se...@gmail.com on 21 Jul 2015 at 4:37