Jump to content
Hak5 Forums
DataHead

[Release] pixiewps 1.1 & reaver 1.5.2

Recommended Posts

DataHead   

a good "refresh" of the interfaces is good every now and then :-) also, make sure you

ifconfig wlan1 down

prior to reaver / wash / aircrack use.

Of course, replace wlan1 with whichever wlanx interface you put into monitor mode for reaver :-)

that can cause problems also if you don't. Glad you got it sorted :-)

Edited by DataHead

Share this post


Link to post
Share on other sites

Just reflashed my pineapple. I noticed that the Reaver in the repository is Endian 1, not the latest version.

EDIT: After reformatting my SD card and flashing firmware, something doesn't seem right. I've installed Reaver (Endian 2), and PixieWPS. (Also tried with Endian 1).

Installed to SD, followed the steps to get wash working.

But now I can't seem to get wash to find anything. Also WPS related functionality is gone from my pineapple, now matter what it's on. Some infusions will still find the AP, but show that it doesn't not have WPS enabled.

All done within bash, not ash:

ifconfig wlan0 down

airmon--ng start wlan0

wash -i mon0

Returns nothing

Using wash -i mon0 -C (Same with wash -i mon0 -C -s)

Returns [!] Found packet with bad FCS, skipping... (More than once)

autopixie.py

wash scan

mon0

Returns nothing

wifite-ng

scanning on mon0

Returns all access points, but fails to report WPS compatibility

Edited by Fallen Archangel

Share this post


Link to post
Share on other sites
DataHead   

Endian 1 in the repos is the latest version, that 2 was a naming incremental from my compiles.

If you need, follow the proper install chain ( just some proper symlinks).

This has been an issue for over a year or so, but not an issue with reaver or wash. It's across tons of different packages that if installed to sd, aren't linked properly to internal root

Another note, -C is now reverse functional. -C in the command disables, no -C in the command enables.

Try the wash command without -C

Edited by DataHead

Share this post


Link to post
Share on other sites
Bob_   

ifconfig wlan0 down

airmon--ng start wlan0

wash -i mon0

Returns nothing

Using wash -i mon0 -C (Same with wash -i mon0 -C -s)

Returns [!] Found packet with bad FCS, skipping... (More than once)

I had the exact same problem, here's what i did to fix this. I made sure wlan1 (try wlan1 for this, btw) was unchecked in the web interface and wasn't connected to anything (because im a newb :cool:). Went into ssh and made sure the adapter still showed in ifconfig (when it didn't show, i rebooted, this fixed it). Then i proceeded as normal with airmon-ng start wlan1, it seemed to work from there with no bad FCS messages. (as seen below)

For some reason when i put the BSSID into Reaver it doesn't associate, what causes this (or better yet what are some fixes)?

root@Pineapple:~# bash
root@Pineapple:~# airmon-ng start wlan1


Interface       Chipset         Driver

wlan1           Realtek RTL8187L        rtl8187 - [phy1]
                                (monitor mode enabled on mon0)
wlan0-1         Atheros AR9330  ath9k - [phy0]
IEEE            Unknown         Unknown (MONITOR MODE NOT SUPPORTED)
802.11bgn               Unknown         Unknown (MONITOR MODE NOT SUPPORTED)
Mode:Master             Unknown         Unknown (MONITOR MODE NOT SUPPORTED)
Tx-Power=12             Unknown         Unknown (MONITOR MODE NOT SUPPORTED)
dBm             Unknown         Unknown (MONITOR MODE NOT SUPPORTED)
wlan0           Atheros AR9330  ath9k - [phy0]

root@Pineapple:~# wash -i mon0 -C

Wash v1.5.2 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire & kib0rg

BSSID              Channel  RSSI  WPS Version  WPS Locked  ESSID
--------------------------------------------------------------------------------------
54:BE:F7:AC:34:08     1       -54   1.0          No          The Target AP
6C:B0:CE:00:DC:83     1       -65   1.0          No          Other AP
00:71:C2:8F:20:70     1       -59   1.0          No          Other AP
44:32:C8:C4:A7:10     1       -67   1.0          No          Other AP
10:0D:7F:66:F7:9E     3       -69   1.0          No          Other AP
94:10:3E:54:36:6C     5       -47   1.0          No          Other AP
90:EF:68:AF:27:E9     6       -59   1.0          No          Other AP
00:26:B8:F4:1A:64     7       -66   1.0          No          Other AP
B4:75:0E:97:01:36    11       -62   1.0          No          Other AP
20:76:00:90:89:C5    11       -57   1.0          No          Other AP
^C
root@Pineapple:~# reaver -i mon0 -c 1 -b 54:BE:F7:AC:34:08 -vv -S

Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire & kib0rg

[+] Switching mon0 to channel 1
[+] Waiting for beacon from 54:BE:F7:AC:34:08
[!] WARNING: Failed to associate with 54:BE:F7:AC:34:08 (ESSID: The Target AP)
^C
[+] Nothing done, nothing to save.

In other news, what's up with getting an infusion for this? I think i went crazy a bit messing with all this stuff, and an infusion would make this 100x easier.

Edited by Bob_
  • Upvote 1

Share this post


Link to post
Share on other sites
ZaraByte   

I had the exact same problem, here's what i did to fix this. I made sure wlan1 (try wlan1 for this, btw) was unchecked in the web interface and wasn't connected to anything (because im a newb :cool:). Went into ssh and made sure the adapter still showed in ifconfig (when it didn't show, i rebooted, this fixed it). Then i proceeded as normal with airmon-ng start wlan1, it seemed to work from there with no bad FCS messages. (as seen below)

For some reason when i put the BSSID into Reaver it doesn't associate, what causes this (or better yet what are some fixes)?

root@Pineapple:~# bash
root@Pineapple:~# airmon-ng start wlan1


Interface       Chipset         Driver

wlan1           Realtek RTL8187L        rtl8187 - [phy1]
                                (monitor mode enabled on mon0)
wlan0-1         Atheros AR9330  ath9k - [phy0]
IEEE            Unknown         Unknown (MONITOR MODE NOT SUPPORTED)
802.11bgn               Unknown         Unknown (MONITOR MODE NOT SUPPORTED)
Mode:Master             Unknown         Unknown (MONITOR MODE NOT SUPPORTED)
Tx-Power=12             Unknown         Unknown (MONITOR MODE NOT SUPPORTED)
dBm             Unknown         Unknown (MONITOR MODE NOT SUPPORTED)
wlan0           Atheros AR9330  ath9k - [phy0]

root@Pineapple:~# wash -i mon0 -C

Wash v1.5.2 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire & kib0rg

BSSID              Channel  RSSI  WPS Version  WPS Locked  ESSID
--------------------------------------------------------------------------------------
54:BE:F7:AC:34:08     1       -54   1.0          No          The Target AP
6C:B0:CE:00:DC:83     1       -65   1.0          No          Other AP
00:71:C2:8F:20:70     1       -59   1.0          No          Other AP
44:32:C8:C4:A7:10     1       -67   1.0          No          Other AP
10:0D:7F:66:F7:9E     3       -69   1.0          No          Other AP
94:10:3E:54:36:6C     5       -47   1.0          No          Other AP
90:EF:68:AF:27:E9     6       -59   1.0          No          Other AP
00:26:B8:F4:1A:64     7       -66   1.0          No          Other AP
B4:75:0E:97:01:36    11       -62   1.0          No          Other AP
20:76:00:90:89:C5    11       -57   1.0          No          Other AP
^C
root@Pineapple:~# reaver -i mon0 -c 1 -b 54:BE:F7:AC:34:08 -vv -S

Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212 & Wiire & kib0rg

[+] Switching mon0 to channel 1
[+] Waiting for beacon from 54:BE:F7:AC:34:08
[!] WARNING: Failed to associate with 54:BE:F7:AC:34:08 (ESSID: The Target AP)
^C
[+] Nothing done, nothing to save.

In other news, what's up with getting an infusion for this? I think i went crazy a bit messing with all this stuff, and an infusion would make this 100x easier.

Infusion is said to be in the works i believe whistlemaster said hes gonna add it into the WPS infusion

He possibly has to make alot of changes to the WPS infusion maybe due to changes with the modded reaver.

