brut133133 / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

timeout occured #90

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. reaver -i mon0 -b 20:2b:c1... -c 6 -E -S -l 60 -vv
2. tried it on many AP's around with different options

What is the expected output? What do you see instead?
[+] Waiting for beacon from 20:2B:C1:77:5B:55
[+] Switching mon0 to channel 6
[+] Associated with 20:2B:C1... (ESSID: BTHub3..)
[+] Trying pin 56439823
[!] WARNING: Receive timeout occurred
[+] Trying pin 56439823
[!] WARNING: Receive timeout occurred
[+] Trying pin 56439823
[!] WARNING: Receive timeout occurred
[+] Trying pin 56439823
[!] WARNING: Receive timeout occurred
[+] Trying pin 56439823...

always the same response, timeout and also it keeps trying the same pin but i 
guess that's due to the timeout

What version of the product are you using? On what operating system?
bt5 r1 vmware
ralink rt2800usb

Please provide any additional information below.
all of the ap's i have tried are very close and have top signal

thanks

Original issue reported on code.google.com by dub...@gmail.com on 5 Jan 2012 at 9:22

GoogleCodeExporter commented 8 years ago
Take a look in "SupportedWirelessDrivers" may be you should try another Wlan 
device

Original comment by patricks...@gmail.com on 5 Jan 2012 at 9:28

GoogleCodeExporter commented 8 years ago
There has been issues with the rt2800usb. Can you provide a pcap of the attack?

Original comment by cheff...@tacnetsol.com on 5 Jan 2012 at 9:32

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
I would suggest recompiling with the latest compat-wireless drivers.  See the 
BT 5 wiki article here: 
http://www.backtrack-linux.org/wiki/index.php/Wireless_Drivers#rt2800usb

This worked for me.

Original comment by pah...@gmail.com on 5 Jan 2012 at 11:26

GoogleCodeExporter commented 8 years ago
Like pahtzo said, this could be a driver issue, but try with the latest SVN 
code too.

Original comment by cheff...@tacnetsol.com on 6 Jan 2012 at 12:05

GoogleCodeExporter commented 8 years ago
just tried both things no luck, can post a new cap file if you like with new 
drivers and SVN code? also since ive done this i can no longer get walsh to 
work even with -C -c 6 / --ignore-fcs

Original comment by dub...@gmail.com on 6 Jan 2012 at 3:41

GoogleCodeExporter commented 8 years ago
maybe the same issue as here

http://code.google.com/p/reaver-wps/issues/detail?id=50

I´m using BT4 R2 with the rt2800usb driver and r69.
The driver works fine in this type of OS. 
I had cracked many APs in this constellation.

Walsh says

root@bt:~# walsh -i mon0 -C -s

Walsh v1.4 beta WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

BSSID                  Channel       WPS Version       WPS Locked        ESSID
--------------------------------------------------------------------------------
--------------
00:1D:19:F5:86:F5       1            1.0               N                 
WLAN-F58613
88:25:2C:52:67:63       6            1.0               N                 anna
^C
root@bt:~#

I tried it with both APs with a good connection. Always the same results.

Original comment by hurenhan...@googlemail.com on 6 Jan 2012 at 12:27

GoogleCodeExporter commented 8 years ago
its driving me crazy, saying that during the patching 
(http://www.backtrack-linux.org/wiki/index.php/Wireless_Drivers#rt2800usb) i 
get this error at the start.

root@bt:/usr/src/compat-wireless-2011-07-14# make
make -C /lib/modules/2.6.39.4/build M=/usr/src/compat-wireless-2011-07-14 
modules
make[1]: Entering directory `/usr/src/linux-source-2.6.39.4'

  WARNING: Symbol version dump /usr/src/linux-source-2.6.39.4/Module.symvers
           is missing; modules will have no dependencies and modversions.

but after this it continues and everything seems fine. any ideas?

