(how to) reaver dropbox... raspberry pi...

[ZaraByte]

a quick search and I found ruby install guides for openwrt.

I believe in kali, openwrt has to many limitations... I plan on buying a new device to replace the pi... the amount of cords connected to my pi resembles a hot mess...

If I can eliminate the powered usb hub, maybe i can with a 12v orange slice?

Mobile is key

The biggest issue is portable and not needing a Alfa AWUS036H being connected to it or an adapter sticking out.

I think this ruby script would be nice for the pineapple and if it worked for the pineapple it would work for other stuff using OpenWRT.

I'd love to use a TP-LINK MR3040 with a script like this I'm glad I thought about the issues I was gonna have before I bought the TP-LINK MR3040 I think im spend my money on getting a Tascam recorder to work on external auto recording for my videos.

[i8igmac]

I have not found a device that suits my needs, but I found this device is supported by kali...

Built in wifi with detachable antenna!

32g ssd!

12v power (no need for usb hub)

NVIDIA gpu! (Cuda cracking!)

Edited September 25, 2015 by i8igmac

[DataHead]

In older versions we had -K 1 2 3 as seperate options to pass through to pixiewps, and use the appropriate mode in pixiewps. This has long since changed, and only -K 1 is required for the automation of pixiewps.

Also, In updated versions, there is a -H option added to reaver, that saves log files in the executing directory of pixiehashes from tested AP's. This implementation in your script could also prove helpful in testing which target aps have been tested or not.

As far as the script on the pineapple, it does work with some modifications to the script ( because the build of the pixie compatible reaver in the repo, is newer than what's stock in Kali / nethunter ). And ruby is among some of the things I initially install, so yes, it is functional.

All in all, very nice and useful script :-) I don't really see a need for a shell script port, as ruby is also widely supported on many platforms.

Edited September 25, 2015 by DataHead

[ZaraByte]

I have not found a device that suits my needs, but I found this device is supported by kali...

Built in wifi with detachable antenna!

32g ssd!

12v power (no need for usb hub)

NVIDIA gpu! (Cuda cracking!)

I's that the Trim-Slice your talking about :B

[i8igmac]

Lol yes...

[ZaraByte]

Lol yes...

I heard the wireless chip set doesn't support monitor mode so that is kind of a disappointment thinking about ordering one of these myself Thursday im gonna be really broke and possibly end up with my internet turned off over ordering one of these cause I make sadly $300 a month income with all the other stuff I need to pay so either I lose internet for a month or a buy one of these silly things LOL.

By the way hopefully you can update your code to use the -f if the normal try fails because my router is vulnerable to the pixiewps attack however this ruby isn't getting the pin it says use the -f

Was testing out

https://www.youtube.com/watch?v=ocj4B1nmZzQ

Shared it on LinkedIn

http://www.linkedin.com/pulse/auto-wps-attacking-using-ruby-matthew-knight

Edited September 26, 2015 by ZaraByte

[ZaraByte]

I've transferred Kali Pi 2.0 and 1.1.0 over to a micro-sd card like over 10 times just displays no signal on my TV however when I install NOOBS every thing is fine I honestly don't get what can be wrong I used dd i've tried using Win32DiskImager shows no signal on my TV I can't even get inside the micro-sd card to check and make sure files were transferred over because it doesn't show as a mounted device after I burn the img onto the micro-sd card.

[i8igmac]

I've transferred Kali Pi 2.0 and 1.1.0 over to a micro-sd card like over 10 times just displays no signal on my TV however when I install NOOBS every thing is fine I honestly don't get what can be wrong I used dd i've tried using Win32DiskImager shows no signal on my TV I can't even get inside the micro-sd card to check and make sure files were transferred over because it doesn't show as a mounted device after I burn the img onto the micro-sd card.

i have experienced this same kind of non working kali pi because of the wrong file download, it took me a few tries... it looks like the latest download is kali 2.0.1...

https://www.offensive-security.com/kali-linux-vmware-arm-image-download/

[ZaraByte]

i have experienced this same kind of non working kali pi because of the wrong file download, it took me a few tries... it looks like the latest download is kali 2.0.1...

https://www.offensive-security.com/kali-linux-vmware-arm-image-download/

Wow downloaded from that link and it worked first try I've been trying to use from https://www.kali.org/downloads/all this time. Thanks for the help man been going at this for months now I thought it was bad SD cards or something

Edited October 8, 2015 by ZaraByte

[i8igmac]

Wow downloaded from that link and it worked first try I've been trying to use from https://www.kali.org/downloads/all this time. Thanks for the help man been going at this for months now I thought it was bad SD cards or something

Every time I see a post about a raspberry kali install not working... its the wrong download link... kali.org keeps changing the downloads page, it looks good now but I'm sure will change again...

[ZaraByte]

Every time I see a post about a raspberry kali install not working... its the wrong download link... kali.org keeps changing the downloads page, it looks good now but I'm sure will change again...

