niyyate / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

reaver timeouts on any APs regardless of signal strength #119

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
been trying several accesspoints, also ones with strong signal and for some 
reason after trying pin.... its just timing out on 5 different APs. I ran 
airodump to see if the signal could be problem i associate with it and stays 
connected, but reaver however tells me timeout timeout and sometimes 
association failed. Now I read that this could be a driver problem? My device 
not being able to perform the reaver pin attack. Ive been able to crack wep 
with packet injection, but this is of course different attack. I'm using 
backtrack 5 and had to manually install the zydas1211rw driver for my hawking 
usb dish (hwu8dd) I read the page of supported drivers it wasn't listed there 
initially but in the comments said someone that it worked with zydas1211rw. I 
really don't know what else could cause these timeouts. What are the odds of 
all 5 Aps locking me out and just give me timeout response without any other 
notice after just trying 1 pin. please help!

Original issue reported on code.google.com by marcodem...@gmail.com on 10 Jan 2012 at 12:32

GoogleCodeExporter commented 8 years ago
Assuming all 5 APs support WPS, the odds of that are very low. I've tested 
Reaver with one Harking card before (forget the model number now), and it 
didn't play well, so it could be a driver issue.

Can you provide the Reaver options you are supplying as well as the output from 
Reaver and a pcap of the attack?

Original comment by cheff...@tacnetsol.com on 10 Jan 2012 at 12:40

GoogleCodeExporter commented 8 years ago

Original comment by cheff...@tacnetsol.com on 10 Jan 2012 at 5:56

GoogleCodeExporter commented 8 years ago

Original comment by cheff...@tacnetsol.com on 11 Jan 2012 at 4:59

GoogleCodeExporter commented 8 years ago
I am not sure this belongs here, in another issue or nowhere at all. Sorry if 
it's the latter.

But regarding what you said about signal strength being an issue even at 
-60dbm, I was doubtful. So I got closer to my AP, less than 2 meters away with 
a PWR of -35/-40 and an RXQ of 100, and here's Reaver's output.

(It contains some timeouts and some out of order packets and benefits from 
r86's more detailed output. Sorry for no pcap I haven't figured out how to 
sanitize it. TCPDump is available if needed.)

Original comment by b1957...@nwldx.com on 11 Jan 2012 at 6:45

Attachments:

GoogleCodeExporter commented 8 years ago
I noticed you're using the -A option, so I assume you're using aireplay-ng to 
perform the association. Was Reaver unable to associate to the AP on its own? 
If so, this sounds like the same problem as reported in issue 117.

Original comment by cheff...@tacnetsol.com on 11 Jan 2012 at 6:54

GoogleCodeExporter commented 8 years ago
Before going to issue 117 I have to precise that I've always had problems with 
association, even before r56. We thought it was an issue with my driver iwlagn 
(card Intel Wireless Link 5100).

Do you think it's still a driver issue? In which case I could be better for you 
that I stop testing until Reaver is integrated to Aircrack.

Original comment by b1957...@nwldx.com on 11 Jan 2012 at 7:15

GoogleCodeExporter commented 8 years ago
In my case it is also a driver issue I found out. I use backtrack 5 and i need 
the zd1211rw driver, so i got one: zd1211-firmware_2.21.0.0-0.1_all ... this 
driver is clearly not compatible with reaver. I dont know which zd1211 driver 
is compatible with reaver though:(

Original comment by marcodem...@gmail.com on 12 Jan 2012 at 4:06

GoogleCodeExporter commented 8 years ago
I also have the same problem

Original comment by long.bra...@gmail.com on 14 Jan 2012 at 5:36

GoogleCodeExporter commented 8 years ago
I've managed to solve the timeout error causing to retry the same pin over 
again. I installed backtrack 4 pre final with its stock drivers and that suites 
reaver better it seems. It now tries different pins and actually making 
progress. But every pin attempt it gives me failed to associate so obviously i 
get kicked by the AP? then after a minute or so it lets me try another pin. 
Shouldn't reaver warn about lockouts or this another issue. Currently i get 
75s/per pin...could take a long time. Can I tweak reaver somehow to bypass this 
issue or should I just wait as its AP related?

Original comment by marcodem...@gmail.com on 15 Jan 2012 at 3:53

GoogleCodeExporter commented 8 years ago
marco: can you provide a pcap of the attack? 

Reaver will only warn about lockouts if the AP reports that it has locked WPS 
(some don't report this properly). In any case, WPS lockouts should not prevent 
association.

Original comment by cheff...@tacnetsol.com on 16 Jan 2012 at 3:27

GoogleCodeExporter commented 8 years ago
cheff i sent you email with attachment hope its worth something

Original comment by marcodem...@gmail.com on 21 Jan 2012 at 5:51

GoogleCodeExporter commented 8 years ago
damn ive upgraded to the latest reaver (from r90 to 100) now it keeps telling 
me association failed and  tries a pin just as before but now he keeps telling 
me wps transaction failed retrying pin, whereas r90 would only occasionally 
retry a pin.