Share this post


Link to post
Share on other sites
Bob_   

Infusion is said to be in the works i believe whistlemaster said hes gonna add it into the WPS infusion

He possibly has to make alot of changes to the WPS infusion maybe due to changes with the modded reaver.

Im sure not that many changes will be necessary, the syntax and everything remains the same in reaver, it would only be a few features added or removed he would have to adjust for right?

Share this post


Link to post
Share on other sites
ZaraByte   

Im sure not that many changes will be necessary, the syntax and everything remains the same in reaver, it would only be a few features added or removed he would have to adjust for right?

Depends i dunno if anything was changed in the old reaver to the new reaver i think the new reaver requires the new aircrack-ng suits which might require a few changes since it now uses wlan0mon rather then mon0

Share this post


Link to post
Share on other sites
DataHead   

We didn't change much of the old functionality of reaver in our fork. The only changes were made that we did for the old reaver functionality is all bug fix / improvement, but wash has had a change in its -C switch being default implied ( reverse functionality ).

But we've added a ton of new features to reaver. So the old syntax is pretty much the same except for wash -C.

We didn't make it so it requires new aircrack-by 1.2 rc2, the wlan0mon etc references in the documentation, are there because now since 1.2 rc2, wlanXmon is the new standard default for airmon-ng interface naming. So you can use older versions of aircrack / airmon ( mon0 interfaces etc )

Regarding the infusion, I couldn't tell you what all will be done by whistlemaster, but all that needs to be done to bring it up to date, is just a bit of extra parsing / make use of and for the new commands we've added. But that all depends on how he wants the infusion to functionally work.

Edited by DataHead

Share this post


Link to post
Share on other sites
chaoslde   

hi guys,

i have a new mark V,and i installed the wps infusion, first thing is none of the tools while scanning show networks that have WPS on, despite the fact that i have make sured that there is WPS nets to attack.

the second thing reaver keep getting "not associating with ap", bully getting the -1 error and the option --ignore--negative-one dosent really help, connecting via ssh or the gui.

tried to scan with wash, via ssh and to tool getting stuck.

did i miss something..?

thanks in advance.

Share this post


Link to post
Share on other sites

Indeed, I'm working on the update which will come soon... But as DataHead said, there is not much to change to the code of the infusion.

Updated version is out !

Edited by Whistle Master
  • Upvote 1

Share this post


Link to post
Share on other sites

I still haven't been able to fix this issue, and it's happened multiple times before.
Restarting from a re-flash, I updated everything in the pineapple, installed pixiewps and reaver, installed the WPS infusion by Whistlemaster along with bully, and installed tmux (Tmux shouldn't have any effect, but I can't be sure. It's just a version of Screen.)

I can pickup APs, but nothing shows up as WPS compatible, even though they are. Using wash, with or without C, monitor mode or not, I pick up absolutely nothing.

To be sure it wasn't just my pineapple, I have a second one. I followed the exact same thing as before, except on this one I also installed the Wifite-ng mod by aanarchyy.

In the past, before trying to get this to work, the normal reaver would work fine and detect WPS compatibility.

Share this post


Link to post
Share on other sites

Same thing when used from command line. Doesn't give me any extra information either.

Since wash isn't able to find anything, none of the other applications and infusions can because they rely on it.

Share this post


Link to post
Share on other sites
DataHead   

If you did an sdcard install, can you verify that all symlinks are in place from following

mkdir /etc/reaver

ln -s /sd/etc/reaver/reaver.db /etc/reaver/

ln -s /sd/usr/bin/reaver /usr/bin/

ln -s /sd/usr/bin/wash /usr/bin/

Share this post


Link to post
Share on other sites

If you did an sdcard install, can you verify that all symlinks are in place from following

mkdir /etc/reaver

ln -s /sd/etc/reaver/reaver.db /etc/reaver/

ln -s /sd/usr/bin/reaver /usr/bin/

ln -s /sd/usr/bin/wash /usr/bin/

The first time yes, and I had done that as instructed before. This time I have most things installed to the internal storage.

