Reaver -- Can't get any faster than 42 seconds per pin!

What's the best way to setup a home network? Why should I care about BGP?

Reaver -- Can't get any faster than 42 seconds per pin!

Post by burnface on Sun Aug 10, 2014 10:59 am
([msg=82706]see Reaver -- Can't get any faster than 42 seconds per pin![/msg])

So I'm not sure where to ask this, the mods at the Kali forums called this "general IT help" and deleted my question ha.

Anyway, I've been playing around with Reaver again with my new router, and like the title says, can't seem to get any faster than 42-ish seconds per pin.

The commands I used to even get it that 'fast' are as follows:

Change my interface to same channel as router:
Code: Select all
iwconfig mon0 channel 1


Manually associate to my router:
Code: Select all
aireplay-ng -1 0 -a <router bssid> -h <my mac address, of mon0> -e <router essid> mon0 --ignore-negative-one


My use of reaver:
Code: Select all
reaver -i mon0 -b <router bssid> -T 1 -f -N -S -vv


All these commands are combinations of different suggestions I've seen places online, and this is what I've done to get it faster than the 50-60 sec/pin that I was getting :/

I've also tried using -r to make it pause for 60sec after 10 pin attempts, but then I would go up to 55 sec/pin again.

I've had roughly -50 power the whole time during this test.

Here's a chunk of my code running it overnight:
Code: Select all
[+] Received M1 message
[+] Sending M2 message
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-trying last pin
[+] Trying pin 15535672
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 15535672
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] 14.19% complete @ 2014-08-09 08:21:06 (43 seconds/pin)
[+] Max time remaining at this rate: 112:44:37 (9439 pins left to try)
[+] Trying pin 15535672
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 15535672
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response


Any suggestions that might speed this up?
Thanks!!
burnface
New User
New User
 
Posts: 4
Joined: Sun Aug 10, 2014 10:54 am
Blog: View Blog (0)


Re: Reaver -- Can't get any faster than 42 seconds per pin!

Post by cyberdrain on Sun Aug 10, 2014 11:38 am
([msg=82711]see Re: Reaver -- Can't get any faster than 42 seconds per pin![/msg])

If you know what Reaver does, you might also know that certain routers throttle the speed of testing pins. Have you looked into that? Did you try without sending NACKs? Is the signal good? Yes, it is general IT help, especially on Kali forums, but that doesn't help you understanding or preventing the issue next time.
Free your mind / Think clearly
User avatar
cyberdrain
Contributor
Contributor
 
Posts: 969
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Reaver -- Can't get any faster than 42 seconds per pin!

Post by burnface on Sun Aug 10, 2014 12:02 pm
([msg=82712]see Re: Reaver -- Can't get any faster than 42 seconds per pin![/msg])

cyberdrain wrote:If you know what Reaver does, you might also know that certain routers throttle the speed of testing pins. Have you looked into that? Did you try without sending NACKs? Is the signal good? Yes, it is general IT help, especially on Kali forums, but that doesn't help you understanding or preventing the issue next time.


I have looked into that. Some of it I don't fully understand yet, which is why I'm asking such general questions :/
Like I said in OP, signal -50, unless that isn't what you mean?

Also I used -N, which is supposed to be 'No Nacks' correct? Yet it is still sending nacks...

Thank you for your help!
burnface
New User
New User
 
Posts: 4
Joined: Sun Aug 10, 2014 10:54 am
Blog: View Blog (0)


Re: Reaver -- Can't get any faster than 42 seconds per pin!

Post by cyberdrain on Sun Aug 10, 2014 12:22 pm
([msg=82713]see Re: Reaver -- Can't get any faster than 42 seconds per pin![/msg])

Right, read over that. Yes, -N sets --no-nacks, but only if packets are received out of order afaik. Also 'WARNING: Receive timeout occurred' means that you might have waited too short for the M5/M7 messages. Finding exactly the right combinations of options for your router can take a while and it could actually be that your router won't process faster than 42 seconds per pin, because of this attack.

burnface wrote:Some of it I don't fully understand yet, which is why I'm asking such general questions

Don't take this the wrong way, but maybe you should try to understand first what you're doing before you actually do it. What does the WPS handshake entail, what do the options actually do, how does your router work, what packets are being sent/received, how much packet loss is there (-50 might not be optimal)? Those are all questions you might want to know or find the answer for. It could also just be your wireless card.
Free your mind / Think clearly
User avatar
cyberdrain
Contributor
Contributor
 
Posts: 969
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Reaver -- Can't get any faster than 42 seconds per pin!

