abderrahmane1996 / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

WPS transaction failed: TP-Link WR-841N (0x03) / Linksys WRT120N (0x04) #406

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
I have seen several open issues for this problem, and I apologize for opening a 
new one, but it seemed clear that the other people reporting this were trying 
it against routers they didn't own, and couldn't provide debug information. I 
am testing this against my own routers, and I can provide any captures needed.

0. What version of Reaver are you using?  (Only defects against the latest
version will be considered.)

Reaver 1.4, packaged with the latest version of Backtrack.

1. What operating system are you using (Linux is the only supported OS)?

Backtrack Linux.

2. Is your wireless card in monitor mode (yes/no)?

Yes. I tried both the internal card (Atheros AR9285) and an external TPLink 
TL-WN822N (sadly it's an Atheros AR9287, not that different).

3. What is the signal strength of the Access Point you are trying to crack?

-33 for one -49, with the other using the internal card. 90% for both in Wicd 
Network Manager. One is sitting in the same room, the other is across a wall.

4. What is the manufacturer and model # of the device you are trying to
crack?

TP-Link WR-841N and Linksys WRT120N (0x04)

5. What is the entire command line string you are supplying to reaver?

Linksys: reaver -i mon0 -b 68:7F:74:DE:5C:16 -vv
TPLink: reaver -i mon0 F8:D1:11:A1:70:7C -vv -L

The TPLink hangs after association, hence the -L.

6. Please describe what you think the issue is.

No idea. The output doesn't give me much to go on. I'm a general IT guy but I 
don't usually get into the internals of wireless protocols.

7. Paste the output from Reaver below.

root@bt:~# airmon-ng

Interface    Chipset        Driver

mon1        Atheros AR9287    ath9k - [phy1]
mon0        Atheros AR9285    ath9k - [phy0]
wlan1        Atheros AR9287    ath9k - [phy1]
wlan0        Atheros AR9285    ath9k - [phy0]

root@bt:~# airodump-ng mon0

 CH 14 ][ Elapsed: 20 s ][ 2012-09-20 01:24                                         

 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID                                                                                        

 68:7F:74:DE:5C:16  -42       39       21    0   1  54e. WPA2 CCMP   PSK  Ramiro                                                                                       
 F8:D1:11:A1:70:7C  -52       45      214    0  11  54e. WPA2 CCMP   PSK  Leandro                                                                                      

root@bt:~# reaver -i mon0 -b 68:7f:74:de:5c:16 -vv

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from 68:7F:74:DE:5C:16
[+] Switching mon0 to channel 1
[+] Associated with 68:7F:74:DE:5C:16 (ESSID: Ramiro)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x04), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x04), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x04), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x04), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x04), re-trying last pin
^C
[+] Nothing done, nothing to save.

root@bt:~# reaver -i mon0 -b f8:d1:11:a1:70:7c -vv -L

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from F8:D1:11:A1:70:7C
[+] Switching mon0 to channel 1
[+] Switching mon0 to channel 2
[+] Switching mon0 to channel 3
[+] Switching mon0 to channel 4
[+] Switching mon0 to channel 5
[+] Switching mon0 to channel 6
[+] Switching mon0 to channel 7
[+] Switching mon0 to channel 11
[+] Associated with F8:D1:11:A1:70:7C (ESSID: Leandro)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
^C
[+] Nothing done, nothing to save.

root@bt:~# 

Original issue reported on code.google.com by leandro...@gmail.com on 20 Sep 2012 at 4:44

GoogleCodeExporter commented 8 years ago
use -w

Original comment by nestca...@gmail.com on 23 Sep 2012 at 3:20

GoogleCodeExporter commented 8 years ago
I have exactly the same issue as leandro.  My log looks just like the second 
one above for the MAC "F8:D1:11:A1:70:7C".

Also WASH clearly says that the network is WPS enabled and open.  It is 
reported as WPS V1.

I have tried the "-w" option and many others with no luck.  Been playing around 
trying to get this to work for 3 months now :(

Anyone have any clue ?

Original comment by keyfo...@veryrealemail.com on 24 Sep 2012 at 10:01

GoogleCodeExporter commented 8 years ago
which means wps enable in the wash?
must appear "No"
try add -a -S -N  in line command

Original comment by deltomaf...@gmail.com on 25 Sep 2012 at 8:11

GoogleCodeExporter commented 8 years ago
Hi and thank you for your help :o)

I would really like to get this working, I can use Reaver sucessfully on many 
other AP's just not this one.

The output from WASH is ....

