Open GoogleCodeExporter opened 8 years ago
backtrack 5 / reaver 1.3 - 1.4 same issue
xiaopan-0.3.8 / reaver 1.3 - 1.4 same issue.
Original comment by s.wra...@gmail.com
on 12 Apr 2013 at 12:16
I had this happen to reaver with two APs. What fixed it for me was deleting .db
and .wpc files in /usr/local/etc/reaver and starting over.
The funny thing is, both APs reaver was having problems with ended up using the
first pin it tries - 12345670. Coincidence?
Original comment by zivkovic...@gmail.com
on 16 Apr 2013 at 7:23
[deleted comment]
I have the same problem, stuck at 90,90% at Pin 99985677.
So i read that Reaver already have tried all possible combinations until this
Pin, but don´t find the right Pin.
Now is the attack unusable ? Or give it any solution and this session is usable?
I must set 60 seconds between pins, so the attack runs over 1 week. That would
be very annoying.
Original comment by kai.salb...@web.de
on 4 Jun 2013 at 6:53
If understand right, Reaver tried the right pin anytime, but the AP says its
not right, and Reaver continued with subsequently Pins ? If it would be so, the
session would be unusable :(
Original comment by kai.salb...@web.de
on 4 Jun 2013 at 6:58
try dictionary...
Original comment by rommelga...@gmail.com
on 15 Jun 2013 at 9:00
^^ stupidest comment ever
Original comment by consolem...@googlemail.com
on 15 Jun 2013 at 9:08
have the same issue, stuck at 90.90%
Original comment by unlucky...@gmail.com
on 17 Jun 2013 at 5:42
same problem with reaver 1.4 on bt 5r2 installed same pin comming over and over
stacked on 90.90%; is there any hint ??? tnx
Original comment by desc.i...@gmail.com
on 25 Jun 2013 at 10:06
This is definitely caused by the target router having WPS PIN connection
disabled by default, or having been turned off by the user. Newer wireless
routers have the option to only allow WPS by push-to-connect, and it seems that
manufacturers are cluing on to the fact that WPS via PIN is quite insecure.
"On Virgin Media Super Hub routers WPS via PIN is disabled by default, so it
won't send reaver a positive response to the first four digits at all, and so
reaver will keep trying 9998 forever. Perhaps in later versions reaver will
quit with an error instead of just going on forever and leaving people
wondering."
I tried this on my defaulted Virgin Media hub and got the same error. When I
went in through the admin interface and enabled PIN connections, reaver was
able to find the pin and the WPA key.
Original comment by pho...@gmail.com
on 4 Aug 2013 at 8:41
I've had the same problem with reaver1.3 and 1.4, but I will say when it works
it works well. I have had success with quit a few routers, and failed at about
the same amount. I agree with pho, things have changed due to known security
flaws in wps. Newer routers will be much harder if possible at all I think. And
older routers I would assume will eventually get firmware updates to patch the
use of reaver as it is today. By the way the pro version I downloaded through
torrents and tried via thumb drive has the same issue of running in a loop at
90% but only on certain routers. It does however work much better and faster on
a doable target then the standard version.
Original comment by CamaroZ2...@gmail.com
on 5 Aug 2013 at 7:49
It's been months, when they will fixed the buged?
Original comment by Jemmy.Su...@gmail.com
on 27 Aug 2013 at 5:56
[deleted comment]
Not yet fixed ?
Original comment by Strahil....@gmail.com
on 31 Aug 2013 at 7:00
LITTLE ADVICE. ( and i assure, I WILL SOON COME WITH THE SOL. of 90% loop)
Hello everyone. I got exactly the same problem.
I used alfa 036H with live CD and exactly the same commands as -L -S -N etc.
my router is Netgear and even checks wps pin as fast as d 0, but after 7-8
hours i am stuck at 90.90 %. That means- it didn't receive m5, m6 message even
after trying all pins for first half.
i cracked my other router with same reaver 1.4 with default options and found
the passphase correctly.
but with this netgear router i am stuck at 90.90 % loop.
so why it didn't get the first half correct even after trying all the
combunations.
there is no rate limiting and wps locking.
But i did one thing unusual.
In between the process, i saved the session of reaver many times and used
reaver without these S L N options on reasuming. May be that is the mistake and
may be due to this it skipped many pins.( but i am not sure that this is the
reason for the problem)
i never received m5,m6 messages and stuck on 90.90 % checking the same pins.
there may be some other reasons like ap never send m5,m6 message even if the
first half is correct.
or ap is sending fake wsc nack for every wrong 8 digit pin. etc.
if am currently running reaver from the beginning with it's default options i.e
without L N S etc and tell you all soon whatever result i get.
my advice to all of you is to do the same first and do not reach any other
conclusion.
you can contact me through sushobhit333@gmail.com or better would be to contact
me through Facebook www.facebook.com/sushobhit333 ( send me msg first do not
send request directly).
i will soon reply with the result and i am determined to find the sol for this
90.90% loop.
thanks! :)
Original comment by Sushobhi...@gmail.com
on 8 Sep 2013 at 12:33
problem isnt reaver try all number but couldn't i tried a connection i cracked
before but didnt crack again i think routers updated agains realtect wifi
im sure all of you using some version of realteck sorry for my bad english
Original comment by putatapa...@gmail.com
on 25 Sep 2013 at 8:07
I doubt the problem is in the Router. Maybe not all of routers are capable for
wps hacking, maybe wps are disable from router, maybe the setup of clients or
they are using clone BSSID for their routers, or maybe reaver 1.4 have a little
bit bug for the particular type of routers. Why I am saying this, because of my
experience. I have only two wifi signal detected on my Laptop. I am cracking
the
first one using REAVER 1.4 in Backtrack 5-R3 running at VMware workstation 8. I
am using very cheap wifi usb adapter with a driver Realtek (RTL8188CU Wireless
LAN 802.11n USB 2.0 Network Adapter), and using a code:
iwconfig
airmon-ng start wlan0
wash -i mon0
reaver -i mon0 -b [bssid] -c [channel] -s /tmp/wpscrack.wpc -a -v -S -x 2 -r
60:20 -l 20 -d 5 -N
However, when I start cracking the one signal of my neighbor, it always start
at
90% and the 1st 4 digit always repeating while the 2nd 4 digit are incrementing.
e.g.