Kali Pi must really be stripped because reaver is missing wash is missing

[IvanDoe]

Kali Pi must really be stripped because reaver is missing wash is missing

​Kali for arm devices ( from what i tested on raspberry pi and odroid) comes with basic stuff.

​You can install meta packages or individual tools you wish to have.

​https://www.kali.org/news/kali-linux-metapackages/

​http://tools.kali.org/kali-metapackages

[i8igmac]

to complete your installation process there are a few steps to expanding the size of the partition... slide the sd card into a labtop and use the expand tool with gparted...

Boot up kali and Apt-cache search kali

Install kali wireless and any others that look useful... then find a tutorial for creating a backup iso with the linux tool dd

This will save you loads of time if you have to reinstall :-)

I have done this with my kali pi and my raspxbmc

[ZaraByte]

Trim slice is out of my price range right now im planning to build a Hackintosh coming into 2016 so I can ditch Windows I have to many issues with Linux distros that I can't just move over to linux just yet. I don't feel like googling my linux issues all day trying to fix them.

[Yvette]

Hello,

is this script working?

I install it in my Pi and it is running.

I am getting these lines in my terminal(no errors):

wlan0 scanning with wash

1 CE:81:17:56:12:10

1 AA:12:45:24:67:67

6 BB:12:12:12:12:12

change 1

down

changemac

up

reaver -i wlan0 -vv -b CE:81:17:56:12:10 -c 1

wlan0 CE:81:17:56:12:10: [+] Switching wlan0 to channel 1

change 1

down

changemac

up

reaver -i wlan0 -vv -b AA:12:45:24:67:67 -c 1

wlan0 AA:12:45:24:67:67: [+] Switching wlan0 to channel 1

waiting for device to free up... redo

change 6

down

changemac

up

reaver -i wlan0 -vv -b BB:12:12:12:12:12 -c 6

wlan0 BB:12:12:12:12:12: [+] Switching wlan0 to channel 6

wlan0 scanning with wash

..... and again the same...

In my folder there are the log files:

log_all_CE:81:17:56:12:10

log_all_AA:12:45:24:67:67

log_all_BB:12:12:12:12:12

If i open one(log_all_CE:81:17:56:12:10):

Wlan0 CE:81:17:56:12:10: [+] Switching wlan0 to channel 1

Wlan0 CE:81:17:56:12:10: [+] Switching wlan0 to channel 1

Wlan0 CE:81:17:56:12:10: [+] Switching wlan0 to channel 1

.....same line again...

Wlan0 CE:81:17:56:12:10: [+] Switching wlan0 to channel 1

Each time the script loop it adds one line more.

After 12hours and nothing has change.

Is it working correct?

Each file inside has 1200lines.

Thank you.

[ZaraByte]

@Yvette what wireless adapter are you using also you might wanna double check the router is vulnerable to WPS.

[i8igmac]

If the access point is unresponsive and no pins are exchanged... I would think the access point is not vulnerable or out of range...

Edited February 13, 2016 by i8igmac

[Yvette]

Hi,

Sorry for the slow reply.

@ZaraByte I am using TP-Link TW722N. The wireless adapter is in one corner of the room and in the other corner is the router TP-Link WR741ND. The antennas are correct. I am trying to crack wpa2 with wps on a free router that i got.

I made a new sd card with a fresh Raspberry Jessie and installed everything.

My card is listed in:

iwconfig:

wlan0     IEEE 802.11bgn  ESSID:"Ecocare"
          Mode:Managed  Frequency:2.437 GHz  Access Point: 94:A7:B7:39:34:2C
          Bit Rate=108 Mb/s   Tx-Power=20 dBm
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=30/70  Signal level=-80 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:80   Missed beacon:0

lo        no wireless extensions.

eth0      no wireless extensions.

lsusb:

Bus 001 Device 008: ID 125f:312b A-DATA Technology Co., Ltd. Superior S102 Pro
Bus 001 Device 007: ID 04f3:0103 Elan Microelectronics Corp. ActiveJet K-2024 Multimedia Keyboard
Bus 001 Device 006: ID 045e:0084 Microsoft Corp. Basic Optical Mouse
Bus 001 Device 005: ID 0451:2046 Texas Instruments, Inc. TUSB2046 Hub
Bus 001 Device 004: ID 0cf3:9271 Atheros Communications, Inc. AR9271 802.11n
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

dmesg:

