Requests

[GoogleCodeExporter]

Hi

Thanks again for reaver, you are very clever to write something like this.

Can I make a few suggestions ?

Start from number

It would be nice to be able to start the attack from a user defined number.  I 
know the user can test a specific number but using it as a starting point 
instead would be nice.

Count down

Allow the user to run the test backwards, meaning start at 99999999 and work 
towards 00000000.  I understand this just adds extra guesswork into a brute 
force attack but I have been finding that more APs seem to start with 8 for me. 
 It would be nice to be able to work backwards !

Start from with direction.

If you accept both of the above could you make it so the user can do both ?  So 
they can define what number to start with and in which direction Reaver should 
go, either count up or down.

Not sure if this is a problem or not as it was something I noticed tonight but 
I have not had the opportunity to check again.

When I spoof my USB wireless MAC address Reaver doesn’t use it unless I 
define it with –mac in the Reaver command.  Shouldn’t Reaver or “could” 
Reaver please check to see what the spoofed MAC address is before starting and 
auto apply it ?  I spoofed the Wlan0 one and NOT the mon0 one as described in 
the instructions.  I did this before starting Reaver.

Thank you.

Original issue reported on code.google.com by keyfo...@veryrealemail.com on 23 Jan 2012 at 6:23

[GoogleCodeExporter]

Yes, these can be done, though they'll be low priority. 

For the mac spoofing, I'm sure there is a way for Reaver to figure out which 
wlan device the mon interface is attached to, but if you set the mac address of 
the mon interface as well (probably easiest to do with macchanger), then reaver 
will pick up the new mac address automatically.

Original comment by cheff...@tacnetsol.com on 23 Jan 2012 at 8:46

• Changed state: Accepted
• Added labels: Priority-Low, Type-Enhancement
• Removed labels: Priority-Triage, Type-Defect

[GoogleCodeExporter]

Hey, that’s fantastic, thank you !

I was confused about the MAC spoofing though as the instructions here…

http://code.google.com/p/reaver-wps/wiki/FAQ

Say…
“It does, but you have to make sure you are spoofing the MAC on the physical 
card's interface.”

And here… 

http://code.google.com/p/reaver-wps/wiki/HintsAndTips

“Changing the MAC address of the virtual monitor mode interface (typically 
named mon0) WILL NOT WORK. You must change the MAC address of your wireless 
card's physical interface.”

This may lead the user to believe as long as they spoof the Wlan0 MAC then they 
are ok, which probably isn’t so.

Can I suggest this is made clearer in the wiki and FAQ section please ?

Can I ask one more request ?  It would be very useful for Reaver to 
automatically save its position every 5 minutes or so instead of when the user 
closes it.  This would be good for laptops on low battery power etc or in the 
event of a loss of power.

Thank you very much for taking the time to read my requests.

Original comment by keyfo...@veryrealemail.com on 23 Jan 2012 at 9:25

[GoogleCodeExporter]

As long as the user follows the wiki and spoofs the wlan0 MAC address AND sets 
the correct MAC address with --mac, then they are OK. As long as these two 
match, you can set mon0 to anything. But if you don't specify --mac, then 
Reaver will use the MAC of the mon0 interface. So if you don't want to use the 
--mac option, you need to ensure that the MAC addresses of mon0 and wlan0 match.

Reaver already periodically saves the session state. Every time you see the 
status message "xx% complete at [timestamp] (X pins/second)", Reaver saves the 
current session state to disk. It just doesn't print it out every single time 
because that would be a bit annoying.

Original comment by cheff...@tacnetsol.com on 23 Jan 2012 at 9:45

[GoogleCodeExporter]

i hope this is the correct thread for this request.

could you add a "exit after # of failed attempts" 

on long distance attempts i made a script for a couple ap's. 
it loops changing mac #'s and turning tx up. more than half the time it gets 5+ 
attemps before timing out. if on ap hangs it stays on that ap and doesn't move 
on.

also thanks for the hard work!!! awesome tool for sure

Original comment by entept...@gmail.com on 26 Jan 2012 at 10:13

[GoogleCodeExporter]

Im sure you already have thought of this but i'll shoot anyway.

Regarding the spoofing of mac, wouldnt it be possible to say after 10-20 failed 
attempts, put interface down, change mac and keep going. This way we can leave 
it on during the night, and let it crack away.

Also, i doubt this is possible but adding a list with macs to feed into the 
interface (say 200) to loop trough 5 pins / mac. This would most probably not 
lock down the interface (or?).

Im sure you've already thought of these, and to be honest im not sure they will 
work, but would like to feedback a bit.

Thanks for making this possible!
Cheers!

Original comment by fractalu...@gmail.com on 12 Feb 2012 at 8:28

[GoogleCodeExporter]

Any updates on forcing reaver to start from 99999999 and work backward to 
00000000 ?

Original comment by portable...@gmail.com on 5 Sep 2014 at 8:29