Reaver - The 99.99% Problem

[mmusket33]

Musket Team Alpha wishes to warn all Reaver users that the 99.99% problem still exists in all versions of Reaver 1.4.

We have had five(5) cases in two(2) different areas and on different computers using Kali-linux. In the past the same problem exited when using BT5 so we do not think kali-linux is the problem. If you go to the WPS Reaver forums you can find the problem. Reaver will run up to 99.99% and then go into an endless loop. The fix for this was posted but we thought the newer Reaver would have included this fix. Obviously this is not the case and/or the patch doesn't work.

We address this problem by reverting to reaver 1.3 on a BT5 OS. This always cracks the code.

We will patch our exiting Reaver 1.4 and test it. We have noted other problems with the newer Reaver which will be posted shortly

MTA

[mmusket33]

We tried using BT5R1/Reaver1.3 against the following router. The program ran up to just over 98% then started requesting only one number(ie 76845) climbed to 99% and went into an endless loop. So the Reaver 1.3 solution did not work.


[+] Restored previous session
[+]
Waiting for beacon from 1C:7E:E5:XX:XX:XX
[+]
Switching mon0 to channel 13
[+]
Associated with 1C:7E:E5:XX:XX:XX
[ (ESSID: WIFI)
[+] Trying pin 76845
[!] WARNING: Receive timeout occurred
[+]
Trying pin 76845
[!] WARNING: Receive timeout occurred
[+]
Trying pin 76845
[!] WARNING: Receive timeout occurred
[+]
Trying pin 76845
[!] WARNING: Receive timeout occurred


We have reloaded reaver 1.4 on two(2) computers making sure we have the latest Reaver 1.4-2kali7 and are testing again against the six(6) routers that are giving us endless loop problems. We will update when we have more data.

MTB

[polyphemus]

Sweet, I ran into this problem twice over the past month. I thought that the AP simply stopped responding and locking itself or wash reported incorrect data, that the AP was locked all along. Good to know an update is coming.

[Gffy]

bully has the option to bruteforce last checksum digit of PIN. It seems like solution for this problem.

[mmusket33]

For clarification as our team have routers in our area that has produced this 99.99% problem. We are simply testing Reaver 1.4-2kali7 which to our knowledge is the latest update. If you have routers in you area we suggest you test as well.

First run

apt-get update

then

apt-get install reaver

This will insure you have Reaver 1.4-2kali7

Since you already have a Reaver file against the router you want to start again from the beginning

To do this we run Reaver without the -a -f command

reaver -i mon0 -c XX -b MA:COE:TA:RG:ET -vv -x 60

Reaver will ask you if you want to use the saved data Type n

Let Reaver Run a bit then shut down with ctrl-c

add the -a -f to the command line and continue

reaver -i mon0 -a -f -c XX -b MA:COE:TA:RG:ET -vv -x 60

We are interested what you find. You might post your test at the WPS-Reaver site as well.

[mmusket33]

Thanx to gffy!!!. We updated our bully in kali-linux with:
apt-get install bully
Ran some tests and your suggestions look very promising. We are half way thru a reaver test, if it fails we will run bully normally and if it fails try the brute force checksum apporach but the help files state this takes 10 times longer. But regardless we will post here as we work thru these routers.

[mmusket33]

Against our first router that showed the 99.99% problem - kali-linux using Reaver 1.4-2kali7 cracked the code.

[flyinghaggis]

I have been following this thread with interest and would like to know if I have the correct version of Reaver installed on my
Vm Machine.

I have done the apt-get update/install with the following output....

Code:

apt-get install reaver
Reading package lists... 
Done
Building dependency tree       
Reading state information... 
Done
reaver is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

root@kali:~# reaver


Reaver v1.4 WiFi Protected Setup Attack Tool

Rab.

[ngreen1980]

I have been following this thread with interest and would like to know if I have the correct version of Reaver installed on my
Vm Machine.

I have done the apt-get update/install with the following output....

Code:

apt-get install reaver
Reading package lists... 
Done
Building dependency tree       
Reading state information... 
Done
reaver is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

root@kali:~# reaver


Reaver v1.4 WiFi Protected Setup Attack Tool

Rab.

Same here.

[mmusket33]

After we have updated our reaver and ran apt-get install reaver we got the exact same output to screen. A word of caution though. We gave up VM ware years ago so take anything we say on the matter as ancient logic. However we had alot of problems spoofing a mac when using VM ware. AND spoofing a mac when using reaver is a bit different. If you try and spoof your mac we suggest you monitor reaver output to the target by running airodump-ng on the channel and --bssid of your targetAP. Look very closely at the mac code reaver is using during its process. To save you time researching we will give you the steps to spoof a mac with reaver but we doubt it will work in a VM shell. WE do not mind at all if you prove us wrong.

We have used wlan0 as our wi-fi device which you can change to meet your systems wifi designation

ifconfig wlan0 down
ifconfig wlan0 hw ether 00:11:22:33:44:55
ifconfig wlan0 up
airmon-ng start wlan0

reaver -i mon0 -a -f -c 1 -b 55:44:33:22:11:00 -vv -x --mac=00:11:22:33:44:55

The mac code you spoof with

ifconfig wlan0 hw ether 00:11:22:33:44:55

must also be in the reaver commmand line

Sorry to get off topic but your mention of VM ware brought back alot of bad memories. Wish you luck. We think the authors of reaver have solved the 99.99% problem. In closing we have just posted a reaver tool that you can employ in certain circumstances. We have posted this tool in these forums.

[ngreen1980]

After we have updated our reaver and ran apt-get install reaver we got the exact same output to screen. A word of caution though. We gave up VM ware years ago so take anything we say on the matter as ancient logic. However we had alot of problems spoofing a mac when using VM ware. AND spoofing a mac when using reaver is a bit different. If you try and spoof your mac we suggest you monitor reaver output to the target by running airodump-ng on the channel and --bssid of your targetAP. Look very closely at the mac code reaver is using during its process. To save you time researching we will give you the steps to spoof a mac with reaver but we doubt it will work in a VM shell. WE do not mind at all if you prove us wrong.

We have used wlan0 as our wi-fi device which you can change to meet your systems wifi designation

ifconfig wlan0 down
ifconfig wlan0 hw ether 00:11:22:33:44:55
ifconfig wlan0 up
airmon-ng start wlan0

reaver -i mon0 -a -f -c 1 -b 55:44:33:22:11:00 -vv -x --mac=00:11:22:33:44:55

The mac code you spoof with

ifconfig wlan0 hw ether 00:11:22:33:44:55

must also be in the reaver commmand line

Sorry to get off topic but your mention of VM ware brought back alot of bad memories. Wish you luck. We think the authors of reaver have solved the 99.99% problem. In closing we have just posted a reaver tool that you can employ in certain circumstances. We have posted this tool in these forums.

So if I read your post correctly is sounds as if after updating to the new reaver you still show "reaver v1.4" as the installed version, but you are confident that you actually have installed the new version. Is there a way that I can actually verify the new version is installed?

[zimmaro]

I have been following this thread with interest and would like to know if I have the correct version of Reaver installed on my
Vm Machine.

I have done the apt-get update/install with the following output....

Code:

apt-get install reaver
Reading package lists... 
Done
Building dependency tree       
Reading state information... 
Done
reaver is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

root@kali:~# reaver


Reaver v1.4 WiFi Protected Setup Attack Tool

Rab.

root@kali:~# dpkg -l |grep reaver
reaver 1.4-2kali7 i386 brute force attack tool against Wifi Protected Setup PIN number
root@kali:~#

[mmusket33]

We have found out why some computers are NOT updating their Kali linux reaver to Reaver 1.4-2kali7 This is because their sources file is either incomplete or incorrect

ALL We can say at this time is that when using the following sources list reaver will update to the above version:

#placed in /etc/apt/ folder file name souces.list
deb http://http.kali.org/kali kali main contrib non-free
deb-src http://http.kali.org/kali kali main contrib non-free
deb http://security.kali.org/kali-security kali/updates main contrib non-free
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
deb http://http.kali.org /kali main contrib non-free
deb http://http.kali.org /wheezy main contrib non-free


Musket Team Alpha

[mmusket33]

The Remarks above should read

#placed in /etc/apt/ folder file name sources.list

Our Mistake

Sorry

MTA

[VinnyG]

i signed up to say i'm almost sure this problem is related to router firmware, before i upgrade my router's firmware i was able to crack the pin, then yesterday i tried to run reaver against my router and had the 99% error with the new firmware, as well as 3 other routers with same mac prefix(E4:C1:46

[mmusket33]

Vinny

We suggest the following. Make sure your sources file is in order then run:

apt-get update

on your computer.

Then run

apt-get install reaver

and see if you get another update.


If you DO get an update then try the attack with reaver again but start from the beginning.

Run reaver without the -a and -f command. It will ask you if you want to start from the beginning again. Do not use your old collected keys

Let reaver run from the begining for a minute then ctrl-c to stop, add -a and -f back to the command line and restart.

You may be right in your assumptions! so if this doesnot work try using bully just add the --force to the command line. AGAIN the --force command is NOT listed in the help files but shows up in bully warning. Furthermore the -B --bruteforce command doesnot work for us BUT --force does work so we suspect there is an error in the bully help files. We are just in the process of posting this to these forums. Remember brute force takes a long time so have patience. If you can get reaver to work all the better.

Please post your success or failure

MTA/MTB

[mmusket33]

Reference the --force versus --bruteforce. We realize that the --bruteforce command is not the same as --force command. We simply cannot get this --bruteforce command to function so if you figure out how to do it let us know?!?

[VinnyG]

Thanks for the help mmusket33, I had tried all of this already, when I noticed that reaver percentages stucked in 99% the first thing I did was delete the .wpc file and start reaver from begin, i tried this multiple times and even with kali livecd had no success, checked the version and was the 1.4-2kali7 too...What cleared the cause of problem for me was that i cracked my pins router flawlessly and more than 1 time before, so i tried now and had this problem again & again then i remembered a day i had updated the router with last firmware. Another thing is that ISP's are updating some clients in my region with routers with this mac prefix > E4:C1:46 then i searched the web and see others having same problem with this routers(E4:C1:46 ).
Also tried latest bully from github(1.0-22) and no success at all, just stucks at same pin, sorry for my english, i'm brazilian.

[kcdtv]

WoW

I leave in SPAin and we have the same beginning of bssid which belongs to a spanish firm that buy routers in china to sell them to the ISP (i didn't know taht they where also active in brazil )

Mac address: E4:C1:46

Base16 encoding: E4C146

Vendor name: Objetivos y Servicios de Valor A

Vendor address:

C/ Monte Esquinza, 28, 1D
Madrid 28017
SPAIN

Could you tell us what is your router model?
Is it a Observa Telecom RTA01N ?

Try to had the argument -n in your reaver command line ( just -n )

[VinnyG]

WoW

I leave in SPAin and we have the same beginning of bssid which belongs to a spanish firm that buy routers in china to sell them to the ISP (i didn't know taht they where also active in brazil )



Could you tell us what is your router model?
Is it a Observa Telecom RTA01N ?

Try to had the argument -n in your reaver command line ( just -n )

Not, mine is Cameo Communications(18:17:25), made by thomson if i'm right and was vulnerale before, then i updated with latest firmware of this ISP that i'm talking about..

I actually googled and this is a common prefix in Spain routers like vodafone etc, i saw several users complaining with 99% error when trying to crack the Wps Pin with these routers in Spanish forums.

[mmusket33]

To VinnyG

We suggest you post your problems in the WPS-reaver site. The authors of reaver respond quickly to reaver problems if you can identify the problem for them. You might note that the 99.99% problem has happened for different reasons before. A year ago it was coding in reaver 1.4. The latest we raised was updating reaver in kali-linux. Your comments probably are something new probably dealing with specific routers which the authors of reaver may handle for you far better then any of us in the kali-linux forums.