My impression is that Reaver is becoming increasingly unusable due to the fact that router manufacturers have compensated for its abilities and for those of similar tools like Bully.
In particular, the problem is one of WPS locking.
For example:
[+] Associated with 00:11:22:33:44:55 (ESSID: XXXXXXX)
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
And so on....
I check with wash and it tells me the WPS is locked.
I have tried the -L option which supposedly ignores the locked state.
[+] Trying pin 000966329
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 00096639
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
And so on...
Two questions:
1. My impression is that there is no way to overcome a WPS Locked situation. One just has to wait until the WPS becomes unlocked. How long does this take on average? I've waited several hours and wash still says the AP is locked. Is there a specific time limit? Or is it until the router is manually reset?
2. Are there any alternative tools that people would recommend? I've briefly tried Bully but it still has the same problem which makes sense since the issue is not with Reaver but with the AP itself. Or perhaps a tool that does not crack WPS. I used Pyrit some time ago but was never successful. I also once tried a commercial WPS cracker but that also failed.
Also - this is an interesting link about the limitations of Reaver in the context of WPS locking:
http://sethioz.com/mediawiki/index.p...PA/WPA2/WEP%29
The authors suggestion is to be ultra-cautious and use -d 300 to prevent WPS locking. This does, of course, mean that any success will take ages.