francoisfrank / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Solving the 99.99% Reaver 1.4 issue #439

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
    There are cases where Reaver 1.4 runs up to 99.99% and hangs. We have found that reverting to Reaver 1.3 in such cases always cracks the code. This has been noted elsewhere in the WPS Reaveer Issue Files

    As the use of 1.3 is rare, uninstalling 1.4 and reinstalling 1.3 and vice-versa as the situation warrants seemed impractical.Therefore we handled the problem by making a persistant usb flash drive running BTR1 and then installing Reaver 1.3 to the operating system.

We suggest you use a 16gig flash although an 8 gig flash will work.

1. Partition the flashdrive into a 5 gig Fat32 partition and an pprox 12 gig 
Ext3 partition. The 12 gig Ext 3 partition MUST be named =  casper-rw  to allow 
the flash drive to be persistant. Perisitance here means that any changes you 
make to the flashdrive will remain when you shut down the operating system on 
the flash drive. We used XP, and Acronis Disk Director Suite to complete these 
operations. Both are available via torrents if you look, try isohunt.

2. Since Bt5R1 does not include Reaver. We loaded it onto the flash drive using 
unetbootin-windows. You can download the latest version of unetbootin easily. 
You could use BT5R2 or R3 we simply did not do this and didnot explore the 
steps required to install therefore no guidance is given.

3. Now to make the flashdrive persistant

After you have installed BT5R1,R2 or R3 to the flashdrive change the 
syslinux.cfg in the Fat32 partition to read as below. Notice all we did was add 
lines 5 thru 9 to the config file. You can do this with kate or even in windows 
with notepad just do not save the file as text when using notepad.

A complete copy of the config file required for persistance is seen below.

==============

default menu.c32
prompt 0
menu title UNetbootin
timeout 100

label DEFAULT
menu label BackTrack Persistent Text - Persistent Text Mode Boot
kernel /casper/vmlinuz
append  file=/cdrom/preseed/custom.seed boot=casper persistent 
initrd=/casper/initrd.gz text splash vga=791--

label ubnentry1
menu label BackTrack Stealth - No Networking enabled
kernel /casper/vmlinuz
append initrd=/casper/initrds.gz file=/cdrom/preseed/custom.seed boot=casper  
text splash staticip vga=791--

label ubnentry2
menu label BackTrack Forensics - No Drive or Swap Mount
kernel /casper/vmlinuz
append initrd=/casper/initrdf.gz file=/cdrom/preseed/custom.seed boot=casper  
text splash vga=791--

label ubnentry3
menu label BackTrack noDRM - No DRM Drivers
kernel /casper/vmlinuz
append initrd=/casper/initrd.gz file=/cdrom/preseed/custom.seed boot=casper  
text splash nomodeset vga=791--

label ubnentry4
menu label BackTrack Debug - Safe Mode
kernel /casper/vmlinuz
append initrd=/casper/initrd.gz file=/cdrom/preseed/custom.seed boot=casper  
text--

label ubnentry5
menu label BackTrack Memtest - Run memtest
kernel /isolinux/memtest
append initrd=/ubninit -

label ubnentry6
menu label Hard Drive Boot - boot the first hard disk
kernel /ubnkern
append initrd=/ubninit -

===================

To run the flashdrive as an operating system remember to set your computer BIOS 
to boot from the USB first before the hard drive and you will have a 
functioning persistant BT5R1 operating system on a usb stick.

You should not try and upgrade the operating system as you will only need this 
tool when Reaver 1.4 fails. Furthermore there is a chance you will install 
reaver to 1.4 during the upgrade if you load R1.

Installing Reaver 1.3

Step 1 :- Download Reaver 1.3

# wget http://reaver-wps.googlecode.com/files/reaver-1.3.tar.gz

Step 2 :- Extract Reaver 1.3 Type and enter

# tar zxvf reaver-1.3.tar.gz

Step 3: Place the reaver-1.3 in the home directory Type and enter

# cd reaver-1.3/src

Step 4:  Type and enter

# ./configure

Step 5:  Type and enter

# make

Type and enter

# make install

In closing note that "wash" in Reaver 1.4 is called "walsh" in Reaver 1.3. When 
runnng walsh you will not get any channel number so you may wish to use 
airodump-ng to obtain info not provided by walsh. Most of this info provided is 
NOT original and has been extracted for use here. 

Musket Team Alpha

Original issue reported on code.google.com by muske...@yahoo.com on 21 Nov 2012 at 9:11

GoogleCodeExporter commented 8 years ago
The solution of this issue for v 1.4 / svn rev113 is described in issue post 
#470 http://code.google.com/p/reaver-wps/issues/detail?id=470 .  

