Problems on attacking Vodafone Easybox 803
Closed this issue · 6 comments
GoogleCodeExporter commented
What steps will reproduce the problem?
1. Attack Vodafone EasyBox 803 (or probably any device manufactured by arcadyan
with wps-pin)
2. Sniff with Wireshark whats happening
What is the expected output?
It's expectet that your tool iterates through the pins
What do you see instead?
It does not iterate through the pins, instead:
---------------------
root@fuckup:src $ ./reaver -i mon0 -b 7C:4F:B5:C8:64:09 -vv
Reaver v1.1 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[+] Waiting for beacon from 7C:4F:B5:C8:64:09
[+] Switching mon0 to channel 1
[+] Associated with 7C:4F:B5:C8:64:09 (ESSID: EasyBox-C86429)
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] Warning: Out of order packet received, re-trasmitting last message
[+] Trying pin 52941009
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] Warning: Out of order packet received, re-trasmitting last message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] Warning: Out of order packet received, re-trasmitting last message
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] Warning: Out of order packet received, re-trasmitting last message
[+] Trying pin 52941009
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] Warning: Out of order packet received, re-trasmitting last message
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 52941009
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] Warning: Out of order packet received, re-trasmitting last message
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[!] WARNING: 10 failed connections in a row
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] 0.00% complete @ 0 seconds/attempt
---------------------
What version of the product are you using?
SVN Version of today
On what operating system?
BackTrack 5R1 x85 KDE
Please provide any additional information below.
Packet-Dump is attached.
I use the alfa awus036h with the rtl8187 chipset (as you do)
I looked into the dump allready together with Stefan Viehboeck and he is of the
opintion that this "WPS, MD2" packet in the EAP-packets should normally not be
there.
I am pretty sure it should work since i can log in with wps-pin from windows7
into the device. That device is also the one which got Stefan initially started
to research the problem. Would be great if you could take a look into the dump.
cya
Original issue reported on code.google.com by S3M73X
on 29 Dec 2011 at 10:55
- Merged into: #8
Attachments:
GoogleCodeExporter commented
The timeout issues were also encountered while working on issue #6, and seem to
have been fixed with the latest SVN check-in (r20). Please check out the latest
code and see if you are still having these problems.
Original comment by cheff...@tacnetsol.com
on 30 Dec 2011 at 2:39
- Changed state: Accepted
GoogleCodeExporter commented
Still the same problem, see below and attached pcap-dump:
root@bt:~/reaver-wps-read-only/src# svn up
At revision 25.
root@bt:~/reaver-wps-read-only/src# ./reaver -i mon0 -b 7C:4F:B5:C8:64:09 -vv
Reaver v1.1 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
<cheffner@tacnetsol.com>
[+] Waiting for beacon from 7C:4F:B5:C8:64:09
[+] Switching mon0 to channel 1
[+] Associated with 7C:4F:B5:C8:64:09 (ESSID: EasyBox-C86429)
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] Trying pin 72785881
[!] WARNING: Last message not processed properly, reverting state to previous
message
[!] Warning: Out of order packet received, re-trasmitting last message
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] Trying pin 72785881
[!] WARNING: 10 failed connections in a row
[+] Trying pin 72785881
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] 0.00% complete @ 0 seconds/attempt
^C
root@bt:~/reaver-wps-read-only/src#
I was planning to make a blogpost about this tool btw.
Original comment by S3M73X
on 30 Dec 2011 at 4:24
GoogleCodeExporter commented
This appears to be the same as issue #8: the AP is responding with WSC NACK
messages after it receives the M2 message. This behavior has also been seen in
the WRT54G2, not sure what is causing it yet.
Merging the two tickets.
Original comment by cheff...@tacnetsol.com
on 30 Dec 2011 at 4:29
- Changed state: Duplicate
GoogleCodeExporter commented
Same issue here it associates once tries the first pin then continues to
recieve timeout then try the same pin.
Original comment by jeffmose...@gmail.com
on 30 Dec 2011 at 6:43
GoogleCodeExporter commented
I have the same issue. Backtrack 5r1 gnome, RTL8187. I can't find the star icon
so I'm adding a comment. Sorry.
Original comment by DanielRe...@gmail.com
on 31 Dec 2011 at 12:56
GoogleCodeExporter commented
I have the same issue. Backtrack 5r3 gnome ;/
Original comment by nasilows...@googlemail.com
on 20 Feb 2013 at 12:22