BSSID                  Channel       WPS Version       WPS Locked        ESSID
--------------------------------------------------------------------------------
--------------
00:1B:17:F5:46:F1       1            1.0               N                 wlan

So I am certain that WPS in enabled and open.

I have tried

-a -S -N 
-a -S --no-nacks
-a -N 
-a --no-nacks

Original comment by keyfo...@veryrealemail.com on 25 Sep 2012 at 10:51

GoogleCodeExporter commented 8 years ago
ok then try in two term:
1. aireplay-ng mon0 -1 120 -a <mac> -e Leandro
2. reaver -i mon0 -A -b <mac> -c 1 -vv --no-nacks --win7

in the case of the aireplay 120 is the wait time between one and the other 
authentication, can reduce to 5 to accelerate.
check if exist file <mac>.wpc in /usr/local/etc/reaver if yes remove.
run reaver again.

Original comment by deltomaf...@gmail.com on 26 Sep 2012 at 6:52

GoogleCodeExporter commented 8 years ago
Thank you very much again deltomaf for your help.  I am very grateful.  I am 
worried you are going to get bored of this issue before it works ! :o(

When I start Reaver I never seem to have a problem associating so I wonder why 
you suggest doing it a different way.  Not a critical question just wondering 
:o)

I thought I should mention I have a very good signal to my AP.

This is the log....

[+] Switching mon0 to channel 1
[+] Waiting for beacon from 00:1B:17:F5:46:F1
[+] Associated with 00:1B:17:F5:46:F1 (ESSID: wlan)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2012-09-27 13:34:31 (0 seconds/pin)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[!] WARNING: 10 failed connections in a row
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2012-01-26 13:34:58 (0 seconds/pin)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
^C
[+] Nothing done, nothing to save.

Then a second attempt...

[+] Waiting for beacon from 00:1B:17:F5:46:F1
[+] Switching mon0 to channel 1
[+] Associated with 00:1B:17:F5:46:F1 (ESSID: wlan)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred

etc...

Original comment by keyfo...@veryrealemail.com on 28 Sep 2012 at 2:37

GoogleCodeExporter commented 8 years ago
go dir /usr/local/etc/reaver remove file .wpc with mac router and start reaver 
again.
if it fails, install reaver 1.3 try again.

Original comment by deltomaf...@gmail.com on 1 Oct 2012 at 1:15

GoogleCodeExporter commented 8 years ago
Once again thank you for your help, I was starting to worry you had gone ! :o)

I went to the dir /usr/local/etc/reaver to remove the old .wpc file but there 
wasn't one there for this MAC !  I have many others in there so I was in the 
right place.  It is like Reaver has never started on this router for some 
reason.  So I guess the first part won't help as it wasn't even there ! :o)

As for you next suggestion I am amazed that going back a version would help, I 
will of course give it a try but can I ask what is different which affects it 
in my case ?

I have an additional issue now with Reaver (different AP), I am going through 
all the pins and getting to 99985677 and then it just keeps repeating.

I understand I am pushing my luck but I wondered if you might have an idea 
about that issue also as you seem to be the resident Reaver expert :o)

Thank you very much for coming back and for your time.

Original comment by keyfo...@veryrealemail.com on 1 Oct 2012 at 1:55

GoogleCodeExporter commented 8 years ago
what chipset of the adapter? 
the second problem should be solved by removing the file wpc and run reaver 
again.
the previous version may be more compatible with your adapter, as well as well 
as the version of Linux used, which may have a better module of your wifi. try.

Original comment by deltomaf...@gmail.com on 1 Oct 2012 at 5:27

GoogleCodeExporter commented 8 years ago

Sorry for the late reply but it took me some time to do the testing.

The chipsets I have tested are RTL8187L RT3070 (Alpha cards) on Backtrack 5r1 
and 5r2.

I have tried each version of Reaver (1.3 and 1.4) with BTr1 and BTr2 with both 
chipsets (seperatly).  I hope this explains why it took me so long ! 

Still nothing I am sorry to report.  This issue...

[+] Switching mon0 to channel 1
[+] Waiting for beacon from 00:1B:17:F5:46:F1
[+] Associated with 00:1B:17:F5:46:F1 (ESSID: wlan)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK

Still behaves the same.  I have read a lot since our conversation and 
discovered that this router "may" have a push button WPS.  It might explain why 
WASH reports it as having WPS enabled but it will not work unless the button is 
pushed.  My only reason for sticking with it was that WASH reported it as open 
when in fact it may be WASH at fault not Reaver.

The next problem about getting to 99985677 with no M5 M6 packets just the 
normal M1 M2 M3 M4 ones then cycling round is the same.  I managed to really 
test this out by finding 2 routers that produce this error.  I think 
manufacturers are outsmarting Reaver now, as both these routers are new.