Original comment by dub...@gmail.com on 6 Jan 2012 at 2:16

GoogleCodeExporter commented 8 years ago
I got the same modules warning and it worked fine.  You mentioned you're 
running BT5 in a VM, are you actually installing BT5 to a VMDK or just booting 
it up via the ISO and running it? those drivers won't install unless you're 
running BT5 from a persistent hard disk installation.

Original comment by pah...@gmail.com on 6 Jan 2012 at 2:41

GoogleCodeExporter commented 8 years ago
yes ive installed it on to my drive, rarely run from live cd now. what did you 
do at the end? did you manually select the driver or did you just reboot?

Original comment by dub...@gmail.com on 6 Jan 2012 at 2:55

GoogleCodeExporter commented 8 years ago
Like i said bevore it is easyer to try a another Wireless USB adapter. I found 
one on the used market a D-Link DWL-G122 HW ver. C1 who has this rt73usb 
chipset it has no N funcionalities but it does not matter. Or go ask your 
friends for used Wlan adapters.

For me it is a mistery why some will work and other ones not even when they 
work fine with aircrack they don't do with reaver.

Original comment by patricks...@gmail.com on 6 Jan 2012 at 3:24

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
yes, it is strange. would have thought if they work with aircrack and have 
injection they would work in reaver no problems like you said. maybe in the 
future it will be compatible? i dont mind testing things and would love this to 
work for me one day. seems a nice and powerful tool

Original comment by dub...@gmail.com on 6 Jan 2012 at 3:30

GoogleCodeExporter commented 8 years ago
I can proof you it was working on a Linksys WRT120N and on a Netgear WNR2000v2. 
I just tested differen Wlan devices and only my internal device was working so 
i had to manipulate the Antenna... 

Original comment by patricks...@gmail.com on 6 Jan 2012 at 3:43

GoogleCodeExporter commented 8 years ago
@patrick, dubite: aircrack has their own capture/injection library, while 
Reaver uses libpcap. We're working with the aircrack team to get Reaver 
integrated into the aircrack suite so that Reaver will use all of their 
libraries as well.

Original comment by cheff...@tacnetsol.com on 6 Jan 2012 at 3:51

GoogleCodeExporter commented 8 years ago
great news, best of luck with that :)

Original comment by dub...@gmail.com on 6 Jan 2012 at 3:59

GoogleCodeExporter commented 8 years ago
@cheff yes i think that would be the key, and a big thanks for your great work.

Original comment by patricks...@gmail.com on 6 Jan 2012 at 4:39

GoogleCodeExporter commented 8 years ago
For those who want's to make just testing their Wlan Card, if you have the pin 
from the AP, start reaver once and break it just right after then, now reaver 
has randomized a file that you can manipulate /etc/reaver/xx:xx:xx:xx:xx.wpc 
and put the right pin number in it in the you can put the first 4 digit at the 
6th line then go to the 3 digit section and put digit 5 to 7 somewhere, so you 
can test program and Card little bit faster. 

Original comment by patricks...@gmail.com on 6 Jan 2012 at 4:48

GoogleCodeExporter commented 8 years ago
You can also tell reaver to skip brute forcing the first four digits completely 
by  specifying them with the --pin option:

reaver -i mon0 -b 00:01:02:03:04:05 -vv --pin=1234

Reaver will use the digits '1234' as the first half of the pin and only attempt 
to brute force the second half. The second half only has 1,000 possibilities, 
so it goes much faster this way provided you already know the first half of the 
pin.

Original comment by cheff...@tacnetsol.com on 6 Jan 2012 at 4:54

GoogleCodeExporter commented 8 years ago
I am not sure may be it help's, when i use my backtrack like a human being 
without playing arraound on wlan, and want just get connected to a known 
Wireless Network it takes a huge time to get connected and sometimes it does 
nothing even when the Accesspoint is on the same desk :-(. Same happens when i 
change connection. If i do same on Windows i click it and it's done. May be 
there is something common.

Original comment by patricks...@gmail.com on 6 Jan 2012 at 7:09

GoogleCodeExporter commented 8 years ago
@cheff i think you right that libpcap can make those big troubles i have this 
supported rt73usb adapter and ath9k both are listed as working and on my tests 
only the ath9k was giving me good results, it seems to be a lotterie if it 
works or not. May be all of those different errors only occours of that libpcap.

Original comment by patricks...@gmail.com on 7 Jan 2012 at 11:02

GoogleCodeExporter commented 8 years ago
I originally had the same issue as described above, however after rebooting BT5 
and starting from scratch the issue went away and it seems to work correctly 
now without the time out issue.

Original comment by Hounge....@gmail.com on 8 Jan 2012 at 9:33

GoogleCodeExporter commented 8 years ago
Rebooting BackTrack does not resolve it for me. Still Getting timeouts. I am 
running it a VMware Fusion VMDK downloaded directly from the backtrack website.
Interface   Chipset     Driver

wlan0       Atheros AR9287  ath9k - [phy0]
                (monitor mode enabled on mon0)

root@bt:~# sudo reaver -vv -i mon0 -b E0:91:F5:A6:33:37

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from E0:91:F5:A6:33:37
[+] Switching mon0 to channel 2
[+] Switching mon0 to channel 3
[+] Associated with E0:91:F5:A6:33:37 (ESSID: Archie)
[+] Trying pin 12345670
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: 25 successive start failures
[+] Trying pin 12345670

Original comment by erick.va...@gmail.com on 8 Jan 2012 at 4:40

GoogleCodeExporter commented 8 years ago
I am comming back to the connectivety problem, i had this same problems with 
Kubuntu 8.10, and it seems to be the same problem until 10.04 (also used by 
Backtrack 5). Iknow when i reboot the system that would help but this is not a 
solution for playing arround like we do.

That's what i found

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/548992

i will look for more...

Original comment by patricks...@gmail.com on 9 Jan 2012 at 1:30

GoogleCodeExporter commented 8 years ago

Original comment by cheff...@tacnetsol.com on 9 Jan 2012 at 6:49

GoogleCodeExporter commented 8 years ago
some how i have managed to get it working after rebooting and trying again the 
latest SVN. it took 8 hours to get to 0.89% though, strange because i have 
great signal strength and very close to the AP. I am getting quite a lot of 
timeouts still and 'last message not processed properly' is there anything i 
can do to speed it up a little?

thanks for your help

Original comment by dub...@gmail.com on 10 Jan 2012 at 11:14

GoogleCodeExporter commented 8 years ago
I too am having this problem with the timeout error. When I run walsh it just 
sits there showing me the following out put for hours. Nothing happens.

root@bt:~# walsh -i mon0 -C -s

Walsh v1.4 beta WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

00:E0:25:A3:86:B4 linksys

Original comment by parkou...@gmail.com on 11 Jan 2012 at 5:42

GoogleCodeExporter commented 8 years ago
parkour, walsh will run indefinitely looking for supported APs. You have to 
explicitly stop it with ctl+c.

Original comment by cheff...@tacnetsol.com on 11 Jan 2012 at 12:38

GoogleCodeExporter commented 8 years ago
@dubite: I still suspect a driver/card issue, but can you provide another pcap 
now that it's (kind of) working?

Original comment by cheff...@tacnetsol.com on 11 Jan 2012 at 4:46

GoogleCodeExporter commented 8 years ago

Original comment by cheff...@tacnetsol.com on 11 Jan 2012 at 5:03

GoogleCodeExporter commented 8 years ago
Could you specify exactly what you would need?>

Original comment by erick.va...@gmail.com on 11 Jan 2012 at 9:08

GoogleCodeExporter commented 8 years ago
I need a pcap capture of the wireless traffic while Reaver is running.

Original comment by cheff...@tacnetsol.com on 11 Jan 2012 at 10:04

GoogleCodeExporter commented 8 years ago
Sorry man but im gonna have to lol at parkour just a wee bit...sitting watching 
walsh for hours.....haha dude thats funny. 

Almost as funny as me grabbing the latest revisions directly (copy/paste) from 
the googlecodepage and then wondering why they didn't compile. Whitespace!

But not quite ;). 

Glad you renamed walsh to wash as well. Fricking louis walsh kept popping into 
my head everytime i typed that. =P

Original comment by ObiDanKi...@googlemail.com on 12 Jan 2012 at 1:44

GoogleCodeExporter commented 8 years ago
Yeah I have no idea why I thought there was an 'l' in his name. I think I 
should get some nerd points taken away for that one. :P

Original comment by cheff...@tacnetsol.com on 12 Jan 2012 at 2:32

GoogleCodeExporter commented 8 years ago
Ok, here is an pcap dump when running the following on todays svn:
reaver -vv -i mon0 -b 30:46:9A:45:59:1C 

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from 30:46:9A:45:59:1C
[+] Switching mon0 to channel 11
[+] Associated with 30:46:9A:45:59:1C (ESSID: Elmo)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[!] WARNING: 25 successive start failures
[+] Sending EAPOL START request
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x2), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request

Original comment by erick.va...@gmail.com on 12 Jan 2012 at 8:15

Attachments:

GoogleCodeExporter commented 8 years ago
Ok, seems that backtrack 5 has incompatible/old drivers.
I fixed this by doing the following:
http://www.backtrack-linux.org/wiki/index.php/Compat-wireless
Don't download the compat-wireless set mentioned in the above link but download 
the latest available from the kernel.org site (see below)
http://wireless.kernel.org/download/compat-wireless-2.6/compat-wireless-2012-01-
13.tar.bz2

Basically the fastest way is to only build only your required driver and 
install it.
reboot and you should have a working reaver

Original comment by erick.va...@gmail.com on 14 Jan 2012 at 12:22

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
@Erick: I am going to try this in case it fixes iwlagn issues.

Since I'm not too used to Linux, can you tell me if I'm missing something in 
the procedure listed below? I added "??" before lines I'm doubting most, 
they're about applying or not BT5 injection patches, since I don't know if they 
are compatible with the new compat drivers.

- Download latest version from there: 
http://linuxwireless.org/download/compat-wireless-2.6/

?? - Download these injection patches: 
http://www.backtrack-linux.org/patches/wireless-patches-2.6.35.8.tar.gz

- Run in a shell:

# tar jxpf compat-wireless-*
?? # tar xpf wireless-patches-2.6.35.8.tar.gz
# cd compat-wireless-*
?? # patch -p1 < ../wireless-patches/IWLAGN_PATCH_FILE.patch
?? (or is it patch -p0 ? How can I know ?)
# ./scripts/driver-select { IWLAGN_FILE_NAME }
# make
# make install
# make wlunload

- Ready to go, no need to reboot (if reboot is required it's important to tell 
me because I'm running from Live USB and nothing is written in it, so a reboot 
should erase driver install)

Thanks! I'll report in SupportedWirelessDrivers if it fixes iwlagn issues.

Original comment by b1957...@nwldx.com on 17 Jan 2012 at 5:18

GoogleCodeExporter commented 8 years ago
Hi b1957,
I actually didn't do any patching since the compat-wireless drivers were 
working out of the box. Like I suggested grab the latest set from kernel.org 
and build and install them. So you are right I think that the ?? could be 
removed.

Original comment by erick.va...@gmail.com on 17 Jan 2012 at 7:15

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
this work for me(rt2800usb,backtrack 5 r1,vmware):

ln -s /usr/src/linux /lib/modules/2.6.39.4/build
cd /usr/src/
wget 
http://linuxwireless.org/download/compat-wireless-2.6/compat-wireless-2011-07-14
.tar.bz2
tar jxpf compat-wireless-2011-07-14.tar.bz2  
wget http://www.backtrack-linux.org/2.6.39.patches.tar
tar xpf 2.6.39.patches.tar
cd compat-wireless-2011-07-14 
patch -p1 < ../patches/mac80211-2.6.29-fix-tx-ctl-no-ack-retry-count.patch 
patch -p1 < ../patches/mac80211.compat08082009.wl_frag+ack_v1.patch 
patch -p1 < ../patches/zd1211rw-2.6.28.patch 
patch -p1 < ../patches/ipw2200-inject.2.6.36.patch 
./scripts/driver-select rt2x00
make 
make install
make wlunload

PS:Now reaver Woring :D

Original comment by didik.to...@gmail.com on 18 Jan 2012 at 12:51

GoogleCodeExporter commented 8 years ago
./scripts/driver-select

if you have many different adapters do not select a specific one so all other 
adapters will be also available.

Original comment by patricks...@gmail.com on 18 Jan 2012 at 2:05

GoogleCodeExporter commented 8 years ago
I tried the procedure I listed above without success. Error message:

/root/Desktop/compat-wireless-2012-01-17/config.mk:254: "WARNING: 
CONFIG_CFG80211_WEXT will be deactivated or not working because kernel was 
compiled with CONFIG_WIRELESS_EXT=n. Tools using wext interface like iwconfig 
will not work. To activate it build your kernel e.g. with CONFIG_LIBIPW=m."
./scripts/gen-compat-autoconf.sh config.mk > include/linux/compat_autoconf.h
make -C /lib/modules/2.6.39.4/build M=/root/Desktop/compat-wireless-2012-01-17 
modules
make: *** /lib/modules/2.6.39.4/build: No such file or directory.  Stop.
make: *** [modules] Error 2

Possibly Didik's "ln -s /usr/src/linux /lib/modules/2.6.39.4/build" is the fix 
and I'll try that next time I get a chance. (thanks for the feedback Didik)
In any case if I don't post in SupportedWirelessDrivers, consider that updated 
iwlagn's compat-wireless thingy doesn't work.

Original comment by b1957...@nwldx.com on 18 Jan 2012 at 11:19

GoogleCodeExporter commented 8 years ago
ok so i have a Atheros AR9170 chipset with the carl9170 drivers.
and i continuely get request timed out. running it on backtrack 5.

would u suggest updating the compat drivers?

Original comment by bpm...@gmail.com on 18 Jan 2012 at 11:41

GoogleCodeExporter commented 8 years ago
I have the same problem against a WRT54G2, after some tries the router locks 
itself out, since I don't have any signal issues and the lock seems to last 
until the router is restarted I assume this is the router's fault?

Original comment by dreamcas...@gmail.com on 19 Jan 2012 at 1:12

GoogleCodeExporter commented 8 years ago
I don't know what firmware version you're router is running. Others have 
(reportedly) successfully attacked the WRT54g2. If Reaver is indefinitely 
reporting that the AP is locked, you might try the --ignore-locks option. Some 
APs say that they are locked but don't really lock themselves.

Original comment by cheff...@tacnetsol.com on 19 Jan 2012 at 1:22

GoogleCodeExporter commented 8 years ago
Thanks for the quick response, I just get:

[+] Trying pin 56439823
WARNING: Receive timeout occurred

over and over. Hardware ver is 1.0, firmware is 1.0.00 (Build 12). 
--ignore-locks didn' t help.

Original comment by dreamcas...@gmail.com on 19 Jan 2012 at 1:34

GoogleCodeExporter commented 8 years ago
I have heard that the WRT54G2's are prone to falling over (I don't have one 
myself to test). You may need to reboot the router and try again, limiting how 
fast Reaver does pin attempts.

Original comment by cheff...@tacnetsol.com on 19 Jan 2012 at 3:36