Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Aireplay-ng - Authentication failed (code 12)

  1. #1
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    13

    Unhappy Aireplay-ng - Authentication failed (code 12)

    For the life of me I cannot find what a code12 is!?!?!

    Code:
    hostname # aireplay-ng -1 6000 -q 10 -a 00:14:6C:B1:F8:E2 -e 'BELFAST' mon0      
    No source MAC (-h) specified. Using the device MAC (00:13:02:0C:XX:XX)               
    21:41:34  Waiting for beacon frame (BSSID: 00:14:6C:B1:F8:E2) on channel 11          
    
    21:41:34  Sending Authentication Request (Open System) [ACK]
    21:41:34  Authentication failed (code 12)
    Tcpdump produces
    Code:
    21:43:44.014566 1.0 Mb/s [0x0000000f] 314us BSSID:00:14:6c:b1:f8:e2 DA:00:14:6c:b1:f8:e2 SA:00:13:02:0c:XX:XX Authentication (Open System)-1: Succesful
    21:43:44.015489 1.0 Mb/s 2462 MHz (0x00a0) -78dB signal -127dB noise antenna 2 [0x0000000e] 0us RA:00:13:02:0c:XX:XX Acknowledgment
    21:43:44.015502 1.0 Mb/s [0x0000000f] 314us BSSID:00:14:6c:b1:f8:e2 DA:00:14:6c:b1:f8:e2 SA:00:13:02:0c:XX:XX Authentication (Open System)-1: Succesful
    21:43:44.018466 11.0 Mb/s 2462 MHz (0x00a0) -79dB signal -127dB noise antenna 2 [0x0000000e] 258us BSSID:00:14:6c:b1:f8:e2 DA:00:13:02:0c:XX:XX SA:00:14:6c:b1:f8:e2 Authentication (Open System)-2:
    Which seems (to my untrained eyes) to be about right...

    Any ideas? Id love a RTFM link right now!

    Cheers guys

  2. #2
    prowl3r
    Guest

    Default

    Is it your own AP you are playing with ?

    Because code 12 usually has one of these causes:

    1- Not WEP OPN (i.e. WPA)
    2- Wrong ESSID (i.e. special characters used)
    3- MAC filtering

  3. #3
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    13

    Default

    Of course its my own AP.. but:

    1) Its WEP. Thats what i set it to, what every other computer and wifi scanner picks it up as.
    2) Have tried copying ESSID straight from router config page, note that it is one word 'BELFAST' with no spaces or special characters..
    3) Mac filtering is turned OFF (Would produce a different error code - cant remember off the top of my head, but i think its 1)

    Would this be an error produced because router tries to prevent fake auth attacks?

    I cant find a list of error codes anywhere

  4. #4
    prowl3r
    Guest

    Default

    I don't think so.

    hostname # aireplay-ng -1 6000 -q 10 -a 00:14:6C:B1:F8:E2 -e 'BELFAST' mon0
    Not sure why you are setting a periodic re-association delay of 6000 scs. Same about why you set 10 seconds between keep-alives.

    Also ensure the injection MAC does match the card MAC (careful if you spoof your Intel card MAC adds). ifconfig will tell you mac for both.

    By the way, which wireless card are you using ?

    Finally, remove quotes for ESSID.

    Test injection:


    Code:
    aireplay-ng -9 mon0
    Try:

    Code:
    aireplay-ng -1 0 -e BELFAST -a 00:14:6C:B1:F8:E2 -h injection-if-mac mon0
    and post results.

  5. #5
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    13

    Default

    So:

    aireplay-ng -9 mon0 behaves as it should:

    Code:
    vaiolent wep # aireplay-ng -9 mon0
    16:51:14  Trying broadcast probe requests...
    16:51:15  Injection is working!             
    16:51:16  Found 4 APs                       
    
    16:51:16  Trying directed probe requests...
    16:51:16  00:1B:11:99:6A:4C - channel: 6 - 'Rotto & Associates'
    16:51:18  Ping (min/avg/max): 2.586ms/50.062ms/68.056ms Power: -82.97
    16:51:18  30/30: 100%                                                
    
    16:51:18  00:21:27:DD:BD:70 - channel: 6 - 'IrelandBrazil'
    16:51:20  Ping (min/avg/max): 46.715ms/69.091ms/86.138ms Power: -30.27
    16:51:20  30/30: 100%                                                 
    
