Closed GoogleCodeExporter closed 8 years ago
0. What version of Reaver are you using? (Only defects against the latest
version will be considered.)
version 1.4 r_84
1. What operating system are you using (Linux is the only supported OS)?
Back|Track5 r1 (reaver dowload with "svn checkout
http://reaver-wps.googlecode.com/svn/trunk/ reaver"
And installed :
root@bt:~/reaver/src# ./configure && make && make install
2. Is your wireless card in monitor mode (yes/no)?
yes.
Note the wireless network card:
root@bt:~# lspci -v
"03:04.0 Ethernet controller: Atheros Communications Inc. Atheros AR5001X+
Wireless Network Adapter (rev 01)
Subsystem: D-Link System Inc Device 3a13
Flags: bus master, medium devsel, latency 168, IRQ 16
Memory at fbff0000 (32-bit, non-prefetchable) [size=64K]
Capabilities: [44] Power Management version 2
Kernel driver in use: ath5k
Kernel modules: ath5k
"
3. What is the signal strength of the Access Point you are trying to crack?
root@bt:~# iwlist mon0 scanning
" Cell 04 - Address: 00:B0:0C:XX:XX:XX
Channel:6
Frequency:2.437 GHz (Channel 6)
Quality=27/70 Signal level=-83 dBm
Encryption key:on
ESSID:"Tenda"
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 9 Mb/s
18 Mb/s; 36 Mb/s; 54 Mb/s
Bit Rates:6 Mb/s; 12 Mb/s; 24 Mb/s; 48 Mb/s
Mode:Master
Extra:tsf=000001b496a94a42
Extra: Last beacon: 612ms ago
IE: Unknown: 000554656E6461
IE: Unknown: 010882848B961224486C
IE: Unknown: 030106
IE: Unknown: 2A0104
IE: Unknown: 32040C183060
IE: Unknown: 2D1AEE1117FF000000010000000000000000000000000C0000000000
IE: Unknown: 3D1606050000000000000000000000000000000000000000
IE: Unknown: 3E0100
IE: IEEE 802.11i/WPA2 Version 1
Group Cipher : CCMP
Pairwise Ciphers (1) : CCMP
Authentication Suites (1) : PSK
IE: Unknown: DD180050F2020101000003A4000027A4000042435E0062322F00
IE: Unknown: 7F0101
IE: Unknown: DD07000C4304000000
IE: Unknown: 0706434E20010E10
IE: Unknown: DD1E00904C33EE1117FF000000010000000000000000000000000C0000000000
IE: Unknown: DD1A00904C3406050000000000000000000000000000000000000000
IE: Unknown: DD9A0050F204104A0001101044000101103B000103104700102880288028801880A88000B00C482D881021001852616C696E6B20546563686E6F6C6F67792C20436F72702E10230011576972656C6573735F4E20526F75746572102400065254323836301042000831323334353637381054000800060050F204000110110011576972656C6573735F4E20526F75746572100800020084103C000101
"
5. What is the entire command line string you are supplying to reaver?
"eaver -i mon0 -b 00:B0:0C:48:2D:88 -c 6 -e Tenda -S -w -vv"
6. Please describe what you think the issue is.
gets to 90.90% then keeps trying the same pin (13695675) over and over.
after waiting for half an hour, stopped with ctrl+c and saved.
restarted, restored the session but keeps trying same pin over again.
Attached files .cap .png referring to the problems.
I am wait response.
Original comment by suzuk_1...@hotmail.com
on 12 Jan 2012 at 1:49
Attachments:
@ismailcemoz: this sounds like a dup of issue 88. I would also suggest using
the latest SVN code instead of 1.3 (1.4 will be released soon!) as 1.3 had some
bugs with false pin matches.
@suzuk: looking at your iwlist output you have a pretty low signal strength and
receive quality, which is reflected in the pcap file. Reaver is having trouble
even establishing a WPS session. However, with that said, I'm seeing some
strange behavior from Reaver in that it is sending M6 packets out of order. I
think I know what might be causing this, I'll take a look at the code and let
you know when I have a fix.
