Closed GoogleCodeExporter closed 9 years ago
try --ignore-locks but is isnt work for me either its stuck after some %
Original comment by An000000...@gmail.com
on 5 Jan 2012 at 10:46
Some routers like Dlink 655 for example lock you out permanently. The first
time I tried, it would start cracking pins. Then after a certain number I would
get "AP rate limited". And from that moment on reaver just keeps trying the
same pin over and over.
If you reboot the router, reaver starts cracking pins up to the same point and
the error appears again. Using --ignore-locks won't work in this case. Also
make sure you run walsh first to confirm this particular AP has WPS enabled.
Original comment by bramrob...@gmail.com
on 5 Jan 2012 at 11:01
Spoof, what model D-Link is it? Does walsh list it as supported? If walsh does
list it, can you provide a pcap of the Reaver attack?
Original comment by cheff...@tacnetsol.com
on 5 Jan 2012 at 4:18
[deleted comment]
Same issue here.
Reaver from checkout svn, rev 42.
Command:
sudo ./reaver -i mon0 -b XX.XX.XX.XX -vv -c 3
OS:
Ubuntu 10.4
Keep trying the same pin over and over every 5 attempts says 0% complete and
some time Warning 10 failed connections in a row.
Wireless card: intel 5300, working perfectly with the correct drivers in mon
mode.
Original comment by walterbo...@gmail.com
on 9 Jan 2012 at 12:31
walter, does walsh list your target AP as supported? If walsh does list it, can
you provide a pcap of the Reaver attack?
Original comment by cheff...@tacnetsol.com
on 9 Jan 2012 at 12:32
Original comment by cheff...@tacnetsol.com
on 9 Jan 2012 at 6:48
[deleted comment]
Yes, the same for me as well. walsh lists the router. However the same pin is
tried over and over again with the exact same issues. I have broken other wpa's
with the same settings so there is no problem on my end.
Original comment by baba...@gmail.com
on 10 Jan 2012 at 6:29
I can't debug much without pcaps of the failed attacks guys.
Original comment by cheff...@tacnetsol.com
on 10 Jan 2012 at 7:45
I have the same issues.
Please let me know how to capture pcaps and i'll be happy to provide them.
Thanks for all the hard work.
Original comment by avri210...@gmail.com
on 10 Jan 2012 at 7:57
avri, the easiest way is probably to use Wireshark.
Original comment by cheff...@tacnetsol.com
on 11 Jan 2012 at 4:55
[deleted comment]
I'm having the same or similar issue with a Belkin router. I used r84 with the
rt2800pci driver and Ubuntu 11.10.
Walsh output:
BSSID Channel WPS Version WPS Locked ESSID
--------------------------------------------------------------------------------
--------------
08:86:3B:5E:85:02 3 1.0 N
belkin.502
The reaver output is attached, as well as the pcap of the session.
Many thanks.
Original comment by usnho...@gmail.com
on 12 Jan 2012 at 3:44
Attachments:
It's also worth noting that I got to about 0.25% before it starting hanging up
on this pin. So, perhaps I was blacklisted by the router as mentioned above.
Original comment by usnho...@gmail.com
on 12 Jan 2012 at 3:45
usnhobbz, based on Reaver's difficulty in even associating to the target AP and
the relatively low signal strength reported in the radio tap headers of your
capture file, I'd suspect this is a connectivity issue. Did you get many errors
while doing the first .25%? How long did it take?
It could be that there was very little interference when you first started
reaver, but then someone fired up their computer or an adjacent AP changed
channels or something and now the interference is preventing you from
completing the attack.
Original comment by cheff...@tacnetsol.com
on 12 Jan 2012 at 4:20
When it was working reaver was reporting around 8 seconds per PIN attempt.
airomon-ng reports a steady -64 for the power. A different AP in the next room
about 30 feet away reports -67.
Thanks for the quick reply.
Original comment by usnho...@gmail.com
on 12 Jan 2012 at 4:31
The pcap headers show the power readings between -70 and -76dbm; these can be
off though. It's easy to test: if you get closer to the AP does the attack
resume, or does it still have problems even associating with the AP?
Original comment by cheff...@tacnetsol.com
on 12 Jan 2012 at 4:40
How are we blocked? By MAC address? If so, perhaps we could implement MAC
address randomization or switching after some number of timeouts?
