phantbn / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Reaver segmentation fault #6

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Moved from issue #2:

Comment 20 by gorilla.maguila, Today (43 minutes ago)
This is what I get with latest subversion:

[+] Waiting for beacon from C0:3F:0E:C1:DB:A7
[+] Switching mon0 to channel 2
[+] Switching mon0 to channel 4
[!] WARNING: Failed to associate with C0:3F:0E:C1:DB:A7 
[!] WARNING: Failed to associate with C0:3F:0E:C1:DB:A7 
[+] Associated with C0:3F:0E:C1:DB:A7 
[+] Trying pin 90553301
[!] WARNING: Failed to associate with C0:3F:0E:C1:DB:A7 
[+] Switching mon0 to channel 3
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
Segmentation fault

I'm under kernel 3.1.5 with iwlagn driver

Comment 21 by project member cheffner@tacnetsol.com, Today (33 minutes ago)
maguila,

I have not tested the iwlagn drivers, but since you were able to associate I'd 
suspect that injection is working properly. The failed associations and receive 
timeouts are usually an indication of poor signal strength or a lot of wireless 
interference.

The segfault is troubling though. Can you give more info on your OS ?

Comment 22 by gorilla.maguila, Today (12 minutes ago)
I'm using Archlinux x64. We use almost the latest packages on everything as it 
is a rolling release distro.

I have tried to run under gdb but I don't know why I don't get the segmentation 
fault:

$gdb ./reaver
GNU gdb (GDB) 7.3.1
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/user/reaver-wps-read-only/src/reaver...done.
(gdb) run -i mon0 -b C0:3F:0E:C1:DB:A7 -vv
Starting program: /home/user/reaver-wps-read-only/src/reaver -i mon0 -b 
C0:3F:0E:C1:DB:A7 -vv

Reaver v1.0 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from C0:3F:0E:C1:DB:A7
[+] Switching mon0 to channel 4
[!] WARNING: Failed to associate with C0:3F:0E:C1:DB:A7 (ESSID: ONODBA7)
[!] WARNING: Failed to associate with C0:3F:0E:C1:DB:A7 (ESSID: ONODBA7)
[!] WARNING: Failed to associate with C0:3F:0E:C1:DB:A7 (ESSID: ONODBA7)
[!] WARNING: Failed to associate with C0:3F:0E:C1:DB:A7 (ESSID: ONODBA7)
[!] WARNING: Failed to associate with C0:3F:0E:C1:DB:A7 (ESSID: ONODBA7)
[+] Associated with C0:3F:0E:C1:DB:A7 (ESSID: ONODBA7)
[+] Trying pin 26141367
[!] WARNING: Failed to associate with C0:3F:0E:C1:DB:A7 (ESSID: ONODBA7)
[+] Switching mon0 to channel 2
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
[!] WARNING: Receive timeout occurred
...etc

But again I get the segmentation fault without gdb.

Original issue reported on code.google.com by cheff...@tacnetsol.com on 29 Dec 2011 at 3:36

GoogleCodeExporter commented 9 years ago
Thanks chengzhicn, I was just going through and removing ftpack-struct and 
using #pragma statements where structure packing is critical. :)

Hopefully this will fix the issue, will post when changes are checked in.

Original comment by cheff...@tacnetsol.com on 30 Dec 2011 at 1:58

GoogleCodeExporter commented 9 years ago
OK, removed -fpack-struct and placed #pragma pack statements around critical 
structures. 

I am no longer receiving segfaults in BT RC1 x64 (nor BT RC1 i686, nor Ubuntu 
10.04 i686), nor am I getting the recurring timeout warnings as I was before:

root@bt:~/Desktop/src# ./reaver -i mon0 -b C0:C1:C0:A5:73:F7 -vv

Reaver v1.1 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from C0:C1:C0:A5:73:F7
[+] Switching mon0 to channel 11
[+] Associated with C0:C1:C0:A5:73:F7 (ESSID: cisco_e2500_normal_wifi)
[+] Trying pin 28475446
[+] Trying pin 44405441
[+] Trying pin 23165441
[+] Trying pin 46105448
[+] Trying pin 86945448
[+] Trying pin 27375440
[+] 0.05% complete @ 2 seconds/attempt
[+] Trying pin 89105443
[+] Trying pin 49135442
[+] Trying pin 55565448
[+] Trying pin 73005445
[+] Trying pin 84765444
[+] 0.10% complete @ 2 seconds/attempt
[+] Trying pin 66145448

Changes have been checked in, hopefully this fixes everyone's issues.

Original comment by cheff...@tacnetsol.com on 30 Dec 2011 at 2:25

GoogleCodeExporter commented 9 years ago
Great, it's working on 64 bit Ubuntu. :D

Original comment by rtstanif...@gmail.com on 30 Dec 2011 at 2:32

GoogleCodeExporter commented 9 years ago
These are my outputs on rev 20.

