Re-coder08 / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

hangs on associated with xx:xx:xx:xx:xx #175

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
A few things to consider before submitting an issue:

0. We write documentation for a reason, if you have not read it and are
having problems with Reaver these pages are required reading before
submitting an issue:
http://code.google.com/p/reaver-wps/wiki/HintsAndTips
http://code.google.com/p/reaver-wps/wiki/README
http://code.google.com/p/reaver-wps/wiki/FAQ
http://code.google.com/p/reaver-wps/wiki/SupportedWirelessDrivers
1. Reaver will only work if your card is in monitor mode.  If you do not
know what monitor mode is then you should learn more about 802.11 hacking
in linux before using Reaver.
2. Using Reaver against access points you do not own or have permission to
attack is illegal.  If you cannot answer basic questions (i.e. model
number, distance away, etc) about the device you are attacking then do not
post your issue here.  We will not help you break the law.
3. Please look through issues that have already been posted and make sure
your question has not already been asked here: http://code.google.com/p
/reaver-wps/issues/list
4. Often times we need packet captures of mon0 while Reaver is running to
troubleshoot the issue (tcpdump -i mon0 -s0 -w broken_reaver.pcap).  Issue
reports with pcap files attached will receive more serious consideration.

Answer the following questions for every issue submitted:

0. What version of Reaver are you using?  (Only defects against the latest
version will be considered.)

1. What operating system are you using (Linux is the only supported OS)?
Bactrack 5R1

2. Is your wireless card in monitor mode (yes/no)?
Yes im using mon0
3. What is the signal strength of the Access Point you are trying to crack?
95%

4. What is the manufacturer and model # of the device you are trying to
crack?
Dont know
5. What is the entire command line string you are supplying to reaver?
reaver -i mon0 -b XX:25:5E:XX:5A:F4 -vv
6. Please describe what you think the issue is.
it just get stuck on Associatied with ESSID and dont try pins

7. Paste the output from Reaver below.

root@root:~# reaver -i mon0 -b XX:25:5E:XX:5A:F4 -vv

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from 00:25:5E:C6:5A:F4
[+] Associated with XX:25:5E:XX:5A:F4 (ESSID: Bhawna)

Original issue reported on code.google.com by vickdick...@gmail.com on 24 Jan 2012 at 2:12

GoogleCodeExporter commented 8 years ago
Confirmed here, was fine on 1.3

Original comment by pluci...@gmail.com on 24 Jan 2012 at 8:16

GoogleCodeExporter commented 8 years ago
I am facing the same problem it just stops on associating with ESSID and won't 
try any pins.... PLZ HELp

Original comment by rahulahl...@gmail.com on 25 Jan 2012 at 9:38

GoogleCodeExporter commented 8 years ago
Same problem here. Reaver switched channels until finding the correct one and 
then it stops after the message:

[+] Associated with XX:XX:XX:XX (ESSID: XXXXX)

Original comment by RPer...@gmail.com on 25 Jan 2012 at 2:02

GoogleCodeExporter commented 8 years ago
Issue 181 has been merged into this issue.

Original comment by cheff...@tacnetsol.com on 25 Jan 2012 at 4:39

GoogleCodeExporter commented 8 years ago
What wireless cards/drivers are you using? Can anyone provide a pcap?

Original comment by cheff...@tacnetsol.com on 25 Jan 2012 at 4:40

GoogleCodeExporter commented 8 years ago
i m using Atheros AR5006EG wireless network adaptor. and injection is also 
working

Original comment by vickdick...@gmail.com on 25 Jan 2012 at 5:18

GoogleCodeExporter commented 8 years ago
mine is AR5001X

Original comment by rahulahl...@gmail.com on 25 Jan 2012 at 5:51

GoogleCodeExporter commented 8 years ago
I'am using an Alfa AWUS036H, RTL8187 drivers. I was having some problems with 
Backtrack 5 and i followed this guide to fix it 
(http://skidhacker.com/forum/showthread.php?tid=75), it seems to be working 
with everything else just not with reaver.

Original comment by RPer...@gmail.com on 25 Jan 2012 at 6:44

GoogleCodeExporter commented 8 years ago
same here on broadcom 4315 - retried on a different router, worked fine.  is it 
possible you're all attacking a router that just doesn't support WPS?

Original comment by rng...@gmail.com on 26 Jan 2012 at 12:34

GoogleCodeExporter commented 8 years ago
Same issue here with the Alfa AWUS036H, RTL8187.  Trying against 2wire, wash 
shows it as vulnerable.  Not sure?

