bonnetandheart / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

what if router reports first half always invalid #418

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
More like a question than request / issue.
i have tried this on "virginmedia" routers, not sure which ones they really 
use, but it seems like that reaver can never find the pin. i have tested this 
in controlled environment and nothing.

how can i make reaver to try FULL pins ? i know that it would take a lot longer 
to crack, but this is what i want to do. i want reaver to crack from 00000001 
to 99999999 using full 8 digit pins.
seems like some routers always report first half of pin to be wrong.

or is there a work around for this ?

Original issue reported on code.google.com by mordax on 12 Oct 2012 at 2:41

GoogleCodeExporter commented 8 years ago
I have the same issue tested a few virgin media AP's now and all the same.  
They allow 3 tries and then a lock-out for 60 seconds.  You never get the PIN, 
left it runing for 5 days :(

Virgin media have outsmarted Reaver now and as there is no longer any support 
or development of Reaver we have had it.  :(

Good while it lasted !

Original comment by keyfo...@veryrealemail.com on 12 Oct 2012 at 3:01

GoogleCodeExporter commented 8 years ago
you mean a silent lock-out ? because i don't get WPS locked message at all. i 
have to use -d option on 31 or more or it gets locked for 60 seconds.
i have tested 2 station (my friend's and some unknown next doors), both act 
same. so it is not exactly a lockout.

if its 3 per 60 seconds, i can just set it to have longer delay, think its 
worth a try?

Original comment by mordax on 16 Oct 2012 at 11:47

GoogleCodeExporter commented 8 years ago
also if there is no further support / dev from reaver, then it sucks donkeys. 
there are also other tools out there, reaver was not the first, but reaver is 
most comfortable to use, also easy to install..etc

Original comment by mordax on 16 Oct 2012 at 11:48

GoogleCodeExporter commented 8 years ago
I don't get any lock out message either.  Just doesn't work.  Virgin has beat 
Reaver.

using -d won't help you, you get locked out after 3 tries not how fast they are.

Yes Reaver development appears to have ended, what are the other tools you know 
of ?

Original comment by keyfo...@veryrealemail.com on 17 Oct 2012 at 12:01

GoogleCodeExporter commented 8 years ago
then you're doing it WRONG. i see WPS locked "YES" if i do it too fast. i have 
to put -d 30 (29 locks out after 3 tries). it unlocks after 1 min tho.

virgin have NOT beat reaver, i think i just found the issue and its not 
bypassable.
seems like there are 2 options in virgin's router.
1 of them is WPS using PIN
other is WPS using "sync" with button. even tho it says WPS is enabled, it 
doesn't use the pin. you have to push down button on router + card.
even tho it has the default pin, i don't think its enabled. its just a false 
positive i think.
i tried with correct pin and it did not say its correct, so something is wrong, 
either reaver is not able to auth with virginmedia routers  or it is what i 
said it might be (false positve on being enabled).

as about other tools, i only know 1 and its called WPSCRACK.
its very retarded, its python  based and never worked for me. i just cant get 
it workign, it keeps moaning   something about ipv6 not having default route 
(like wtf).

there is also "wifite" which is included in backtrack 5 rc3. it uses reaver 
tho, but its more or less automatic attack tool. it does everything for you, 
puts card on monitor mode, selects options ...etc.

i would still like to know 100% solution / answer WHY virginmedia doesn't 
accept the pin, even if i enter correct pin.

Original comment by mordax on 19 Oct 2012 at 5:16

GoogleCodeExporter commented 8 years ago
using -d 30 must make it slower than the way I was trying ?  It must take at 
least 90 seconds to try 3 PINs, just let it run as normal and then wait out the 
60 second block period.  Reaver resumes after 60 seconds.

So leaving Reaver as standard tries 3 PINs in just over 1 minute on Virgin.  
Using the -d 30 takes over 90 seconds.

Your explanation seems like a good one to me.  Virgin have obviously worked out 
what Reaver was doing and probably have made the new "sync" option the default 
one.

Oh dear this is not good news for us :(

It is very strange that Virgin still broadcast that it has WPS enabled (via 
WASH) when it will not accept your correct PIN.

Thank you for posting your research on this. :)

Original comment by keyfo...@veryrealemail.com on 20 Oct 2012 at 10:09

GoogleCodeExporter commented 8 years ago
i prefer not getting locked out. so i use delay.
another option that is almost similar, is -r 1:30
this would set 30 second delay after each pin attempt. or you can do -r 3:61
it would set 60 second delay after 3 pins.

im not sure if thats the case tho, since virginmedia seems very simple and 
basic. that sync option is not new, its been there for ages.
i just went thru router settings and found 2 different options under WPS. one 
being "use sync" (or something like that) and other being "use pin"
i don't understand it so well.

but what i do know, is that virginmedia routers seem to have loweralpha, 8 
digit passwords for WPA/WPA2, which is WEAK.
some others like TALKTALK have 8 digit, upperALPHA_numeric and most others have 
same, but the fact that they use loweralpha, no numeric passwords, made me 
think it is accidental that pin doesn't work.

i would still like to test wpscrack, but that shit is not working.
another thing i want to test, is using some win app that authenticates using 
WPS PIN and see if i can connect to that station using PIN only.
if it wont accept WPS PIN at all, then it is really just false positive and it 
is not actually enabled, but before i say for sure, i need to test.

Original comment by mordax on 20 Oct 2012 at 10:29

GoogleCodeExporter commented 8 years ago
Thank you for your reply, its great that you actually have your own virgin 
router to test on.  You will be our only hope of finding a solution to this !

Just thinking about this further have you tried the -W option in Reaver ?

This is to simulate a windows 7 computer.

Original comment by keyfo...@veryrealemail.com on 20 Oct 2012 at 5:41

GoogleCodeExporter commented 8 years ago
just as i thought, it is complete false positive. WPS is NOT enabled on 
virginmedia by default. it is set to different method, it does not use the WPS 
PIN, that's why it fails.

i had a chance to test it on windows vista (vista seem to be only windows to 
recognize WPS by default), so when i tried connecting it asked for WPS PIN, not 
the passphrase, so i entered correct PIN and nothing, couldn't connect.
then i tried with passphrase and it connected fine (just to make sure it is 
compatible with AP).

everyone who are trying to crack virginmedia routers and can't find the pin 
(assuming you use correct settings and wont skip any pins), then it means it is 
false positive.

Original comment by mordax on 9 Nov 2012 at 6:55

GoogleCodeExporter commented 8 years ago
My virgin router gives me a MUMERIC 8 pin beginning with 2 

Original comment by Dam...@gmail.com on 4 Jan 2013 at 2:33

GoogleCodeExporter commented 8 years ago
I was able to get full password on my virgin superhub with reaver 1.4 but only 
if i specify my pin
reaver -i mon0 -b 00:01:02:03:04:05 -vv --pin xxxxxx  
no success with standard command

Original comment by szark1...@googlemail.com on 26 Mar 2013 at 11:53

GoogleCodeExporter commented 8 years ago
I think this tool is mainly useless these days as every AP is different and 
this program need to be find tuned for that ,Good as it last.

Original comment by szark1...@googlemail.com on 27 Mar 2013 at 1:05

GoogleCodeExporter commented 8 years ago
and bare in mind firmware updates on router since  last release of 
reaver---outdated in most cases.

Original comment by szark1...@googlemail.com on 27 Mar 2013 at 1:12

GoogleCodeExporter commented 8 years ago
reaver worked for me only with the wireless when i scan with command wash -i

Original comment by vampired...@gmail.com on 15 Jun 2013 at 11:34