master2be1 / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Displays WPS PIN ipon completion but not WPA PSK #112

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
A few things to consider before submitting an issue:

0. We write documentation for a reason, if you have not read it and are
having problems with Reaver these pages are required reading before
submitting an issue:
http://code.google.com/p/reaver-wps/wiki/HintsAndTips
http://code.google.com/p/reaver-wps/wiki/README
http://code.google.com/p/reaver-wps/wiki/FAQ
http://code.google.com/p/reaver-wps/wiki/SupportedWirelessDrivers
1. Reaver will only work if your card is in monitor mode.  If you do not
know what monitor mode is then you should learn more about 802.11 hacking
in linux before using Reaver.
2. Using Reaver against access points you do not own or have permission to
attack is illegal.  If you cannot answer basic questions (i.e. model
number, distance away, etc) about the device you are attacking then do not
post your issue here.  We will not help you break the law.
3. Please look through issues that have already been posted and make sure
your question has not already been asked here: http://code.google.com/p
/reaver-wps/issues/list
4. Often times we need packet captures of mon0 while Reaver is running to
troubleshoot the issue (tcpdump -i mon0 -s0 -w broken_reaver.pcap).  Issue
reports with pcap files attached will receive more serious consideration.

Answer the following questions for every issue submitted:

0. What version of Reaver are you using?  (Only defects against the latest
version will be considered.)
svn r78
1. What operating system are you using (Linux is the only supported OS)?
Lubuntu 11.10
2. Is your wireless card in monitor mode (yes/no)?
yes
3. What is the signal strength of the Access Point you are trying to crack?
-55
4. What is the manufacturer and model # of the device you are trying to
crack?
NETGEAR N150
5. What is the entire command line string you are supplying to reaver?
sudo reaver -i mon0 -b A0:21:B7:..:..:..
6. Please describe what you think the issue is.
It should print out a decrypted PSK, but instead it only prints out the PIN and 
ESSID.
7. Paste the output from Reaver below.

[+] WPS PIN: "########"

Original issue reported on code.google.com by 00st...@gmail.com on 9 Jan 2012 at 1:48

GoogleCodeExporter commented 9 years ago
It won't print out the PSK if the PSK that the AP provided was blank. Is the 
pin that Reaver reported the correct pin? And is WPA enabled on the device?

Original comment by cheff...@tacnetsol.com on 9 Jan 2012 at 2:15

GoogleCodeExporter commented 9 years ago
Silly me, I didn't even check. It was not the correct PIN. When I ran Reaver 
and passed it the correct PIN, it returned the key. I even checked Reaver on a 
friend's router and it gave the wrong PIN there, too. I should have been 
suspicious after it said it was "done" after 15 minutes.

Original comment by 00st...@gmail.com on 9 Jan 2012 at 3:07

GoogleCodeExporter commented 9 years ago
Yes, I've had that same issue with a Netgear with r78. Now it reports false 
positive!

reaver -i mon0 -b MAC -vv
## returns 12345670 as PIN found, even though it's false

reaver -i mon0 -b MAC -vv -p "any PIN"
## returns "any PIN" found - even though it's false

reaver -i mon0 -b MAC -v
## keeps trying 12345670 forever - this is weird, notice -v instead of -vv

I was able to reproduce that a few times. BT5 with iwlagn (5100) on a Netgear 
router (C4:3D:C7).

Original comment by efs...@gmail.com on 9 Jan 2012 at 4:33

GoogleCodeExporter commented 9 years ago
here just the capture of:
reaver -i mon0 -b  C4:3D:C7:12:EF:3C

Original comment by efs...@gmail.com on 9 Jan 2012 at 6:41

Attachments:

GoogleCodeExporter commented 9 years ago
reaver -i mon0 -b 00:B0:0C:XX:XX:XX -c 6 -vv
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>
[+] Waiting for beacon from 00:B0:0C:XX:XX:XX
[+] Switching mon0 to channel 6
[+] Associated with 00:B0:0C:48:2D:88 (ESSID: 'Xxxxx')
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending M2 message
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M2D message
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[+] Key cracked in 10 seconds
[+] WPS PIN: '12345670'
[+] Nothing done, nothing to save.

dis regain that
 "[+] Key cracked in 10 seconds" cracked the key WPA2 CCMP PSK, but does not show the key, only the PIN "[+] WPS PIN: '12345670 '." Is it a bug? Use the Reaver v1.4 WiFi Protected Setup Attack Tool r_74

Original comment by suzuk_1...@hotmail.com on 9 Jan 2012 at 1:01

GoogleCodeExporter commented 9 years ago
efsiga, thanks for the pcap. This looks like a dup of issue 16 (false positive 
pins). Merging.

Original comment by cheff...@tacnetsol.com on 9 Jan 2012 at 2:28

GoogleCodeExporter commented 9 years ago
Same exact problem as suzuk_1, now after installed the latest trunk it just 
says the same thing 

[+] Waiting for beacon from 00:B0:0C:XX:XX:XX
[+] Switching mon0 to channel 6
[+] Associated with 00:B0:0C:48:2D:88 (ESSID: 'Xxxxx')
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending identity response
[+] Sending M2 message
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Sending M2D message
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[+] Key cracked in 10 seconds
[+] WPS PIN: '12345670'
[+] Nothing done, nothing to save.

Original comment by luy...@gmail.com on 22 Jan 2012 at 1:58

GoogleCodeExporter commented 9 years ago
Based on reaver's output I can tell you for sure that you aren't using the 
latest trunk.

Be sure you're doing:

$ svn up
$ make distclean
$ ./configure
$ make
# make install

Original comment by cheff...@tacnetsol.com on 22 Jan 2012 at 6:17

GoogleCodeExporter commented 9 years ago
Im having the same problem, but i checked my router settings to confirm the wps 
pin reaver gave me was correct which it was. so i ran this string with still no 
wpa key.

root@bt:~# reaver -i mon0 -b 00:26:F2:EA:6C:14 -p 29960491 -vv -w -N

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from 00:26:F2:EA:6C:14
[+] Switching mon0 to channel 1
[+] Associated with 00:26:F2:EA:6C:14 (ESSID: Travis)
[+] Trying pin 29960491
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M3 message
[+] Received M5 message
[+] Sending M6 message
[+] Received M5 message
[+] Received M7 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[+] Pin cracked in 8 seconds
[+] WPS PIN: '29960491'
[+] Nothing done, nothing to save.

Original comment by dtman...@gmail.com on 2 Feb 2012 at 4:10

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
i have the same problem here with dlink ,it show me pin ,but no psk,
is there any solution for this?

Original comment by aureon2...@googlemail.com on 9 Feb 2012 at 8:50