nitish1201 / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Mismatch in registrar nonce #443

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Reaver isn't able to go beyond the 'M2' stage. Means the Diffie-Hellman Key 
Exchange doesn't work as required.

Building reaver with verbose mode enabled in wpa_printf(int,char*) unreveals
the following error massage:

[...]
WPS: Mismatch in registrar nonce
[...]

However I looked at

http://lists.shmoo.com/pipermail/hostap/2012-August/026506.html

and as it turned out, reaver don't uses the latest source of its
'wpa_sublicant' subpart. Consequently these patch was incorporated.

I did it manually but the situation remains the same. still a Mismatch in 
registrar nonce error.

Any suggestions? 

Original issue reported on code.google.com by mirco.ri...@email.de on 5 Dec 2012 at 2:31

GoogleCodeExporter commented 8 years ago
Consequently these patch was NOT incorporated. ... Sry

Original comment by mirco.ri...@email.de on 5 Dec 2012 at 2:32

GoogleCodeExporter commented 8 years ago
Here is the output of a full cicle:

[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
WPS: Processing received message (len=539 op_code=4)
WPS: Received WSC_MSG
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): 00 00 00 00 00 00 00 03 00 00 00 23 08 45 58 6d
WPS: Enrollee MAC Address 00:23:08:45:58:6d
WPS: Enrollee Nonce - hexdump(len=16): c9 16 28 41 5f 7d b1 33 d8 36 36 1f 10 
b5 54 aa
WPS: Enrollee Authentication Type flags 0x3f
WPS: No match in supported authentication types (own 0x0 Enrollee 0x3f)
WPS: Workaround - assume Enrollee does not advertise supported authentication 
types correctly
WPS: Enrollee Encryption Type flags 0xf
WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
WPS: Workaround - assume Enrollee does not advertise supported encryption types 
correctly
WPS: Enrollee Connection Type flags 0x0
WPS: Enrollee Config Methods 0x4 [Label]
WPS: Prefer PSK format key due to Enrollee not supporting display
WPS: Enrollee Wi-Fi Protected Setup State 1
WPS: Manufacturer - hexdump_ascii(len=64):
     43 6f 72 70 6f 72 61 74 69 6f 6e 00 00 00 00 00   Corporation_____
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ________________
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ________________
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ________________
WPS: Model Name - hexdump_ascii(len=32):
     41 52 56 37 35 32 43 50 57 00 00 00 00 00 00 00   ARV752CPW_______
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ________________
WPS: Model Number - hexdump_ascii(len=32):
     32 30 2e 30 32 2e 32 33 33 00 00 00 00 00 00 00   20.02.233_______
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ________________
WPS: Serial Number - hexdump_ascii(len=32):
     52 38 34 37 30 32 32 36 33 37 32 00 00 00 00 00   R8470226372_____
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ________________
WPS: Primary Device Type: 6-0050F204-1
WPS: Device Name - hexdump_ascii(len=32):
     57 69 72 65 6c 65 73 73 20 52 6f 75 74 65 72 28   Wireless Router(
     57 46 41 29 00 00 00 00 00 00 00 00 00 00 00 00   WFA)____________
WPS: Enrollee RF Bands 0x1
WPS: Enrollee Association State 0
WPS: Device Password ID 0
WPS: Enrollee Configuration Error 0
WPS: OS Version 80000000
WPS: M1 Processed
WPS: dev_pw_id checked
WPS: PBC Checked
WPS: Entering State SEND_M2
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M1 message
WPS: Found a wildcard PIN. Assigned it for this UUID-E
WPS: Registrar Nonce - hexdump(len=16): 8a e2 31 ed ab d0 fd 15 22 ac c8 83 46 
17 e8 38
WPS: UUID-R - hexdump(len=16): 30 f7 bd 45 23 79 5a 6d 2d f5 c1 22 4f b9 c4 10
WPS: Building Message M2
WPS:  * Version
WPS:  * Message Type (5)
WPS:  * Enrollee Nonce
WPS:  * Registrar Nonce
WPS:  * UUID-R
WPS:  * Public Key
WPS: Generate new DH keys
DH: private value - hexdump(len=192): 2e d5 bc d6 80 ab df ff 5a 58 56 11 5e 96 
