binaryninja001 / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Blocks me at 90,90% #158

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
0. Last version from svn 1.4 v107

1. What operating system are you using (Linux is the only supported OS)?
bactrack 5 live cd

2. Is your wireless card in monitor mode (yes/no)?
yes

3. What is the signal strength of the Access Point you are trying to crack?
-50/-60

4. What is the manufacturer and model # of the device you are trying to
crack?
wlan0       Intel 4965AGN   iwl4965 - [phy0]
                (monitor mode enabled on mon1)
mon0        Intel 4965AGN   iwl4965 - [phy0]

5. What is the entire command line string you are supplying to reaver?
reaver -i mon0 -b 00:24:17:73:DD:3D -E -L -t 5

6. Please describe what you think the issue is.
it blocks me at 90,90%

7. Paste the output from Reaver below.
...
[+] 90.90% complete @ 2012-01-21 03:35:41 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:36:09 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:36:48 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:37:11 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:37:41 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:38:18 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:38:56 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:39:19 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:39:49 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:40:15 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:40:42 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:41:06 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:41:31 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:41:59 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:42:23 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:42:48 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:43:13 (7 seconds/pin)
[+] 90.90% complete @ 2012-01-21 03:43:42 (7 seconds/pin)
...

Original issue reported on code.google.com by poiert2...@gmail.com on 21 Jan 2012 at 3:37

GoogleCodeExporter commented 8 years ago

backtrack 5 / reaver 1.3 - 1.4 same issue
xiaopan-0.3.8 / reaver 1.3 - 1.4 same issue.

Original comment by s.wra...@gmail.com on 12 Apr 2013 at 12:16

GoogleCodeExporter commented 8 years ago
I had this happen to reaver with two APs. What fixed it for me was deleting .db 
and .wpc files in /usr/local/etc/reaver and starting over.

The funny thing is, both APs reaver was having problems with ended up using the 
first pin it tries - 12345670. Coincidence?

Original comment by zivkovic...@gmail.com on 16 Apr 2013 at 7:23

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
I have the same problem, stuck at 90,90% at Pin 99985677.
So i read that Reaver already have tried all possible combinations until this 
Pin, but don´t find the right Pin. 
Now is the attack unusable ? Or give it any solution and this session is usable?
I must set 60 seconds between pins, so the attack runs over 1 week. That would 
be very annoying. 

Original comment by kai.salb...@web.de on 4 Jun 2013 at 6:53

GoogleCodeExporter commented 8 years ago
If understand right, Reaver tried the right pin anytime, but the AP says its 
not right, and Reaver continued with subsequently Pins ? If it would be so, the 
session would be unusable :(

Original comment by kai.salb...@web.de on 4 Jun 2013 at 6:58

GoogleCodeExporter commented 8 years ago
try dictionary...

Original comment by rommelga...@gmail.com on 15 Jun 2013 at 9:00

GoogleCodeExporter commented 8 years ago
^^ stupidest comment ever

Original comment by consolem...@googlemail.com on 15 Jun 2013 at 9:08

GoogleCodeExporter commented 8 years ago
have the same issue, stuck at 90.90%

Original comment by unlucky...@gmail.com on 17 Jun 2013 at 5:42

GoogleCodeExporter commented 8 years ago
same problem with reaver 1.4 on bt 5r2 installed same pin comming over and over 
stacked on 90.90%; is there any hint ??? tnx

Original comment by desc.i...@gmail.com on 25 Jun 2013 at 10:06

GoogleCodeExporter commented 8 years ago
This is definitely caused by the target router having WPS PIN connection 
disabled by default, or having been turned off by the user. Newer wireless 
routers have the option to only allow WPS by push-to-connect, and it seems that 
manufacturers are cluing on to the fact that WPS via PIN is quite insecure.

"On Virgin Media Super Hub routers WPS via PIN is disabled by default, so it 
won't send reaver a positive response to the first four digits at all, and so 
reaver will keep trying 9998 forever. Perhaps in later versions reaver will 
quit with an error instead of just going on forever and leaving people 
wondering."

I tried this on my defaulted Virgin Media hub and got the same error. When I 
went in through the admin interface and enabled PIN connections, reaver was 
able to find the pin and the WPA key.

Original comment by pho...@gmail.com on 4 Aug 2013 at 8:41

GoogleCodeExporter commented 8 years ago
I've had the same problem with reaver1.3 and 1.4, but I will say when it works 
it works well. I have had success with quit a few routers, and failed at about 
the same amount. I agree with pho, things have changed due to known security 
flaws in wps. Newer routers will be much harder if possible at all I think. And 
older routers I would assume will eventually get firmware updates to patch the 
use of reaver as it is today. By the way the pro version I downloaded through 
torrents and tried via thumb drive has the same issue of running in a loop at 
90% but only on certain routers. It does however work much better and faster on 
a doable target then the standard version.

