wpa2 - Wifi WPA cracking with reaver - Information Security Stack Ex...

1 of 2

http://security.stackexchange.com/questions/14913/wifi-wpa-cracking-w...

sign up

log in tour

Information Security Stack Exchange is a question and answer site for Information security professionals. It's 100%
free, no registration required.

help

Wifi WPA cracking with reaver

Hello! This question for anyone who tried or succeeded to crack wifi wpa/wpa2 keys with backtrack linux and reaver. So, I wanted to test on my
wifi router. I started everything as described here. But I get this error:
root@bt:~# reaver -i mon0 -b 74:31:70:05:4B:A7 -vv
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
[+]
[+]
[+]
[+]
[+]
[+]
[+]
[!]
[+]
[!]
[+]
[+]
[+]
[+]
^C
[+]

Waiting for beacon from 74:31:70:05:4B:A7

Switching mon0 to channel 1
Associated with 74:31:70:05:4B:A7 (ESSID: ALICE-WLAN20)
Trying pin 12345670
Sending EAPOL START request
Received identity request
Sending identity response
WARNING: Receive timeout occurred
Sending WSC NACK
WPS transaction failed (code: 0x02), re-trying last pin
Trying pin 12345670
Sending EAPOL START request
Received identity request
Sending identity response
Nothing done, nothing to save

It tries the same pin over and over, can anyone explain me what is the problem and how can I fix it?
wifi

wpa2

asked May 13 '12 at 9:21

faikabd
163 1 2 7

Not a security question, but a support question for Reaver. (Which appears to be answered in their FAQ: "Reaver
just tries the same pin over and over Make sure your target AP supports WPS. Run the walsh tool to scan for
WPS-enabled APs and make sure your target AP is listed.") Graham Hill May 14 '12 at 9:40

2 Answers
First make sure that reaver is up to date (using apt-get update && apt-get upgrade will do this for
you).
Second, remember this is an exploit tool. I have had mixed results. Certain linksys routers will crap
out under the load and simply lock up. Some other models have given me the same behavior yours is
showing (repeated pin, or repeated series of pins even when WPS is enabled).
This tool will not work on every router. Try it on a few different targets. If you get the same issue
against multiple models it could be your wifi card or driver as well.
From my experience reaver works on maybe 60-70% of WPS enabled routers I come across. The
other 30-40% either get DoS'd or simply fail.
answered May 14 '12 at 19:49
Chris Frazier
465 3 5

Very good answer. It should be said if the tool fails and it is because the router crashes, it is because of the router's
WPS support being implemented the incorrect way, which might or might not be solvable by firmware. I know when
this issue the only solution that to solve the exploit in WPS is to disable WPS the exploit itself is a design flaw in
WPS. Ramhound May 15 '12 at 16:54

First make sure the router has WPS by running this command " wash -i mon0 "(without quotes,for
best result use rtl8187 wireless card).
Try running reaver -i mon0 -b 74:31:70:05:4B:A7 -vv -N - S -c1 (1 is your channel)
also try to get a good signal,it was my case, i cracked a TP-Link router in almost 12 hours
(WPA2-PSK) using the same as you did, and as mentioned before, you might have to wait for like 5
minutes or so as the router might block your WPS requests for a period of time. you can also try
wpscrack,i didnt try it but could help you.
http://null-byte.wonderhowto.com/how-to/hack-wpa-wifi-passwords-by-cracking-wps-pin-0132542/

1/4/2015 11:24 AM

wpa2 - Wifi WPA cracking with reaver - Information Security Stack Ex...

2 of 2

http://security.stackexchange.com/questions/14913/wifi-wpa-cracking-w...

Good Luck
answered Mar 30 '13 at 18:53
mhmdkh
11 1

1/4/2015 11:24 AM