Original comment by ThomasEr...@gmail.com
on 12 Jan 2012 at 9:12
@Thomas: From all the APs that I've tested and all the testing that I've heard
from others, when an AP locks WPS, it is a global lock. Once locked, all
devices are blocked until WPS is unlocked.
Original comment by cheff...@tacnetsol.com
on 16 Jan 2012 at 3:20
Got almost the same problem, I'm sure if it's relevant to post it here, but the
AP accepted all my requests up until now, and suddenly, at like 90.10%, reaver
starts repeating the same PIn over and over, until it gets blocked by the AP :P
Original comment by hadwa...@gmail.com
on 16 Jan 2012 at 5:20
@ hadwa...
Yesterday I got up to 90.9% as well, from then on it kept repeating the same
pin indefinitely (let it go overnight so about 10 hours total). It didn't seem
that my MAC was blocked or the AP locks WPS (how can you distinguish either
from normal operation?).
Part of the log:
[+] Trying pin 19962382
[+] Trying pin 19962382
[+] Trying pin 19962382
[+] Trying pin 19962382
[+] Trying pin 19962382
[+] 90.90% complete @ 2012-01-19 06:22:07 (6 seconds/attempt)
[+] Trying pin 19962382
[+] Trying pin 19962382
[!] WARNING: Receive timeout occurred
[+] Trying pin 19962382
[!] WARNING: Receive timeout occurred
[+] Trying pin 19962382
[+] Trying pin 19962382
[+] 90.90% complete @ 2012-01-19 06:22:36 (6 seconds/attempt)
[+] Trying pin 19962382
[+] Trying pin 19962382
[+] Trying pin 19962382
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] WARNING: Out of order packet received, re-trasmitting last message
[+] Trying pin 19962382
[+] Trying pin 19962382
[+] 90.90% complete @ 2012-01-19 06:22:55 (6 seconds/attempt)
Original comment by alibo...@gmail.com
on 19 Jan 2012 at 9:31
alibobar, this was an issue that has already been addressed; use the latest
code from the trunk.
Original comment by cheff...@tacnetsol.com
on 19 Jan 2012 at 1:57
[deleted comment]
Thank you cheff, I'll try the new code.
Original comment by alibo...@gmail.com
on 22 Jan 2012 at 2:41
Btw, with the current svn, is it possible to resume the scan done with reaver
1.3? (where I'm stuck at 90.90%)
Original comment by alibo...@gmail.com
on 22 Jan 2012 at 3:43
Yes, the resume capability is backwards compatible with 1.3.
Original comment by cheff...@tacnetsol.com
on 22 Jan 2012 at 6:18
[deleted comment]
[deleted comment]
@ Cheff: hmm, it wasn't resuming my previous attempt with that AP so I'm
starting over now.
Original comment by alibo...@gmail.com
on 22 Jan 2012 at 10:33
To all who are getting stuck at 90.9%, that is not the same issue that was
originally reported here. I suspect it has to do with using the -L option in
conjunction with AP-specific behavior, see issue 158.
Nothing heard from the original poster(s), closing.
Original comment by cheff...@tacnetsol.com
on 23 Jan 2012 at 12:27
Yes, please do close it, asI said in the other thread:
"(...) ran without the -L switch and NOW reaver correctly found the key"
Thanks a lot.
Original comment by kub...@gmail.com
on 25 Jan 2012 at 12:30
I am having similar issues; however, I am stuck at 30+% of pins. I am using
the -L option. Reaver just keeps retrying the same pin over and over again. I
stopped reaver for over an hour, retried, same thing. I ran wash and still see
the AP on the same channel and WPS is not locked. That is, I can associated
with the AP. When I disable the -L option, I see:
Sending EAPOL START request
WARNING: Receive timeout occurred
I'm using latest 1.4 reaver build on Backtrack version 5 release 2.
Original comment by ribeyest...@gmail.com
on 16 Jul 2012 at 6:07
/99.99 hep bu şekilde reaver ilerlemiyor sürekli aynı sayıları sayıp
duruyor
ne yapmalıyım
Original comment by rasim...@gmail.com
on 18 Aug 2012 at 10:35
When I run this command #reaver -i mon0 -b E0:46:9A:50:21:2C -e Carrie -a -v
It starts trying pins, but it keeps trying 12345670. It won't try any other
number combinations.