12345670
12340002
12340021
12340054
and so on... after reached 99.99% it stuck and always repeated the PIN 12349998
which I didn't understand.
Then I tried cracking the other signal, same usb card, driver, set-up, code,
everything. Hence it was start at 0.01% then after 72.8% it will jump to 90%
which was I discourage and thinking that it was same for the first one. When
jump to 90% The 1st 4 digit was repeating and the 2nd 4 digit was incrementing.
e.g.
0.01% to 72.8%
12345670
12355679
12365678
........
........
41995674
42995675
........
........
64325678 stop and jump to
90% t0 92%
64325684
64325692
64325701 then when reached to 92%
........
........
WPS PIN: 6432xxxx
WPA PSK: xxxxxxxxxxx
SSID: xxxxxxxx
Then Im very HAPPY!! :)
Thus I conclude, if start at 90% that is bug. If start at 0.01% then it's 100%
sure..
Hope it will help. Sorry for my english.
Original comment by rypedr...@gmail.com
on 3 Nov 2013 at 6:36
same issue same pin getting stuck
Original comment by cn.robe...@me.com
on 15 Dec 2013 at 9:08
Same issue, however when I used the -p trigger it seemed to progress but I do
not know if that is valid progression.
root@kali:~# reaver -i mon0 -b EC:1A:59:93:F9:B8 -vv
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[?] Restore previous session for EC:1A:59:93:F9:B8? [n/Y] y
[+] Restored previous session
[+] Waiting for beacon from EC:1A:59:93:F9:B8
[+] Switching mon0 to channel 1
[+] Associated with EC:1A:59:93:F9:B8 (ESSID: ItburnswhenIP)
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] 90.90% complete @ 2013-12-20 13:24:33 (3 seconds/pin)
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] 90.90% complete @ 2013-12-20 13:24:49 (3 seconds/pin)
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Trying pin 99985677
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] 90.90% complete @ 2013-12-20 13:25:04 (3 seconds/pin)
Original comment by domini...@gmail.com
on 20 Dec 2013 at 7:04
[deleted comment]
[deleted comment]
Dear cheffner,
SUBJECT- TRYING SAME PIN OVER & OVER & STUCK IN 90.90%
R/S
SIR, I have the same problem, stuck at 90,90% at Pin 9998567 & RUNNING LIKE THAT AS SHOWN IN BELOW
Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] 90.90% complete @ 2014-01-30 13:25:04 (1 seconds/pin)
I SEE THAT THERE IS NO M5 & M6
I'M REALLY FRUSTRATED ABOUT 1 WEEK ...I TREID - r96 , with latest SVN CODE,&
reaver-wps-fork, WITH IGNORE -L OPTION
Sir, almost i read all the post about this issue please help .. I'M REALLY FRUSTRATED i tried 4 times both time stuck in 90.90 %. please resolve this issue
i'm waitting for your reply
Thanking you !
Original comment by owaishh...@gmail.com
on 30 Jan 2014 at 4:12
[deleted comment]
Hi,I'm getting stuck at pin 99985677(90.91%) using reaver 1.4 in kali
linux,tried dropping the -L,everything is up to date????????no wps lockout or
rate limiting………………...
Original comment by djdz...@gmail.com
on 4 Feb 2014 at 8:15
same here..the thing is in the end it also says that "after trying xxx times
pin could not be cracked". when try to resume, it's trying the same pin over
and over again. no rate limiting or something.
Original comment by gokhanyo...@gmail.com
on 17 Apr 2014 at 4:24
Read my comment 65 before reading this:
HERE IS THE SOLUTION-
The 90.90 % loop occurs when reaver is unable to find even the first half of
the pin and it has no pin left to try.
Similarly 90.90% loop is when reaver has the first 4 digits but doesn't find
the last 3 digits(4th is the check sum) and it has no pin left to try.
The reasons for these loop are as follows-
1. timeout errors.
2. frequent resuming and pause.
3. using parameters -S -N -L etc
4. lockdowns.
5. router showing false positive.
6 other simiar cases where a correct pin is rejected.
The solution is- Start reaver again with keeping these things in mind-
1. DONT USE THE ABOVE POINTS 1,2 AND 3
Thank you.
Sushobhit333@gmail.com
www.facebook.com/technology.lancers
Original comment by Sushobhi...@gmail.com
on 3 Aug 2014 at 6:02
Anyone have a solution for a false M5 packet? I have a router occasionaly
sending one out causing me to have to restart.
Original comment by psychede...@gmail.com
on 28 Aug 2014 at 2:52
@Susho
Any ideas on a fix for reaver receiving a false M5 packet? I have restarted
the test on my router twice now. First time I thought it was a glitch. Second
time I caught one random M5 packet in the middle of everything causing a false
1st 4 pin issue.
Any ideas?
Original comment by psychede...@gmail.com
on 28 Aug 2014 at 2:59
I have a similar problem, but for me it gets stuck on the first pin, and it
remains at 0.00%... it will only try 01234567
Original comment by tehnocvl...@gmail.com
on 8 Jan 2015 at 4:14
Original issue reported on code.google.com by
poiert2...@gmail.com
on 21 Jan 2012 at 3:37