Would you like me to reflash and try again? Maybe there is something I can do to "Enable verbose logging" or such?

Share this post


Link to post
Share on other sites

Looks like I'm not the only one having this issue. Take a look at my posts in the pixiewps release thread.

I'd send you a link but I'm on my phone right now.

Share this post


Link to post
Share on other sites
DataHead   

How much free space do you have left on internal storage? I've replicated the issue on low internal space left with reaver / wash installed on internal, caused no wash output.

Also, I have not yet verified this to replicate the issue, but have you removed the sdcard install of reaver prior to the internal install? I'd check to see if the binaries are still left behind on the sd if not. Maybe there is a conflict of which wash is currently being executed?

  • Upvote 1

Share this post


Link to post
Share on other sites

I reformatted the SD (fs:ext) the second time because I had the same thought. Nothing else is on it aside from what the pineapple puts there automatically.

Share this post


Link to post
Share on other sites

Been having some of the same issues as above (and with custom wash on kali nethunter on my nexus 7 2013).

Gonna try a reflash with new installs and processes to tie to sd card. Had these same issues after latest fork of reaver you guys did datahead with the autopixie script even after I modified it for new format. Even wash had issues after the last.

Any possibilities there could be some remenant of old reaver or possibly the new monitor format in airmon-ng?

Share this post


Link to post
Share on other sites
DataHead   

Can you please explain the process you are using in full step by step detail?

Have you any prior installs?

Did you do an sd install? If so, did you do the proper symlinking afterwards?

Share this post


Link to post
Share on other sites

Can you please explain the process you are using in full step by step detail?

I'm gonna try.

1. Reflash the firmware / format the sd card.

2. Install wps, reaver, bully (everything internal)

3. Start monitor mode on wlan1.

4. Scan works fine I find my ap and a bunch of others with wps but reaver can't even associate.

wps log_1438129108.log [July 29 2015 00:18:52]

[+] Waiting for beacon from A0:F3:B2:E4:3A:62
[!] WARNING: Failed to associate with A0:F3:B2:E4:3A:62 (ESSID: myAP)
[!] WARNING: Failed to associate with A0:F3:B2:E4:3A:62 (ESSID: myAP)
With the second option of the advanced menu (Do not associate with the AP...) my pine can associate but never sends a pin.
[+] Waiting for beacon from A0:F3:B2:E4:3A:62
[+] Associated with A0:F3:B2:E4:3A:62 (ESSID: myAP)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
Just hangs forever and I get the exact same results via terminal.
Wash doesn't work either. It's just can't find anything.
Finally bully:
root@pine:~# bully mon0 -B -b A0:F3:B2:E4:3A:62 -e "myAP" -c 4
[!] Bully v1.0-22 - WPS vulnerability assessment utility
[+] Switching interface 'mon0' to channel '4'
[!] ioctl(SIOCSIWFREQ) on 'mon0' failed with '-1'
[X] Unable to set channel on 'mon0', exiting
Every piece of advice is appreciated. :wacko:

Share this post


Link to post
Share on other sites
DataHead   

Okay, doing a wash scan via ssh,

try taking down the monitor mode enabled device before using wash / reaver / bully.

in this example, I will use wlan1

airmon-ng start wlan1 #to start monitor mode

ifconfig wlan1 down #to bring down the wlan1 interface

wash -i mon0 -s #then the scan

And let it sit for a minute.

If still nothing, try

wash -i mon0 -C -s

Sit for a minute, and if nothing again, can you verify that you do have enough space on the internal storage? I have noticed on very low space on internal installs, wash and such will fail to produce results, and reaver / bully functionality seems to get faulted. Not just with this version, but with original versions also.

If you had installed the portal auth infusion, that also seems to take a hunk of the internal storage when first installed, and was a common scenario of the internal space being filled up quickly from several troubleshooting sessions with others. And some, were just too many other packages installed, etc.

Edited by DataHead

Share this post


Link to post
Share on other sites

Thanks for the quick reply. I'm gonna try as soon as I get home. What I can tell you now is that I have not installed anything other than wps infusion, reaver, bully so there should be enough space in internal but Im gonna check this too.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×