[    0.000000] Booting Linux on physical CPU 0x0
[    0.000000] Initializing cgroup subsys cpuset
[    0.000000] Initializing cgroup subsys cpu
[    0.000000] Initializing cgroup subsys cpuacct
[    0.000000] Linux version 4.1.17+ (dc4@dc4-XPS13-9333) (gcc version 4.8.3 20140303 (prerelease) (crosstool-NG linaro-1.13.1+bzr2650 - Linaro GCC 2014.03) ) #838 Tue Feb 9 12:57:10 GMT 2016
[    0.000000] CPU: ARMv6-compatible processor [410fb767] revision 7 (ARMv7), cr=00c5387d
[    0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
[    0.000000] Machine model: Raspberry Pi Model B Rev 2
[    0.000000] cma: Reserved 8 MiB at 0x1b400000
[    0.000000] Memory policy: Data cache writeback
[    0.000000] On node 0 totalpages: 114688
[    0.000000] free_area_init_node: node 0, pgdat c0833994, node_mem_map db010000
[    0.000000]   Normal zone: 1008 pages used for memmap
[    0.000000]   Normal zone: 0 pages reserved
[    0.000000]   Normal zone: 114688 pages, LIFO batch:31
[    0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
[    0.000000] pcpu-alloc: [0] 0
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 113680
[    0.000000] Kernel command line: dma.dmachans=0x7f35 bcm2708_fb.fbwidth=1184 bcm2708_fb.fbheight=624 bcm2708.boardrev=0x100000e bcm2708.serial=0x9196518b smsc95xx.macaddr=B8:27:EB:96:51:8B bcm2708_fb.fbswap=1 bcm2708.uart_clock=3000000 sdhci-bcm2708.emmc_clock_freq=250000000 vc_mem.mem_base=0x1ec00000 vc_mem.mem_size=0x20000000  dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait
[    0.000000] PID hash table entries: 2048 (order: 1, 8192 bytes)
[    0.000000] Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
[    0.000000] Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
[    0.000000] Memory: 436860K/458752K available (5771K kernel code, 488K rwdata, 1788K rodata, 348K init, 720K bss, 13700K reserved, 8192K cma-reserved)
[    0.000000] Virtual kernel memory layout:
    vector  : 0xffff0000 - 0xffff1000   (   4 kB)
    fixmap  : 0xffc00000 - 0xfff00000   (3072 kB)
    vmalloc : 0xdc800000 - 0xff000000   ( 552 MB)
    lowmem  : 0xc0000000 - 0xdc000000   ( 448 MB)
    modules : 0xbf000000 - 0xc0000000   (  16 MB)
      .text : 0xc0008000 - 0xc076a0cc   (7561 kB)
      .init : 0xc076b000 - 0xc07c2000   ( 348 kB)
      .data : 0xc07c2000 - 0xc083c278   ( 489 kB)
       .bss : 0xc083c278 - 0xc08f03e0   ( 721 kB)
[    0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[    0.000000] NR_IRQS:522
[    0.000000] clocksource stc: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275 ns
[    0.000013] sched_clock: 32 bits at 1000kHz, resolution 1000ns, wraps every 2147483647500ns
[    0.000052] Switching to timer-based delay loop, resolution 1000ns
[    0.000333] Console: colour dummy device 80x30
[    0.001248] console [tty1] enabled
[    0.001302] Calibrating delay loop (skipped), value calculated using timer frequency.. 2.00 BogoMIPS (lpj=10000)
[    0.001381] pid_max: default: 32768 minimum: 301
[    0.001746] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.001811] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.002855] Initializing cgroup subsys blkio
[    0.002943] Initializing cgroup subsys memory
[    0.003007] Initializing cgroup subsys devices
[    0.003065] Initializing cgroup subsys freezer
[    0.003121] Initializing cgroup subsys net_cls
[    0.003231] CPU: Testing write buffer coherency: ok
[    0.003343] ftrace: allocating 19733 entries in 58 pages
[    0.105682] Setting up static identity map for 0x81c0 - 0x81f8
[    0.107800] devtmpfs: initialized
[    0.118432] VFP support v0.3: implementor 41 architecture 1 part 20 variant b rev 5
[    0.118889] clocksource jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[    0.120825] pinctrl core: initialized pinctrl subsystem
[    0.121733] NET: Registered protocol family 16
[    0.127307] DMA: preallocated 4096 KiB pool for atomic coherent allocations
[    0.128797] bcm2708.uart_clock = 3000000
[    0.133645] hw-breakpoint: found 6 breakpoint and 1 watchpoint registers.
[    0.133723] hw-breakpoint: maximum watchpoint size is 4 bytes.
[    0.133931] Serial: AMBA PL011 UART driver
[    0.134236] 20201000.uart: ttyAMA0 at MMIO 0x20201000 (irq = 83, base_baud = 0) is a PL011 rev2
[    0.509091] console [ttyAMA0] enabled
[    0.513490] bcm2835-mbox 2000b880.mailbox: mailbox enabled
[    0.559040] bcm2708-dmaengine 20007000.dma: DMA legacy API manager at f2007000, dmachans=0xf35
[    0.567890] bcm2708-dmaengine 20007000.dma: Initialized 7 DMA channels (+ 1 legacy)
[    0.576384] bcm2708-dmaengine 20007000.dma: Load BCM2835 DMA engine driver
[    0.583360] bcm2708-dmaengine 20007000.dma: dma_debug:0
[    0.589467] SCSI subsystem initialized
[    0.593657] usbcore: registered new interface driver usbfs
[    0.599300] usbcore: registered new interface driver hub
[    0.604902] usbcore: registered new device driver usb
[    0.610871] raspberrypi-firmware soc:firmware: Attached to firmware from 2016-02-01 17:51
[    0.646678] Switched to clocksource stc
[    0.695887] FS-Cache: Loaded
[    0.699262] CacheFiles: Loaded
[    0.717458] NET: Registered protocol family 2
[    0.723295] TCP established hash table entries: 4096 (order: 2, 16384 bytes)