Original comment by cheff...@tacnetsol.com
on 12 Jan 2012 at 2:46
I have the exact same issue but at 90.90% :
Output:
reaver -i mon0 -b 00:26:11:22:33:44 -L -E -vv
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
[?] Restore previous session? [n/Y] y
[+] Restored previous session
[+] Waiting for beacon from 00:26:11:22:33:44
[+] Switching mon0 to channel 1
[+] Associated with 00:26:11:22:33:44 (ESSID: AP_NAME)
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending M2 message
[+] Sending M4 message
[+] Sending WSC NACK
[+] 90.90% complete @ 2012-01-12 15:24:15 (5 seconds/attempt)
[+] Trying pin 77424013
[+] Sending EAPOL START request
[+] Sending identity response
Version:
Version 1.4_88
Back|Track5 r1 (reaver dowload with "svn checkout
http://reaver-wps.googlecode.com/svn/trunk/ reaver"
And installed :
root@bt:~/reaver/src# ./configure && make && make install
I'm using a AWUS036H adapter (RTL8187) in monitor mode. I've now had this issue
against 2 AP's. 1 is a Thomson the other I'm not sure about.
I have a pcap of this with a eap display filter as suggested in issue 94.
Please let me know where I can send it to.
Original comment by alphe...@gmail.com
on 12 Jan 2012 at 3:04
Just mailed the pcap file to Craig.
Original comment by alphe...@gmail.com
on 12 Jan 2012 at 3:09
@suzuk: I just checked in some code that should fix your issue, but I can't
reproduce it on my end so please verify.
@alphenit: From Reaver's output it seems that the first half of the pin is
incorrect. I just got your pcap, will look it over.
Original comment by cheff...@tacnetsol.com
on 12 Jan 2012 at 3:10
@alphenit: Yes, looking at the pcap the first four of the pin that Reaver is
trying is definitely wrong, but it looks like Reaver has run out of pins to
test so it keeps trying the last one. Can you give Reaver the correct pin with
the --pin option and make sure that it works?
Original comment by cheff...@tacnetsol.com
on 12 Jan 2012 at 3:13
@Craig
The AP belongs to a neighbor of mine who went abroad for work a couple of days
back. I asked him if I could "play" with his router which he was fine with. (so
I don't have physical access to the bloody thing)
He's on a flexible contract abroad so could be weeks or months before he
returns :( .
Original comment by alphe...@gmail.com
on 12 Jan 2012 at 3:24
i have same problem in 90.90% its repeat same pin
Original comment by 1achr...@gmail.com
on 12 Jan 2012 at 3:30
Issue 130 has been merged into this issue.
Original comment by cheff...@tacnetsol.com
on 12 Jan 2012 at 3:39
The same problem at 90.90% with Reaver v1.4.
Ubuntu x86_64, Linux 3.0.0-14-generic
$ ./reaver -i mon0 -b 00:00:00:00:00:0 -e xxx -c 1
Original comment by ViktorMa...@gmail.com
on 12 Jan 2012 at 4:10
have the same issue, stuck at 90.90% tried two times with my different routers
Original comment by piort...@gmail.com
on 12 Jan 2012 at 7:33
[deleted comment]
I'm trying to reaver 1.4 r_90. I'll take 24 hours in a test and see if the
problem of catching the 90.90% has been resolved and the other place.
When you have it or I'll post the results here in this topic.
Original comment by suzuk_1...@hotmail.com
on 12 Jan 2012 at 9:59
@suzuk_1 Ok Plase post the result here ok? tanks
Original comment by 1achr...@gmail.com
on 12 Jan 2012 at 10:00
@1achraf3 OK :D
@cheffner I'm trying to reaver 1.4 r_90.
I'll take 24 hours in a test and see if the problem
of catching the 90.90% has been resolved and the other place.
When you have it or I'll post the results here in this topic.
Original comment by suzuk_1...@hotmail.com
on 12 Jan 2012 at 10:05
I'm also taking 1.4 r90, clearing the current progress and start over to see
how this version works out.
Is there an easy way to see what 1.4.xx version we are using..? I now use the
svn checkout http://reaver-wps.googlecode.com/svn/trunk/ reaver_versionnumber
then ./configure && make && make install and I assume it will replace the
older version which is now 1.4. If possible maybe add the .xx so 1.4.90, could
make it easier when determining which version is actually used?