Original comment by asphyxia...@gmail.com on 26 Jan 2012 at 12:34

GoogleCodeExporter commented 8 years ago
I haven't been able to reproduce this issue myself. There's very few places in 
the code for Reaver to get hung up between the "Associated" message and 
actually trying the first pin.

For those having problems, can you try adding "-L -d 0" to your command line 
options to see if you get different output from Reaver?

Original comment by cheff...@tacnetsol.com on 26 Jan 2012 at 2:07

GoogleCodeExporter commented 8 years ago
With -L I get 'WARNING: Receive timeout occurred!

Original comment by asphyxia...@gmail.com on 26 Jan 2012 at 4:58

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
with -L -d 0 command i get :- this IT ONLY TRIES ONE PIN I.E 12345670 and then 
Warning:

root@root:~# reaver -i mon0 -b 00:25:5E:C6:5A:F4 -vv -L -d 0

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from 00:25:5E:C6:5A:F4
[+] Switching mon0 to channel 6
[+] Associated with 00:25:5E:C6:5A:F4 (ESSID: Bhawna)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request

Original comment by vickdick...@gmail.com on 26 Jan 2012 at 1:44

GoogleCodeExporter commented 8 years ago
trying with the-L -d 0 commands i get the following

[+] Waiting for beacon from 00:23:69:CD:EC:FA
[+] Switching mon0 to channel 6
[+] Associated with 00:23:69:CD:EC:FA (ESSID: DWCG)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred

Original comment by RPer...@gmail.com on 26 Jan 2012 at 1:53

GoogleCodeExporter commented 8 years ago
As I suspected, it looks like Reaver is hanging while trying to determine if 
the AP has locked WPS or not (the -L option tells Reaver not to check this). 
Based on the output everyone is getting when the -L argument is specified, it 
looks as if one (or both) of the following is happening:

1) The target AP does not support the WPS registrar functionality.
2) You have communications problems with the AP, probably due to low signal 
strength/interference.

If you are getting timeouts after sending an EAPOL START packet, it's likely 
communication issues. If you are getting timeouts after sending an identity 
response, it is likely due to lack of WPS registrar support.

Original comment by cheff...@tacnetsol.com on 26 Jan 2012 at 3:09

GoogleCodeExporter commented 8 years ago
thanks very much all issues are cleared.  :)  :)

Original comment by vickdick...@gmail.com on 27 Jan 2012 at 7:06

GoogleCodeExporter commented 8 years ago
These threads could probably do with merging.

http://code.google.com/p/reaver-wps/issues/detail?id=183
http://code.google.com/p/reaver-wps/issues/detail?id=175

When I get the problem it is after the "identity response" however Wash reports 
that WPS is supported and open.

Original comment by keyfo...@veryrealemail.com on 27 Jan 2012 at 4:16

GoogleCodeExporter commented 8 years ago
Found another thread with a similar problem...

http://code.google.com/p/reaver-wps/issues/detail?id=90

So that's..

http://code.google.com/p/reaver-wps/issues/detail?id=90
http://code.google.com/p/reaver-wps/issues/detail?id=183
http://code.google.com/p/reaver-wps/issues/detail?id=175

I wish people would try to keep things together, it must be difficult enough as 
it is for Craig.

Original comment by keyfo...@veryrealemail.com on 27 Jan 2012 at 9:49

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
help im getting constant message failure to associate with BSSId...

Original comment by ranga.sh...@gmail.com on 29 Jan 2012 at 4:19

GoogleCodeExporter commented 8 years ago
Same problem here, no matter which version I try. Any ideas??

Original comment by david.su...@gmail.com on 2 Feb 2012 at 4:23

GoogleCodeExporter commented 8 years ago
I've experienced the same issues using an Alfa rtl8187. I've found the solution 
to the problem is to play with the "-d" flag.

Start at "-d 15" or higher until you stop receiving the (code: 0x02) (code: 
0x03) errors. Then work your way down. Each router I've tested likes a 
different value. 

I was also using the "--no-nacks" argument.

Original comment by cryptom...@gmail.com on 4 Feb 2012 at 5:58

GoogleCodeExporter commented 8 years ago
I am using Atheros AR9285. It won't try PINs, it won't recieve any error. Just 
associathet with my wifi and nothing else. I don't know where is mistake. Am I 
doing something wrong? I hope, someone fing solution soon.