All I can think of is they do not tell Reaver that the first part of the PIN is 
correct so Reaver just carries on.

When you suggested removing the wpc file I guess you were assuming that Reaver 
didn't get a good signal and missed the reply ? I have to report that this is 
not in my case as the signal is strong.  I really do think that as Reaver is no 
longer being maintained routers are outsmarting it. :(

Apparently Reaver does not actually test all the pins and there is a mod that 
can be done to make it do so.  It is a shame there isn't a feature in Reaver 
that allows the user to simply add a command.  

I must admit to being really disappointed now, I think I am going to have to 
accept defeat !  :)

Thank you very much for your help, it is very kind of you to take the time.

Original comment by keyfo...@veryrealemail.com on 2 Oct 2012 at 12:53

GoogleCodeExporter commented 8 years ago
Sorry I couldn't edit my last post, I wanted to add...

I am able to use Reaver successfully on many other older routers just in case 
you think I cannot use Reaver or there is some other fundamental reason it 
doesn't work.

Original comment by keyfo...@veryrealemail.com on 2 Oct 2012 at 12:56

GoogleCodeExporter commented 8 years ago
you have the custom to use the Reaver together with Airodump?
tried using the tool Wifite.py? 

Original comment by deltomaf...@gmail.com on 3 Oct 2012 at 12:29

GoogleCodeExporter commented 8 years ago
Sorry for my late reply but I have been testing carefully.

I have tried different wifi adapters + drivers, Reaver 1.3 and 1.4.  I have 
tried BT 5R2 and 5R3.  WASH always reports as using WPS and that it is open.  
Even when associating with Aireplay I still get the message below.  I have 
tried just about every different combination on these forums but still get 
error WPS transaction failed (code: 0x02).

I am fairly competent with Reaver as I have used it to some success on other 
tests but this AP defeats Reaver.  Surprisingly it is quite an old router.  I 
know the new Virgin routers outsmart Reaver but this old one seems to be able 
to do it without updates etc.  I think it is about 3 years old.

Whatever I do (with a very good signal) I get the following ...

[+] Waiting for beacon from 00:1B:17:F5:46:F1
[+] Associated with 00:1B:17:F5:46:F1 (ESSID: wlan)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK

Original comment by keyfo...@veryrealemail.com on 12 Oct 2012 at 3:10

GoogleCodeExporter commented 8 years ago
hi, try this, edit first line in /usr/local/etc/reaver/<mac>.wpc with pin to 
start in 1000
if not exist <mac>.wpc so copy other .wpc rename for mac of your router and 
edit:
1000
0
0
save e run reaver again, see if now work. 

Original comment by deltomaf...@gmail.com on 16 Oct 2012 at 4:52

GoogleCodeExporter commented 8 years ago
Hi

Hey I am really glad you are sticking around here, you seem to be the only one 
who knows what they are talking about ! :o)

If I don't reply soon it isn't that I won't, I need to travel to this router 
(not here at my home) so please wait for me ! :o)

Is there any way to talk to you rather than on here ?  Are you a member of a 
forum or something ?  I don't know how to swap e-mail address's on here without 
displaying them to the world. :o(

Original comment by keyfo...@veryrealemail.com on 17 Oct 2012 at 12:06

GoogleCodeExporter commented 8 years ago
I do not know, I do not think good idea swap emails, my English is bad, I'm 
from Brazil, I have another question, this router is configured with wep? I 
have seen the same problem here with the Reaver in Routers configured wep.

Original comment by deltomaf...@gmail.com on 18 Oct 2012 at 9:11

GoogleCodeExporter commented 8 years ago
In fact I can not do work on Routers configured with wep.
Perhaps it occurs in open Router.

Original comment by deltomaf...@gmail.com on 18 Oct 2012 at 9:19

GoogleCodeExporter commented 8 years ago
Hi

Shame about you not wanting to e-mail but that is you decision so no problems :)

The AP is most certainly WPA without doubt.  Definitely not WEP.

I am noticing others are posting here with the same problem.

Original comment by keyfo...@veryrealemail.com on 19 Oct 2012 at 10:40

GoogleCodeExporter commented 8 years ago
No luck :(

I made a few virtual machines.

Backtrack 5.
Backtrack 5r1
Backtrack 5r2
Backtrack 5r3

I then duplicated them so one of each had Reaver 1.3 and 1.4 installed.

I used two different wifi adapters on each setup.

Wash always reported the AP as being WPS enabled and also that it was unlocked 
(ready to receive PINS).