Original comment by alphe...@gmail.com
on 12 Jan 2012 at 10:31
Working test error 90.90% New revision R90
Original comment by 1achr...@gmail.com
on 12 Jan 2012 at 10:45
[deleted comment]
[deleted comment]
I finished the test took 6:45 minutes each.
WPS PIN found. Not if the PIN is really what is in the access points, because I
have no access to it was just a test
I used the Back|Track 5 r1,Gnome
reaver 1.4 r90
Attached the PrintScreen:
@cheffner If the PIN is true it is possible to know the WPA2 CCMP PSK?
Iam wait response.
Original comment by suzuk_1...@hotmail.com
on 13 Jan 2012 at 4:27
Attachments:
I think after it cracks the WPS key, reaver is supposed to show the WPA key. At
least it did so in cracking my own router, show the pin, followed by the wpa
key and then the SSID..
Original comment by alphe...@gmail.com
on 13 Jan 2012 at 7:48
I just completed another test. But with different results, 5:10 hours / minutes
and with different PIN.
I can not make if the PIN is correct, because the access point is not
mine is just for testing.
I used Back|Track 5 r1 Gnome
reaver 1.4 r_90
Follow the PrintScreen:
@ cheffner took the test twice and have different PINs, is it a mistake or not?
First test Second test PIN PIN = 47303089 = 47306868
Ing the first test and second test in the first four digits
were = "4730"
I await answers ..
thank you
Original comment by suzuk_1...@hotmail.com
on 13 Jan 2012 at 10:26
Attachments:
I finished trying with r90 but the issue remains, at 90.90% it keeps trying the
same pin :(
Let me know if you need anything else..
Original comment by alphe...@gmail.com
on 13 Jan 2012 at 1:13
Issue 135 has been merged into this issue.
Original comment by cheff...@tacnetsol.com
on 13 Jan 2012 at 1:49
So I haven't tracked down the exact cause of this problem, but it is pretty
obvious that it has been caused by one of the more recent code changes or else
we would have been seeing this earlier.
At the moment Reaver is undergoing a code clean up - a lot of code was reused
from wpa_supplicant, and for Reaver's purposes it is overly complex.
Refactoring the code will probably take a few days, but should clean up this
(and other) issues and with simplified code make it easier to track down future
issues, so please be patient with me. :)
In the mean time, reverting to a previous revision should clear this problem
up, though I'm not sure yet which rev exactly introduced this bug.
Original comment by cheff...@tacnetsol.com
on 13 Jan 2012 at 1:53
The version 1.3 no have problem 90,90 %
Original comment by 1achr...@gmail.com
on 13 Jan 2012 at 1:59
I'm not sure about the 1.3 version. I've installed it through apt-get install
reaver in BackTrack and trying it on the same router. I'll share results if I
have any :)
Original comment by alphe...@gmail.com
on 13 Jan 2012 at 3:14
Im working in 14.R90 and i dont see the problem 90.90 ok?
Original comment by 1achr...@gmail.com
on 13 Jan 2012 at 5:12
I've tried 1.4 R90 yesterday and I DID see the 90.90% error so it is still
there.
I'm now running the 1.3 version to see what happens there.
Original comment by alphe...@gmail.com
on 13 Jan 2012 at 6:59
Found 14 r.90 Cracked 100% WPA2-PSK[TPIK] + WPA2-PSK[AES]
Bactrack 5 R1
Reaver 1.4 R.90
Terminal:
reaver -i mon0 -b 00:11:22:33:44 -vv
Key Cracked in: 10396 Seconds
Password Type: WPA2-PSK[TPIK] + WPA2-PSK[AES]
Original comment by 1achr...@gmail.com
on 13 Jan 2012 at 7:34
Attachments:
Well that is nice but what did you change since everyone in this thread has
tried 1.4 r90 and gets the 90.90% error.
What version were you using yesterday when you reported the 90.90% error and
what changed since then..?
