master2be1 / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Garbage WPA passphrase recovered when Router's WPS is enabled but WPA is not enabled #108

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

0. What version of Reaver are you using? 

Reaver v1.3 

1. What operating system are you using (Linux is the only supported OS)?

Backtrack 5

2. Is your wireless card in monitor mode (yes/no)?

Yes (Alfa RTL8187)

3. What is the signal strength of the Access Point you are trying to crack?

-65 db

4. What is the manufacturer and model # of the device you are trying to
crack?

TP-Link all models

5. What is the entire command line string you are supplying to reaver?

reaver -b xx:xx:xx:xx:xx -vv -c 1 -d 0

6. Please describe what you think the issue is.

Garbage WPA passphrase recovered when Router's WPS is enabled but WPA is not 
enabled.  Have tried against 2 different TP-link access points with same 
result.  Probably true for all APs.

It is useful to find the WPS PIN for open unsecured APs, in case they are 
secured at a furure date.  Reaver correctly finds the WPS PIN and then displays 
a string of 64 characters of garbage.  It would be better to detect that WPA is 
not enabled, and then only display the WPS PIN and not the WPA Passphrase.  
(instead of displaying some 64 character junk string from the router's response)

Original issue reported on code.google.com by kbus...@gmail.com on 8 Jan 2012 at 12:38

GoogleCodeExporter commented 9 years ago
What does the 64 character junk string look like?

Original comment by cheff...@tacnetsol.com on 8 Jan 2012 at 4:58

GoogleCodeExporter commented 9 years ago
Some APs generate new WPA keys if they don't already have one configured. 
Reaver will always show the WPA key that the AP has returned.

Original comment by cheff...@tacnetsol.com on 9 Jan 2012 at 6:53

GoogleCodeExporter commented 9 years ago
The same thing happened to me on a belkin router. What I didn't understand is 
why every time I retried it with the retrieved pin (reaver -b xx:xx:xx:xx:xx 
--pin=xxxxxxxx -vv) the results where different strings of 64 character 
"passwords". Even within a matter of seconds.

This was one of them:
[+] WPS PIN: '3xxxxxx7'
[+] WPA PSK: '4d11bb701e3a07f6147b1ce9b75cce5ebb98fe48561bc10b3123f4d95973e618'
[+] AP SSID: 'Gxxxxxs Wi-Fi'

Original comment by memo.co...@gmail.com on 13 Jan 2012 at 9:08