b5 42 5c ea 2e 8b 1a 3a 03 d5 a2 aa fb 1a c9 04 9c ab 50 5e 35 37 f4 c7 05 17 
9e 38 6c 1e c9 6b dc 10 36 5a c5 a7 42 75 f7 27 1a 66 e4 f8 2c 73 0e d0 cc dc 
a2 1c af b9 44 35 60 6d c1 5b 28 83 8b e6 1c 2f e2 9c 29 a3 cf 43 de da 58 0e 
66 70 1d f5 ad 99 b2 b0 4b 37 ea c5 da 63 df fc c1 cb b3 03 83 ea 97 f7 81 a4 
f3 77 27 bd 5b 93 e8 02 38 17 a5 34 19 6b 41 d8 a1 b0 89 ca 19 24 2c 95 31 03 
72 98 ce ce d8 1f c6 52 48 ee 6c 62 39 98 9f 48 8b 96 bf 64 31 86 3c 09 0a 47 
3c 7d fa 24 44 f6 d0 ab 19 48 d5 c8 f6 51 8a 1e 50 72 5a 86 35 d9
DH: public value - hexdump(len=192): 87 02 a0 69 42 db 13 13 55 a6 62 79 f4 4f 
91 ce b2 09 8d fb 01 fe b2 8a bb 2c 6e b6 a0 ad ba e6 2e eb 52 35 d2 45 c7 d3 
98 12 b4 82 41 74 9a 44 e6 39 15 20 52 0d ab 97 23 e3 a4 02 eb e4 b4 77 bd f0 
29 90 aa fe 82 1f a1 e8 33 22 32 0f fa 3d ee ee 9a 54 d1 31 19 b9 63 a3 4f a6 
bf 0a 45 69 9b 81 a4 ce 73 23 60 8a f7 7e b1 05 2b 2c cc 49 93 f2 96 bd a2 e1 
a2 8d 84 fa 70 15 b8 cb e7 dc ab 96 af 25 f0 7f 8a ba b6 db 5e 0a f2 a4 27 8e 
30 a7 2f bc c1 77 b7 88 d3 8c 50 e1 63 dc 97 4a 34 de 65 e7 ca 65 cb 55 fd 6c 
d9 c0 36 e7 72 8e b9 a3 99 4c 57 71 80 6c 0b 68 eb c5 cf 4f cc 3c
DH: shared key - hexdump(len=192): a9 24 7b 59 40 0a ae 14 28 51 58 e8 1b 8d b7 
36 1e a1 45 3a aa ac 23 e6 1c 4a 0a 20 38 cf a4 a8 ce 56 df b5 f8 88 49 a2 f2 
9e 3a d4 98 4e 3f d6 dd 3e a1 b8 f5 4a 50 bb f1 3a 2a 80 9b 4f 68 2b a7 46 48 
11 26 51 a1 62 55 53 28 78 32 90 ea 1b ff 87 c3 45 ad 4b 72 0c 79 e0 58 b5 ef 
6c 5a 2b 75 eb 84 7e 58 eb 4f 70 23 9a a6 ae ec e9 dc f8 ec 0f 03 80 0c ef 53 
ae c9 1d 21 bd a4 10 98 88 a9 90 3b 3d 57 d0 8e 39 98 9e 52 c3 c6 0e 2f c0 fa 
ed 44 3a a1 b5 44 d1 a5 73 3c 37 b4 86 1b 88 a5 89 92 d8 0c 2b e1 26 a5 ff 49 
3a 0d 46 48 f3 0b 37 82 1f 29 e9 c1 19 f4 30 bf a7 51 02 3e 44
WPS: DH shared key - hexdump(len=192): a9 24 7b 59 40 0a ae 14 28 51 58 e8 1b 
8d b7 36 1e a1 45 3a aa ac 23 e6 1c 4a 0a 20 38 cf a4 a8 ce 56 df b5 f8 88 49 
a2 f2 9e 3a d4 98 4e 3f d6 dd 3e a1 b8 f5 4a 50 bb f1 3a 2a 80 9b 4f 68 2b a7 
46 48 11 26 51 a1 62 55 53 28 78 32 90 ea 1b ff 87 c3 45 ad 4b 72 0c 79 e0 58 
b5 ef 6c 5a 2b 75 eb 84 7e 58 eb 4f 70 23 9a a6 ae ec e9 dc f8 ec 0f 03 80 0c 
ef 53 ae c9 1d 21 bd a4 10 98 88 a9 90 3b 3d 57 d0 8e 39 98 9e 52 c3 c6 0e 2f 
c0 fa ed 44 3a a1 b5 44 d1 a5 73 3c 37 b4 86 1b 88 a5 89 92 d8 0c 2b e1 26 a5 
ff 49 3a 0d 46 48 f3 0b 37 82 1f 29 e9 c1 19 f4 30 bf a7 51 02 3e 44
WPS: DHKey - hexdump(len=32): cc 16 28 8d b1 f2 27 fd 8d 10 34 3f c2 aa ef dd 
47 2c dc 3b e6 ff 3a 9c 1c 7d 38 20 0c 18 10 8e
WPS: KDK - hexdump(len=32): bb 08 14 e0 5c ed 4c 49 2d 9d 5d 3c 81 be a1 59 af 
21 fa 03 b2 10 9d ed df ad a8 71 75 85 e8 83
WPS: AuthKey - hexdump(len=32): a2 e0 4a b3 ff b1 e1 4a 18 3a e9 8c 5e 27 7c ba 
3b de 67 a2 c2 f0 59 e7 04 51 15 e3 f4 1b 9e c9
WPS: KeyWrapKey - hexdump(len=16): 2a 86 32 cf f6 81 7a 81 a0 5c 3e 0c e0 63 d5 
28
WPS: EMSK - hexdump(len=32): 19 d0 ae 8a 33 b5 b1 e0 a1 4e d3 63 8d 75 88 da 09 
e0 8b aa 6c 56 2a 54 52 2f 1a 43 a6 3e 2f 40
WPS:  * Authentication Type Flags
WPS:  * Encryption Type Flags
WPS:  * Connection Type Flags
WPS:  * Config Methods (8c)
WPS:  * Manufacturer
WPS:  * Model Name
WPS:  * Model Number
WPS:  * Serial Number
WPS:  * Primary Device Type
WPS:  * Device Name
WPS:  * RF Bands (0)
WPS:  * Association State
WPS:  * Configuration Error (0)
WPS:  * Device Password ID (0)
WPS:  * OS Version
WPS:  * Authenticator
[+] Sending M2 message
WPS: Processing received message (len=56 op_code=3)
WPS: Received WSC_NACK
WPS: Mismatch in registrar nonce
[+] Received WSC NACK
WPS: Building Message WSC_NACK
WPS:  * Version
WPS:  * Message Type (14)
WPS:  * Enrollee Nonce
WPS:  * Registrar Nonce
WPS:  * Configuration Error (0)
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x04), re-trying last pin

Original comment by mirco.ri...@email.de on 5 Dec 2012 at 2:41