Original comment by marcodem...@gmail.com on 22 Jan 2012 at 10:28

GoogleCodeExporter commented 8 years ago
Based on the pcap you sent me, I see two problems:

1) Reaver is sending out of order packets (this is a known bug, fixed in latest 
SVN code).
2) It appears that you are having trouble even establishing a WPS session with 
the AP.

Since the bug in #1 was usually triggered by low signal strengths, I would 
suspect that as long as you are running the latest SVN code your issue now is 
probably connectivity with the AP. The hawking card you are using doesn't 
provide radio tap headers so I don't know from the pcap what kind of signal 
strength you have from the AP.

Original comment by cheff...@tacnetsol.com on 22 Jan 2012 at 6:24

GoogleCodeExporter commented 8 years ago
signal strength hasn't been terribly good get power 15 (backtrack 4 
measurements) so i guess that could be an issue. I probably thought wrong when 
I figured this attack could be performed with lower yet stable signal. guess im 
gonna have to hook up the hawking card to my laptop and get closer try again. 
tnx i rest my case:)

Original comment by marcodem...@gmail.com on 22 Jan 2012 at 11:38

GoogleCodeExporter commented 8 years ago
Did all 5 of the APs you were testing have low signal strength?

Original comment by cheff...@tacnetsol.com on 23 Jan 2012 at 12:29

GoogleCodeExporter commented 8 years ago
I also had a wps enabled thomson router with power 40 but funnily enough that 
one wouldn't even associate at all kept changing channels like mad, so I 
thought perhaps mac filter but that's how I came to try the second strongest 
which was the one I posted earlier

Original comment by marcodem...@gmail.com on 23 Jan 2012 at 9:49

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
i have been getting alot off time out errors i get the following:

[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request

wps is enabled on the router, card is in mon mode.

this next bit off info might be good for the project members

i have ran this a few times and it seems to work

i do the following: sudo reaver -i mon0 -b xx:xx:xx:xx:xx:xx -vv
when i do the above i just get time outs, but if i open WICD network manager 
and put in a Wrong password for the connection im trying to have then click 
connect i get the following while its trying to connect

[+] Waiting for beacon from xx:xx:xx:xx:xx:xx
[+] Switching mon0 to channel 11
[+] Associated with xx:xx:xx:xx:xx:xx (ESSID: xxxxxxxxxxxxxx)
[+] Trying pin 00195676
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 00205672

once wicd reports back bad password i get time outs again so i click ok then 
click connect again to get it going again.

my wicd is set on wlan0 so i dont know why trying to connect to the AP with 
wlan0 is making reaver work with the mon0 if you need any more info just 
message me

Original comment by robbo.ht...@googlemail.com on 4 Feb 2012 at 1:41

GoogleCodeExporter commented 8 years ago
any update on this?
i have a similar problem (not yet tried the wicd thing)
with netgear WG111v3 and rtl8187 driver, ubuntu 11.04.

Original comment by xeddo.xe...@googlemail.com on 23 Apr 2012 at 4:14

GoogleCodeExporter commented 8 years ago
I have the same issue: timeout ocurred. Is there any roadmap o plan to release 
new versions of reaver that solves this issue? I've not found anything about 
new releases in this web and reaver is stopped since January. Regards.

Original comment by MMan...@gmail.com on 27 Jun 2012 at 10:27

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
Reaver has ALWAYS had notorious time outs even when associated, strong signal 
etc etc etc,,,,,,it is a bug the programmers have never honestly admitted to 
nor been able to resolve. Even to date 8-11-15 it is something the reaver 
people avoid and always blame on something else. Not to say they did not do 
great work on the project because they indeed did do great. I have been reading 
posts since its release and about 50/50 is the success rate. There has been no 
common issue with it, there have been thousands of suggestions for flags and 
settings but when it comes down to it if it works for you, you are the lucky 
half. There are some things that even programmers never actually figure out and 
it being free they have absolutely no obligation to resolve it. That being 
said; one can usually after hundreds f hours playing with find his own methods 
which generally never work for the next fellow. The little programming I had in 
college clearly places me to say this. It is far from perfect, not at all 
stable and not fully revised to a well known working program. But being it is a 
project more than anything else, you all have no reason to complain but do what 
you have been doing and seek out others advice and cross your fingers. I will 
say this however, can you imagine buying a simple dongle that has as many 
issues as Reaver does? Of course not and the reason being is someone is 
actually getting paid to do it right the first time. Besides now that AP rate 
limiting is becoming quite prevalent,,, and even some catching on and 
completely shutting down WPS or not offering it in modems/routers,,, I think it 
fair to call reaver yesterdays breakthrough but tomorrows failures. As with 
everything there comes an end but I say look forward to another breakthrough 
because as with ANYTHING, if man makes it, it can be hacked eventually/ 

Original comment by setm...@gmail.com on 11 Aug 2015 at 11:37