[    0.730563] TCP bind hash table entries: 4096 (order: 2, 16384 bytes)
[    0.737171] TCP: Hash tables configured (established 4096 bind 4096)
[    0.743770] UDP hash table entries: 256 (order: 0, 4096 bytes)
[    0.749728] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[    0.756394] NET: Registered protocol family 1
[    0.761431] RPC: Registered named UNIX socket transport module.
[    0.767486] RPC: Registered udp transport module.
[    0.772219] RPC: Registered tcp transport module.
[    0.776985] RPC: Registered tcp NFSv4.1 backchannel transport module.
[    0.784742] hw perfevents: enabled with armv6_1176 PMU driver, 3 counters available
[    0.793875] futex hash table entries: 256 (order: -1, 3072 bytes)
[    0.816010] VFS: Disk quotas dquot_6.6.0
[    0.820543] VFS: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
[    0.830156] FS-Cache: Netfs 'nfs' registered for caching
[    0.836945] NFS: Registering the id_resolver key type
[    0.842161] Key type id_resolver registered
[    0.846374] Key type id_legacy registered
[    0.854143] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 252)
[    0.862147] io scheduler noop registered
[    0.866139] io scheduler deadline registered (default)
[    0.871813] io scheduler cfq registered
[    0.878160] BCM2708FB: allocated DMA memory 5b800000
[    0.883239] BCM2708FB: allocated DMA channel 0 @ f2007000
[    0.899524] Console: switching to colour frame buffer device 148x39
[    0.913655] Serial: 8250/16550 driver, 0 ports, IRQ sharing disabled
[    0.921832] vc-cma: Videocore CMA driver
[    0.925878] vc-cma: vc_cma_base      = 0x00000000
[    0.930755] vc-cma: vc_cma_size      = 0x00000000 (0 MiB)
[    0.939122] vc-cma: vc_cma_initial   = 0x00000000 (0 MiB)
[    0.947787] vc-mem: phys_addr:0x00000000 mem_base=0x1ec00000 mem_size:0x20000000(512 MiB)
[    0.978505] brd: module loaded
[    0.993666] loop: module loaded
[    1.000998] vchiq: vchiq_init_state: slot_zero = 0xdb880000, is_master = 0
[    1.012945] Loading iSCSI transport class v2.0-870.
[    1.022495] usbcore: registered new interface driver smsc95xx
[    1.031473] dwc_otg: version 3.00a 10-AUG-2012 (platform bus)
[    1.240508] Core Release: 2.80a
[    1.246584] Setting default values for core params
[    1.254347] Finished setting default values for core params
[    1.463218] Using Buffer DMA mode
[    1.469582] Periodic Transfer Interrupt Enhancement - disabled
[    1.478401] Multiprocessor Interrupt Enhancement - disabled
[    1.486944] OTG VER PARAM: 0, OTG VER FLAG: 0
[    1.494232] Dedicated Tx FIFOs mode
[    1.501109] WARN::dwc_otg_hcd_init:1047: FIQ DMA bounce buffers: virt = 0xdb814000 dma = 0x5b814000 len=9024
[    1.514015] FIQ FSM acceleration enabled for :
Non-periodic Split Transactions
Periodic Split Transactions
High-Speed Isochronous Endpoints
[    1.542179] dwc_otg: Microframe scheduler enabled
[    1.542306] WARN::hcd_init_fiq:412: FIQ on core 0 at 0xc03d7f70
[    1.551165] WARN::hcd_init_fiq:413: FIQ ASM at 0xc03d8248 length 36
[    1.560230] WARN::hcd_init_fiq:438: MPHI regs_base at 0xdc896000
[    1.569183] dwc_otg 20980000.usb: DWC OTG Controller
[    1.577116] dwc_otg 20980000.usb: new USB bus registered, assigned bus number 1
[    1.587468] dwc_otg 20980000.usb: irq 32, io mem 0x00000000
[    1.595988] Init: Port Power? op_state=1
[    1.602856] Init: Power Port (0)
[    1.609334] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002
[    1.619124] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    1.629280] usb usb1: Product: DWC OTG Controller
[    1.636934] usb usb1: Manufacturer: Linux 4.1.17+ dwc_otg_hcd
[    1.645626] usb usb1: SerialNumber: 20980000.usb
[    1.654352] hub 1-0:1.0: USB hub found
[    1.661269] hub 1-0:1.0: 1 port detected
[    1.668711] dwc_otg: FIQ enabled
[    1.668731] dwc_otg: NAK holdoff enabled
[    1.668743] dwc_otg: FIQ split-transaction FSM enabled
[    1.668797] Module dwc_common_port init
[    1.669344] usbcore: registered new interface driver usb-storage
[    1.678881] mousedev: PS/2 mouse device common for all mice
[    1.688644] bcm2835-cpufreq: min=700000 max=700000
[    1.696869] sdhci: Secure Digital Host Controller Interface driver
[    1.705968] sdhci: Copyright(c) Pierre Ossman
[    1.713903] mmc-bcm2835 20300000.mmc: mmc_debug:0 mmc_debug2:0
[    1.722751] mmc-bcm2835 20300000.mmc: DMA channels allocated
[    1.767307] sdhci-pltfm: SDHCI platform and OF driver helper
[    1.776424] ledtrig-cpu: registered to indicate activity on CPUs
[    1.785769] hidraw: raw HID events driver (C) Jiri Kosina
[    1.801019] usbcore: registered new interface driver usbhid
[    1.809537] usbhid: USB HID core driver
[    1.818981] Initializing XFRM netlink socket
[    1.826167] NET: Registered protocol family 17
[    1.833684] Key type dns_resolver registered
[    1.852296] registered taskstats version 1
[    1.859787] vc-sm: Videocore shared memory driver
[    1.867585] Indeed it is in host mode hprt0 = 00021501
[    1.935468] [vc_sm_connected_init]: start
[    1.943751] [vc_sm_connected_init]: end - returning 0
[    1.954293] Waiting for root device /dev/mmcblk0p2...
[    1.967530] mmc0: host does not support reading read-only switch, assuming write-enable
[    1.980600] mmc0: new high speed SDHC card at address b368
[    1.989853] mmcblk0: mmc0:b368 NCard 7.48 GiB
[    1.999020]  mmcblk0: p1 p2
[    2.076805] usb 1-1: new high-speed USB device number 2 using dwc_otg
[    2.087322] Indeed it is in host mode hprt0 = 00001101
[    2.158145] EXT4-fs (mmcblk0p2): mounted filesystem with ordered data mode. Opts: (null)
[    2.169445] VFS: Mounted root (ext4 filesystem) readonly on device 179:2.
[    2.180829] devtmpfs: mounted
[    2.188034] Freeing unused kernel memory: 348K (c076b000 - c07c2000)
[    2.317238] usb 1-1: New USB device found, idVendor=0424, idProduct=9514
[    2.327263] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[    2.339212] hub 1-1:1.0: USB hub found
[    2.347332] hub 1-1:1.0: 5 ports detected
[    2.606867] random: systemd urandom read with 63 bits of entropy available
[    2.623359] systemd[1]: systemd 215 running in system mode. (+PAM +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ -SECCOMP -APPARMOR)
[    2.643219] usb 1-1.1: new high-speed USB device number 3 using dwc_otg
[    2.653862] systemd[1]: Detected architecture 'arm'.
[    2.777285] usb 1-1.1: New USB device found, idVendor=0424, idProduct=ec00
[    2.787764] usb 1-1.1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[    2.823138] smsc95xx v1.0.4
[    2.832293] NET: Registered protocol family 10
[    2.842792] systemd[1]: Inserted module 'ipv6'
[    2.855260] systemd[1]: Set hostname to <pi>.
[    2.906535] smsc95xx 1-1.1:1.0 eth0: register 'smsc95xx' at usb-20980000.usb-1.1, smsc95xx USB 2.0 Ethernet, b8:27:eb:96:51:8b
[    3.016897] usb 1-1.2: new high-speed USB device number 4 using dwc_otg
[    3.099069] uart-pl011 20201000.uart: no DMA platform data
[    3.158124] usb 1-1.2: New USB device found, idVendor=0cf3, idProduct=9271
[    3.168910] usb 1-1.2: New USB device strings: Mfr=16, Product=32, SerialNumber=48
[    3.180136] usb 1-1.2: Product: USB2.0 WLAN
[    3.187913] usb 1-1.2: Manufacturer: ATHEROS
[    3.195659] usb 1-1.2: SerialNumber: 12345
[    3.286839] usb 1-1.3: new full-speed USB device number 5 using dwc_otg
[    3.399019] usb 1-1.3: New USB device found, idVendor=0451, idProduct=2046
[    3.409563] usb 1-1.3: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[    3.424536] hub 1-1.3:1.0: USB hub found
[    3.433759] hub 1-1.3:1.0: 4 ports detected
[    3.726817] usb 1-1.3.2: new low-speed USB device number 6 using dwc_otg
[    3.765976] systemd[1]: Starting Forward Password Requests to Wall Directory Watch.
[    3.778149] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
[    3.789549] systemd[1]: Expecting device dev-ttyAMA0.device...
[    3.803472] systemd[1]: Starting Remote File Systems (Pre).
[    3.817407] systemd[1]: Reached target Remote File Systems (Pre).
[    3.827455] systemd[1]: Starting Encrypted Volumes.
[    3.839929] systemd[1]: Reached target Encrypted Volumes.
[    3.849373] systemd[1]: Starting Arbitrary Executable File Formats File System Automount Point.
[    3.867989] systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point.
[    3.881573] systemd[1]: Starting Swap.
[    3.894044] systemd[1]: Reached target Swap.
[    3.902115] systemd[1]: Expecting device dev-mmcblk0p1.device...
[    3.916376] usb 1-1.3.2: New USB device found, idVendor=045e, idProduct=0084
[    3.926925] usb 1-1.3.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[    3.937798] usb 1-1.3.2: Product: Basic Optical Mouse
[    3.946069] usb 1-1.3.2: Manufacturer: Microsoft
[    3.954146] systemd[1]: Starting Root Slice.
[    3.965892] systemd[1]: Created slice Root Slice.
[    3.974185] systemd[1]: Starting User and Session Slice.
[    3.987566] systemd[1]: Created slice User and Session Slice.
[    3.998583] systemd[1]: Starting Delayed Shutdown Socket.
[    4.012605] systemd[1]: Listening on Delayed Shutdown Socket.
[    4.022075] systemd[1]: Starting /dev/initctl Compatibility Named Pipe.
[    4.040144] systemd[1]: Listening on /dev/initctl Compatibility Named Pipe.
[    4.052534] input: Microsoft Basic Optical Mouse as /devices/platform/soc/20980000.usb/usb1/1-1/1-1.3/1-1.3.2/1-1.3.2:1.0/0003:045E:0084.0001/input/input0
[    4.073545] systemd[1]: Starting Journal Socket (/dev/log).
[    4.087000] hid-generic 0003:045E:0084.0001: input,hidraw0: USB HID v1.10 Mouse [Microsoft Basic Optical Mouse] on usb-20980000.usb-1.3.2/input0
[    4.106358] systemd[1]: Listening on Journal Socket (/dev/log).
[    4.117047] systemd[1]: Starting udev Control Socket.
[    4.130895] systemd[1]: Listening on udev Control Socket.
[    4.140372] systemd[1]: Starting udev Kernel Socket.
[    4.153774] systemd[1]: Listening on udev Kernel Socket.
[    4.162983] systemd[1]: Starting Journal Socket.
[    4.175975] systemd[1]: Listening on Journal Socket.
[    4.184565] usb 1-1.3.3: new low-speed USB device number 7 using dwc_otg
[    4.195229] systemd[1]: Starting System Slice.
[    4.209220] systemd[1]: Created slice System Slice.
[    4.218094] systemd[1]: Starting File System Check on Root Device...
[    4.238217] systemd[1]: Starting system-systemd\x2dfsck.slice.
[    4.263320] systemd[1]: Created slice system-systemd\x2dfsck.slice.
[    4.277310] systemd[1]: Starting system-autologin.slice.
[    4.306367] systemd[1]: Created slice system-autologin.slice.
[    4.317373] systemd[1]: Starting system-serial\x2dgetty.slice.
[    4.344065] systemd[1]: Created slice system-serial\x2dgetty.slice.
[    4.354559] usb 1-1.3.3: New USB device found, idVendor=04f3, idProduct=0103
[    4.365351] usb 1-1.3.3: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[    4.378652] systemd[1]: Starting Increase datagram queue length...
[    4.409649] systemd[1]: Starting Restore / save the current clock...
[    4.422602] input: HID 04f3:0103 as /devices/platform/soc/20980000.usb/usb1/1-1/1-1.3/1-1.3.3/1-1.3.3:1.0/0003:04F3:0103.0002/input/input1
[    4.471333] systemd[1]: Starting udev Coldplug all Devices...
[    4.507257] hid-generic 0003:04F3:0103.0002: input,hidraw1: USB HID v1.11 Keyboard [HID 04f3:0103] on usb-20980000.usb-1.3.3/input0
[    4.537030] input: HID 04f3:0103 as /devices/platform/soc/20980000.usb/usb1/1-1/1-1.3/1-1.3.3/1-1.3.3:1.1/0003:04F3:0103.0003/input/input2
[    4.561042] systemd[1]: Mounting POSIX Message Queue File System...
[    4.627376] hid-generic 0003:04F3:0103.0003: input,hidraw2: USB HID v1.11 Device [HID 04f3:0103] on usb-20980000.usb-1.3.3/input1
[    4.701115] systemd[1]: Mounting Debug File System...
[    4.868293] systemd[1]: Started Set Up Additional Binary Formats.
[    4.888245] systemd[1]: Mounted Huge Pages File System.
[    4.918481] systemd[1]: Starting Load Kernel Modules...
[    4.946387] systemd[1]: Starting Create list of required static device nodes for the current kernel...
[    4.989651] systemd[1]: Starting Slices.
[    5.022415] systemd[1]: Reached target Slices.
[    5.047695] fuse init (API version 7.23)
[    5.067755] systemd[1]: Mounted Debug File System.
[    5.094858] i2c /dev entries driver
[    5.115451] systemd[1]: Mounted POSIX Message Queue File System.
[    5.133746] systemd[1]: Started File System Check on Root Device.
[    5.167902] systemd[1]: Started Increase datagram queue length.
[    5.185714] systemd[1]: Started Restore / save the current clock.
[    5.227067] systemd[1]: Started Load Kernel Modules.
[    5.257010] systemd[1]: Started Create list of required static device nodes for the current kernel.
[    5.293952] systemd[1]: Time has been changed
[    5.426655] systemd[1]: Started udev Coldplug all Devices.
[    5.660355] systemd[1]: Starting Create Static Device Nodes in /dev...
[    5.682957] systemd[1]: Mounting Configuration File System...
[    5.718691] systemd[1]: Starting Apply Kernel Variables...
[    5.746859] usb 1-1.3.4: new full-speed USB device number 8 using dwc_otg
[    5.802792] systemd[1]: Mounting FUSE Control File System...
[    5.884247] usb 1-1.3.4: not running at top speed; connect to a high speed hub
[    5.890692] systemd[1]: Starting Syslog Socket.
[    5.894870] usb 1-1.3.4: New USB device found, idVendor=125f, idProduct=312b
[    5.894905] usb 1-1.3.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[    5.894923] usb 1-1.3.4: Product: ADATA USB Flash Drive
[    5.894937] usb 1-1.3.4: Manufacturer: ADATA
[    5.894951] usb 1-1.3.4: SerialNumber: 1108170000000440
[    5.897921] usb-storage 1-1.3.4:1.0: USB Mass Storage device detected
[    5.907282] scsi host0: usb-storage 1-1.3.4:1.0
[    5.918604] systemd[1]: Listening on Syslog Socket.
[    5.918917] systemd[1]: Starting Journal Service...
[    5.956207] systemd[1]: Started Journal Service.
[    6.353170] systemd-udevd[94]: starting version 215
[    6.909682] scsi 0:0:0:0: Direct-Access     ADATA    USB Flash Drive  1.00 PQ: 0 ANSI: 6
[    6.911954] sd 0:0:0:0: [sda] 15433728 512-byte logical blocks: (7.90 GB/7.35 GiB)
[    6.913063] sd 0:0:0:0: [sda] Write Protect is off
[    6.913107] sd 0:0:0:0: [sda] Mode Sense: 23 00 00 00
[    6.914124] sd 0:0:0:0: [sda] Write cache: disabled, read cache: disabled, doesn't support DPO or FUA
[    6.938087] random: nonblocking pool is initialized
[    6.938248]  sda: sda1
[    6.943456] sd 0:0:0:0: [sda] Attached SCSI removable disk
[    8.380303] EXT4-fs (mmcblk0p2): re-mounted. Opts: (null)
[    9.468377] bcm2835-rng 20104000.rng: hwrng registered
[   10.458319] cfg80211: Calling CRDA to update world regulatory domain
[   11.879121] systemd-journald[92]: Received request to flush runtime journal from PID 1
[   12.442767] usb 1-1.2: ath9k_htc: Firmware htc_9271.fw requested
[   12.472234] usbcore: registered new interface driver ath9k_htc
[   12.733881] usb 1-1.2: ath9k_htc: Transferred FW: htc_9271.fw, size: 51272
[   12.979496] ath9k_htc 1-1.2:1.0: ath9k_htc: HTC initialized with 33 credits
[   13.607271] cfg80211: Calling CRDA to update world regulatory domain
[   14.526986] sd 0:0:0:0: Attached scsi generic sg0 type 0
[   15.205446] cfg80211: World regulatory domain updated:
[   15.205549] cfg80211:  DFS Master region: unset
[   15.205569] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[   15.205592] cfg80211:   (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[   15.205733] cfg80211:   (2457000 KHz - 2482000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[   15.205938] cfg80211:   (2474000 KHz - 2494000 KHz @ 20000 KHz), (N/A, 2000 mBm), (N/A)
