Open GoogleCodeExporter opened 9 years ago
Assuming all 5 APs support WPS, the odds of that are very low. I've tested
Reaver with one Harking card before (forget the model number now), and it
didn't play well, so it could be a driver issue.
Can you provide the Reaver options you are supplying as well as the output from
Reaver and a pcap of the attack?
Original comment by cheff...@tacnetsol.com
on 10 Jan 2012 at 12:40
Original comment by cheff...@tacnetsol.com
on 10 Jan 2012 at 5:56
Original comment by cheff...@tacnetsol.com
on 11 Jan 2012 at 4:59
I am not sure this belongs here, in another issue or nowhere at all. Sorry if
it's the latter.
But regarding what you said about signal strength being an issue even at
-60dbm, I was doubtful. So I got closer to my AP, less than 2 meters away with
a PWR of -35/-40 and an RXQ of 100, and here's Reaver's output.
(It contains some timeouts and some out of order packets and benefits from
r86's more detailed output. Sorry for no pcap I haven't figured out how to
sanitize it. TCPDump is available if needed.)
Original comment by b1957...@nwldx.com
on 11 Jan 2012 at 6:45
Attachments:
I noticed you're using the -A option, so I assume you're using aireplay-ng to
perform the association. Was Reaver unable to associate to the AP on its own?
If so, this sounds like the same problem as reported in issue 117.
Original comment by cheff...@tacnetsol.com
on 11 Jan 2012 at 6:54
Before going to issue 117 I have to precise that I've always had problems with
association, even before r56. We thought it was an issue with my driver iwlagn
(card Intel Wireless Link 5100).
Do you think it's still a driver issue? In which case I could be better for you
that I stop testing until Reaver is integrated to Aircrack.
Original comment by b1957...@nwldx.com
on 11 Jan 2012 at 7:15
In my case it is also a driver issue I found out. I use backtrack 5 and i need
the zd1211rw driver, so i got one: zd1211-firmware_2.21.0.0-0.1_all ... this
driver is clearly not compatible with reaver. I dont know which zd1211 driver
is compatible with reaver though:(
Original comment by marcodem...@gmail.com
on 12 Jan 2012 at 4:06
I also have the same problem
Original comment by long.bra...@gmail.com
on 14 Jan 2012 at 5:36
I've managed to solve the timeout error causing to retry the same pin over
again. I installed backtrack 4 pre final with its stock drivers and that suites
reaver better it seems. It now tries different pins and actually making
progress. But every pin attempt it gives me failed to associate so obviously i
get kicked by the AP? then after a minute or so it lets me try another pin.
Shouldn't reaver warn about lockouts or this another issue. Currently i get
75s/per pin...could take a long time. Can I tweak reaver somehow to bypass this
issue or should I just wait as its AP related?
Original comment by marcodem...@gmail.com
on 15 Jan 2012 at 3:53
marco: can you provide a pcap of the attack?
Reaver will only warn about lockouts if the AP reports that it has locked WPS
(some don't report this properly). In any case, WPS lockouts should not prevent
association.
Original comment by cheff...@tacnetsol.com
on 16 Jan 2012 at 3:27
cheff i sent you email with attachment hope its worth something
Original comment by marcodem...@gmail.com
on 21 Jan 2012 at 5:51
damn ive upgraded to the latest reaver (from r90 to 100) now it keeps telling
me association failed and tries a pin just as before but now he keeps telling
me wps transaction failed retrying pin, whereas r90 would only occasionally
retry a pin.
Original comment by marcodem...@gmail.com
on 22 Jan 2012 at 10:28
Based on the pcap you sent me, I see two problems:
1) Reaver is sending out of order packets (this is a known bug, fixed in latest
SVN code).
2) It appears that you are having trouble even establishing a WPS session with
the AP.
Since the bug in #1 was usually triggered by low signal strengths, I would
suspect that as long as you are running the latest SVN code your issue now is
probably connectivity with the AP. The hawking card you are using doesn't
provide radio tap headers so I don't know from the pcap what kind of signal
strength you have from the AP.
