markcox / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

reaver hangs up after being terribly slow on AP (65 seconds/attempt) #93

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Run reaver for some time (i.e. 1-2h)
2. Reaver get's timeouts and from time to time it hangs without any output.

###
[+] 8.20% complete @ 2012-01-05 16:56:47 (68 seconds/attempt)
[+] Trying pin 00355674
[+] Trying pin 48275675
[+] Trying pin 14125676
[!] WARNING: Detected AP rate limiting, waiting 315 seconds before re-trying
[+] Trying pin 16185678
[+] Trying pin 25115673
[+] 8.25% complete @ 2012-01-05 17:02:30 (68 seconds/attempt)
[+] Trying pin 72165676
[+] Trying pin 84675675
[!] WARNING: Receive timeout occurred
[+] Trying pin 84675675
[!] WARNING: Receive timeout occurred
[+] Trying pin 84675675
[+] Trying pin 92425675
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[!] WARNING: Last message not processed properly, reverting state to previous 
message

# I've wait 3hours and it didn't recover.
###

Running Strace on reaver I've seen as following
###

poll([{fd=3, events=POLLIN}], 1, -1)    = 1 ([{fd=3, revents=POLLIN}])
poll([{fd=3, events=POLLIN}], 1, -1)    = 1 ([{fd=3, revents=POLLIN}])
poll([{fd=3, events=POLLIN}], 1, -1)    = 1 ([{fd=3, revents=POLLIN}])
poll([{fd=3, events=POLLIN}], 1, -1)    = 1 ([{fd=3, revents=POLLIN}])
poll([{fd=3, events=POLLIN}], 1, -1)    = ? ERESTART_RESTARTBLOCK (To be 
restarted)
--- SIGINT (Interrupt) @ 0 (0) ---
sendto(3, 
"\0\0\10\0\0\0\0\0\10\0014\0\0&D\361\366\367\0\30\336p-\1\0&D\361\366\367\320\23
3"..., 49, 0, NULL, 0) = 49
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={5, 0}}, NULL) = 0
write(1, "\n", 1)                       = 1
stat("/etc/reaver", 0x7fff8ffb7160)     = -1 ENOENT (No such file or directory)
open("002644F1F6F7.wpc", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x7fd965cbf000
write(4, "909\n0\n0\n1234\n4241\n5024\n6141\n2521"..., 4096) = 4096
write(4, "8\n6384\n5722\n9963\n9423\n5124\n2786\n"..., 4096) = 4096
write(4, "\n2197\n0859\n3146\n9255\n6980\n1768\n0"..., 4096) = 4096
write(4, "1673\n5717\n8577\n5257\n4011\n6699\n48"..., 4096) = 4096
write(4, "737\n7497\n9749\n1417\n8747\n8228\n002"..., 4096) = 4096
write(4, "12\n2965\n0183\n1822\n0904\n9746\n7190"..., 4096) = 4096
write(4, "7\n3184\n9097\n0099\n7880\n6496\n1226\n"..., 4096) = 4096
write(4, "\n5655\n2420\n5073\n1660\n1589\n3834\n1"..., 4096) = 4096
write(4, "6256\n3301\n5767\n8910\n2508\n3698\n89"..., 4096) = 4096
write(4, "454\n0065\n2174\n9571\n5792\n4538\n252"..., 4096) = 4096
write(4, "57\n8751\n9782\n0137\n2861\n7797\n6654"..., 4096) = 4096
write(4, "1\n9395\n8527\n4113\n8809\n2846\n8583\n"..., 4096) = 4096
write(4, "\n6935\n9987\n6446\n0476\n3157\n9460\n2"..., 4096) = 4096
nanosleep({0, 100000}, NULL)            = 0
write(4, "589\n746\n248\n538\n735\n367\n535\n350\n"..., 760) = 760
close(4)                                = 0
munmap(0x7fd965cbf000, 4096)            = 0
write(1, "[+] Session saved.\n", 19)    = 19
setsockopt(3, SOL_PACKET, PACKET_RX_RING, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 
16) = -1 EBUSY (Device or resource busy)
munmap(0x7fd9647c5000, 4161536)         = 0
close(3)                                = 0
close(1)                                = 0
munmap(0x7fd965cc0000, 4096)            = 0
exit_group(1)                           = ?
Process 24170 detached
###

What is the expected output? What do you see instead?
Should continue trying PINs

What version of the product are you using? On what operating system?
reaver: built on 2012-01-04 21:57 from SVN.
OS: bt5 (updated)
Wireless: 3945ABG rev2

Please provide any additional information below.
I've good signal and once restarting reaver it simply continues without any 
problem up until next problem which might occur within 1-2 or 15-16 as last 
time. 

Reaver process is terribly slow:
[+] Trying pin 66195672
[+] Trying pin 64725673
[+] Trying pin 14915673
[+] Trying pin 78665675
[+] Trying pin 26705675
[+] 8.45% complete @ 2012-01-06 01:01:53 (65 seconds/attempt)
[!] WARNING: Detected AP rate limiting, waiting 315 seconds before re-trying

AP is:
Bouygues Telecom

Original issue reported on code.google.com by mojko...@gmail.com on 6 Jan 2012 at 12:19

GoogleCodeExporter commented 9 years ago
Can you provide a pcap please?

Original comment by cheff...@tacnetsol.com on 6 Jan 2012 at 12:30

GoogleCodeExporter commented 9 years ago
Just as an update, problem happen again back on Friday, but due to the fact 
that I've been saving pcap on /tmp and had powercut, during bootup it got 
removed.

Since then problem didn't re-appeared.

Please keep it open for next week or so and I'll get back with an update and 
results.

Original comment by mojko...@gmail.com on 8 Jan 2012 at 6:42

GoogleCodeExporter commented 9 years ago
similary to the Thomson router i´ve been testing,  this one you are testing 
locks you out after 5 tryes probably unlocking itself after 5 minutes, that is 
why it so slow. About the hanging bug, fortunately I have never seen it.

Original comment by Stnd....@gmail.com on 9 Jan 2012 at 3:44

GoogleCodeExporter commented 9 years ago

Original comment by cheff...@tacnetsol.com on 9 Jan 2012 at 6:50

GoogleCodeExporter commented 9 years ago

Original comment by cheff...@tacnetsol.com on 11 Jan 2012 at 4:55

GoogleCodeExporter commented 9 years ago
This time it took "just" couple of days to hang up. Between earlier issues and 
last try I've updated and compiled version from svn. The one from last test was 
built on 2012-01-04 21:37.

I've tried to attach dump file but even when split into 9MB ones it's not 
allowed and every time I'm getting error, that browser has sent 
illegal/malformed request.

Please let me know if you want me to filter dump file in any specific way or 
maybe upload it somewhere else?

Right now file contains all traffic with MAC of AP or my host

Thanks!

Original comment by mojko...@gmail.com on 13 Jan 2012 at 9:33