too many error messages about reaver-wps HOT 18 CLOSED

I'm using the Atheros Communications Inc. AR9285 Wireless Network Adapter 
(PCI-Express) (rev 01) as well. So far the pin never changed except for 2 times 
where I got lucky, I guess. It always gives me a timeout after trying a pin.

- Reaver r35
- backtrack 5 32bit (ubuntu 10.04, Kernel 2.6.38, GNOME 2.30.2)
- Atheros AR9285 adaptor with ath9k driver

Have you run Reaver with -vv to get more output? What is the make/model of your 
target AP? Do you have pcaps of the attack so we can try to track down the 
issue, if any?

I always run reaver with the -vv switch. 

Apart from two times (which left me kinda puzzled) the output looks like this:

[+] Waiting for beacon from 00:23:08:9E:E4:03 
[+] Switching mon0 to channel 1 
[+] Associated with 00:23:08:9E:E4:03 (ESSID: EasyBox?-9EE451) 
[+] Trying pin 08334572 
[!] WARNING: Receive timeout occurred 
[+] Trying pin 08334572 
[!] WARNING: Receive timeout occurred 
[+] Trying pin 08334572 
[!] WARNING: Receive timeout occurred 
[+] Trying pin 08334572 
[!] WARNING: Receive timeout occurred 
[+] Trying pin 08334572 
[!] WARNING: Receive timeout occurred 
[+] Trying pin 08334572 
[!] WARNING: Receive timeout occurred 
[+] 0.00% complete @ 0 seconds/attempt 
[+] Trying pin 08334572 
[!] WARNING: Receive timeout occurred 
[+] Trying pin 08334572

I will do a few captures once I get home.

Any more info on this?

BT4 R2 rt2800usb

Reaver 1.3 r55


root@bt:~# walsh -i mon0 -s -C

Scanning for supported APs...

00:1D:19:F5:86:F5 WLAN-F58613


root@bt:~# reaver -i mon0 -b 00:1D:19:F5:86:F5 -c 1 -b WLAN-F58613 -vv

Reaver v1.3 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetso
l.com>

[+] Waiting for beacon from 00:1D:19:F5:86:F5
[+] Switching mon0 to channel 1
[+] Associated with 00:1D:19:F5:86:F5 (ESSID: WLAN-F58613)
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2012-01-04 10:58:47 (0 seconds/attempt)
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[!] WARNING: 10 failed connections in a row
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2012-01-04 10:59:18 (0 seconds/attempt)
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2012-01-04 10:59:49 (0 seconds/at
[+] Trying pin 81208791
[!] WARNING: Receive timeout occurred
[+] Trying pin 81208791
[!] WARNING: Failed to associate with 00:1D:19:F5:86:F
^C
[+] Nothing done, nothing to save.
[+] Session saved.
root@bt:~#


pcap file

http://www.load.to/E9tGjnKtl5/capture_BT4R2_rt2800usb

BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

  00:1D:19:F5:86:F5   28        2        0    0   1  54e  WPA2 CCMP   PSK  WLAN-F58613

I have exactly the same issue you have with a Ralink card and a Belkin router

hurenhannes, from the pcap it looks like Reaver is having trouble getting an 
EAP session started, which is *usually* an indication of connectivity problems. 
It's hard to tell from the pcap/airodump output what the actual RSSI is (it's 
certainly not 30dbm as reported in the radio tap headers!) so I'm not sure if 
that's the issue or not. Is this an AP that is very close to you?

i have the same problem it always tries the same pin and then it says  WARNING: 
Receive timeout occurred. i tried to see what happen on wireshark but i can´t 
seem to see anything i try to filter with eth.addr the mac address of the AP 
but nothing appears im using mon0 to do the capture am i doing it right?

i forgot to say that i tried with my router so im very close to it and a 
strange thing happened when i do reset to the router it works the pin brute 
force for some time.

@ fabio
Have you tried different APs? Some routers like Dlink 655, in my case, lock you 
out permanently after a few failed attempts. That's why it starts cracking pins 
when you reset your router. It will work up until that same number. 
Reaver works fine with the other APs I tested. 
I hope this is of any help to you.

fabio, can you verify that your AP supports WPS and has it enabled? When in 
wireshark you can use the display filter "eap || eapol" to see the WPS messages 
(WPS operates over EAP). If your device has WPS enabled and you are still 
getting these timeouts, can you please provide a pcap file of the attack? It's 
nearly impossible for me to debug issues like these without pcaps.

ive tried on another router but it has the same result.

i was saying that it works when i disconnect the power cord from the router and 
then connect again but then it doesnt work its a little strange i will try to 
capture that situation to see the differences.

im using backtrack 5 on vmware

ive captured the pcap while using reaver

this is the program output:
root@bt:~# reaver -i mon0 -b 00:22:6B:8A:E9:0B -vv

Reaver v1.3 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<[email protected]>

[?] Restore previous session? [n/Y] n
[+] Waiting for beacon from 00:22:6B:8A:E9:0B
[+] Switching mon0 to channel 2
[+] Switching mon0 to channel 3
[+] Switching mon0 to channel 4
[+] Switching mon0 to channel 5
[+] Switching mon0 to channel 6
[+] Switching mon0 to channel 7
[+] Switching mon0 to channel 8
[+] Switching mon0 to channel 11
[+] Associated with 00:22:6B:8A:E9:0B (ESSID: scarface)
[+] Trying pin 22975058
[!] WARNING: Receive timeout occurred
[+] Trying pin 22975058
[!] WARNING: Receive timeout occurred
[+] Trying pin 22975058
[!] WARNING: Receive timeout occurred
[+] Trying pin 22975058
[!] WARNING: Receive timeout occurred
^C
[+] Nothing done, nothing to save.
[+] Session saved.

Same issue here with VMWare Fusion an the Backtrack 5 vmware image.
Using a Bus 001 Device 002: ID 0cf3:7015 Atheros Communications, Inc. TP-Link 
TL-WN821N v3 802.11n [Atheros AR7010+AR9287]

Tried it with 4 different wifi access points. Netgear/Linksys/ASUS/Sitecom

[deleted comment]

[deleted comment]

already tried with 3 different wifi cards rt2800pci rt73usb rtl8187 same result 
on rt2860pci rt73usb walsh displays the FCS error

@fabio: After looking at your pcap, the AP is not responding after Reaver sends 
the identity request packet (this packet tells the AP that we are a WPS 
registrar). This indicates that the AP has disabled WPS registrar functionality 
(some APs allow for this, specifically Netgears) which means the AP is not 
vulnerable.

@erick, et al: Other causes of these errors typically are: 

1) Poor signal strength or lots of interference (this applies to both the 
attacker AND the AP)
2) MAC spoofing (known bug in Reaver where MAC spoofing doesn't work properly)