fauzan505 / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

radio_tap_header seems to be 2 bytes to long #476

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
A few things to consider before submitting an issue:

0. We write documentation for a reason, if you have not read it and are
having problems with Reaver these pages are required reading before
submitting an issue:
http://code.google.com/p/reaver-wps/wiki/HintsAndTips
http://code.google.com/p/reaver-wps/wiki/README
http://code.google.com/p/reaver-wps/wiki/FAQ
http://code.google.com/p/reaver-wps/wiki/SupportedWirelessDrivers
1. Reaver will only work if your card is in monitor mode.  If you do not
know what monitor mode is then you should learn more about 802.11 hacking
in linux before using Reaver.
2. Using Reaver against access points you do not own or have permission to
attack is illegal.  If you cannot answer basic questions (i.e. model
number, distance away, etc) about the device you are attacking then do not
post your issue here.  We will not help you break the law.
3. Please look through issues that have already been posted and make sure
your question has not already been asked here: http://code.google.com/p
/reaver-wps/issues/list
4. Often times we need packet captures of mon0 while Reaver is running to
troubleshoot the issue (tcpdump -i mon0 -s0 -w broken_reaver.pcap).  Issue
reports with pcap files attached will receive more serious consideration.

Answer the following questions for every issue submitted:

0. What version of Reaver are you using?  (Only defects against the latest
version will be considered.)
r113 - tryed from V1.0 v1.2 v1.3 v1.4 all same.
1. What operating system are you using (Linux is the only supported OS)?
knoppix-Linux
2. Is your wireless card in monitor mode (yes/no)?
yes Ralink 2561
3. What is the signal strength of the Access Point you are trying to crack?
87+
4. What is the manufacturer and model # of the device you are trying to
crack?
NetGear
5. What is the entire command line string you are supplying to reaver?
reaver -i ra0 -b xx:xx:xx:xx:xx:xx -vv
6. Please describe what you think the issue is.

The Problem is that the packets been captured reports the mac addresses are 
wrong (00:00:01:02:03:04 when it should be 01:02:03:04:05:06 - first 2 bytes); 
I looked a little further into the problem and adjusted builder.c 
build_radio_tap_header. but I'm finding its still having issues, any help 
appreciated.

7. Paste the output from Reaver below.

I have edited my code with lots of printf commands to trace problems so it many 
not make sense here.

Original issue reported on code.google.com by cwjowls...@btinternet.com on 3 Mar 2013 at 12:17

GoogleCodeExporter commented 8 years ago
in 80211.c under the three functions:

deauthenticate()

authentcate()

associate()

added "-2" to the following lines in each function. which will allow them to 
connect.

radio_tap = build_radio_tap_header(&radio_tap_len - 2);

now I get ..
[+] sending EAPOL START request
[!] WARNING: Receive timeout occurred

so again I'm guessing if the radio_tap_header is 2 bytes out there will be 
other areas in the code which are out as there seems to be alot of header 
sharing.

Original comment by cwjowls...@btinternet.com on 5 Mar 2013 at 6:36

GoogleCodeExporter commented 8 years ago
updated to a new kernel.. from 2.6.19 to 3.8.6 which fixed the probblem

Original comment by cwjowls...@btinternet.com on 15 Apr 2013 at 10:52