Results 1 to 21 of 21

Thread: Reaver - The 99.99% Problem

  1. #1
    Join Date
    2013-Jul
    Posts
    843

    Reaver - The 99.99% Problem

    Musket Team Alpha wishes to warn all Reaver users that the 99.99% problem still exists in all versions of Reaver 1.4.

    We have had five(5) cases in two(2) different areas and on different computers using Kali-linux. In the past the same problem exited when using BT5 so we do not think kali-linux is the problem. If you go to the WPS Reaver forums you can find the problem. Reaver will run up to 99.99% and then go into an endless loop. The fix for this was posted but we thought the newer Reaver would have included this fix. Obviously this is not the case and/or the patch doesn't work.

    We address this problem by reverting to reaver 1.3 on a BT5 OS. This always cracks the code.

    We will patch our exiting Reaver 1.4 and test it. We have noted other problems with the newer Reaver which will be posted shortly

    MTA

  2. #2
    Join Date
    2013-Jul
    Posts
    843

    Further Updates

    We tried using BT5R1/Reaver1.3 against the following router. The program ran up to just over 98% then started requesting only one number(ie 76845) climbed to 99% and went into an endless loop. So the Reaver 1.3 solution did not work.


    [+] Restored previous session
    [+]
    Waiting for beacon from 1C:7E:E5:XX:XX:XX
    [+]
    Switching mon0 to channel 13
    [+]
    Associated with 1C:7E:E5:XX:XX:XX
    [ (ESSID: WIFI)
    [+] Trying pin 76845
    [!] WARNING: Receive timeout occurred
    [+]
    Trying pin 76845
    [!] WARNING: Receive timeout occurred
    [+]
    Trying pin 76845
    [!] WARNING: Receive timeout occurred
    [+]
    Trying pin 76845
    [!] WARNING: Receive timeout occurred


    We have reloaded reaver 1.4 on two(2) computers making sure we have the latest Reaver 1.4-2kali7 and are testing again against the six(6) routers that are giving us endless loop problems. We will update when we have more data.

    MTB

  3. #3
    Join Date
    2013-Nov
    Posts
    24
    Sweet, I ran into this problem twice over the past month. I thought that the AP simply stopped responding and locking itself or wash reported incorrect data, that the AP was locked all along. Good to know an update is coming.

  4. #4
    Join Date
    2013-Dec
    Posts
    1
    bully has the option to bruteforce last checksum digit of PIN. It seems like solution for this problem.

  5. #5
    Join Date
    2013-Jul
    Posts
    843
    For clarification as our team have routers in our area that has produced this 99.99% problem. We are simply testing Reaver 1.4-2kali7 which to our knowledge is the latest update. If you have routers in you area we suggest you test as well.

    First run

    apt-get update

    then

    apt-get install reaver

    This will insure you have Reaver 1.4-2kali7

    Since you already have a Reaver file against the router you want to start again from the beginning

    To do this we run Reaver without the -a -f command

    reaver -i mon0 -c XX -b MA:COE:TA:RG:ET -vv -x 60

    Reaver will ask you if you want to use the saved data Type n

    Let Reaver Run a bit then shut down with ctrl-c

    add the -a -f to the command line and continue

    reaver -i mon0 -a -f -c XX -b MA:COE:TA:RG:ET -vv -x 60

    We are interested what you find. You might post your test at the WPS-Reaver site as well.

  6. #6
    Join Date
    2013-Jul
    Posts
    843
    Thanx to gffy!!!. We updated our bully in kali-linux with:
    apt-get install bully
    Ran some tests and your suggestions look very promising. We are half way thru a reaver test, if it fails we will run bully normally and if it fails try the brute force checksum apporach but the help files state this takes 10 times longer. But regardless we will post here as we work thru these routers.

  7. #7
    Join Date
    2013-Jul
    Posts
    843
    Against our first router that showed the 99.99% problem - kali-linux using Reaver 1.4-2kali7 cracked the code.

  8. #8
    Join Date
    2013-Oct
    Posts
    56
    I have been following this thread with interest and would like to know if I have the correct version of Reaver installed on my
    Vm Machine.

    I have done the apt-get update/install with the following output....

    Code:
    apt-get install reaver
    Reading package lists... 
    Done
    Building dependency tree       
    Reading state information... 
    Done
    reaver is already the newest version.
    0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
    
    root@kali:~# reaver
    
    
    Reaver v1.4 WiFi Protected Setup Attack Tool
    Rab.

  9. #9
    Join Date
    2013-Dec
    Posts
    2
    Quote Originally Posted by flyinghaggis View Post
    I have been following this thread with interest and would like to know if I have the correct version of Reaver installed on my
    Vm Machine.

    I have done the apt-get update/install with the following output....

