Closed GoogleCodeExporter closed 9 years ago
Yes please, pcaps would be very helpful.
Original comment by cheff...@tacnetsol.com
on 7 Jan 2012 at 1:36
I just sent the pcap pack to you with my other email account
Original comment by Stnd....@gmail.com
on 7 Jan 2012 at 2:04
Got them, thanks! It looks like with r69 the AP is NACKing Reaver's M4 message,
which should only happen if the first half of the pin is incorrect. But since
you've manually specified the correct pin, this is very odd...I will see if I
can reproduce this issue and look at what might have changed in the code to
cause this to happen.
Original comment by cheff...@tacnetsol.com
on 7 Jan 2012 at 2:33
also forgot to mention, if you input one of those pcap to walsh it will not see
it as a WPS enabled device, nor with the -i parameter
Original comment by Stnd....@gmail.com
on 7 Jan 2012 at 2:37
Taking a closer look at the NACK messages from the r69 pcap, the AP definitely
thinks this is the wrong pin (device password auth failure error code is set).
Can you do me a favor and run r67 and post (or email) the output from Reaver?
There were no code changes between r67 and r69 except that the verbose
debugging flag was enabled which will give much more info about what's going on
inside Reaver.
Original comment by cheff...@tacnetsol.com
on 7 Jan 2012 at 2:39
Yes, that's a known bug in walsh that I'm working on. :)
Original comment by cheff...@tacnetsol.com
on 7 Jan 2012 at 2:40
i had not noticed the bug report for walsh, sorry.
unfortunately i cannot dump it today, because althought i have acess to the AP
it is not at my house. Despite this, where i live and am right now i cath a
very reasonable sign on a exact same AP model, problem is i will not be able to
test the correct pin because all my attempts to crack it failed, and i dont
have phisical acess to it. Would me tryng a wrong pin, with an Ap of same
model, but with a wrong pin still be useful? otherwise i will dump it from the
AP i have acess to when i go there, wich is going to be in 1-2 days
Original comment by Stnd....@gmail.com
on 7 Jan 2012 at 2:57
Stnd.cpp i have the same wifi card that you have but i always get timeouts can
you please tell me the router that you tried the attack
Original comment by fabiogfe...@gmail.com
on 7 Jan 2012 at 11:22
Stnd, yes, just try explicitly specifying a pin number (any pin) and see what
output you get. Basically I want to make sure that Reaver is sending the pin
that it's supposed to be sending.
Original comment by cheff...@tacnetsol.com
on 7 Jan 2012 at 12:46
I've reproduced the bug on my end using r76; same result, M4 message gets
rejected. Work in progress...
Original comment by cheff...@tacnetsol.com
on 7 Jan 2012 at 4:35
Another related note on a problem found due to this issue. When it gets to
90.90% having not found the pin it just starts repeating the same pin over and
over. This is once it hits the last of the 4 digit combinations. It should
instead error out saying the first 4 couldn't be found or it should start over.
Original comment by TheShort...@gmail.com
on 7 Jan 2012 at 6:09
In my understanding when reaver goes 90% it has found the first 4 pins.
Original comment by patricks...@gmail.com
on 7 Jan 2012 at 6:16
I'm talking about when reaver hits 90.90%, without skipping any percentage,
which is when it hits the very last 4 digit pin in the list to try. Once it
gets there I guess it doesn't know what to do, so just keeps retrying that last
4 digit pin.
Original comment by TheShort...@gmail.com
on 7 Jan 2012 at 8:10
Same issue here as in the original post, identical hardware setup. r66 works -
r67 and later fail.
Original comment by fixbox2...@gmail.com
on 7 Jan 2012 at 10:10
fabiogfe...@gmail.com:
if you get allways timeouts, probably the ap does not accept a wps pin by
design. or it could also be you are too far, but less likely. I would consider
the first.
Craig, you have reproduced the bug, ao i guess you no longer need me to paste
the output of this issue with r67, but if you need, just let me know. if i can
collaborate in any other way i would also be pleased.
thanks
Original comment by Stnd....@gmail.com
on 8 Jan 2012 at 4:13
Thanks fixbox, r67 is indeed the revision that caused this issue. Bug is now
fixed and checked in as of r77.
Original comment by cheff...@tacnetsol.com
on 8 Jan 2012 at 6:21
Thank you. r78 is working.
Original comment by fixbox2...@gmail.com
on 8 Jan 2012 at 9:51
try reaver -i mon0 -b AP_MAC -vv -p 9998 and now it should start from there..
you lose a few keys in the process but at least it bypasses the loop... i do
not know if this will recover a key i am currently testing this! at least i
aint stuck at 90.9% anymore
Original comment by phyra...@gmail.com
on 24 Feb 2013 at 6:33
Original issue reported on code.google.com by
Stnd....@gmail.com
on 7 Jan 2012 at 12:59