Original comment by david.su...@gmail.com on 5 Feb 2012 at 1:39

GoogleCodeExporter commented 8 years ago
We have been spending more than 80 hrs on this, we have 5 laptops in different 
setups with different adapters some work with default BT5R1 setup, while others 
setups (read different models wifi adapters) gave constant receive timeouts or 
it  hangs on pin 12345670. while testing against the same AP.

I could not get control over what did work and what didnt, Luckily I am working 
on this at night and a blinking LED on my wireless adapter helped in solving 
this issue for me ;). I can now reproduce problem and solve it.

It looks like some adapters apear in mon mode while they are not realy in the 
proper mode for reavering in my case a strange sequence is necesarry to get teh 
job done. 
My Set-up: VMware 32 BT5R1, reaver 1.4,  TL_WN821N 
I have pcaps available not sure where to drop them here?

here is how (sorry for long thread):

Setting up reaver (1.4-bt1) ...

root@bt:~# airmon-ng
Interface   Chipset     Driver

root@bt:~# iwconfig
lo        no wireless extensions.

eth1      no wireless extensions.

root@bt:~# #############plug in TL_WN821N ##############
root@bt:~# ifconfig
eth1      Link encap:Ethernet  HWaddr 00:0c:29:79:3f:34  
          inet addr:192.168.75.131  Bcast:192.168.75.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe79:3f34/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8225 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4873 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:11167222 (11.1 MB)  TX bytes:348030 (348.0 KB)
          Interrupt:19 Base address:0x2024 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:88 errors:0 dropped:0 overruns:0 frame:0
          TX packets:88 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:11817 (11.8 KB)  TX bytes:11817 (11.8 KB)

wlan0     Link encap:Ethernet  HWaddr f4:ec:38:90:af:1d  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@bt:~# airmon-ng

Interface   Chipset     Driver

wlan0       Atheros AR9287  ath9k - [phy0]

##################  starting tcp dump: brokenvanilla.pcap#############
root@bt:~# airmon-ng start wlan0

Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID Name
817 dhclient3
2012    dhclient3
Process with PID 2012 (dhclient3) is running on interface wlan0

Interface   Chipset     Driver

wlan0       Atheros AR9287  ath9k - [phy0]
                (monitor mode enabled on mon0)
###############################################################################
root@bt:~# ##################   NO LED ON!!!!! ,TL-WN821N ( i know it is not 
properly in mon mode although BT/Airmon tells me it is....#####################

root@bt:~# airodump-ng mon0

 CH  5 ][ Elapsed: 16 s ][ 2012-02-06 10:42                                         

 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID               

 00:0C:F6:B0:AD:6C  -65        3        0    0  11  54e. WPA2 CCMP   PSK  SitecomB0AD6C       
 00:90:D0:F9:3F:A6  -72        5        0    0   6  54e  WPA2 CCMP   PSK  weptest             
 00:1F:3F:A4:4A:F2  -73        5        0    0   6  54e  WPA2 CCMP   PSK  FRITZ!Box Fon WLAN 7
 00:26:B6:06:55:BB  -82       12        0    0   1  54e  WPA2 CCMP   PSK  sarahthomas         
 00:02:CF:AC:B0:94  -85        3        0    0   3  54   WPA2 CCMP   PSK  ADSL-WiFi           

 BSSID              STATION            PWR   Rate    Lost  Packets  Probes                    

 (not associated)   00:1F:3C:18:47:B8  -84    0 - 1      0        2  ZiggoBE1F0                

root@bt:~# reaver -i mon0 -b 00:0C:F6:B0:AD:6C -vv

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from 00:0C:F6:B0:AD:6C
[+] Switching mon0 to channel 11
[+] Associated with 00:0C:F6:B0:AD:6C (ESSID: SitecomB0AD6C)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 00005678
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 00005678
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 00005678
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 00005678
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 00005678
[+] Sending EAPOL START request
######## it will loop forever #####

root@bt:~# ls
brokenVanilla_reaver.pcap  Desktop  index.html
root@bt:~# tar -jxf compat-wireless-3.3-rc1-2.tar.bz2 