Good signal strength.

All I got was the same result as above.

I guess that's it ? :(

Original comment by keyfo...@veryrealemail.com on 1 Nov 2012 at 9:28

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
Hi there! I think I may have the solution for some cases. 24 hours before my 
last attempt, I successfully got the pin of mi girlfriend's WPS Wifi network. 
Then I thought I could do the same with mine. So I configured my own router 
enabling WPS though I got an error when launching reaver with this command:

reaver -i mon0 -p 11111111 -e MY_ESSID -b 00:11:22:44:33:99 -c 6 -vv //Notice 
that both ESSID and BSSID are fictitious.

The error:

[!] WPS transaction failed (code: 0x02), re-trying last pin.

I tried to remove .wpc file but it didn't work.

What I did is to stop airodump-ng from capturing packets. Apparently, running 
together airodump-ng and reaver may cause some errors.

Hope it helps.

SH4V.

Original comment by ndkotrik...@gmail.com on 26 Nov 2012 at 11:23

GoogleCodeExporter commented 8 years ago
This is exactly the problem. well... it might not be... but you cannot run 
reaver and airodump at the same time. airodump will switch the channels etc. 

Original comment by Nihilist...@gmail.com on 27 Nov 2012 at 7:35

GoogleCodeExporter commented 8 years ago
You can run airodump-ng on a single fixed channel, you know. I think its the -c 
option.

Original comment by ntzrmtth...@gmail.com on 27 Nov 2012 at 10:14

GoogleCodeExporter commented 8 years ago
Hi, I think with code 0x04, the AP doesn't like being attack. 0x04 occurs every 
15-20 pin or so. I had a laptop that ran 24/7 to test this out. I successfully 
cracked my router (NETGEAR WNR1000v2) in ~9500 secs (2.5 hrs).
My command was: Reaver -i (my monitor interface) -b (router bssid) -T 1 -c 
(router's channel) -f -N -S -x 300 -vv
Notice the -x 300. With my router, it allows my laptop to brute force again 
after 5 mins of downtime (after noticing DoS attack). So experiment.

Original comment by tigercla...@gmail.com on 8 Dec 2012 at 7:56

GoogleCodeExporter commented 8 years ago
I tried your command and it works without -c option.

Original comment by maxin...@gmail.com on 29 Dec 2012 at 4:27

GoogleCodeExporter commented 8 years ago
I tried your command and it works without -c option.

Original comment by maxin...@gmail.com on 29 Dec 2012 at 4:27

GoogleCodeExporter commented 8 years ago
hellow, iam having WPS transaction failed (code: 0x02), re-trying last pin 
problem,after completing upto 99% i keep on trying for hours....
i also tried reaver -i mon0 -A -b 00:1E:A6:0B:E3:B8 -c 1 -vv --no-nacks --win7
please help guys....

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Switching mon0 to channel 6
[?] Restore previous session for 00:1E:A6:0B:E3:B8? [n/Y] y
[+] Restored previous session
[+] Waiting for beacon from 00:1E:A6:0B:E3:B8
[+] Associated with 00:1E:A6:0B:E3:B8 (ESSID: iBall-Baton)
[+] Trying pin 59028895
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 59028895
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 59028895
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 59028895
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 59028895
[+] Sending EAPOL START request

Original comment by yellowfl...@gmail.com on 29 Dec 2012 at 5:47

GoogleCodeExporter commented 8 years ago
a mi me pasa absolutamente lo mismo; he probado lo que dicen todos por aquí y 
no hay manera de que funcione.
Utilizo una RTL 8187 y también RT 3070 con varios tipos de Routers que 
soportan WPS y el fallo es siempre el mismo... 
Creéis que debería probar la versión Reaver 1.3 ?

Muchas gracias!  

Original comment by owernet...@gmail.com on 13 Jan 2013 at 12:07

GoogleCodeExporter commented 8 years ago
I have the same problem, this problem sometimes related to compat drivers, 
either you need to update to latest or downgrade to older version. Reinstall 
them and patch them correctly. It solve my problem, before upgrading remove the 
older version first

sudo make uninstall for every version

Original comment by hottin...@gmail.com on 15 Mar 2013 at 3:53

GoogleCodeExporter commented 8 years ago
close the airdump terminal and reaver worked fine.  I get the 0x02 error every 
time if the airodump terminal is left open 

Original comment by scottjmu...@gmail.com on 12 May 2013 at 5:59

GoogleCodeExporter commented 8 years ago
hi the problem is still there can someone give me tipps or something
thx

Original comment by oum-raya...@hotmail.de on 28 Sep 2013 at 4:40