search

realing / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

WPS transaction failed (code: 0x02, 0x03, 0x04) and Receive timeout occurred #222

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
0. Version of Reaver: v1.4

1. OS: BackTrack 5 R1 32 Bit Gnome

2. Wireless card: Alfa AWUS036NHR (Chipset: RTL8188RU) with compat-wireless 
driver (rtl8192cu)

3. Monitor mode enabled: Yes, aireplay-ng -9 -i mon0 wlan1 -> Injection 
successful.

4. Signal strength of the Access Point: -35

First try with standard parameters:

reaver -i mon0 -b 88:25:2C:F8:B7:30 -c 6 -vv --mac=00:BD:AF:FA:EF:37

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Switching mon0 to channel 6
[+] Waiting for beacon from 88:25:2C:F8:B7:30
[+] Associated with 88:25:2C:F8:B7:30 (ESSID: WLAN-F8B717)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x04), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x04), re-trying last pin
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2012-02-05 11:36:24 (0 seconds/pin)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x04), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x04), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x04), re-trying last pin
^C
[+] Nothing done, nothing to save.

pcap-file: standard.pcap

Second try with modified parameters (--no-nacks and -d 15, as mentioned in 
other issues):

reaver -i mon0 -b 88:25:2C:F8:B7:30 -c 6 -vv --no-nacks -d 15 
--mac=00:BD:AF:FA:EF:37

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Switching mon0 to channel 6
[+] Waiting for beacon from 88:25:2C:F8:B7:30
[+] Associated with 88:25:2C:F8:B7:30 (ESSID: WLAN-F8B717)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x04), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
^C
[+] Nothing done, nothing to save.

pcap-file: modified_parameters.pcap

Output of wash:

Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

BSSID                  Channel       RSSI       WPS Version       WPS Locked    
    ESSID
--------------------------------------------------------------------------------
-------------------------------
88:25:2C:F8:B7:30       6            -35        1.0               No            
    WLAN-F8B717

Output of airodump-ng:

BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID  

88:25:2C:F8:B7:30  -36       72        1    0   6  54e. WPA2 CCMP   PSK  
WLAN-F8B717

Note: I just emailed you the both pcap-files, because the issue attachment 
storage quoata here exceeded. :-)
I also tried to shutdown the router and start it again (-> reboot), but it does 
not help. Same problem.

Thank you very much! :-)

Original issue reported on code.google.com by sim.stamm on 5 Feb 2012 at 11:09

GoogleCodeExporter commented 9 years ago 
Please read http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

The hardware of some APs are not very good, low cache, low memory.

In your case, I believe it will have to be patient. Gradually you get it

Original comment by gcarval...@gmail.com on 7 Feb 2012 at 4:27

GoogleCodeExporter commented 9 years ago 
I have the same issue. Hope it isn't a signal problem. I have -68 to -78 RSSI, 
but nothing, it stuck on the first pin. Tomorrow I'll try to let him a few 
hours with the same pin. (Sorry for my english, anyway.)

Original comment by davideb...@gmail.com on 3 Mar 2012 at 11:26

GoogleCodeExporter commented 9 years ago 
Try changing your mac address using macchanger. the router may have protection 
enabled.

Mine worked after changing macchanger.

/usr/local/bin/macchanger -r wlan0

Original comment by 88sale...@gmail.com on 19 Apr 2012 at 4:23

GoogleCodeExporter commented 9 years ago 
100% works! tested
http://www.youtube.com/watch?v=hg19ThwjR5Q

Original comment by eddiekar...@gmail.com on 21 Apr 2012 at 11:54

GoogleCodeExporter commented 9 years ago 
same problem here:
i have the netgear wg111v3 with the rtl8187 chipset/driver.

after "Sending EAPOL START request" i get a WARNING: timeout following right 
away

after some failures i get:

Sending WSC NACK
WPS transaction failed (code: 0x02), re-trying last pin

Original comment by xeddo.xe...@googlemail.com on 23 Apr 2012 at 3:47

GoogleCodeExporter commented 9 years ago 
I have found that if you are running this from a virtual machine stored on 
external media i.e. hard drive sd card, etc... It will create this issue. 

If this is the case then try moving the VM to your computers hard drive.

I have tried this on various types of media 250GB WD Drive, 32GB Micro SD Card, 
and 8GB Thumb Drive and have had this error each time I have experimented with 
it. 

There are also some standard things I have taken into consideration when 
testing reaver and will post them on here.

Original comment by mwd451...@gmail.com on 2 Jul 2012 at 8:44

GoogleCodeExporter commented 9 years ago 
i had the same issue and solved it with a directional antenna and the 
--no-nacks command, if the pwr is > 55 it speeds up the process and deletes the 
errors

Original comment by karlhein...@gmail.com on 15 Dec 2014 at 4:00