Original comment by agent...@gmail.com on 15 Feb 2013 at 3:34

GoogleCodeExporter commented 8 years ago
are you sure that switching to reaver !.3 would solve the problem?

if you think the 99.90 % is due to problem with reaver, then tell me what is 
that problem.

why using old reaver would fix this problem?

i am currently stuck on this problem and will soon try this method and reply 
right here if it works.  :-)

- sushobhit333@gmail.com

Original comment by Sushobhi...@gmail.com on 14 Sep 2013 at 3:39

GoogleCodeExporter commented 8 years ago
I have tried it with reaver 1.3 and it did not work

Original comment by annabeln...@gmail.com on 14 Sep 2013 at 8:49

GoogleCodeExporter commented 8 years ago
For us in 2012 reverting to Reaver 1.3 always solved the problem. However this 
problem dissappeared but has just come back again. We have five cases in two 
different areas and on different computers using Kali-Linux in Nov 2013 that 
have run up to 99.99% We are testing the reaver 1.3 solution as we speak. There 
is a solution in thread posted above see new agent 1 comments. However we think 
this might be something new. Especially since annabeln above stated in Sept 
2013 that the reaver 1.3 solution failed.

Original comment by tuispl...@gmail.com on 29 Nov 2013 at 8:30

GoogleCodeExporter commented 8 years ago
We tried using BT5R1/Reaver1.3 against the following router. The program ran up 
to just over 98% then started requesting only one(1) number(ie 76845) climbed 
to 99% and went into an endless loop. So the Reaver 1.3 solution DID NOT WORK.

[+] Restored previous session
[+]
Waiting for beacon from 1C:7E:E5:XX:XX:XX
[+]
Switching mon0 to channel 13
[+]
Associated with 1C:7E:E5:XX:XX:XX
[ (ESSID: WIFI)
[+] Trying pin 76845
[!] WARNING: Receive timeout occurred
[+]
Trying pin 76845
[!] WARNING: Receive timeout occurred
[+]
Trying pin 76845
[!] WARNING: Receive timeout occurred
[+]
Trying pin 76845
[!] WARNING: Receive timeout occurred

We have six routers to test agaist hence urther testing in progress.
We have reloaded reaver 1.4 on a Kali-Linux OS on two(2) computers making sure 
we have the latest Reaver 1.4-2kali7 and are testing again against the six(6) 
routers that are giving us endless loop problems.  We will update when we have 
more data. We expect to complete first tests by 7 December 2013

If this doesnot work will try reaver 1.4 in BT5R3.

MTB

Original comment by tuispl...@gmail.com on 1 Dec 2013 at 1:09

GoogleCodeExporter commented 8 years ago

HERE IS THE SOLUTION-

The 90.90 % loop occurs when reaver is unable to find even the first half of 
the pin and it has no pin left to try.

Similarly 90.90% loop is when reaver has the first 4 digits but doesn't find 
the last 3 digits(4th is the check sum) and it has no pin left to try.

The reasons for these loop are as follows-
1. timeout errors.
2. frequent resuming and pause.
3. using parameters -S -N -L etc
4. lockdowns.
5. router showing false positive.
6 other simiar cases where a correct pin is rejected.

The solution is- Start reaver again with keeping these things in mind-
1. DONT USE THE ABOVE POINTS 1,2 AND 3

Thank you.
Sushobhit333@gmail.com
www.facebook.com/technology.lancers

Original comment by Sushobhi...@gmail.com on 3 Aug 2014 at 6:05

GoogleCodeExporter commented 8 years ago
please any one who has this problem try to downgrade to 1.3 I was avoiding this 
option but today I decided to to try it and Finally I got success 
actually the first 4 pin no that I used to get when using the 1.4 were wrong 
1234 and every time it start from 90% I tried it with two different routers and 
it was the same no.After trying all the above kind and greet experience and 
many from the web today I had to call the owner of one of the routers asking 
him if this no is true but he said not even close so i took the step of 
downgrading to 1.3  
I used it in kali and in backtrack in vm.
anyway thank you reaver it was greet experience , I feel proud of my self as a 
beginner hacker (legally )

Original comment by wad....@gmail.com on 30 Sep 2014 at 8:31

GoogleCodeExporter commented 8 years ago
Yes I too have 99.99% problem while using Kali Linux with USB Booting. No 
Solution?

Original comment by goldsu...@gmail.com on 27 Oct 2014 at 10:37

GoogleCodeExporter commented 8 years ago
Hello, guys, I have the same problem but I believe that I have the right answer 
but I still need some help to overcome it
the problem is related to this file /etc/reaver/BSSID.wpc
where bssid is the bssid of the router your testing without (:)
the great news is that reaver can TEST a pin with -pin argument, however, 
making a batch to test all pins is the real solution.
The explanation is as follows:
keys.txt (which has all pins with checksum; 8 digits)
reaver will be used through a batch file checking every single line in keys.txt
I hope anyone who knows python could use my idea to solve this problem, I'm a 
programmer of VB.net and I still don't know how to write the whole 8 digits, 
with a function, and if i knew I will write a code to make all 11000 
possibilties to write the keys.txt and so on...
Thanks in advanced

Original comment by MrSiss...@gmail.com on 22 Jan 2015 at 7:19

GoogleCodeExporter commented 8 years ago
Of course many were already tried, I tried with Reaver Pro+ Xiaopan,
Wifislax (It is not English language friendly), wpsPIN with Jumpstart. One
way or other it is difficult to find WPA2 if the PW is with the combination
of numerals, alphapets and symbols.

Original comment by goldsu...@gmail.com on 23 Jan 2015 at 8:54

GoogleCodeExporter commented 8 years ago
Of course many were already tried, I tried with Reaver Pro+ Xiaopan, Wifislax 
(It is not English language friendly), wpsPIN with Jumpstart. ReVdK One way or 
other it is difficult to find WPA2 if the PW is with the combination of 
numerals, alphapets and symbols. 

Original comment by goldsu...@gmail.com on 23 Jan 2015 at 8:59

GoogleCodeExporter commented 8 years ago
Dear Sir,

      Issue 439 is an old issue and we think circumstance have changed. Musket Teams suggest you read thru issues 675,676,677. There is a simple method to overcome this. We also suggest you down load VMR-MDK009x2. Scroll down to the bottom of the thread and find the latest release.

    We have developed approach to the 99.99% problem which has worked everytime. We caqll it the reaver replay attack

    Reference python we do not know this programing language

MTeams
--------------------------------------------

 Subject: Re: Issue 439 in reaver-wps: Solving the 99.99% Reaver 1.4 issue
 To: musket33@yahoo.com
 Date: Friday, January 23, 2015, 2:19 AM

 Comment
 #9 on issue 439 by MrSiss...@gmail.com:
 Solving the 99.99% Reaver� 
 1.4 issue
 https://code.google.com/p/reaver-wps/issues/detail?id=439

 Hello, guys, I have the same
 problem but I believe that I have the right� 
 answer but I still need some help to overcome
 it
 the problem is related to this file
 /etc/reaver/BSSID.wpc
 where bssid is the
 bssid of the router your testing without (:)
 the great news is that reaver can TEST a pin
 with -pin argument, however,� 
 making a
 batch to test all pins is the real solution.
 The explanation is as follows:
 keys.txt (which has all pins with checksum; 8
 digits)
 reaver will be used through a batch
 file checking every single line in� 
 keys.txt
 I hope anyone who
 knows python could use my idea to solve this problem,
 I'm� 
 a programmer of VB.net and I
 still don't know how to write the whole 8� 
 digits, with a function, and if i knew I will
 write a code to make all� 
 11000
 possibilties to write the keys.txt and so on...
 Thanks in advanced

 -- 
 You received this message because you starred
 the issue.
 You may adjust your notification
 preferences at:
 https://code.google.com/hosting/settings

 Reply to this email to add a
 comment.

Original comment by muske...@yahoo.com on 27 Jan 2015 at 8:53

GoogleCodeExporter commented 8 years ago
Dear Sir,

      Reference difficulties in cracking long passwords with numerals,symbol,small and large caps.

 All we can say is reaver just yesterday cracked thru a WPS Locked router where the WPA key was a 25 characters in length,computer generated composed of symbols numbers,small and large caps, So we are not seeing this. 

      Issue 439 is an old issue and we think circumstance have changed. Musket Teams suggest you read thru issues 675,676,677. There is a simple method to overcome this. We also suggest you down load VMR-MDK009x2. Scroll down to the bottom of the thread and find the latest release.

    We have developed approach to the 99.99% problem which has worked everytime. We caqll it the reaver replay attack

    MTeams
--------------------------------------------

 Subject: Re: Issue 439 in reaver-wps: Solving the 99.99% Reaver 1.4 issue
 To: musket33@yahoo.com
 Date: Friday, January 23, 2015, 3:59 PM

 Comment
 #11 on issue 439 by goldsu...@gmail.com:
 Solving the 99.99% Reaver� 
 1.4 issue
 https://code.google.com/p/reaver-wps/issues/detail?id=439

 Of course many were already
 tried, I tried with Reaver Pro+ Xiaopan,� 
 Wifislax (It is not English language friendly),
 wpsPIN with Jumpstart.� 
 ReVdK One way or
 other it is difficult to find WPA2 if the PW is with the�

 combination of numerals, alphapets and
 symbols.

 -- 
 You received this message because you starred
 the issue.
 You may adjust your notification
 preferences at:
 https://code.google.com/hosting/settings

 Reply to this email to add a
 comment.

Original comment by muske...@yahoo.com on 27 Jan 2015 at 8:59