1

I have a problem with reaver. I try the --nack command

reaver -i mon0 -b 00:01:02:03:04:05 -vv --nack --mac=00:BA:AD:BE:EF:6

for example. And I assume it will try a different PIN, even if it doesn't receive a negative acknowledgment but it tries the same PIN every time. In an hour I come back and its still trying PIN 12345670. So I stop the command because its been trying that for an hour. Is that really what the --nack command is supposed to do? How to make it try a different PIN, regardless of what response it gets from my router?

user3695903
  • 35
  • 5

1 Answers1

2

From some reaver documentation, which I found here:

Some poor WPS implementations will drop a connection on the floor when an invalid pin is supplied instead of responding with a NACK message as the specs dictate. To account for this, if an M5/M7 timeout is reached, it is treated the same as a NACK by default. However, if it is known that the target AP sends NACKS (most do), this feature can be disabled to ensure better reliability. This option is largely useless as Reaver will auto-detect if an AP properly responds with NACKs or not:

reaver -i mon0 -b 00:01:02:03:04:05 --nack

So regarding your problem:

The speed at which Reaver can test pin numbers is entirely limited by the speed at which the AP can process WPS requests. Some APs are fast enough that one pin can be tested every second; others are slower and only allow one pin every ten seconds. Statistically, it will only take half of that time in order to guess the correct pin number.

Is it possible that you simply have a really really slow AP? Or do you get any other error messages/logs?

Sebastian
  • 330
  • 1
  • 8