Jump to content

How can I make Reaver better?


Recommended Posts

I'm by no means a pro, but wireless juju is the realm of hacking that appeals to me the most, and it's what I've spent the most time toying with. I have some questions regarding Reaver. I HAVE been using it successfully, but as with any computer geek/gamer, I want it to go faster. =) Basically I'm trying to better understand exactly what factors affect the speed that Reaver attempts to crack WPS pins at. I know the obvious one, signal strength. Being further away from the AP, crappy wireless receivers and such will degrade the signal and make it more difficult to communicate. What I'm wondering is if that's all there is, or if there's a hardware component involved. On the surface, I'd think not, since it's a fairly small list of possible pins (when compared to the colossally more massive brute forcing of other types of passwords and keys), and it's going through them one by one. But like I said, I'm not an expert, so I figured I'd ask here and see if we can start a discussion about ways to optimize Reaver. I've read up a bit on toying with your options based on what types of security measures or limits might be in place on the router, causing timeouts and lockouts of course, still trying to get a grasp on what all is available there though.

1. Is there any real hardware component that affects reaver speeds at all?

2. Is there a base signal strength that is the "minimum" to even attempt? Or recommended? (for obvious cases when you can't physically sit on top of the AP)

3. Optimal recommendations for wireless adapters/antennae? Primarily in regards to speed, but also distance. (I currently use this [http://www.newegg.com/Product/Product.aspx?Item=9SIA3NY18R7732] but with a 9dBi omni.]

4. I know next to nothing about the advanced options in Reaver, any basic suggestions? (Obviously I can and will be researching and learning this on my own, so if you're one of those people who gets pissed off at anyone asking for info that can be found elsewhere, kindly ignore this portion, just trying to get peer feedback aside from a static web tutorial)

Thanks for taking the time to read this, I've been a lurker here for about 2 years, and I'm trying my best to learn more and hope to become more active. =)

Edited by Phreakdaline5
Link to comment
Share on other sites

Try changing it like in these examples, might help

By default, Reaver has a 1 second delay between pin attempts. You can disable this delay by adding '-d 0' on the command line, but some APs may not like it:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv -d 0

Another option that can speed up an attack is --dh-small. This option instructs Reaver to use small diffie-hellman secret numbers in order to reduce the computational load on the target AP:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv --dh-small

Link to comment
Share on other sites

Thanks for the response fernandoblazin. I am using --dh-small, seem to get about the same speeds whether I use it or not. I understand the concept of what it's supposed to do, so I know that doesn't make sense, but it's what I'm seeing. Also with removing the attempt delay altogether, I'd think that would lock me out of an AP much faster. I suppose if I had an AP that wasn't limiting rates at all it would be really nice, but one of my concerns is trying to avoid those timeouts of 60 seconds or more, which clearly slow things down quite a bit. I've tried even increasing the delay between attempts to a few seconds to try and circumvent that measure, but it seems that no matter what I do I get that "warning detected ap rate limiting waiting 60 seconds before re-checking" message that really bogs things down. Even if some measure I used increased the actual pin cracking time, if I could avoid that it'd speed me up in the long run. :D

Link to comment
Share on other sites

It really looks like it's AP-dependent. It probably slows you down after N bad tries, whether you are pushing that fast or not. If so, there's nothing you can do actually. Well, perhaps changing the MAC address to see if the slow-down is related only to your MAC or not, and if so, make a wrapper script that tries N pins, change MAC address, and start over.

Link to comment
Share on other sites

Hmm that would be an interesting little tool to work on my scripting ha ha. I did, after a good few hours of attempts, change my MAC just to try it out. No particular reason at the time, this is all for education after all so I figured why not. I didn't notice any increase in speed or performance change at all. Are you suggesting that it's a sort of MAC blacklisting or limiting based on the number of sequential attempts? If that's the case yeah I can see why that would be a problem, and one MAC change wouldn't necessarily help. Of course like you said, it could just be the AP, and there's not much I can do. Good stuff though, thanks for the response. Going to see now if I can make Python do what I tell it to. (Not likely =p)

Link to comment
Share on other sites

Here is a start of a script I had written a while ago that I haven't had time to finish. It is designed to run on kali linux, it will not work on the pineapple unless altered due to it spawning a new gnome terminal. A bit more needs to be added and functions created to handle the looping, etc.. Hope this helps, I can assist you when I have time. Feel free to shoot me a message/post here.


Edit: Code removed. I accidently posted test code, many error not to mention it wouldn't function, I will post as soon as I get time to locate my partially functioning script. Sorry.

Edited by THCMinister
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...