Reaver With Mac Changer Option

[Ted Summers]

Okay so I had been testing Reaver and noticed that I was getting EAPOL Time Out errors with some routers. After doing some research I came up on a thread in the Reaver Wiki that had a modified Reaver 1.4 with Mac Changer option.

https://code.google....s/detail?id=258

Does the version of Reaver used with the MK4 (ipk) support Mac Changer? Also I am about to start testing this version but was wondering has already had any experience with this version? In other word did it help?

Thanks

PS: Please move to the Reaver/ Firmware Thread if needed, I am unable to delete post and move it there myself.

Edited September 3, 2012 by Ted Summers

[PineDominator]

Okay so I had been testing Reaver and noticed that I was getting EAPOL Time Out errors with some routers. After doing some research I came up on a thread in the Reaver Wiki that had a modified Reaver 1.4 with Mac Changer option.

https://code.google....s/detail?id=258

Does the version of Reaver used with the MK4 (ipk) support Mac Changer? Also I am about to start testing this version but was wondering has already had any experience with this version? In other word did it help?

Thanks

PS: Please move to the Reaver/ Firmware Thread if needed, I am unable to delete post and move it there myself.

my experience with reaver on bt is if you change the mac address you also have to specify that changed mac address with reaver, I forget what option it is.

[Ted Summers]

@peterfm

Yes, that is true for the standard compile, but for the modified version of reaver1.4 it will change the mac for you. The output from the modified version looks like:

[+] Using MAC BC:99:47:B7:03:E9
[+] Trying pin 00485678
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Received M1 message
[+] Received M1 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M3 message
[+] Received M3 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Using MAC BC:99:47:B7:03:E8
[+] Trying pin 00495677
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Received M1 message
[+] Received M1 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M3 message
[+] Received M3 message
[+] Received M3 message
[+] Received WSC NACK
[+] Sending WSC NACK
[+] Using MAC BC:99:47:B7:03:E7
[+] Trying pin 00505673


On the first try, reaver is using the client MAC "BC:99:47:B7:03:E9" (it is not a real MAC, I'm just using for the example), on the second, "BC:99:47:B7:03:E8", on the third, "BC:99:47:B7:03:E7". Well, after the use of the MAC "BC:99:47:B7:03:E0", reaver will start again on "BC:99:47:B7:03:E9".

PS: At the least what it is doing is changing the mac address that it is reporting to the router.

Edited September 3, 2012 by Ted Summers

[Battery_]

Another reaver method that has worked for me in the past with the timeout issue is to make it increase the time before retrying. 7 seconds has seemed to work really well, obviously taking longer to crack though....