Hi, reaver14 gets stuck on "send EAP Response Identity".
From BT5r2 I run the following:
airmon-ng start wlan0
reaver -i mon0 -b xx:xx:xx:xx:xx:xx
client send auth, ap answer auth ok
client send wps assoc, ap answer ok
client send EAPOL Start, ap anwer EAP Request, Identity [RFC3748]
client send EAP Response, Identity [RFC3748], ap answer EAP Request, Expanded
Type [RFC3748], WPS
and here all stop.. the tool hangs forever, and never sends any "Response,
Expanded Type" back to the ap..
In my opinion, it looks like after "EAP Response, Identity" the tool expects a
M1 frame from ap (containing ENonce, PK_E , EnrolleeMAC, keys and so on) but
instead it receives only that "EAP Request, Expanded Type" frame.. such frame
has the following structure:
No. Time Source Destination Protocol Length
Info
45 15.828384 xx:xx:xx:xx:xx:xx Apple_yy:yy:yy EAP 80 Request, Expanded Type [RFC3748], WPS
Frame 45: 80 bytes on wire (640 bits), 80 bytes captured (640 bits)
Radiotap Header v0, Length 26
IEEE 802.11 Data, Flags: ......F.C
Logical-Link Control
DSAP: SNAP (0xaa)
IG Bit: Individual
SSAP: SNAP (0xaa)
CR Bit: Command
Control field: U, func=UI (0x03)
000. 00.. = Command: Unnumbered Information (0x00)
.... ..11 = Frame type: Unnumbered frame (0x03)
Organization Code: Encapsulated Ethernet (0x000000)
Type: 802.1X Authentication (0x888e)
802.1X Authentication
Version: 1
Type: EAP Packet (0)
Length: 14
Extensible Authentication Protocol
Code: Request (1)
Id: 1
Length: 14
Type: Expanded Type [RFC3748] (254)
Expanded Type (Wifi Alliance, WifiProtectedSetup)
Vendor Id: WFA (0x372a)
Vendor Type: SimpleConfig (0x01)
Opcode: WSC Start (1)
Flags: 0x00
.... ...0 = More flag: False
.... ..0. = Length field present: False
of course all that was monitored using Wireshark, and tested RTL and Atheros
cards..
Why reaver doesnt send the "Response, Expanded Type" to the ap?
Thanks
Original issue reported on code.google.com by niki...@cooltoad.com on 26 Aug 2012 at 8:39
Original issue reported on code.google.com by
niki...@cooltoad.comon 26 Aug 2012 at 8:39