TH3GR3AT3STT3AM / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Reaver gets stuck on correct PIN, or goes past correct PIN and gets stuck on higher (incorrect) PIN #402

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Answer the following questions for every issue submitted:

0. What version of Reaver are you using?  (Only defects against the latest
version will be considered.)

The latest. 1.4 available in the Backtrack 5 R2/R3 repo.

1. What operating system are you using (Linux is the only supported OS)?

Backtrack 5 R2 32-Bit and tried with Backtrack 5 R3 32-Bit also.

2. Is your wireless card in monitor mode (yes/no)?

Yes, airmon-ng start wlan0

3. What is the signal strength of the Access Point you are trying to crack?

-18 to -57 - depends how close I sit to it.

4. What is the manufacturer and model # of the device you are trying to
crack?

Virgin Media Super Hub - Custom Netgear Model - VMDG480

5. What is the entire command line string you are supplying to reaver?

I have tried various - mainly, reaver -i mon0 -a -v -b XX:XX:XX:XX:XX:XX -c 6 
-t 5 -T 1 -N -w, -E -d 5 (and various times)

I have tried without the -E, -N, -w, -T, -t, -c etc have also tried --mac 
option, all combinations. 

6. Please describe what you think the issue is.

Reaver appears to get to the correct pin, or go past the correct pin and to a 
higher PIN, then gets stuck on it and just keeps attempting that pin. This has 
happened with 2 hubs. I returned the first hub I had because of poor 
performance and assumed that the issue with reaver was due to this but the new 
one is tip top for speed and the reaver issue is still there. The issue also 
occurs with several diff pins (I have changed the PIN in the control panel then 
retested). The hubs rate limit after 3 pin attempts and unlock after 60 seconds 
- but still churn through. -L does not work. They are seen in Wash. I have 
tried going to /usr/local/etc/reaver and delete the session file - in fact, I 
have tried on fresh installs and no change.

7. Paste the output from Reaver below.

root@bt:~# reaver -i mon0 -a -vv -b XX:XX:XX:XX:XX:XX

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Restored previous session
[+] Waiting for beacon from XX:XX:XX:XX:XX:XX
[+] Switching mon0 to channel 5
[+] Associated with 2C:B0:5D:F7:50:54 (ESSID: virginmediaXXXXXXX)
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK

Original issue reported on code.google.com by elld...@gmail.com on 13 Sep 2012 at 9:38

GoogleCodeExporter commented 8 years ago
Forgot to mention that I have tried with a BCM4311, RTL8187L and RT2800USB (all 
which support injection) - Same issue.

Original comment by elld...@gmail.com on 13 Sep 2012 at 9:40

GoogleCodeExporter commented 8 years ago
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
this line= wps lock?  
see wash 

Original comment by deltomaf...@gmail.com on 25 Sep 2012 at 8:24

GoogleCodeExporter commented 8 years ago
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
this line= wps lock?

Original comment by trico...@gmail.com on 19 Dec 2012 at 10:26