Original comment by clapp2...@gmail.com
on 28 Sep 2012 at 4:06
The problem will be solved if you use the correct mac (default). Do not change
mac address for mon0.
Original comment by vijay.vi...@gmail.com
on 9 Jan 2013 at 8:31
#36 vijay.vi...@gmail.com
What is the correct mac???
is not the wireless card??
Original comment by cmpfa...@gmail.com
on 12 Feb 2013 at 4:23
it seems that i've found a solution for the 90,90% nightmare :D
suppose the bssid we are working on was 8C:0C:A3:2B:19:A7
this session file will be saved in folder as folder /usr/local/etc/reaver as
8C0CA32B19A7.wpc
open it ; u'll notice that the file is written like this :
9999
0
0
1234
0000
0123
1111
2222
change the 0 to 1
it should be like this
9999
1
1
1234
0000
0123
1111
2222
save it , run reaver , and tadaaa 90,91%
it will keep increasing until reaver find the correct pin ;
i hope that will help and sorry for my bad english ;)
Original comment by anassd...@gmail.com
on 6 Dec 2013 at 4:39
Hi,
I did this move (to change 0 to 1 in my session file) and indeed it's unblock
the 90.90% problem but I'm now stuck at 92.21% with the same PIN tried again
and again.
Any idea ?
Original comment by ggd...@gmail.com
on 7 Dec 2013 at 7:01
I have Cracked WPA-Psk Network with Reaver Successfully. But when Run Wash
Command i see a WIFI WPA2-PSK Network whose WPS-LOcked is "No". But when I run
Reaver command it stuck at trying Pin 12345670 and Do not go Further.
That Wifi is Near my Flate and Signals strenghts are above 80%. as further i
investigated i come to know that he is using SegamCom Router (Provided him by
his ISP).
So in this matter what should i do to crack WPA2-PSK (SegamCom Router). any
Idea Brothers
Original comment by farrukhb...@gmail.com
on 22 Dec 2013 at 2:38
thanks anassd comment #38
Original comment by judehan...@gmail.com
on 17 Aug 2014 at 9:22
I have made a simple script for automating automating Reaver in Kali Linux when
the AP blocks your MAC adress after many pins tried.
check this out! ;)
https://github.com/fafualex/Reaver_script
Original comment by lazyale...@gmail.com
on 24 Aug 2014 at 1:18
How do you use the script to install it on reaver? ( i am beginner)
Original comment by satellit...@gmail.com
on 15 Jan 2015 at 1:17
If you have kali linux give it full permission (chmod 777 script_4.sh) and
then launch it from terminal..
2015-01-15 14:17 GMT+01:00 <reaver-wps@googlecode.com>:
Original comment by lazyale...@gmail.com
on 19 Jan 2015 at 6:01
I've been trying to crack a router pin using reaver, it's gotten to 30.52℅
but now it just keeps trying the same pin giving me (0x02) & (0x04) errors over
& over again. I'm using a wireless adapter that I ordered off amazon, its the
signal king which uses the ralink 3070 chip set, I usually just run a (wash -i
mon0 -C) then I input (reaver -i mon0 -b xx:xx:xx:xx:xx -vv -S -N -L -d 25 -r
4:45 -x 360) it's been working fine up until today, which is when I've been
getting the retying last pin errors. So I tried spoofing the Mac, and entered
it into reaver, same thing happened, then it just kept switching channels, now
when I go to exicute (wash -i mon0 -C) nothing pops up anymore, same with
trying (airodump-ng mon0) if someone could help me out, please email me
(bdoakley16@gmail.com) I'm trying everything without any success
Original comment by bdoakle...@gmail.com
on 22 Jan 2015 at 7:42
#44 i tried your script;
here is the result after selecting my wlan0
"script_4.sh: 33: script_4.sh:Syntax error: "("unexpected (expecting "do")
Original comment by cris.se...@gmail.com
on 21 Jul 2015 at 4:37
Original issue reported on code.google.com by
SpoofThi...@gmail.com
on 5 Jan 2012 at 10:25