Post by burnface on Sun Aug 10, 2014 1:55 pm
([msg=82727]see Re: Reaver -- Can't get any faster than 42 seconds per pin![/msg])

cyberdrain wrote:Right, read over that. Yes, -N sets --no-nacks, but only if packets are received out of order afaik. Also 'WARNING: Receive timeout occurred' means that you might have waited too short for the M5/M7 messages. Finding exactly the right combinations of options for your router can take a while and it could actually be that your router won't process faster than 42 seconds per pin, because of this attack.

burnface wrote:Some of it I don't fully understand yet, which is why I'm asking such general questions

Don't take this the wrong way, but maybe you should try to understand first what you're doing before you actually do it. What does the WPS handshake entail, what do the options actually do, how does your router work, what packets are being sent/received, how much packet loss is there (-50 might not be optimal)? Those are all questions you might want to know or find the answer for. It could also just be your wireless card.


I guess the keyword being SOME of it I don't fully understand yet. I'm learning a lot still. And I do understand the options and whatnot, was just asking for other suggestions that could potentially speed things up. Thanks for your advice on the matter.
burnface
New User
New User
 
Posts: 4
Joined: Sun Aug 10, 2014 10:54 am
Blog: View Blog (0)


Re: Reaver -- Can't get any faster than 42 seconds per pin!

Post by cyberdrain on Sun Aug 10, 2014 2:14 pm
([msg=82730]see Re: Reaver -- Can't get any faster than 42 seconds per pin![/msg])

Alright, I was just making sure. So to answer your question, ignoring everything I said before:
- increase power some way, the higher the power, the lower the packet loss, the faster the brute force
- in addition to that, check how much packet loss there is
- increase the delay if the power can't be increased, every time the program has to redo a whole handshake takes longer than increasing the delay just a second to make sure the reply is received
- wait a while, it's not called brute force for nothing, it will be slow
- change hardware (router/wifi card) to check if that speeds things up
- use the different settings, like you're already doing

I found that on my router I once had to wait a few days for it to be cracked, but after I played around with the settings and I modified the source of Reaver somewhat, it worked great.
Free your mind / Think clearly
User avatar
cyberdrain
Contributor
Contributor
 
Posts: 969
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Reaver -- Can't get any faster than 42 seconds per pin!

Post by burnface on Mon Aug 11, 2014 7:30 am
([msg=82738]see Re: Reaver -- Can't get any faster than 42 seconds per pin![/msg])

cyberdrain wrote:Alright, I was just making sure. So to answer your question, ignoring everything I said before:
- increase power some way, the higher the power, the lower the packet loss, the faster the brute force
- in addition to that, check how much packet loss there is
- increase the delay if the power can't be increased, every time the program has to redo a whole handshake takes longer than increasing the delay just a second to make sure the reply is received
- wait a while, it's not called brute force for nothing, it will be slow
- change hardware (router/wifi card) to check if that speeds things up
- use the different settings, like you're already doing

I found that on my router I once had to wait a few days for it to be cracked, but after I played around with the settings and I modified the source of Reaver somewhat, it worked great.

That all sounds good, I appreciate the help!
burnface
New User
New User
 
Posts: 4
Joined: Sun Aug 10, 2014 10:54 am
Blog: View Blog (0)


Re: Reaver -- Can't get any faster than 42 seconds per pin!

Post by cyberdrain on Mon Aug 11, 2014 6:35 pm
([msg=82749]see Re: Reaver -- Can't get any faster than 42 seconds per pin![/msg])

burnface wrote:That all sounds good, I appreciate the help!

No problem, good luck. If you found anything that sped it up that I didn't mention, don't hesitate to share the information. Really, I insist :)
Free your mind / Think clearly
User avatar
cyberdrain
Contributor
Contributor
 
Posts: 969
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests