Key Not Found After 100% Complete

[GoogleCodeExporter]

0. What version of Reaver are you using?  (Only defects against the latest
version will be considered.)

Reaver 1.4

1. What operating system are you using (Linux is the only supported OS)?

Backtrack 5 r3

2. Is your wireless card in monitor mode (yes/no)?

Yes

3. What is the signal strength of the Access Point you are trying to crack?

-66 dbm

4. What is the manufacturer and model # of the device you are trying to
crack?

RTL8671

5. What is the entire command line string you are supplying to reaver?

reaver -i mon0 -b AC:E8:7B:A7:AA:3C  -vv

6. Please describe what you think the issue is.

it seems the reaver founds the first half at very first try and go to 90% and 
then starts other 1000 combinations and went through all these combination but 
still not able to find the pin. what could be the possible reason? please 
update on this.. thanks

7. Paste the output from Reaver below.

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] 99.99% complete @ 2013-08-11 00:11:38 (4 seconds/pin)

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] 99.99% complete @ 2013-08-11 00:11:14 (4 seconds/pin)

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] 99.99% complete @ 2013-08-11 00:10:54 (4 seconds/pin)

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] 99.99% complete @ 2013-08-11 00:10:41 (4 seconds/pin)

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] 99.99% complete @ 2013-08-11 00:10:14 (4 seconds/pin)

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] 99.99% complete @ 2013-08-11 00:10:00 (4 seconds/pin)

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] 99.99% complete @ 2013-08-11 00:09:47 (4 seconds/pin)

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] 99.99% complete @ 2013-08-11 00:09:34 (4 seconds/pin)

[+] Trying pin 12349982

[+] Trying pin 12349982

[+] Trying pin 12349975

[+] Trying pin 12349968

[+] Trying pin 12349951

[+] 99.96% complete @ 2013-08-11 00:09:18 (4 seconds/pin)

[+] Trying pin 12349944

[+] Trying pin 12349937

[+] Trying pin 12349920

[+] Trying pin 12349913

[+] Trying pin 12349906

[+] 99.92% complete @ 2013-08-11 00:08:58 (4 seconds/pin)

[+] Trying pin 12349890

[+] Trying pin 12349883

Original issue reported on code.google.com by msklo...@gmail.com on 10 Aug 2013 at 9:33

[GoogleCodeExporter]

you see the Reaver process the range of 1% to 10%?
or it jumps from 0% to 90%?

Original comment by deltomaf...@gmail.com on 11 Aug 2013 at 3:07

[GoogleCodeExporter]

no..
as i said the first half matches at very first try.. so it jumps to 90% and try 
to match the other half.

one more strange thing.. i tried to start the reaver from second pin by 
configuring the .wps file e.g. 2 0 0 (first three lines) and guess what 
happened the AP has accepted the 2nd pin as well as "0000" and then jumps to 
90% for the other half.

i dont understand what could be the possible reason for this specific AP? any 
idea?

thanks, 

Original comment by msklo...@gmail.com on 11 Aug 2013 at 4:12

[GoogleCodeExporter]

good, as it is a very low number (12%) would be good to test putting 1500
 in. wps
so Reaver start of 15%, to know if the correct PIN would be a greater.

Original comment by deltomaf...@gmail.com on 12 Aug 2013 at 11:43

[GoogleCodeExporter]

thanks for the suggestion... i tried various starting points. but it seems it 
always accepts first pin (first half in any pin) and jumps to 90% and then try 
to match the next half.

e.g. as you told me to start with 1500 (15%) so i did the same so at this point 
it accepted the first pin and jumped to 90%. then i tried to put 5000 to start 
from almost 50% and same thing happened i mean matches the first key and jumped 
to 90%.

btw i was able to crack other APs with same WPA2 encription. but i am not able 
to crack this particular AP. do you think reaver has a limitation to crack 
specific APs. or some APs has advance feature where you cannot crack them at 
all.. i read all the documentation available with reaver.. nothing like this 
has been specified.. can you find something solid that we can say YES this is 
the limitation or this is the exact issue.. please help..

thanking you in anticipation.. 

Original comment by msklo...@gmail.com on 13 Aug 2013 at 8:00

[GoogleCodeExporter]

interesting
Tried to run the Reaver with the parameters
-a -S -N is the same?

