Reaver never gets his beacon

[Elwood]

I'm trying to understand how to use Reaver. I've used the following commands

Code:

airmon-ng check kill; airmon-ng start wlan0; reaver -i wlan0mon -c 1 -b 00:11:22:33:44:55 -vv

Reaver replies

Code:

[+] Switching wlan0mon to channel 1
[+] Waiting for beacon from 00:11:22:33:44:55

and freezes there. How can I fix that?

I'm using Reaver 1.3 on Kali Linux. The signal strength is -35, the computer is just next to the base, which is a ZTE ZXV10. (Probably unrelated, but the wash command bugs and always gives 00 for signal strength.)
My chipset is Intel Corporation Wireless 7265 (rev. 59), driver is iwlwifi. I tried to use

Code:

tcpdump -i wlan0mon -s0 -w broken_reaver.pcap

but my capture is always empty. Any help would be greatly appreciated.

[rev1500]

i have been doing a lot of reading up on this because im having some of the same issues one of my AP's just times out or i get error code 0x03
or sometimes it dose what you are having problems with so what i found a lot of people saying the chip set that the AP uses has a lot to do with it

my linksys with wps i can not get anywhere with i have tried everything that i have seen might work and it will just not give me anything
but my Internet provider router witch is arris will crack the wps pin but then i have problems with it associating to finish cracking the wpa key

so long story short i think it has a lot to do with the AP you are trying the attack on

[Elwood]

Thanks for the answer. I have tried my luck on other AP's, but I see the same behavior. Perhaps I've been unlucky, but I would think that my problem is not related to the AP.

[mmusket33]

Are you by chance spoofings your mac address and failed to put the --mac= in the command line. MTeams suggest after you run reaver then run airodump-ng -c --bssid mon0 on the same channel and point airodump-ng at the target by including the mac address of the target and see what mac address your device is using when reaver tries to collect pins. Make sure the mac address of your device seen when you type ifconfig is the same mac address as reaver is using. Airodump-ng will show you exactly what is occuring with reaver reference mac address being used.

MTeams

[Elwood]

I'm booting Kali Linux from a usb drive and then apply the commands above, I'm not spoofing my mac address. airodump-ng -c --bssid wlan0mon shows a steady increase in the "Beacons" column, but I'm not sure what you wanted me to check with this command. I don't understand well what you suggest me to do, but my understanding is that this was assuming I was spoofing my mac adrress, which I think I am not.

[mmusket33]

To Elwood

Yes you assumed correctly. If you were spoofing your mac address airodump-ng would show the error if there was one. Reaver can fail if you spoof your mac incorrectly and/or do not include the spoofed mac in the reaver command line. Since you are Not spoofing your mac then this suggestion does not apply.

MTeams

[John_Doe]

Hello Elwood,
Can you buy or borrow a usb wifi adapter that has a Ralink 3070 or 3072 chipset, or else an adapter with an Atheros chipset? because I think you'll have excellent results then.

[Elwood]

Hello John_Doe,

You're right, I could buy wifi adapters until things work. But I find it a bit disappointing, no? My motivation is not just to crack things, but to understand how things work. My wireless card seems to be able to do certain things, but not to get reaver to work. Is there really no way to fix it? On the documentation of aircrack-ng, they seem to be very confident that "everything" works fine with the wireless card I have.

[John_Doe]

Really? aircrack-ng's documentation says your chip is supported? Do they tell you to blacklist your iwlwifi driver, and compile a backports driver?
Clearly, your driver lacks some needed information, proven in that nothing is saved by tcpdump. Wash telling you a 0 signal strength is further proof that your driver isn't fully compatible.

[Elwood]

@John_Doe: thanks for your answer. I'm not sure about the compatibility with aircrack-ng. I just read there that

Intel wireless cards are common devices found inside most laptops apart from Broadcom, Atheros, Ralink and Realtek. These devices has native linux support and generally do work well

so I took it that it meant it should work. I'll follow your advice and buy a usb wifi adapter then. Would a Ralink 5370 work fine? (How can I know for sure what would work?)

[John_Doe]

I've only seen 5370's in ultra small dongles, which I never use, so I don't know. The X-Media usb wifi adapter with the RT3072 chipset works fabulous, for something like sixteen bucks and change off Ebay.