Disqus for Cyber Fort

Monday, 1 July 2013

Pin It

Widgets

Reaver-wps WPA/WPA2 Cracking Tutorial

Reaver performs a brute force attack against an access point's WiFi Protected Setup pin number. Once the WPS pin is found, the WPA PSK can be recovered and alternately the AP's wireless settings can be reconfigured. While Reaver does not support reconfiguring the AP, this can be accomplished with wpa_supplicant once the WPS pin is known.
Reaver performs a brute force attack against the AP, attempting every possible combination in order to guess the AP's 8 digit pin number. Since the pin numbers are all numeric, there are 10^8 (100,000,000) possible values for any given pin number. However, because the last digit of the pin is a checksum value which can be calculated based on the previous 7 digits, that key space is reduced to 10^7 (10,000,000) possible values.
The key space is reduced even further due to the fact that the WPS authentication protocol cuts the pin in half and validates each half individually. That means that there are 10^4 (10,000) possible values for the first half of the pin and 10^3 (1,000) possible values for the second half of the pin, with the last digit of the pin being a checksum.
Reaver brute forces the first half of the pin and then the second half of the pin, meaning that the entire key space for the WPS pin number can be exhausted in 11,000 attempts. The speed at which Reaver can test pin numbers is entirely limited by the speed at which the AP can process WPS requests. Some APs are fast enough that one pin can be tested every second; others are slower and only allow one pin every ten seconds. Statistically, it will only take half of that time in order to guess the correct pin number.

Reaver WPA Cracking Tutorial

Reaver is only supported on the Linux platform, requires the libpcap and libsqlite3 libraries, and can be built and installed by running:


$ ./configure
$ make
# make install
To remove everything installed/created by Reaver:
# make distclean
USAGE
Usually, the only required arguments to Reaver are the interface name and the BSSID of the target AP:


# reaver -i mon0 -b 00:01:02:03:04:05
The channel and SSID (provided that the SSID is not cloaked) of the target AP will be automatically identified by Reaver, unless explicitly specified on the command line:


# reaver -i mon0 -b 00:01:02:03:04:05 -c 11 -e linksys
By default, if the AP switches channels, Reaver will also change its channel accordingly. However, this feature may be disabled by fixing the interface's channel:


# reaver -i mon0 -b 00:01:02:03:04:05 --fixed
The default receive timeout period is 5 seconds. This timeout period can be set manually if necessary (minimum timeout period is 1 second):


# reaver -i mon0 -b 00:01:02:03:04:05 -t 2
The default delay period between pin attempts is 1 second. This value can be increased or decreased to any non-negative integer value. A value of zero means no delay:


# reaver -i mon0 -b 00:01:02:03:04:05 -d 0
Some APs will temporarily lock their WPS state, typically for five minutes or less, when "suspicious" activity is detected. By default when a locked state is detected, Reaver will check the state every 315 seconds (5 minutes and 15 seconds) and not continue brute forcing pins until the WPS state is unlocked. This check can be increased or decreased to any non-negative integer value:


# reaver -i mon0 -b 00:01:02:03:04:05 --lock-delay=250
For additional output, the verbose option may be provided. Providing the verbose option twice will increase verbosity and display each pin number as it is attempted:


# reaver -i mon0 -b 00:01:02:03:04:05 -vv
The default timeout period for receiving the M5 and M7 WPS response messages is .1 seconds. This timeout period can be set manually if necessary (max timeout period is 1 second):


# reaver -i mon0 -b 00:01:02:03:04:05 -T .5
Some poor WPS implementations will drop a connection on the floor when an invalid pin is supplied instead of responding with a NACK message as the specs dictate. To account for this, if an M5/M7 timeout is reached, it is treated the same as a NACK by default. However, if it is known that the target AP sends NACKS (most do), this feature can be disabled to ensure better reliability. This option is largely useless as Reaver will auto-detect if an AP properly responds with NACKs or not:


# reaver -i mon0 -b 00:01:02:03:04:05 --nack
While most APs don't care, sending an EAP FAIL message to close out a WPS session is sometimes necessary. By default this feature is disabled, but can be enabled for those APs that need it:


# reaver -i mon0 -b 00:01:02:03:04:05 --eap-terminate
When 10 consecutive unexpected WPS errors are encountered, a warning message will be displayed. Since this may be a sign that the AP is rate limiting pin attempts or simply being overloaded, a sleep can be put in place that will occur whenever these warning messages appear:


# reaver -i mon0 -b 00:01:02:03:04:05 --fail-wait=3


26 comments :

Anonymous said...

