Open GoogleCodeExporter opened 9 years ago
I think they are the first 4 or 8 to get started to try.
Original comment by demon.ia...@hotmail.com
on 13 Feb 2012 at 2:13
Let me be clearer : I want to start pin guesing from 67800000. Is there a
comand line to do this?
Original comment by Podea...@gmail.com
on 13 Feb 2012 at 5:54
You could just restart the process from the beginning, then stop it and modify
the session file. The very first line in the session file says which line
number it's currently at. (But note that the pins aren't in perfect order; some
combinations are tried first, before the sequential attack.)
Original comment by vidar...@gmail.com
on 14 Feb 2012 at 7:43
you can make it possible by trying this code
reaver -i mon0 -b XX:XX:XX:XX:XX:XX -p (67800000)
after it start the and check for the first pin (67800000)
press ctrl+c it will save the process then
then start reaver without -p option then it will ask you to resume the old
process
say yes
:))))))))))))))))
Original comment by alhorani...@gmail.com
on 14 Feb 2012 at 8:12
great thx a lot for the answers :)
Original comment by Podea...@gmail.com
on 14 Feb 2012 at 11:00
This is my first post here, and im new testing Reaver 1.4
For does who wonder how to set a start pin on reaver, guess what? It seems
reaver dont have any command for that. But is there any solution?
Using [ -p ] option will NOT work, because it only establish a static Pin ,
and will NOT continue from on to the next consecutive number.
So we are all F**** up?
Not really , you can always re-start the search from Zero, and in case you are
one of the lucky one trying to hack a WPA2 PSK with Attack detections and AP
rate limiting, then you will have to wait like 4 days till you finish testing
all 100 millions PINs. But here are 2 more options:
1. Stop hacking other people's network and start pay an internet service.
For this write:
aircrack-ng stop hacking
get -apt your own internet service
2. If you still want to F*** your neighbor, you on your own.
- Edit the file [BSSID].wpc
Notes:
(The file name will have the BSSID as the name and will end with < .wpc >)
(This file contains the list of all pins to be tested, but the first Pin is the
las that you tested on the last session. So this allow you to set the start PIN
that Reaver will take to continue from it)
For BackTrack 5, under Device - enter File System
This file is at the following directory:
[ usr/local/etc/reaver ]
Original comment by AeonL...@gmail.com
on 2 Jun 2012 at 6:05
hello there. hope someone out here can help me with some kind of funny problem.
i just run reaver on my backtrack 5 r2, wait it for about 9 hours and get
complete around 35%, but suddenly it get shutdown because of electricity
congestion in my home.i'm running my laptop without the battery,just the plug
in.
my question is, how do i continue to the last process which is the 35% complete?
or i have to start it all over again like 10hours to only get 35% and continue
another 1 day to complete it? it is such a long time to take. if someone can
help me,please !! i'm begging you. can't take to wait such a long time.
thanks in advance. :D
Original comment by syahiqba...@gmail.com
on 4 Dec 2012 at 2:39
ok, i have figured out this issue of having reaver start from a certain pin in
case system restarted or you lost the session file. please consider the steps
below.
First plz let me explain a litle of how session file works so you can do it
easily.
Reaver attacks on WPS supported routers and WPS pin consist of 8 digits.
This key is divided in 2 parts, 1 part consisting of 4 digits and other part of
3 digits, last digit is some random index number i think.
Anyway, This makes upto 11,000 key combinations which reaver brute forces one
by one.
First reaver will break firt part (10,000 combinations) and then 2nd part (1000
combinations)
You can observe it while reaver is attacking,
56871103 (seperated as 5687-110-3)
56881105 (seperated as 5688-110-5)
56891102 (seperated as 5689-110-2)
--------------------------------------
------- assuming first part is broken which is 5689, now -----------
----------------------------------------------
56891112 (seperated as 5689-111-2)
56891125 (seperated as 5689-112-5)
56891139 (seperated as 5689-113-9)
56891143 (seperated as 5689-114-3)
OK, NOW THE SESSION FILE AND PIN PART
Now, in case you had lost the session file, lets first look how session file is
working.
session file is saved in folder /usr/local/etc/reaver as <bssid>.wpc
suppose the bssid we are working on was 8C:0C:A3:2B:19:D7
this session file will be saved in folder as folder /usr/local/etc/reaver as
8C0CA32B19D7.wpc
This session file consists of 11,000 keys in 2 parts
1. 4 Digits (until 9998, one on each line)
2. 3 Digits (until 998, one on each line)
To know the bssid, you can check it through airodump-ng
Remeber we have lost the session file, so first we will create the session file
using another bssid.
1. start reaver attack using any random bssid and after 1 or two pin attempts,
prezz Ctrl+Z to stop the process.
2. Now goto /usr/local/etc/reaver folder and there you will see the .wpc file
with that random bssid you just attacked on.
3. Provided that you have noted the target bssid for which you had lost the
session file, change the name of this wpc file to that bssid, e-g from
8C0CA32B19D7.wpc to 001122334455.wpc (assuming that my target bssid id I was
working on before was 00:11:22:33:44:55)
4. Now open this wpc file in any text edtitor and you will see the keys written
as i told above, but
5. In first line is the pin which reaver was cracking, let say you remembered
it or you knew the average percentage reaver was completed. Let say 49%.
6. Now from that we can assume that there are 10,000 combinations first, and it
was done 49% so ping might be somewhere around 4900.
7. Just change that pin in first line to 4900 or any closest according to the
analysis.
8. 2nd and 3rd lines are saying 0 and 0 and rest are combinations.
9. Save the file.
10. start reaver with that exact target bssid which you were working on before.
11. Voila, say thanks to me in your heart because i can see that smile of
winning on your face :P
Original comment by muneeb.x...@gmail.com
on 13 Mar 2013 at 9:49
Good job!! tkss
Original comment by robinson...@gmail.com
on 1 May 2013 at 6:36
Thank you very much :)))))))))))))
Original comment by Nano.R...@gmail.com
on 12 Jun 2013 at 3:13
Good man you just saved the day muneeb GOD BLESS YOU!!
Original comment by Computer...@gmail.com
on 19 Dec 2013 at 10:44
is the 11th requirement done yet, muneeb? :)
Original comment by HuyNguye...@gmail.com
on 6 Feb 2014 at 12:37
Hy guys. First of all thx all for the answers. Now on to more important things.
Lately I have a very small amount of free time but last night I got a couple of
hours playing with reaver again. I was comparing some routers and wi-fi dongles
to check signal strengt and security to see wich one is best. After the 2 hours
have past I had this Ideea: IS IT POSSIBLE TO USE THE SAME COMPUTER IN ORDER TO
RUN 2-3 SIMULTANEOUS REAVER ATTACS WITH 3 WI-FI ADAPTERS? meaning that I could
run reaver at the same time on mon0,mon1, mon2 maybe? If so how to do this ?
cause I would like for ex to do it like this: mon0 firts 4000 combinations mon1
from 4 k to 7k and mon2 from 7k to 10k until one hits the first 4 pin no. This
will increase speed up to 300%. I did not check it because probably the file
would be the same and keep rewriting. how to make it save sessions in different
files so i can edit ? is this possible? what do you think?. I will play around
and try to find an answer but if you have some imput please write to all
listening :D
Original comment by Podea...@gmail.com
on 6 Feb 2014 at 7:35
Here is my conjecture.
8 digit WPS pin is divided into groups of 4-3-1
Last digit is checksum of seven previous digits and can be calculated as
follows:
Assume seven digits FGHJBNM
Add the even ones plus three times the odd ones, change sign and do MOD 10.
CHKSUM = MOD( -(3*(F+H+B+M) + (G+J+N)) ,10)
CHKSUM (1234567) = 0 , CHKSUM (4561237) = 4
This is just for explanation because Reaver does it automatically.
The file where reaver keeps the information has 11003 lines which we divide in
three groups.
Lines 1-3 (3 lines) where it keeps track of the numbers tested.
Lines 4 to 10003 (10000 lines) are the four digit numbers in the order they are
tested. Note that they are not in order and that more frequent numbers are
tested first.
Lines 10004 to 11003 (1000 lines) are the three digit numbers in the order they
are tested.
Line 1 contains the line number (address) of the last four digit number tested,
not the number itself. The relative line number begins at #4 so if line 1
reads 2528 it means the last number tested is located at line number 2528
beginning at line 4 which is absolute line number 2532.
Note that the list of numbers are not in nummerical order and most frequent
numbers are tested first.
Once the first four digits have been found the process goes on with the three
following digits in a similar manner except that the number in the second line
will be the line number of the three digit code beginning at line 10004 so we
have to add 10004 to the number in line 2.
I have not tested this thoroughly but I believe that if it is not exactly right
at least it comes very close.
Note also that you can change the order of the numbers tested by editing the
list. You can start at the top and go down or you can alternate.
Original comment by alfgo...@gmail.com
on 8 Mar 2014 at 6:15
Original issue reported on code.google.com by
Podea...@gmail.com
on 13 Feb 2012 at 12:29