search

master2be1 / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Reaver finds PIN but not passphrase #203

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
computer with backtrack and Reaver is in other room, so cant cut and paste 
outputs etc...  Reaver works just fine, except when it completes the attack it 
returns the PIN but NOT the passphrase.  anyone know why?

Original issue reported on code.google.com by Bel.Mard...@gmail.com on 30 Jan 2012 at 10:51

GoogleCodeExporter commented 9 years ago 
I am having the same issue.

I use lates SVN code (r112) and this command
reaver -i wlan0 -b 00:B0:0C:55:9B:88  -vvv -c 7 -N --pin=56103762 -A
(using aireplay-ng to associate)

here is the capture
http://www.mediafire.com/?uxe795qpzu7zldt

when not using aireplay-ng the output is the same

on the other hand when I remove the -N switch, I am no longer able to crack it

I am always getting this output and not cracking it

Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 56103762

Original comment by jcdento...@gmail.com on 30 Jan 2012 at 7:36

GoogleCodeExporter commented 9 years ago 
here is the capture when not using the -N switch (with or without aireplay-ng 
to associate)

http://www.mediafire.com/file/6xp7wghzy947pl1/WPA__.cap
http://www.mediafire.com/file/nc7dgvdp775wdvy/WPA____.cap

Any ideas what might be wrong?

usually it prints out time, ESSID, PIN, WPA-PSK

in this case only time and PIN
no WPA-PSK, no ESSID

Original comment by jcdento...@gmail.com on 30 Jan 2012 at 7:45

GoogleCodeExporter commented 9 years ago 
Same issue where reaver-1.4 would find the WPS pin but not reveal the WPA 
password.  Ran reaver-1.4 several times with the -p argument and WPS pin but it 
never showed the WPA password.  Removed reaver-1.4 and ran reaver-1.3 and the 
password showed up first attempt.

Original comment by brian...@gmail.com on 12 Feb 2012 at 1:13

GoogleCodeExporter commented 9 years ago 
unfortunately most of the APs I have here are sending multiple WPS packets at 
once so older revisions of reaver interpret that as out-of-orders messages

-N switch was first implemented in in revision 106/107 so I guess reaver v 1.3 
does not support that

any other ideas?

Original comment by jcdento...@gmail.com on 20 Feb 2012 at 7:01

GoogleCodeExporter commented 9 years ago 
Yeah I am having the same issue as above. All nearby AP's return multiple 
packets.
Also, if let's say the "correct pin" is  12213456 (without returned wpa) and I 
run reaver .... -p 12215678 it yet once again says "correct pin" (even after 
reboot on Live CD)

Those sent multiple wps packets seem to be the problem I believe.

Also from what I've read you can CHANGE the WPA using the WPS pin with 
wpa_supplicant, but not sure if you can read the current password somehow 
through that WPS pin.

Hopefully Craig hasn't abandoned this little project.

Original comment by xFxIxC...@gmail.com on 29 Feb 2012 at 3:54