At least now is changing PIN's althought I still get WARNINGS.

Thanks for your efforts

Original comment by gorilla....@gmail.com on 30 Dec 2011 at 2:54

Attachments:

GoogleCodeExporter commented 9 years ago
maguila, this may be an issue with the AP. Some APs implement WPS a little 
differently and since TP-Link has "QSS" which is not exactly WPS, but is 
supposed to be compatible, I wouldn't be surprised. 

This is what the 'advanced' options are for in reaver - sometimes specifying 
different timeout periods or eap termination options (or others) can help 
alleviate compatibility issues like this. I have run reaver against other 
TP-Links, but probably not the exact model you have, so I can't say for sure.

Original comment by cheff...@tacnetsol.com on 30 Dec 2011 at 3:01

GoogleCodeExporter commented 9 years ago
One silly question;

If I change the build_wps_pin() function to force it to use my PIN, shouldn't 
it work?

Anyway I also tried with the netgear with the same results.

Original comment by gorilla....@gmail.com on 30 Dec 2011 at 3:15

GoogleCodeExporter commented 9 years ago
I'm going to download a 32 bits distro and see what I get.

Original comment by gorilla....@gmail.com on 30 Dec 2011 at 3:17

GoogleCodeExporter commented 9 years ago
Yes, you can change build_wps_pin to always return the same pin.

Let me know if your issues are different in 32/64 bit OSs. It's working fine 
here on Backtrack 5 RC1 32 and 64 bit.

Original comment by cheff...@tacnetsol.com on 30 Dec 2011 at 3:46

GoogleCodeExporter commented 9 years ago
No other verifications, positive or negative?

Original comment by cheff...@tacnetsol.com on 30 Dec 2011 at 3:55

GoogleCodeExporter commented 9 years ago
New version works for me. (Ubuntu 10.04 x64 ipw3954)

Original comment by chengzhicn@gmail.com on 30 Dec 2011 at 4:10

GoogleCodeExporter commented 9 years ago
not for me 

BT5 R1 x64 RT3070

reaver -i mon0 -b C0:C1:C0:A5:73:F7 -vv

[+] Waiting for beacon from C0:C1:C0:A5:73:F7
[+] Switching mon0 to channel 9
[+] Associated with C0:C1:C0:A5:73:F7 
[+] Trying pin 91636102
[!] WARNING: Receive timeout occurred
Segmentation fault

Original comment by hurenhan...@googlemail.com on 30 Dec 2011 at 4:19

GoogleCodeExporter commented 9 years ago
hurenhannes, are you using r20? I have BT5 R1 x64 working with no issues (using 
rtl8187 drivers). 

Also why is your BSSID the same as mine? :)

Original comment by cheff...@tacnetsol.com on 30 Dec 2011 at 4:22

GoogleCodeExporter commented 9 years ago
Issue 5 has been merged into this issue.

Original comment by cheff...@tacnetsol.com on 30 Dec 2011 at 4:23

GoogleCodeExporter commented 9 years ago
yes im using r20. I was lazy, copy paste.... :)

I will try the x86 of BT 5 R1.

Original comment by hurenhan...@googlemail.com on 30 Dec 2011 at 5:03

GoogleCodeExporter commented 9 years ago
Well Good News.

I tried with a 32 bit Ubuntu 11.10 under kernel 3.1.6 also with an old kernel 
2.6.34 on x64 bit system and also with an atheros device with the ath5k driver, 
and I was getting the same results. So it seems it's AP related.

Original comment by gorilla....@gmail.com on 30 Dec 2011 at 5:06

GoogleCodeExporter commented 9 years ago
Great news!

All is working..issues are cleared...
waiting to see end result (guessed pin :)))

Thanks

Original comment by ianc...@gmail.com on 30 Dec 2011 at 5:07

GoogleCodeExporter commented 9 years ago
Awesome! These changes are in release 1.2. I'm waiting to hear back from 
hurenhannes before closing the ticket, as he seems to still be having issues.

Original comment by cheff...@tacnetsol.com on 30 Dec 2011 at 5:16

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Nothing heard back from hurenhannes; by all other accounts and testing, the seg 
fault is fixed, closing ticket.

Original comment by cheff...@tacnetsol.com on 30 Dec 2011 at 9:16

GoogleCodeExporter commented 9 years ago
Issue 36 has been merged into this issue.

Original comment by cheff...@tacnetsol.com on 2 Jan 2012 at 12:57

GoogleCodeExporter commented 9 years ago
I am running reaver version 1.4 and the issue is still occurring 
sometimes it crashes with Aborted message 

Original comment by jokesare...@gmail.com on 27 Oct 2013 at 12:15