Original comment by cheff...@tacnetsol.com
on 22 Jan 2012 at 6:24
signal strength hasn't been terribly good get power 15 (backtrack 4
measurements) so i guess that could be an issue. I probably thought wrong when
I figured this attack could be performed with lower yet stable signal. guess im
gonna have to hook up the hawking card to my laptop and get closer try again.
tnx i rest my case:)
Original comment by marcodem...@gmail.com
on 22 Jan 2012 at 11:38
Did all 5 of the APs you were testing have low signal strength?
Original comment by cheff...@tacnetsol.com
on 23 Jan 2012 at 12:29
I also had a wps enabled thomson router with power 40 but funnily enough that
one wouldn't even associate at all kept changing channels like mad, so I
thought perhaps mac filter but that's how I came to try the second strongest
which was the one I posted earlier
Original comment by marcodem...@gmail.com
on 23 Jan 2012 at 9:49
[deleted comment]
i have been getting alot off time out errors i get the following:
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
wps is enabled on the router, card is in mon mode.
this next bit off info might be good for the project members
i have ran this a few times and it seems to work
i do the following: sudo reaver -i mon0 -b xx:xx:xx:xx:xx:xx -vv
when i do the above i just get time outs, but if i open WICD network manager
and put in a Wrong password for the connection im trying to have then click
connect i get the following while its trying to connect
[+] Waiting for beacon from xx:xx:xx:xx:xx:xx
[+] Switching mon0 to channel 11
[+] Associated with xx:xx:xx:xx:xx:xx (ESSID: xxxxxxxxxxxxxx)
[+] Trying pin 00195676
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 00205672
once wicd reports back bad password i get time outs again so i click ok then
click connect again to get it going again.
my wicd is set on wlan0 so i dont know why trying to connect to the AP with
wlan0 is making reaver work with the mon0 if you need any more info just
message me
Original comment by robbo.ht...@googlemail.com
on 4 Feb 2012 at 1:41
any update on this?
i have a similar problem (not yet tried the wicd thing)
with netgear WG111v3 and rtl8187 driver, ubuntu 11.04.
Original comment by xeddo.xe...@googlemail.com
on 23 Apr 2012 at 4:14
I have the same issue: timeout ocurred. Is there any roadmap o plan to release
new versions of reaver that solves this issue? I've not found anything about
new releases in this web and reaver is stopped since January. Regards.
Original comment by MMan...@gmail.com
on 27 Jun 2012 at 10:27
[deleted comment]
Reaver has ALWAYS had notorious time outs even when associated, strong signal
etc etc etc,,,,,,it is a bug the programmers have never honestly admitted to
nor been able to resolve. Even to date 8-11-15 it is something the reaver
people avoid and always blame on something else. Not to say they did not do
great work on the project because they indeed did do great. I have been reading
posts since its release and about 50/50 is the success rate. There has been no
common issue with it, there have been thousands of suggestions for flags and
settings but when it comes down to it if it works for you, you are the lucky
half. There are some things that even programmers never actually figure out and
it being free they have absolutely no obligation to resolve it. That being
said; one can usually after hundreds f hours playing with find his own methods
which generally never work for the next fellow. The little programming I had in
college clearly places me to say this. It is far from perfect, not at all
stable and not fully revised to a well known working program. But being it is a
project more than anything else, you all have no reason to complain but do what
you have been doing and seek out others advice and cross your fingers. I will
say this however, can you imagine buying a simple dongle that has as many
issues as Reaver does? Of course not and the reason being is someone is
actually getting paid to do it right the first time. Besides now that AP rate
limiting is becoming quite prevalent,,, and even some catching on and
completely shutting down WPS or not offering it in modems/routers,,, I think it
fair to call reaver yesterdays breakthrough but tomorrows failures. As with
everything there comes an end but I say look forward to another breakthrough
because as with ANYTHING, if man makes it, it can be hacked eventually/
Original comment by setm...@gmail.com
on 11 Aug 2015 at 11:37
Original issue reported on code.google.com by
marcodem...@gmail.com
on 10 Jan 2012 at 12:32