agraton32 / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

speeding up the process... #210

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Hi ,I've tried reaver 1.4 and it's a very intressting tool.But after thinking i 
found a way that can help you speeding up the cracking process ...
The idea is to implement the support of 2 wireless adapeters at the same time.
The first adapter will try to find the first half on the WPS PIN while the 
second wifi will try to find the second half of the code.But there should be a 
conbination between the two devices,so that the work done would be saved into 
one single file.
This way the time required for the cracking would become less than 2 hours.
Finally i hope you will try to implement this function in the comming version.
And thanks for reading .

Original issue reported on code.google.com by cariok...@gmail.com on 1 Feb 2012 at 3:40

GoogleCodeExporter commented 8 years ago
The speed is due to the limitation of the AP not the wireless adapters or 
Reaver.

You can use --dh-small which offers some slight speed improvement.

Original comment by keyfo...@veryrealemail.com on 1 Feb 2012 at 3:59

GoogleCodeExporter commented 8 years ago
yes i know but what i said was a suggestion and not an issue .

Original comment by cariok...@gmail.com on 1 Feb 2012 at 8:31

GoogleCodeExporter commented 8 years ago
I'm sorry but I am not sure I understand what you mean.

If it is the AP that is the bottleneck, how will your suggestion help ?  I am 
genuinely interested as I may have misunderstood you.

Original comment by keyfo...@veryrealemail.com on 1 Feb 2012 at 9:47

GoogleCodeExporter commented 8 years ago
It wont work. You can't find the second half of the pin, untill you have the 
first half of the pin. Because you wont get the correct responses back, when 
testing the second half of the pin, unless you have the first half of the pin.

Reaver sends a full 8 digit pin request, incrementing the first 4 digits at 
each attempt. If the returned EAPOL response indicates that the first 4 digits 
are correct, reaver starts to increment the next 3 digits and the corresponding 
checksum digit for the full 7 digits, to test and hopefully at some time get 
the EAPOL return message indicating the correct WPS pin is entered, with the 
corresponding WPA PSK info.

The vulnerability in the WPS Pin authorisation, which Reaver exploits, is the 
fact that the first 4 digits when correct, will make the AP send an EAPOL 
message indicating that fact, and when the 7 digits + checksum digit is 
correct, the AP will send another EAPOL message with the full WPA PSK that the 
client should use for the connection.

And as what was said, it is not a client limited issue, its the AP that is the 
limitation. The AP can handle one WPS pin process authorisation at a time, so 
if you try to use multiple adapters to test the WPS pin, the only think that 
will happen is each adapter will be waiting for their response in turn - no 
speedup in processing at all.

Original comment by jdsmob...@gmail.com on 1 Feb 2012 at 11:19

GoogleCodeExporter commented 8 years ago
Hmmm thanks for the clarifications :)

Original comment by cariok...@gmail.com on 2 Feb 2012 at 12:23

GoogleCodeExporter commented 8 years ago
Have a look here ... not exactly what you look for but another way to speed it 
up...
http://code.google.com/p/reaver-wps/issues/detail?id=200

Original comment by mo.latte...@gmail.com on 2 Feb 2012 at 1:15

GoogleCodeExporter commented 8 years ago
Hmm...

Again I am not sure how this new method of moving in from both ends will help 
either.  Unless you "know" the PIN will be at either end then you are only 
guessing.

If the PIN is in the middle you have just doubled your crack time !

I requested a feature some time ago where it would allow the user to start from 
a certain number or direction.  This would be useful if a certain product was 
known to usually start with a 6,7,8, or 9 then starting backwards would save 
time.

Even so, this would still only be guesswork, but a neat feature to have. :o)

Original comment by keyfo...@veryrealemail.com on 2 Feb 2012 at 1:33