Original comment by deltomaf...@gmail.com on 14 Aug 2013 at 2:41

[GoogleCodeExporter]

yes it is... and i just have tried the parameters you specified.. its still the 
same result... weird...!!!

Original comment by msklo...@gmail.com on 14 Aug 2013 at 3:00

[GoogleCodeExporter]

try deleting the wps again and rerun the Reaver with the parameter -d 30
perhaps the speed between attempts is affecting.

Original comment by deltomaf...@gmail.com on 14 Aug 2013 at 11:27

[GoogleCodeExporter]

I have the same issue with rtl8671 and tried possibly everything....but no 
hope...someone please help

Original comment by deeju...@gmail.com on 9 Oct 2013 at 9:34

[GoogleCodeExporter]

RTL8671 could not be cracked.....Any body who can solve the problem.After 
99.99% same key is repeating..Any solution..

Original comment by mta6...@gmail.com on 22 Oct 2013 at 6:32

[GoogleCodeExporter]

I think the problem is in the Router. Maybe not all of routers are capable for 
wps hacking, maybe wps are disable from router, maybe the setup of clients or 
they are 

using clone BSSID for their routers, or maybe reaver 1.4 have a little bit bug 
for the particular type of routers. Why I am saying this, because of my 
experience. I 

have only two wifi signal detected on my Laptop. I am cracking the first one 
using REAVER 1.4 in Backtrack 5-R3 running at VMware workstation 8. I am using 
very cheap 

wifi usb adapter with a driver Realtek (RTL8188CU Wireless LAN 802.11n USB 2.0 
Network Adapter), and using a code: 

iwconfig

airmon-ng start wlan0

wash -i mon0

reaver -i mon0 -b [bssid] -c [channel] -s /tmp/wpscrack.wpc  -a -v -S -x 2 -r 
60:20 -l 20 -d 5 -N

However, when I start cracking the one signal of my neighbor, it always start 
at 90% and the 1st to 4th digit always repeating while the 4th to 8th are 
incrementing.

e.g.

12340002
12340021
12340054
and so on... after reached 99.99% it stuck and always repeated the PIN 12349998 
which I didn't understand.

Then I tried cracking the other signal, same usb card, driver, set-up, code, 
everything. Hence it was start at 0.01% then after 72.8% it will jump to 90% 
which was I 

discourage and thinking that it was same for the first one. The 1st to 4th 
digit was stuck and the 5th to 8th digit was incrementing

e.g.

0.01% to 72.8%

12345670
12355679
12365678
........
........
41995674
42995675
........
........
64325678  stop and jump to

90% to 92%
64325684
64325692
64325701
........
........
WPS PIN: 6432xxxx
WPA PSK: xxxxxxxxxxx
SSID: xxxxxxxx

Then I'm very HAPPY!! :)

Thus I conclude, if start at 90% that is bug. If start at 0.01% then it's 100% 
sure..

Hope it will help. Sorry for my english.

Original comment by ped...@yahoo.com on 2 Nov 2013 at 3:56

[GoogleCodeExporter]

i really appreciate your efforts.. it seems you are still NOT able to crack 
first one but the second one you cracked easily.. and you are happy bcoz you 
are able to crack the second one. but the point is why not the first one.. as 
using "wash" command you can see WPS is enabled and the version is same.. so it 
should also be cracked.. but some how its not.. and you can't say it a bug as 
it happens only for certain modals of routers. e.g. i mentioned RTL8671

to explain it more.. it's not like if you run the reaver command and it jumps 
to 90%.. the problem is.. whatever will be the first key where you are going to 
start the process it will accept that first key for first 4 digit half.. for 
example if you force fully start your command from 50%, 60% or from any point 
it will accept the first key and jumps to 90% to crack the second half where it 
went through every single combination (second 3 digit code) but unable to match 
the key.. so the reaver program seems working fine but something wrong with 
router or its mechanism. i am not sure...

Original comment by msklo...@gmail.com on 3 Nov 2013 at 1:43

[GoogleCodeExporter]

Please did anyone find a solution to this RTL8671. i also encountered the same 
problem.

Original comment by judeha...@gmail.com on 10 Aug 2015 at 4:20