search

apm1007 / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Not getting to M1/M2 stage #481

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
HI,
I am testing Huawei router with my Alfa RTL8187L on Backtrack 5R3
Aircrack ver. 1.1 r2259
Reaver 1.4

Alfa is able to associate successfully but then getting following output from 
Reaver:
reaver -i mon0 -b 4C:54:99:xx:xx:xx -vv

+] Associated with 4C:54:99:xx:xx:xx (ESSID: Huawei)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin

Tried and experimented with all switches available with no success :( 
I went through already logged issues and tried probably 99% of suggested 
solutions but nothing worked for me.
I have collected network traces and would appreciate if someone could have a 
look at it if possible.

I have tested other routers (Belkin, Linksys) and Rever works like a charm. The 
problem I come across is only with Huawei.

Cheers,
Marek

Original issue reported on code.google.com by marek.pa...@gmail.com on 13 Mar 2013 at 7:34

GoogleCodeExporter commented 9 years ago 
Forgot to mention that I am passing Wash pre-check

Original comment by marek.pa...@gmail.com on 13 Mar 2013 at 7:37

GoogleCodeExporter commented 9 years ago 
I was looking at network trace and found following:

1) Alfa->Huawei =EAPOL Start
2) Huawei->Alfa =EAP Identity Request
3) Alfa->Huawei =EAP Identity Response
4) Alfa->Huawei =EAP Identity Response      ---> repeating response
5) Huawei->Alfa =EAP Failure(4)
6) Alfa->Huawei =WSC_NACK

Brief analysis.
1) Alfa sending initiating EAPOL session
2) Huawei requesting Identity
3) and 4) Alfa is sending identity response twice
5) It looks like Huawei doesn't like response from Alfa and sending Failure(4) 
:(((

According to: http://tools.ietf.org/html/rfc3748
"If the authenticator cannot
   authenticate the peer (unacceptable Responses to one or more
   Requests), then after unsuccessful completion of the EAP method in
   progress, the implementation MUST transmit an EAP packet with the Code field set to 4 (Failure)."

This is exactly what is happening :(
Any ideas ?????????

Original comment by marek.pa...@gmail.com on 13 Mar 2013 at 9:12