Reaver Pro ~~ Wifi Pineapple

[C0NFUS3D]

The new reaver pro looks promising, but the hardware appears to be similar to the wifi pineapple. This is not a big deal, but doesn't this also mean, we can maybe hack the pineapple to do this too?

I mean, maybe not using both features at the same time, but something like you have an option for Reaver or Jasager at boot? Just a thought at this time, but hmmmm...

[Bountyhunter50]

I was so confused by that too!! Personally I wouldn't hack my Pineapple for anything, but at least they have a proof of concept.

[Lord_humungus]

Why would you want to hak the pineapple anyway, you might as well go and hak your sound system. No offence intended.

[Foxtrot]

That hardware is the same as the pineapple.

[Sebkinne]

You can install reaver on the wifi pineapple!

[Bountyhunter50]

At least buy a second pineapple, so you have one (Actual) Wifi Pineapple , and the second one is your hack-apple (May it Rest In Peace)

[ZaraByte]

I talked to one of the guys whos promoting that Reaver Pro 2 he told me that they have completely improved reaver pro unlike the one they were selling before.

I'm still hoping they release the source or firmware they used for the AP-121U cause i can pick up AP-121U all day on Amazon for under $60 and sell them at the local flea market coming this winter.

[Mr-Protocol]

I'm pretty sure reaver is a package you an install from openWRT repos.

[ZaraByte]

You are correct ^ However he claims that it has been completely recoded i would assume the Reaver Pro makers got the idea from the way the Pineapple works.

Basically like the Pineapple has a folder on it called pineapple and then has all the goodies that make the pineapple be able to do the stuff it can do.

I'm sure they have a folder much like the pineapple which basically has their script that runs a improved reaver.

Edited October 17, 2013 by ZaraByte

[dustbyter]

Until someone who has purchased one discloses how the device works it may be somewhat hard for us to understand the layout. We are just speculating.

Additionally, they may have a separate code repository for the reaver code that goes on this device versus what is put out for the public.

[ZaraByte]

I'm still waiting to hear back from Terry Dunlap from Reaver Systems i swear he offered to get me a Reaver Pro to review for him but he hasn't gotten back to me yet today he said he was going to email me in the morning and that was Wednesday night i last talked to him so..

[Guest spazi]

I hope you get to review one, Really want some info on this product :)

[Mr-Protocol]

"Recoded" aka GUI? not sure. It will eventually be ported I'm sure, but the "old" version still works.

[ZaraByte]

He told me over comments on his video unboxing reaver pro that it has been completely recoded and doesn't use any of the past reaver code. He says that Craig Heffner has recoded it to be improved to the point that the old reaver pro and also the reaver found on code.google.com not as good as the new reaver pro.

The day is almost over here where i am i still haven't gotta my reply from Terry Dunlap from Reaver Systems about getting my hands on a Reaver Pro to review.

Until someone reviews it and tells people what their getting $200 is just in my view not worth it.

WPS has pretty much been address already and is only vulnerable to people that have not addressed the matter in their router same gos for WEP tons of people still use WEP but lets face it all the Reaver Pro does is crack WPS and nothing more?

Question is spend $200 on a device that limits me to doing one thing or buy a pineapple for $99 and get and extra $20 and buy me and Ubertooth and have double the fun for a little over $200.

Edited October 18, 2013 by ZaraByte

[Lockon]

I don't represent them but I understand why they sell their product. The basis is convenience and some are willing to pay for it. The unit is limited in that it only deals with WPS exploitation via their GUI-based Reaver Pro software. It's mainly a "set it and forget it" unit without the need for a computer/netbook. I would think that offering the Reaver Pro software for free and just charging for the standalone unit (for those who want it) for say $50 seems more reasonable, but that's just my .02. $200 for "only" WPS attacking seems outrageous IMHO.

I'll give it that the WiFi Pineapple by comparison is much more useful in that sense and with the new Mark V unit (hopefully they'll start shipping soon), the possibilities are even greater than with my current Mark IV.

[levisiccard]

I installed reaver on the pineapple with the opkg manager.

SSH into the pineapple with puTTY and run reaver from the command line (like you would in backtrack or kali linux).

Also airmon-ng and airodump-ng are working properly on the command line.

If you want it in a tiny machine and don't want to spend 200 dollars... that's the way to do it.

so:

# airmon-ng start wlan0 (or 1)

# airodump-ng mon0

wait a minute till all acces points show up

Choose your "victim" acces point

# reaver -i mon0 -b xx:xx:xx:xx:xx:xx -vv

just let it flow and see whats happening. Keep in mind that reaver is not a full proof method. It all depends on if there is WPS enabled and if the router you're trying to hack has a pin-limit.

greetz

[THCMinister]

Discount of $100 dollars. Use the code: XIAOPAN

[kevwhite]

I have the Reaver Pro device and its limited. They have compiled the kernel WITHOUT USB Support. Pain in my ass (apologies for my french)

Something I want to query... Is it possible for me to flash the Pineapple software onto this device for free?? Is that allowed by hak5??

Also I have checked the files they use. They have made there own branded version of aircrack on the device called aircracktns and they use php and sh scripts to run the commands. Very basic.

I wouldnt recommend to be honest. I am thinking of flashing my device to the pineapple software (only if its allowed and if it can be done)

[xrad]

I don't think you can, I think the Reaver Pro is 64mb.

https://forums.hak5.org/index.php?/topic/31321-ap121u-64mb-kernelpanic/

[shutin]

A "recoded" reaver? Yeah, that exists. It's called Bully and it's C.

Bully is a new implementation of the WPS brute force attack, written in C. It is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification. It has several advantages over the original reaver code. These include fewer dependencies, improved memory and cpu performance, correct handling of endianness, and a more robust set of options. It runs on Linux, and was specifically developed to run on embedded Linux systems (OpenWrt, etc) regardless of architecture.

Bully provides several improvements in the detection and handling of anomalous scenarios. It has been tested against access points from numerous vendors, and with differing configurations, with much success.

Bully requires libpcap and libssl. It uses WPS functionality written by Jouni Malinen; that source code is included in this repro for simplicity, as are libcrypto and several other sources that provide needed functionality.

Because Bully stores randomized pins and session data in normal files, there is no need for any database functionality.

Bully can be built and installed by running:

~/bully$ cd src
~/bully/src$ make
~/bully/src$ sudo make install