Original comment by CamaroZ2...@gmail.com on 5 Aug 2013 at 7:49

GoogleCodeExporter commented 8 years ago
It's been months, when they will fixed the buged?

Original comment by Jemmy.Su...@gmail.com on 27 Aug 2013 at 5:56

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
Not yet fixed ?

Original comment by Strahil....@gmail.com on 31 Aug 2013 at 7:00

GoogleCodeExporter commented 8 years ago
LITTLE ADVICE. ( and i assure, I WILL SOON COME WITH THE SOL. of 90% loop)

Hello everyone. I got exactly the same problem.

I used alfa 036H with live CD and exactly the same commands as -L -S -N etc.

my router is Netgear and even checks wps pin as fast as d 0, but after 7-8 
hours i am stuck at 90.90 %. That means- it didn't receive m5, m6 message even 
after trying all pins for first half.

i cracked my other router with same reaver 1.4 with default options and found 
the passphase correctly.

but with this netgear router i am stuck at 90.90 % loop.
so why it didn't get the first half correct even after trying all the 
combunations.

there is no rate limiting and wps locking.

But i did one thing unusual.
In between the process, i saved the session  of reaver many times and used 
reaver without these S L N options on reasuming. May be that is the mistake and 
may be due to this it skipped many pins.( but i am not sure that this is the 
reason for the problem)

i never received m5,m6 messages and stuck on 90.90 % checking the same pins.

there may be some other reasons like ap never send m5,m6 message even if the 
first half is correct.
or ap is sending fake wsc nack for every wrong 8 digit pin. etc.

if am currently running reaver from the beginning with it's default options i.e 
without L N S etc and  tell you all soon whatever result i get.
my advice to all of you is to do the same first and do not reach any other 
conclusion.

you can contact me through sushobhit333@gmail.com or better would be to contact 
me through Facebook www.facebook.com/sushobhit333 ( send me msg first do not 
send request directly).

i will soon reply with the result and i am determined to find the sol for this 
90.90% loop.

thanks! :)

Original comment by Sushobhi...@gmail.com on 8 Sep 2013 at 12:33

GoogleCodeExporter commented 8 years ago
problem isnt reaver try all number but couldn't i tried a connection i cracked 
before but didnt crack again i think routers updated agains realtect wifi 
im sure all of you using some version of realteck sorry for my bad english 

Original comment by putatapa...@gmail.com on 25 Sep 2013 at 8:07

GoogleCodeExporter commented 8 years ago
I doubt the problem is in the Router. Maybe not all of routers are capable for 

wps hacking, maybe wps are disable from router, maybe the setup of clients or 

they are using clone BSSID for their routers, or maybe reaver 1.4 have a little 

bit bug for the particular type of routers. Why I am saying this, because of my 

experience. I have only two wifi signal detected on my Laptop. I am cracking 
the 

first one using REAVER 1.4 in Backtrack 5-R3 running at VMware workstation 8. I 

am using very cheap wifi usb adapter with a driver Realtek (RTL8188CU Wireless 

LAN 802.11n USB 2.0 Network Adapter), and using a code: 

iwconfig

airmon-ng start wlan0

wash -i mon0

reaver -i mon0 -b [bssid] -c [channel] -s /tmp/wpscrack.wpc  -a -v -S -x 2 -r 

60:20 -l 20 -d 5 -N

However, when I start cracking the one signal of my neighbor, it always start 
at 

90% and the 1st 4 digit always repeating while the 2nd 4 digit are incrementing.

e.g.

12345670
12340002
12340021
12340054
and so on... after reached 99.99% it stuck and always repeated the PIN 12349998 

which I didn't understand.

Then I tried cracking the other signal, same usb card, driver, set-up, code, 

everything. Hence it was start at 0.01% then after 72.8% it will jump to 90% 

which was I discourage and thinking that it was same for the first one. When 

jump to 90% The 1st 4 digit was repeating and the 2nd 4 digit was incrementing.

e.g.

0.01% to 72.8%

12345670
12355679
12365678
........
........
41995674
42995675
........
........
64325678  stop and jump to

90% t0 92%

64325684
64325692
64325701 then when reached to 92%
........
........
WPS PIN: 6432xxxx
WPA PSK: xxxxxxxxxxx
SSID: xxxxxxxx

Then Im very HAPPY!! :)

Thus I conclude, if start at 90% that is bug. If start at 0.01% then it's 100% 

sure..