[   15.205964] cfg80211:   (5170000 KHz - 5250000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (N/A)
[   15.206043] cfg80211:   (5250000 KHz - 5330000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (0 s)
[   15.206067] cfg80211:   (5490000 KHz - 5730000 KHz @ 160000 KHz), (N/A, 2000 mBm), (0 s)
[   15.206083] cfg80211:   (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[   15.206099] cfg80211:   (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 0 mBm), (N/A)
[   15.365340] gpiomem-bcm2835 20200000.gpiomem: Initialised: Registers at 0x20200000
[   15.422014] ath9k_htc 1-1.2:1.0: ath9k_htc: FW Version: 1.3
[   15.422114] ath9k_htc 1-1.2:1.0: FW RMW support: Off
[   15.422136] ath: EEPROM regdomain: 0x809c
[   15.422208] ath: EEPROM indicates we should expect a country code
[   15.422223] ath: doing EEPROM country->regdmn map search
[   15.422236] ath: country maps to regdmn code: 0x52
[   15.422249] ath: Country alpha2 being used: CN
[   15.422314] ath: Regpair used: 0x52
[   15.568389] ieee80211 phy0: Atheros AR9271 Rev:1
[   15.568766] cfg80211: Calling CRDA for country: CN
[   16.022790] cfg80211: Regulatory domain changed to country: CN
[   16.022831] cfg80211:  DFS Master region: FCC
[   16.022906] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[   16.022936] cfg80211:   (2402000 KHz - 2482000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[   16.022958] cfg80211:   (5170000 KHz - 5250000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2300 mBm), (N/A)
[   16.023038] cfg80211:   (5250000 KHz - 5330000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2300 mBm), (0 s)
[   16.023059] cfg80211:   (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 3000 mBm), (N/A)
[   16.023076] cfg80211:   (57240000 KHz - 59400000 KHz @ 2160000 KHz), (N/A, 2800 mBm), (N/A)
[   16.023095] cfg80211:   (59400000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 4400 mBm), (N/A)
[   16.023170] cfg80211:   (63720000 KHz - 65880000 KHz @ 2160000 KHz), (N/A, 2800 mBm), (N/A)
[   19.313847] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[   23.501553] wlan0: authenticate with 94:a7:b7:39:34:2c
[   24.504850] wlan0: send auth to 94:a7:b7:39:34:2c (try 1/3)
[   24.509072] wlan0: authenticated
[   24.516855] wlan0: associate with 94:a7:b7:39:34:2c (try 1/3)
[   24.521077] wlan0: RX AssocResp from 94:a7:b7:39:34:2c (capab=0x1411 status=0 aid=2)
[   24.546097] wlan0: associated
[   24.546228] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   24.554709] cfg80211: Calling CRDA for country: GR
[   24.795663] cfg80211: Regulatory domain changed to country: GR
[   24.795738] cfg80211:  DFS Master region: ETSI
[   24.795753] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[   24.795775] cfg80211:   (2402000 KHz - 2482000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[   24.795852] cfg80211:   (5170000 KHz - 5250000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (N/A)
[   24.795876] cfg80211:   (5250000 KHz - 5330000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (0 s)
[   24.795892] cfg80211:   (5490000 KHz - 5710000 KHz @ 160000 KHz), (N/A, 2700 mBm), (0 s)
[   24.795912] cfg80211:   (57000000 KHz - 66000000 KHz @ 2160000 KHz), (N/A, 4000 mBm), (N/A)
[   24.820424] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[   26.323697] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[   27.757268] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[   31.341453] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[   32.160748] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[   35.334659] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[   37.426397] Adding 102396k swap on /var/swap.  Priority:-1 extents:5 across:339968k SSFS
[   38.094844] smsc95xx 1-1.1:1.0 eth0: hardware isn't capable of remote wakeup
[   38.097090] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[   40.365616] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[   43.425539] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[   43.835229] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[   48.443519] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[   78.526163] FAT-fs (sda1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   99.747540] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[  114.697761] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[  125.757481] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[  129.751188] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[  134.257048] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[  137.738839] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[  188.326488] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[  731.075090] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[  735.285873] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[  739.064969] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[  750.634493] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[  765.176069] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[  765.380871] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[  966.914683] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c
[  971.627191] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 94:a7:b7:39:34:2c

