WiFi WPA cracking with Reaver
This question is for anyone who has tried or succeeded to crack WiFi WPA/WPA2 keys with BackTrack Linux and Reaver. So, I wanted to test it on my WiFi router. I started everything as described here. But I got this error:
[email protected]:~# reaver -i mon0 -b 74:31:70:05:4B:A7 -vv Reaver v1.4 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]> [+] Waiting for beacon from 74:31:70:05:4B:A7 [+] Switching mon0 to channel 1 [+] Associated with 74:31:70:05:4B:A7 (ESSID: ALICE-WLAN20) [+] Trying pin 12345670 [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [!] WARNING: Receive timeout occurred [+] Sending WSC NACK [!] WPS transaction failed (code: 0x02), re-trying last pin [+] Trying pin 12345670 [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response ^C [+] Nothing done, nothing to save
It tries the same pin over and over, can anyone explain to me what the problem is, and how I can fix it?
Not a security question, but a support question for Reaver. (Which appears to be answered in their FAQ: "**Reaver just tries the same pin over and over** Make sure your target AP supports WPS. Run the walsh tool to scan for WPS-enabled APs and make sure your target AP is listed.")
First make sure that reaver is up to date (using
apt-get update && apt-get upgradewill do this for you).
Second, remember this is an exploit tool. I have had mixed results. Certain linksys routers will crap out under the load and simply lock up. Some other models have given me the same behavior yours is showing (repeated pin, or repeated series of pins even when WPS is enabled).
This tool will not work on every router. Try it on a few different targets. If you get the same issue against multiple models it could be your wifi card or driver as well.
From my experience reaver works on maybe 60-70% of WPS enabled routers I come across. The other 30-40% either get DoS'd or simply fail.
Very good answer. It should be said if the tool fails and it is because the router crashes, it is because of the router's WPS support being implemented the incorrect way, which might or might not be solvable by firmware. I know when this issue the only solution that to solve the exploit in WPS is to disable WPS the exploit itself is a design flaw in WPS.