Hope it will help. Sorry for my english.

Original comment by rypedr...@gmail.com on 3 Nov 2013 at 6:36

GoogleCodeExporter commented 8 years ago
same issue same pin getting stuck

Original comment by cn.robe...@me.com on 15 Dec 2013 at 9:08

GoogleCodeExporter commented 8 years ago
Same issue, however when I used the -p trigger it seemed to progress but I do 
not know if that is valid progression.

root@kali:~# reaver -i mon0 -b EC:1A:59:93:F9:B8 -vv

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[?] Restore previous session for EC:1A:59:93:F9:B8? [n/Y] y
[+] Restored previous session
[+] Waiting for beacon from EC:1A:59:93:F9:B8
[+] Switching mon0 to channel 1
[+] Associated with EC:1A:59:93:F9:B8 (ESSID: ItburnswhenIP)
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] 90.90% complete @ 2013-12-20 13:24:33 (3 seconds/pin)
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] 90.90% complete @ 2013-12-20 13:24:49 (3 seconds/pin)
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] 90.90% complete @ 2013-12-20 13:25:04 (3 seconds/pin)

Original comment by domini...@gmail.com on 20 Dec 2013 at 7:04

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
Dear cheffner,

                 SUBJECT- TRYING SAME PIN OVER & OVER & STUCK IN 90.90% 
 R/S
              SIR, I have the same problem, stuck at 90,90% at Pin 9998567 & RUNNING LIKE THAT AS SHOWN IN BELOW

Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] 90.90% complete @ 2014-01-30 13:25:04 (1 seconds/pin)

I SEE THAT THERE IS NO M5 & M6 

I'M REALLY FRUSTRATED ABOUT 1 WEEK ...I TREID - r96 , with latest SVN CODE,& 
reaver-wps-fork, WITH IGNORE -L OPTION 

  Sir, almost i read all the post about this issue please help .. I'M REALLY FRUSTRATED  i tried 4 times both time stuck in 90.90 %. please resolve this issue

               i'm waitting for your reply

                                                             Thanking you !

Original comment by owaishh...@gmail.com on 30 Jan 2014 at 4:12

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
Hi,I'm getting stuck at pin 99985677(90.91%) using reaver 1.4 in kali 
linux,tried dropping the -L,everything is up to date????????no wps lockout or 
rate limiting………………...

Original comment by djdz...@gmail.com on 4 Feb 2014 at 8:15

GoogleCodeExporter commented 8 years ago
same here..the thing is in the end it also says that "after trying xxx times 
pin could not be cracked". when try to resume, it's trying the same pin over 
and over again. no rate limiting or something.

Original comment by gokhanyo...@gmail.com on 17 Apr 2014 at 4:24

GoogleCodeExporter commented 8 years ago
Read my comment 65 before reading this:

HERE IS THE SOLUTION-

The 90.90 % loop occurs when reaver is unable to find even the first half of 
the pin and it has no pin left to try.

Similarly 90.90% loop is when reaver has the first 4 digits but doesn't find 
the last 3 digits(4th is the check sum) and it has no pin left to try.

The reasons for these loop are as follows-
1. timeout errors.
2. frequent resuming and pause.
3. using parameters -S -N -L etc
4. lockdowns.
5. router showing false positive.
6 other simiar cases where a correct pin is rejected.

The solution is- Start reaver again with keeping these things in mind-
1. DONT USE THE ABOVE POINTS 1,2 AND 3

Thank you.
Sushobhit333@gmail.com
www.facebook.com/technology.lancers

Original comment by Sushobhi...@gmail.com on 3 Aug 2014 at 6:02

GoogleCodeExporter commented 8 years ago
Anyone have a solution for a false M5 packet?  I have a router occasionaly 
sending one out causing me to have to restart.

Original comment by psychede...@gmail.com on 28 Aug 2014 at 2:52

GoogleCodeExporter commented 8 years ago
@Susho

Any ideas on a fix for reaver receiving a false M5 packet?  I have restarted 
the test on my router twice now.  First time I thought it was a glitch.  Second 
time I caught one random M5 packet in the middle of everything causing a false 
1st 4 pin issue.

Any ideas?

Original comment by psychede...@gmail.com on 28 Aug 2014 at 2:59

GoogleCodeExporter commented 8 years ago
I have a similar problem, but for me it gets stuck on the first pin, and it 
remains at 0.00%... it will only try 01234567

Original comment by tehnocvl...@gmail.com on 8 Jan 2015 at 4:14