Run:

$ sudo airmon-ng check kill

$ sudo airmon-ng start wlan0

iwconfig:

wlan0mon  IEEE 802.11bgn  Mode:Managed  Frequency:2.457 GHz  Tx-Power=20 dBm
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          
lo        no wireless extensions.

eth0      no wireless extensions.

Now i managed to run, but first everything looks ok and after 30sec i am getting error 0x03.

Sending M2 message

EAP_FAILURE: TERMINATE

Sending WSC NACK

WPS Transaction failed (code: 0x03), re-trying last pin

[AlfAlfa]

Well actually, 'wlan0mon IEEE 802.11bgn Mode:Managed' doesn't look right. It should be Mode: Monitor no?

When in that state try: 'iwconfig wlan0mon mode monitor'

Then iwconfig again, and see if it's in monitor, or if it is and it changes back after a short while, then something is manipulating it still.

As for getting stuck at the M2 message, I forgot whether it was -N (no nacks) or -n (always target ap nacks) that helped for getting passed that so try either one of those separately and see if it helps. Your device has to stay in monitor mode though or it's going to screw up.

Also you should make sure you're using the latest reaver, and latest pixiewps for best results: https://github.com/t6x/reaver-wps-fork-t6x&& https://github.com/wiire/pixiewps

Note: you'll have to build them manually if your package manager isn't holding an updated package, which is likely the case.

Edited February 19, 2016 by AlfAlfa

[Yvette]

Thank you,

MOde:monitor is ok now.

I am using the latest version of all apps.

1)What is the best arguments for Reaver to run in modern routers?

2)I tried Bully but i was getting "WPS lockout reported, ...43 minutes". Any ideas on this one.

If it was mac address the problem, then a simple script to run macchanger between each tries is a solution?

The router i am testing are :

New one, ZTE Speedport Entry 2i

TP-Link TL-WR741ND

[Yvette]

- Forgot

Bully commands:

bully -b 11:22:33:44:55:66 -N -c 1 wlan0mon

Also tried with

-l70 and --f