    16:51:20  00:13:33:06:B3:18 - channel: 6 - 'Router'
    16:51:21  Ping (min/avg/max): 37.051ms/52.684ms/84.316ms Power: -68.03
    16:51:21  30/30: 100%                                                 
    
    16:51:21  00:1C:F0:B2:9A:D4 - channel: 6 - 'QPS_DLINK'
    16:51:24  Ping (min/avg/max): 48.600ms/70.635ms/97.774ms Power: -59.40
    16:51:24  30/30: 100%
    But doesn't pick up my router.. strange.. its clearly visible (at the same time) with airodump-ng

    Code:
     CH 11 ][ Elapsed: 1 min ][ 2009-09-05 16:54
    
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
    
     00:14:6C:B1:F8:E2  -71 100      781        0    0  11  54e  WEP  WEP         BELFAST
    
     BSSID              STATION            PWR   Rate    Lost  Packets  Probes
    And aireplay-ng -1 0 -e BELFAST -a 00:14:6C:B1:F8:E2 -h 00:13:02:0C:E3:C3 mon0 still spits out a code 12

    Code:
    vaiolent wep # aireplay-ng -1 0 -e BELFAST -a 00:14:6C:B1:F8:E2 -h 00:13:02:0C:E3:C3 mon0
    16:53:31  Waiting for beacon frame (BSSID: 00:14:6C:B1:F8:E2) on channel 11
    
    16:53:31  Sending Authentication Request (Open System) [ACK]
    16:53:31  Authentication failed (code 12)
    My card is a Intel 3945, with which I have successfully cracked WEP in the past (Mind you differnet router however)

  6. #6
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    13

    Default

    My bad. Aireplay -9 DOES pick up my router when i have it set to the right channel (dumbass)

    Code:
    vaiolent wep # aireplay-ng -9 mon0
    17:04:16  Trying broadcast probe requests...
    17:04:16  Injection is working!             
    17:04:18  Found 6 APs                       
    
    17:04:18  Trying directed probe requests...
    17:04:18  00:14:6C:B1:F8:E2 - channel: 11 - 'BELFAST'
    17:04:21  Ping (min/avg/max): 1.026ms/110.131ms/140.550ms Power: -71.27
    17:04:21  30/30: 100%

  7. #7
    prowl3r
    Guest

    Default

    Ok. Can you check which wep auth scheme your AP is using (open system or shared key) ?

  8. #8
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    13

    Default

    Is set to open - the tcpdump snippet in 1st post picks it up...

    Here is an extended version of tcpdump -i mon0

    Code:
    18:37:46.639031 1.0 Mb/s 2462 MHz (0x00a0) -73dB signal -127dB noise antenna 2 [0x0000000e] Beacon (BELFAST) [1.0* 2.0* 5.5* 11.0* Mbit] ESS[|802.11]        
    18:37:46.647649 1.0 Mb/s 2462 MHz (0x00a0) -85dB signal -127dB noise antenna 2 [0x0000000e] Beacon[|802.11]                                                  
    18:37:46.671442 short preamble 5.5 Mb/s 2462 MHz (0x00a0) -85dB signal -127dB noise antenna 2 [0x0000000e] Acknowledgment RA:00:0e:35:f8:a3:72 (oui Unknown) 
    18:37:46.726760 1.0 Mb/s 2462 MHz (0x00a0) -83dB signal -127dB noise antenna 2 [0x0000000e] Beacon (StrawberryQT)[|802.11]                                   
    18:37:46.727764 short preamble 5.5 Mb/s 2462 MHz (0x00a0) -85dB signal -127dB noise antenna 2 [0x0000000e] Acknowledgment RA:00:0e:35:f8:a3:72 (oui Unknown) 
    18:37:46.740727 1.0 Mb/s 2462 MHz (0x00a0) -72dB signal -127dB noise antenna 2 [0x0000000e] Beacon (IrelandBrazil)[|802.11]                                  
    18:37:46.750056 1.0 Mb/s 2462 MHz (0x00a0) -85dB signal -127dB noise antenna 2 [0x0000000e] Beacon[|802.11]                                                  
    18:37:46.829162 1.0 Mb/s 2462 MHz (0x00a0) -83dB signal -127dB noise antenna 2 [0x0000000e] Beacon (StrawberryQT)[|802.11]                                   
    18:37:46.830056 1.0 Mb/s [0x0000000f] Authentication (Open System)-1: Succesful                                                                              
    18:37:46.830233 short preamble 5.5 Mb/s 2462 MHz (0x00a0) -84dB signal -127dB noise antenna 2 [0x0000000e] Acknowledgment RA:00:0e:35:f8:a3:72 (oui Unknown) 
    18:37:46.830274 1.0 Mb/s [0x0000000f] Acknowledgment RA:00:14:6c:b1:f8:e2 (oui Unknown)                                                                      
    18:37:46.830384 1.0 Mb/s [0x0000000f] Acknowledgment RA:00:14:6c:b1:f8:e2 (oui Unknown)                                                                      
    18:37:46.831302 1.0 Mb/s 2462 MHz (0x00a0) -75dB signal -127dB noise antenna 2 [0x0000000e] Acknowledgment RA:00:13:02:0c:e3:c3 (oui Unknown)                
    18:37:46.831313 1.0 Mb/s [0x0000000f] Authentication (Open System)-1: Succesful                                                                              
    18:37:46.833009 1.0 Mb/s [0x0000000f] Acknowledgment RA:00:14:6c:b1:f8:e2 (oui Unknown)                                                                      
    18:37:46.833464 1.0 Mb/s [0x0000000f] Acknowledgment RA:00:14:6c:b1:f8:e2 (oui Unknown)                                                                      
    18:37:46.834322 11.0 Mb/s 2462 MHz (0x00a0) -74dB signal -127dB noise antenna 2 [0x0000000e] Authentication (Open System)-2:                                 
    18:37:46.843332 1.0 Mb/s 2462 MHz (0x00a0) -73dB signal -127dB noise antenna 2 [0x0000000e] Beacon (IrelandBrazil)[|802.11]                                  
    18:37:46.852534 1.0 Mb/s 2462 MHz (0x00a0) -84dB signal -127dB noise antenna 2 [0x0000000e] Beacon[|802.11]                                                  
    18:37:46.874831 short preamble 5.5 Mb/s 2462 MHz (0x00a0) -84dB signal -127dB noise antenna 2 [0x0000000e] Acknowledgment RA:00:0e:35:f8:a3:72 (oui Unknown) 
    18:37:46.931565 1.0 Mb/s 2462 MHz (0x00a0) -83dB signal -127dB noise antenna 2 [0x0000000e] Beacon (StrawberryQT)[|802.11]                                   
    18:37:46.932634 short preamble 5.5 Mb/s 2462 MHz (0x00a0) -84dB signal -127dB noise antenna 2 [0x00
    Its lines 9-16 that are applicable.. The rest are just beacons, but i figured better to leave in than get accused of cutting necessary bits out...

  9. #9
    prowl3r
    Guest

    Default

    Well you know the following:

    1. Your card injects just fine and you were able to complete the process with another AP

    2. You are using wep-opn and the ESSID is right

    3. Your card can see your AP while in monitor mode

    So, whatever the issue is it is related to your router. I still believe it is running some sort of MAC filtering.

    My suggestion as follows:

    Spoof your MAC to a known working MAC with that router (One you use to connect to in managed mode) and repeat tests. Set your card to ch 11 and try to get a bit closer to the AP. Also try double quotes as in "BELFAST".

    If still unsuccessful then you need to check the router configuration, specifically the security profile, and carefully go through every option and understand what they do. The answer is possibly there.

  10. #10
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    13

    Default



    My MAC will normally connect, have spoofed aswell to be the same as phone/other computers...

    So i'm thinking right now my router is un-"injectable" Still hope someone sees this thread and can tell me what a code 12 is...

    What I dont understand is:

    Code:
    18:37:46.831313 1.0 Mb/s [0x0000000f] Authentication (Open System)-1: Succesful                                                                              
    18:37:46.833009 1.0 Mb/s [0x0000000f] Acknowledgment RA:00:14:6c:b1:f8:e2 (oui Unknown)                                                                      
    18:37:46.833464 1.0 Mb/s [0x0000000f] Acknowledgment RA:00:14:6c:b1:f8:e2 (oui Unknown)                                                                      
    18:37:46.834322 11.0 Mb/s 2462 MHz (0x00a0) -74dB signal -127dB noise antenna 2 [0x0000000e] Authentication (Open System)-2:
    What the '-1' and '-2' are after the authentication message..

    Seems strange that 'oui Unknown' pops up too - 00:14:6c is netgear, that should be pretty common..

    Have tried locking the speed down to 1Mb/s to no avail..

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •