search

detrojones / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

too many error messages #50

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. compiling and instaling
2. putting the interface into monitor mode
3. attempts with APs

What is the expected output? What do you see instead?
too many timeouts
attemting the same pin
on some APs - failed association

What version of the product are you using? On what operating system?
backtrack gnome 5 r2 with Atheros AR9285 Wireless Network Adapter

Please provide any additional information below.

Original issue reported on code.google.com by tiger2...@abv.bg on 2 Jan 2012 at 11:04

GoogleCodeExporter commented 9 years ago 
I'm using the Atheros Communications Inc. AR9285 Wireless Network Adapter 
(PCI-Express) (rev 01) as well. So far the pin never changed except for 2 times 
where I got lucky, I guess. It always gives me a timeout after trying a pin.

- Reaver r35
- backtrack 5 32bit (ubuntu 10.04, Kernel 2.6.38, GNOME 2.30.2)
- Atheros AR9285 adaptor with ath9k driver

Original comment by basti.me...@googlemail.com on 2 Jan 2012 at 12:53

GoogleCodeExporter commented 9 years ago 
Have you run Reaver with -vv to get more output? What is the make/model of your 
target AP? Do you have pcaps of the attack so we can try to track down the 
issue, if any?

Original comment by cheff...@tacnetsol.com on 2 Jan 2012 at 1:34

GoogleCodeExporter commented 9 years ago 
I always run reaver with the -vv switch. 

Apart from two times (which left me kinda puzzled) the output looks like this:

[+] Waiting for beacon from 00:23:08:9E:E4:03 
[+] Switching mon0 to channel 1 
[+] Associated with 00:23:08:9E:E4:03 (ESSID: EasyBox?-9EE451) 
[+] Trying pin 08334572 
[!] WARNING: Receive timeout occurred 
[+] Trying pin 08334572 
[!] WARNING: Receive timeout occurred 
[+] Trying pin 08334572 
[!] WARNING: Receive timeout occurred 
[+] Trying pin 08334572 
[!] WARNING: Receive timeout occurred 
[+] Trying pin 08334572 
[!] WARNING: Receive timeout occurred 
[+] Trying pin 08334572 
[!] WARNING: Receive timeout occurred 
[+] 0.00% complete @ 0 seconds/attempt 
[+] Trying pin 08334572 
[!] WARNING: Receive timeout occurred 
[+] Trying pin 08334572

I will do a few captures once I get home.

Original comment by basti.me...@googlemail.com on 2 Jan 2012 at 2:20

GoogleCodeExporter commented 9 years ago 
Any more info on this?

Original comment by cheff...@tacnetsol.com on 4 Jan 2012 at 2:44

GoogleCodeExporter commented 9 years ago 
BT4 R2 rt2800usb

Reaver 1.3 r55

root@bt:~# walsh -i mon0 -s -C

Scanning for supported APs...

00:1D:19:F5:86:F5 WLAN-F58613

root@bt:~# reaver -i mon0 -b 00:1D:19:F5:86:F5 -c 1 -b WLAN-F58613 -vv

Reaver v1.3 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetso
l.com>

[+] Waiting for beacon from 00:1D:19:F5:86:F5
[+] Switching mon0 to channel 1
[+] Associated with 00:1D:19:F5:86:F5 (ESSID: WLAN-F58613)
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2012-01-04 10:58:47 (0 seconds/attempt)
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[!] WARNING: 10 failed connections in a row
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2012-01-04 10:59:18 (0 seconds/attempt)
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2012-01-04 10:59:49 (0 seconds/at
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Failed to associate with 00:1D:19:F5:86:F
^C
[+] Nothing done, nothing to save.
[+] Session saved.
root@bt:~#

pcap file

http://www.load.to/E9tGjnKtl5/capture_BT4R2_rt2800usb

Original comment by hurenhan...@googlemail.com on 4 Jan 2012 at 4:05

GoogleCodeExporter commented 9 years ago 

BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

  00:1D:19:F5:86:F5   28        2        0    0   1  54e  WPA2 CCMP   PSK  WLAN-F58613

Original comment by hurenhan...@googlemail.com on 4 Jan 2012 at 4:16

GoogleCodeExporter commented 9 years ago 
I have exactly the same issue you have with a Ralink card and a Belkin router

Original comment by kaotik2...@gmail.com on 5 Jan 2012 at 12:07

GoogleCodeExporter commented 9 years ago 
hurenhannes, from the pcap it looks like Reaver is having trouble getting an 
EAP session started, which is *usually* an indication of connectivity problems. 
It's hard to tell from the pcap/airodump output what the actual RSSI is (it's 
certainly not 30dbm as reported in the radio tap headers!) so I'm not sure if 
that's the issue or not. Is this an AP that is very close to you?

Original comment by cheff...@tacnetsol.com on 5 Jan 2012 at 1:00

GoogleCodeExporter commented 9 years ago 
i have the same problem it always tries the same pin and then it says  WARNING: 
Receive timeout occurred. i tried to see what happen on wireshark but i can´t 
seem to see anything i try to filter with eth.addr the mac address of the AP 
but nothing appears im using mon0 to do the capture am i doing it right?

Original comment by fabiogfe...@gmail.com on 5 Jan 2012 at 12:10

GoogleCodeExporter commented 9 years ago 
i forgot to say that i tried with my router so im very close to it and a 
strange thing happened when i do reset to the router it works the pin brute 
force for some time.

Original comment by fabiogfe...@gmail.com on 5 Jan 2012 at 12:30

GoogleCodeExporter commented 9 years ago 
@ fabio
Have you tried different APs? Some routers like Dlink 655, in my case, lock you 
out permanently after a few failed attempts. That's why it starts cracking pins 
when you reset your router. It will work up until that same number. 
Reaver works fine with the other APs I tested. 
I hope this is of any help to you.

Original comment by bramrob...@gmail.com on 5 Jan 2012 at 2:40

GoogleCodeExporter commented 9 years ago 
fabio, can you verify that your AP supports WPS and has it enabled? When in 
wireshark you can use the display filter "eap || eapol" to see the WPS messages 
(WPS operates over EAP). If your device has WPS enabled and you are still 
getting these timeouts, can you please provide a pcap file of the attack? It's 
nearly impossible for me to debug issues like these without pcaps.

Original comment by cheff...@tacnetsol.com on 5 Jan 2012 at 5:35

GoogleCodeExporter commented 9 years ago 
ive tried on another router but it has the same result.

i was saying that it works when i disconnect the power cord from the router and 
then connect again but then it doesnt work its a little strange i will try to 
capture that situation to see the differences.

im using backtrack 5 on vmware

ive captured the pcap while using reaver

this is the program output:
root@bt:~# reaver -i mon0 -b 00:22:6B:8A:E9:0B -vv

Reaver v1.3 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[?] Restore previous session? [n/Y] n
[+] Waiting for beacon from 00:22:6B:8A:E9:0B
[+] Switching mon0 to channel 2
[+] Switching mon0 to channel 3
[+] Switching mon0 to channel 4
[+] Switching mon0 to channel 5
[+] Switching mon0 to channel 6
[+] Switching mon0 to channel 7
[+] Switching mon0 to channel 8
[+] Switching mon0 to channel 11
[+] Associated with 00:22:6B:8A:E9:0B (ESSID: scarface)
[+] Trying pin 22975058
[!] WARNING: Receive timeout occurred
[+] Trying pin 22975058
[!] WARNING: Receive timeout occurred
[+] Trying pin 22975058
[!] WARNING: Receive timeout occurred
[+] Trying pin 22975058
[!] WARNING: Receive timeout occurred
^C
[+] Nothing done, nothing to save.
[+] Session saved.

Original comment by fabiogfe...@gmail.com on 5 Jan 2012 at 9:18

Attachments:

GoogleCodeExporter commented 9 years ago 
Same issue here with VMWare Fusion an the Backtrack 5 vmware image.
Using a Bus 001 Device 002: ID 0cf3:7015 Atheros Communications, Inc. TP-Link 
TL-WN821N v3 802.11n [Atheros AR7010+AR9287]

Tried it with 4 different wifi access points. Netgear/Linksys/ASUS/Sitecom

Original comment by erick.va...@gmail.com on 7 Jan 2012 at 9:26

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
already tried with 3 different wifi cards rt2800pci rt73usb rtl8187 same result 
on rt2860pci rt73usb walsh displays the FCS error

Original comment by fabiogfe...@gmail.com on 7 Jan 2012 at 1:48

GoogleCodeExporter commented 9 years ago 
@fabio: After looking at your pcap, the AP is not responding after Reaver sends 
the identity request packet (this packet tells the AP that we are a WPS 
registrar). This indicates that the AP has disabled WPS registrar functionality 
(some APs allow for this, specifically Netgears) which means the AP is not 
vulnerable.

@erick, et al: Other causes of these errors typically are: 

1) Poor signal strength or lots of interference (this applies to both the 
attacker AND the AP)
2) MAC spoofing (known bug in Reaver where MAC spoofing doesn't work properly)

Original comment by cheff...@tacnetsol.com on 9 Jan 2012 at 6:40