root@bt:~# ########### plug and unplug TL WN821N #############

root@bt:~/compat-wireless-3.3-rc1-2# ./scripts/driver-select ath9k_htc
Processing new driver-select request...
Backing up makefile: Makefile.bk
Backup exists: Makefile.bk
Backup exists: Makefile.bk
Backup exists: Makefile.bk
Backup exists: Makefile.bk
Backing up makefile: drivers/net/wireless/Makefile.bk
Backing up makefile: drivers/net/wireless/ath/Makefile.bk
Backing up makefile: net/wireless/Makefile.bk
Backing up makefile: drivers/ssb/Makefile.bk
Backing up makefile: drivers/bcma/Makefile.bk
Backing up makefile: drivers/misc/eeprom/Makefile.bk
Backup exists: Makefile.bk

root@bt:~/compat-wireless-3.3-rc1-2# make
./scripts/gen-compat-autoconf.sh config.mk > include/linux/compat_autoconf.h
make -C /lib/modules/2.6.39.4/build M=/root/compat-wireless-3.3-rc1-2 modules
make[1]: Entering directory `/usr/src/linux-source-2.6.39.4'

  WARNING: Symbol version dump /usr/src/linux-source-2.6.39.4/Module.symvers
           is missing; modules will have no dependencies and modversions.

  CC [M]  /root/compat-wireless-3.3-rc1-2/compat/main.o
  CC [M]  /root/compat-wireless-3.3-rc1-2/compat/compat-3.0.o
  CC [M]  /root/compat-wireless-3.3-rc1-2/compat/cordic.o
############################
make install
###############################

root@bt:~/compat-wireless-3.3-rc1-2# make wlunload
Unloading ath9k...
Unloading ath9k_htc...
root@bt:~/compat-wireless-3.3-rc1-2# modprobe ath9k_htc
root@bt:~/compat-wireless-3.3-rc1-2# lsmod
Module                  Size  Used by
ath9k_htc              52816  0 
mac80211              443145  1 ath9k_htc
compat                  5668  1 mac80211
ath9k_common            2421  1 ath9k_htc
ath9k_hw              367517  2 ath9k_htc,ath9k_common
ath                    14316  3 ath9k_htc,ath9k_common,ath9k_hw
cfg80211              180752  3 ath9k_htc,mac80211,ath
rfkill                 14987  1 cfg80211
arc4                    1141  2 
vmblock                10946  1 
vsock                  37577  0 
vmhgfs                 51759  0 
dm_crypt               14720  0 
snd_ens1371            18023  0 
gameport                7778  1 snd_ens1371
snd_ac97_codec        101869  1 snd_ens1371
ac97_bus                 982  1 snd_ac97_codec
snd_pcm_oss            36427  0 
snd_mixer_oss          13581  1 snd_pcm_oss
snd_pcm                68662  3 snd_ens1371,snd_ac97_codec,snd_pcm_oss
snd_seq_dummy           1358  0 
snd_seq_oss            26216  0 
snd_seq_midi            4460  0 
snd_rawmidi            18745  2 snd_ens1371,snd_seq_midi
snd_seq_midi_event      5720  2 snd_seq_oss,snd_seq_midi
snd_seq                45875  6 
snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_seq_midi_event
snd_timer              17803  2 snd_pcm,snd_seq
snd_seq_device          5281  5 
snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_rawmidi,snd_seq
snd                    50697  10 
snd_ens1371,snd_ac97_codec,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_seq_oss,snd_raw
midi,snd_seq,snd_timer,snd_seq_device
ppdev                   5096  0 
vmw_balloon             3566  0 
psmouse                52655  0 
soundcore               6048  1 snd
parport_pc             26143  1 
snd_page_alloc          6801  1 snd_pcm
serio_raw               3744  0 
vmci                   27302  1 vsock
i2c_piix4               7907  0 
shpchp                 24986  0 
mac_hid                 3029  0 
lp                      7373  0 
parport                29468  3 ppdev,parport_pc,lp
pcnet32                29779  0 
mptspi                 14781  2 
floppy                 54673  0 
mptscsih               29911  1 mptspi
vmxnet                 16270  0 
intel_agp               9614  1 
intel_gtt              13296  1 intel_agp
mii                     4091  1 pcnet32
mptbase                86277  2 mptspi,mptscsih
agpgart                27414  2 intel_agp,intel_gtt
root@bt:~/compat-wireless-3.3-rc1-2# 
########################## LED BLINKS ONCE !!!!!!#####################
########################## I am insecure person so I reboot ;) ....#####

root@bt:~# iwconfig
lo        no wireless extensions.

eth1      no wireless extensions.

wlan0     IEEE 802.11bgn  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off

root@bt:~# airmong-ng start wlan0
No command 'airmong-ng' found, did you mean:
 Command 'airmon-ng' from package 'aircrack-ng' (universe)
airmong-ng: command not found
root@bt:~# airmon-ng start wlan0

Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID Name
735 dhclient3
1820    dhclient3
Process with PID 1820 (dhclient3) is running on interface wlan0

Interface   Chipset     Driver

wlan0       Atheros AR9287  ath9k - [phy0]
                (monitor mode enabled on mon0)

root@bt:~# ############### LED goes on (blinks in particular sequence, no clue 
what that means trying to figure out sequences###################
root@bt:~# 
root@bt:~# ########### start tcp  dump workinHTCVanilla_reaver.pcap ############
root@bt:~# airodump mon0
airodump: command not found
root@bt:~# airodump-ng mon0

 CH  4 ][ Elapsed: 12 s ][ 2012-02-06 15:51                                    

 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

 00:0C:F6:B0:AD:6C  -70        2        0    0  11  54e. WPA2 CCMP   PSK  Sitec
 00:90:D0:F9:3F:A6  -61        2        0    0   6  54e  WPA2 CCMP   PSK  wepte
 00:02:CF:AC:B0:94  -87        2        0    0   3  54   WPA2 CCMP   PSK  ADSL-
 00:26:B6:06:55:BB  -87        8        0    0   1  54e  WPA2 CCMP   PSK  sarah
 B4:82:FE:94:5C:67  -87       10        0    0   1  54e  WPA2 CCMP   PSK  Thoms
 BC:05:43:F5:F9:91  -87        1        1    0   1  54e. WPA2 CCMP   PSK  FRITZ

 BSSID              STATION            PWR   Rate    Lost  Packets  Probes     

root@bt:~# reaver -i mon0 -b  00:0C:F6:B0:AD:6C -vv

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from 00:0C:F6:B0:AD:6C
[+] Switching mon0 to channel 11
[+] Associated with 00:0C:F6:B0:AD:6C (ESSID: SitecomB0AD6C)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 00005678
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 01235678
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 11115670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 22225672
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 33335674
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
^C
[+] Session saved.
######################## stop tcpdump workingHTCVanilla ##############

################## here it works fine avg pin 3 secs 
############################

I am still looking into the drivers and what the blinking means but it took me 
a lot of time to realise that when airmo says its in mon the adapter may not be 
in the proper mode and would like to know what the diff is, but for me its 
solved in this setup for now

Original comment by mrobertm...@gmail.com on 8 Feb 2012 at 11:24

GoogleCodeExporter commented 8 years ago
While copy pasting the following patched dropped out:
root@bt:~/compat-wireless-3.3-rc1-2# patch -p1 < 
mac80211.compat08082009.wl_frag+ack_v1.patchpatching file net/mac80211/tx.c
Hunk #1 succeeded at 793 (offset 116 lines).
root@bt:~/compat-wireless-3.3-rc1-2# patch -p1 < 
channel-negative-one-maxim.patch
patching file net/wireless/chan.c
Hunk #1 succeeded at 84 (offset 35 lines).
Hunk #2 succeeded at 136 (offset 57 lines).

Original comment by mrobertm...@gmail.com on 8 Feb 2012 at 11:35

GoogleCodeExporter commented 8 years ago
i seem to have a similar issue. with the light on some problems seem to 
dissapear.
if i plug in the usb netgear wg111v3 the light is not flashing.

i solve this by starting my network manager/enabling wireless networks. this 
turns the light on. if i disable wireless again, it stays on.
(seems easier than running whatever mrrobert does.. :P)

Original comment by xeddo.xe...@googlemail.com on 4 May 2012 at 6:46

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
root@bt:~# reaver -i mon0 -b B8:A3:86:3E:FC:30 -vv