QUOTE:
Comment 8 by 1achr...@gmail.com, Yesterday (28 hours ago) i have same problem
in 90.90% its repeat same pin
Original comment by alphe...@gmail.com
on 13 Jan 2012 at 7:57
[deleted comment]
[deleted comment]
Alphe the bug is in version Reaver 1.4 r89
work yesterday with 1.4 r89
Today i update to r90
Time : 00:00 finish to 19:30
R90 is found 100% some errors but not serious
Original comment by 1achr...@gmail.com
on 13 Jan 2012 at 8:04
Alphe the bug is in version Reaver 1.4 r89
work yesterday with 1.4 r89
Today i update to r90
Time : 00:00 finish to 19:30
R90 is found 100% some errors but not serious
Original comment by 1achr...@gmail.com
on 13 Jan 2012 at 8:04
I updated to r90 yesterday and I still had the issue after rebooting my laptop
so something is still not right.
Probably like Craig said that Reaver might need some code clean up to see if
the issue remains after that...
Original comment by alphe...@gmail.com
on 13 Jan 2012 at 9:57
Test in a live bactrack an download reaver with code :
svn checkout http://reaver-wps.googlecode.com/svn/trunk/ reaver
Original comment by 1achr...@gmail.com
on 13 Jan 2012 at 10:05
I have Backtrack 5 R1 installed on my laptop and installed reaver with svn.
I'm now working with 1.3 again from the BackTrack distro to see how that goes.
I might try the live cd again after that, but if I run into connectivity
problems because of ubuntu as mentioned in another issue, you have to reboot
into the live environment again and will loose all progress if you use the live
cd.
Original comment by alphe...@gmail.com
on 13 Jan 2012 at 10:18
Im working in a live usb , check 1.3 an tell me , but I trust 1.4 r90 found
good
please format usb and install with unebootin Bactrack 5 R1 then install reaver
and check i dont like install bactrack that the logs not clean good
Original comment by 1achr...@gmail.com
on 13 Jan 2012 at 10:27
just tried again with r90, and blocks at 90,90%. i used live cd backtrack 5 r1
Original comment by piort...@gmail.com
on 15 Jan 2012 at 6:28
This issue appears to be a result of WPS messages being improperly
identified/processed. The code that handles this has been re-worked and checked
in as of r91; hopefully that will clear up this issue (having trouble
reproducing it myself).
Original comment by cheff...@tacnetsol.com
on 16 Jan 2012 at 5:03
I've got the exact same problem, running 1.3 on ubuntu 11.10. I'm going to see
what happens with the rc91 ;)
Original comment by hadwa...@gmail.com
on 16 Jan 2012 at 5:30
[deleted comment]
[deleted comment]
Latest svn trunk, same issue. No M6 messages, no lockouts, it just keeps trying
the same pin over and over forever while stuck at 90.90%
I tried giving it my first 4 numbers and it worked flawlessly. It seems to be a
problem guessing the first 4 numbers.
Original comment by kahakki...@gmail.com
on 17 Jan 2012 at 12:24
Just did a 5 hour run against my AP with r96, got both halves of the pin fine.
kahakkinen, it sounds like you are restoring your old session in which all of
the possible combinations for the first half of the pin have already been
exhausted. This will not work. You'll need to start a new session from scratch.
Original comment by cheff...@tacnetsol.com
on 17 Jan 2012 at 12:43
[deleted comment]
I do that every time I compile a new version. I go to /usr/local/etc/reaver and
delete every file in there, then I start running reaver again.
For example, I just deleted the files in /usr/local/etc/reaver and am now
running it again.. 4.34% and counting.
Original comment by kahakki...@gmail.com
on 17 Jan 2012 at 12:49
OK, let me know the outcome. Reaver now cycles through pins in order, so it
should be easy to see when it is approaching the correct first 4 pins. If
Reaver still does not get the first 4 pins correct, can you provide the reaver
output (with -vv) when it does attempt the correct 4 pins? And preferably a
pcap as well.
It would be very odd if Reaver always misses the first half of the pin when
brute forcing, but works fine when you manually specify the first half of the
pin...
Original comment by cheff...@tacnetsol.com
on 17 Jan 2012 at 1:03
[deleted comment]
Original issue reported on code.google.com by
ismailce...@gmail.com
on 12 Jan 2012 at 11:37