You are so interesting! I don't believe I have
read anything like this before. So wonderful to discover another person with a few genuine thoughts on this issue.

Seriously.. many thanks for starting this up. This
site is something that is required on the web, someone with some originality!

Anonymous said...

My brother suggested I might like this website. He was entirely right.
This post actually made my day. You cann't imagine just how much time I had spent for this information! Thanks!

Anonymous said...

Wow, this post is nice, my younger sister is analyzing these kinds of things,
thus I am going to inform her.

Anonymous said...

Why visitors still use to read news papers when in this technological globe the
whole thing is existing on web?

Anonymous said...

It's not my first time to pay a quick visit this
website, i am visiting this web site dailly and
obtain nice information from here every day.

Anonymous said...

Simply wish to say your article is as amazing.

The clarity in your post is simply spectacular and i can assume you're an expert on this subject.
Well with your permission let me to grab your RSS feed to keep updated with forthcoming post.
Thanks a million and please carry on the enjoyable work.

Anonymous said...

These are in fact great ideas in regarding blogging.
You have touched some pleasant factors here. Any way keep up wrinting.

Anonymous said...

Great goods from you, man. I have keep in mind your stuff prior to and you're just extremely fantastic.
I actually like what you've received right here, really
like what you are saying and the best way wherein you assert it.
You are making it entertaining and you still care for to stay
it smart. I can not wait to read much more from you.
This is actually a great web site.

Anonymous said...

Appreciate the recommendation. Will try it out.

Anonymous said...

Thank you a bunch for sharing this with all of us you really
understand what you are talking about! Bookmarked.
Please also discuss with my website =). We can have a hyperlink
change agreement between us

Anonymous said...

I know this site offers quality dependent content and additional material, is there any other
web page which provides such information in quality?

Anonymous said...

I know this if off topic but I'm looking into starting my own blog and was wondering
what all is required to get setup? I'm assuming having a blog like yours
would cost a pretty penny? I'm not very web savvy so I'm not 100% positive.

Any tips or advice would be greatly appreciated.
Kudos

Anonymous said...

Thanks on your marvelous posting! I really enjoyed
reading it, you happen to be a great author.

I will remember to bookmark your blog and will come back
someday. I want to encourage you to definitely
continue your great posts, have a nice evening!

Anonymous said...

It's amazing to pay a visit this web site and reading
the views of all colleagues about this paragraph, while
I am also zealous of getting experience.

Anonymous said...

Hi to every body, it's my first visit of this weblog; this web site includes remarkable and actually fine information designed for
readers.

Anonymous said...

Hi i am kavin, its my first occasion to commenting anywhere, when i read
this post i thought i could also create comment due to this brilliant piece of writing.

Anonymous said...

Hey! This is my first visit to your blog! We are a team of
volunteers and starting a new initiative in a community in the same niche.
Your blog provided us beneficial information to work on. You have done
a wonderful job!

Anonymous said...

Great article! We are linking to this great post on our
website. Keep up the great writing.

Anonymous said...

whoah this weblog is great i love studying your articles. Stay up the great work!
You realize, lots of people are looking round for this info, you could aid them greatly.

Anonymous said...

I'm truly enjoying the design and layout of your website.
It's a very easy on the eyes which makes it much more pleasant for
me to come here and visit more often. Did you hire out
a developer to create your theme? Outstanding work!

Anonymous said...

Fantastic items from you, man. I've understand your stuff
previous to and you're just extremely excellent.
I really like what you've obtained right here, really like what
you are saying and the way in which wherein you assert it.
You're making it entertaining and you continue to take care
of to stay it wise. I can not wait to read much more from you.
That is actually a tremendous website.

Anonymous said...

Howdy! I just wish to offer you a huge thumbs up for the excellent information you have got here on this post.
I will be returning to your site for more soon.

Anonymous said...

I'm now not certain the place you're getting your information, however good topic.
I needs to spend a while studying more or understanding more.
Thanks for magnificent info I used to be in search of this information for my mission.

Anonymous said...

If some one wants to be updated with latest technologies then he must
be pay a visit this web page and be up to date everyday.

Anonymous said...

Keep on working, great job!

Anonymous said...

Hi there, all is going well here and ofcourse every one is sharing facts, that's truly excellent,
keep up writing.