    Code:
    apt-get install reaver
    Reading package lists... 
    Done
    Building dependency tree       
    Reading state information... 
    Done
    reaver is already the newest version.
    0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
    
    root@kali:~# reaver
    
    
    Reaver v1.4 WiFi Protected Setup Attack Tool
    Rab.
    Same here.

  10. #10
    Join Date
    2013-Jul
    Posts
    843
    After we have updated our reaver and ran apt-get install reaver we got the exact same output to screen. A word of caution though. We gave up VM ware years ago so take anything we say on the matter as ancient logic. However we had alot of problems spoofing a mac when using VM ware. AND spoofing a mac when using reaver is a bit different. If you try and spoof your mac we suggest you monitor reaver output to the target by running airodump-ng on the channel and --bssid of your targetAP. Look very closely at the mac code reaver is using during its process. To save you time researching we will give you the steps to spoof a mac with reaver but we doubt it will work in a VM shell. WE do not mind at all if you prove us wrong.

    We have used wlan0 as our wi-fi device which you can change to meet your systems wifi designation

    ifconfig wlan0 down
    ifconfig wlan0 hw ether 00:11:22:33:44:55
    ifconfig wlan0 up
    airmon-ng start wlan0

    reaver -i mon0 -a -f -c 1 -b 55:44:33:22:11:00 -vv -x --mac=00:11:22:33:44:55

    The mac code you spoof with

    ifconfig wlan0 hw ether 00:11:22:33:44:55

    must also be in the reaver commmand line

    Sorry to get off topic but your mention of VM ware brought back alot of bad memories. Wish you luck. We think the authors of reaver have solved the 99.99% problem. In closing we have just posted a reaver tool that you can employ in certain circumstances. We have posted this tool in these forums.

  11. #11
    Join Date
    2013-Dec
    Posts
    2
    Quote Originally Posted by mmusket33 View Post
    After we have updated our reaver and ran apt-get install reaver we got the exact same output to screen. A word of caution though. We gave up VM ware years ago so take anything we say on the matter as ancient logic. However we had alot of problems spoofing a mac when using VM ware. AND spoofing a mac when using reaver is a bit different. If you try and spoof your mac we suggest you monitor reaver output to the target by running airodump-ng on the channel and --bssid of your targetAP. Look very closely at the mac code reaver is using during its process. To save you time researching we will give you the steps to spoof a mac with reaver but we doubt it will work in a VM shell. WE do not mind at all if you prove us wrong.

    We have used wlan0 as our wi-fi device which you can change to meet your systems wifi designation

    ifconfig wlan0 down
    ifconfig wlan0 hw ether 00:11:22:33:44:55
    ifconfig wlan0 up
    airmon-ng start wlan0

    reaver -i mon0 -a -f -c 1 -b 55:44:33:22:11:00 -vv -x --mac=00:11:22:33:44:55

    The mac code you spoof with

    ifconfig wlan0 hw ether 00:11:22:33:44:55

    must also be in the reaver commmand line

    Sorry to get off topic but your mention of VM ware brought back alot of bad memories. Wish you luck. We think the authors of reaver have solved the 99.99% problem. In closing we have just posted a reaver tool that you can employ in certain circumstances. We have posted this tool in these forums.
    So if I read your post correctly is sounds as if after updating to the new reaver you still show "reaver v1.4" as the installed version, but you are confident that you actually have installed the new version. Is there a way that I can actually verify the new version is installed?

  12. #12
    Join Date
    2013-Mar
    Location
    milano
    Posts
    301
    Quote Originally Posted by flyinghaggis View Post
    I have been following this thread with interest and would like to know if I have the correct version of Reaver installed on my
    Vm Machine.

    I have done the apt-get update/install with the following output....

    Code:
    apt-get install reaver
    Reading package lists... 
    Done
    Building dependency tree       
    Reading state information... 
    Done
    reaver is already the newest version.
    0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
    
    root@kali:~# reaver
    
    
    Reaver v1.4 WiFi Protected Setup Attack Tool
    Rab.
    root@kali:~# dpkg -l |grep reaver
    reaver 1.4-2kali7 i386 brute force attack tool against Wifi Protected Setup PIN number
    root@kali:~#

  13. #13
    Join Date
    2013-Jul
    Posts
    843
    We have found out why some computers are NOT updating their Kali linux reaver to Reaver 1.4-2kali7 This is because their sources file is either incomplete or incorrect

    ALL We can say at this time is that when using the following sources list reaver will update to the above version:

    #placed in /etc/apt/ folder file name souces.list
    deb http://http.kali.org/kali kali main contrib non-free
    deb-src http://http.kali.org/kali kali main contrib non-free
    deb http://security.kali.org/kali-security kali/updates main contrib non-free
    deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
    deb http://http.kali.org /kali main contrib non-free
    deb http://http.kali.org /wheezy main contrib non-free