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from B8:A3:86:3E:FC:30
[+] Switching mon0 to channel 1
[+] Switching mon0 to channel 2
[+] Switching mon0 to channel 3
[+] Switching mon0 to channel 4
[+] Switching mon0 to channel 5
[+] Switching mon0 to channel 6
[+] Switching mon0 to channel 7
[+] Switching mon0 to channel 8
[+] Switching mon0 to channel 9
[+] Switching mon0 to channel 10
[+] Switching mon0 to channel 11
[+] Switching mon0 to channel 12
[+] Switching mon0 to channel 13
[+] Switching mon0 to channel 14
[+] Switching mon0 to channel 1
[+] Switching mon0 to channel 2
[+] Switching mon0 to channel 3
[+] Switching mon0 to channel 4
[+] Switching mon0 to channel 5
[+] Switching mon0 to channel 6
[+] Switching mon0 to channel 7
[+] Switching mon0 to channel 8
[+] Switching mon0 to channel 9
[+] Switching mon0 to channel 10
[+] Switching mon0 to channel 11
[+] Switching mon0 to channel 12
[+] Switching mon0 to channel 13
[+] Switching mon0 to channel 14
[+] Switching mon0 to channel 1
[+] Switching mon0 to channel 2
[+] Switching mon0 to channel 3
[+] Switching mon0 to channel 4
[+] Switching mon0 to channel 5
[+] Switching mon0 to channel 6
[+] Switching mon0 to channel 7
[+] Switching mon0 to channel 8
[+] Switching mon0 to channel 9
[+] Switching mon0 to channel 10
[+] Switching mon0 to channel 11
[+] Switching mon0 to channel 12
[+] Switching mon0 to channel 13
[+] Switching mon0 to channel 14
[+] Switching mon0 to channel 1
[+] Switching mon0 to channel 2
[+] Switching mon0 to channel 3
[+] Switching mon0 to channel 4
[+] Switching mon0 to channel 5
[+] Switching mon0 to channel 6
[+] Switching mon0 to channel 7
[+] Switching mon0 to channel 8
[+] Switching mon0 to channel 9
[+] Switching mon0 to channel 10
[+] Switching mon0 to channel 11
[+] Switching mon0 to channel 12
[+] Switching mon0 to channel 13
[+] Switching mon0 to channel 14
[+] Switching mon0 to channel 1
[+] Switching mon0 to channel 2
[+] Switching mon0 to channel 3
[+] Switching mon0 to channel 4
[+] Switching mon0 to channel 5
[+] Switching mon0 to channel 6
[+] Switching mon0 to channel 7
 and this goes on forever ,without trying pins  

Original comment by randvo...@gmail.com on 20 Jan 2013 at 7:28

GoogleCodeExporter commented 8 years ago
 #32 randvo...@gmail.com

im having same error as yours...any solution/cause??
it doesnt get assoiciated evn with correct channel..

Original comment by lakiv.e...@gmail.com on 17 Feb 2013 at 11:03

GoogleCodeExporter commented 8 years ago
To everyone having the "associated with" problem; have you tried using Reaver 
1.3 instead? any luck? I'm giving it a shot when I get home from work. I'll 
post an update here if all goes well.

Original comment by P.A.Osbo...@gmail.com on 20 Feb 2013 at 11:17

GoogleCodeExporter commented 8 years ago
I think I stumbled onto something that works for me 100% om getting reaver 1.4 
to associate with almost every router I've tried. I can't explain why this 
works or why metasploit is even involved with reaver. I assume you have 
metasploit installed on you computer for this to work. This only works for me 
if I do this in order....

Boot Computer, before doing anything like macchanger, or start mon0 
interface....or anything, open a console and type: service postgresql start  , 
then type: service metasploit start   , you might not need the metasploit part 
but I just do it as habit. Now go about the rest of starting reaver as normal. 
Maybe someone here who knows more about reaver or metasploit can explain why 
this works for me. By the way Im now using Kali, but I had the same issues with 
BT5-r3. Another note and problem, If your having trouble with metasploit 
updating and it just isnt right, get it right might help.  Scratching head but 
smiling.

Original comment by CamaroZ2...@gmail.com on 11 Oct 2013 at 2:04

GoogleCodeExporter commented 8 years ago
the command: sudo reaver -i mon0 -b XXXXXXXXXX -vv -L -d 0

Fixed my problem (stuck at associated).I am using intel wireless card

Original comment by tsatsos1...@gmail.com on 9 Dec 2013 at 5:46

GoogleCodeExporter commented 8 years ago
You can always do -c for channel specification, that always saves me a lot of 
time

Original comment by jnpm...@gmail.com on 15 Jan 2014 at 1:49

GoogleCodeExporter commented 8 years ago
I'm having the same problem 
[+] Waiting for beacon from E0:3F:49:EC:71:90
[!] WARNING: Failed to associate with E0:3F:49:EC:71:90 (ESSID: (null))

and it just keeps doing that. I'm using Ubuntu 14.04.1 and an Alfa Awus036NHR.

Original comment by kylec...@gmail.com on 6 Dec 2014 at 3:36