    Musket Team Alpha

  14. #14
    Join Date
    2013-Jul
    Posts
    843
    The Remarks above should read

    #placed in /etc/apt/ folder file name sources.list

    Our Mistake

    Sorry

    MTA

  15. #15
    Join Date
    2013-Dec
    Posts
    11
    i signed up to say i'm almost sure this problem is related to router firmware, before i upgrade my router's firmware i was able to crack the pin, then yesterday i tried to run reaver against my router and had the 99% error with the new firmware, as well as 3 other routers with same mac prefix(E4:C1:46

  16. #16
    Join Date
    2013-Jul
    Posts
    843

    try ths

    Vinny

    We suggest the following. Make sure your sources file is in order then run:

    apt-get update

    on your computer.

    Then run

    apt-get install reaver

    and see if you get another update.


    If you DO get an update then try the attack with reaver again but start from the beginning.

    Run reaver without the -a and -f command. It will ask you if you want to start from the beginning again. Do not use your old collected keys

    Let reaver run from the begining for a minute then ctrl-c to stop, add -a and -f back to the command line and restart.

    You may be right in your assumptions! so if this doesnot work try using bully just add the --force to the command line. AGAIN the --force command is NOT listed in the help files but shows up in bully warning. Furthermore the -B --bruteforce command doesnot work for us BUT --force does work so we suspect there is an error in the bully help files. We are just in the process of posting this to these forums. Remember brute force takes a long time so have patience. If you can get reaver to work all the better.

    Please post your success or failure

    MTA/MTB

  17. #17
    Join Date
    2013-Jul
    Posts
    843
    Reference the --force versus --bruteforce. We realize that the --bruteforce command is not the same as --force command. We simply cannot get this --bruteforce command to function so if you figure out how to do it let us know?!?

  18. #18
    Join Date
    2013-Dec
    Posts
    11
    Thanks for the help mmusket33, I had tried all of this already, when I noticed that reaver percentages stucked in 99% the first thing I did was delete the .wpc file and start reaver from begin, i tried this multiple times and even with kali livecd had no success, checked the version and was the 1.4-2kali7 too...What cleared the cause of problem for me was that i cracked my pins router flawlessly and more than 1 time before, so i tried now and had this problem again & again then i remembered a day i had updated the router with last firmware. Another thing is that ISP's are updating some clients in my region with routers with this mac prefix > E4:C1:46 then i searched the web and see others having same problem with this routers(E4:C1:46 ).
    Also tried latest bully from github(1.0-22) and no success at all, just stucks at same pin, sorry for my english, i'm brazilian.

  19. #19
    Join Date
    2013-Sep
    Posts
    264
    WoW

    I leave in SPAin and we have the same beginning of bssid which belongs to a spanish firm that buy routers in china to sell them to the ISP (i didn't know taht they where also active in brazil )

    Mac address: E4:C1:46

    Base16 encoding: E4C146

    Vendor name: Objetivos y Servicios de Valor A

    Vendor address:

    C/ Monte Esquinza, 28, 1D
    Madrid 28017
    SPAIN
    Could you tell us what is your router model?
    Is it a Observa Telecom RTA01N ?

    Try to had the argument -n in your reaver command line ( just -n )

  20. #20
    Join Date
    2013-Dec
    Posts
    11
    Quote Originally Posted by kcdtv View Post
    WoW

    I leave in SPAin and we have the same beginning of bssid which belongs to a spanish firm that buy routers in china to sell them to the ISP (i didn't know taht they where also active in brazil )



    Could you tell us what is your router model?
    Is it a Observa Telecom RTA01N ?

    Try to had the argument -n in your reaver command line ( just -n )
    Not, mine is Cameo Communications(18:17:25), made by thomson if i'm right and was vulnerale before, then i updated with latest firmware of this ISP that i'm talking about..

    I actually googled and this is a common prefix in Spain routers like vodafone etc, i saw several users complaining with 99% error when trying to crack the Wps Pin with these routers in Spanish forums.

  21. #21
    Join Date
    2013-Jul
    Posts
    843
    To VinnyG

    We suggest you post your problems in the WPS-reaver site. The authors of reaver respond quickly to reaver problems if you can identify the problem for them. You might note that the 99.99% problem has happened for different reasons before. A year ago it was coding in reaver 1.4. The latest we raised was updating reaver in kali-linux. Your comments probably are something new probably dealing with specific routers which the authors of reaver may handle for you far better then any of us in the kali-linux forums.

Similar Threads

  1. Reaver/Bully problem. Kali problem? backports problems?
    By kaputjan in forum General Archive
    Replies: 2
    Last Post: 2017-04-28, 17:48
  2. Reaver problem, please help!
    By machx in forum General Archive
    Replies: 6
    Last Post: 2016-07-01, 20:57

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •