Results 1 to 9 of 9

Thread: Method for users having trouble with reaver operating very slow.

  1. #1
    Just burned his ISO
    Join Date
    Feb 2012
    Posts
    11

    Default Method for users having trouble with reaver operating very slow.

    So I decided to play around with Reaver against my Belkin N150 wireless router. First thing i noticed was a lot of time outs and reaver was attempting the same pin over and over. Eventually it did move on to another pin but the second per pin ratio was 365s/pin. After 20h or so I reached 10% of pins used.. I knew something had to be wrong seeing it is advertised that it could be used to get the wpa passkey under 10 hours. I scoured the internet for why this might be happening and didn't find anything useful so i just started playing around with the different options it has and finally found something that worked.. it brought me down to 12s/pin.. so it's definitely operating a lot faster.

    This is what I did.
    1. switch interface to same channel as my wireless router by opening a konsole and using this command;
    "iwconfig (my wireless interface name ..wlan0, mon0 ect..) channel (channel of my router)"
    (without quotes)

    2. Manually associate to my router using aireplay-ng;
    "aireplay-ng -1 0 -a (router bssid) -h (my mac address) -e (router essid) (name of my wireless interface)"

    3.Use reaver to bruteforce WPS pin with these options;
    "reaver -i (name of my wireless interface) -b (bssid of my router) -T 1 -f -N -S -vv"

    That's it, I hope this helps for those having the same problem. Let me know if it works for you or if you find something even faster

    ~Str8fe

  2. #2
    Just burned his ISO
    Join Date
    Oct 2011
    Posts
    2

    Thumbs up Re: Method for users having trouble with reaver operating very slow.

    Hi,
    Thank you! Before doing your steps I had about 30s/pin and now I'm having less than 5s/pin
    For those who have the same problem I recommend to read this thread and do the steps mentioned above.

  3. #3
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: Method for users having trouble with reaver operating very slow.

    And the issues I was having with the association appear to have
    been solved with the release of BT5 R2.
    Have no idea what was going on with that, but hey, it works now

    So if you are having issues, would suggest you try the latest and greatest as well.

  4. #4
    Just burned their ISO
    Join Date
    Jul 2012
    Posts
    1

    Default Re: Method for users having trouble with reaver operating very slow.

    1. I'm still trying to wrap my mind around this stuff since i'm an ubernoob BUT, how are you supposed to switch the interface if the device is in monitor mode? I'm gettin:
    "Error for the wireless request "Set Frequency" (8B04) :
    SET failed on device wlan1 ; Network is down.

    I've even exited monitor mode and still getting the same error.

    2. I've tried manually associating my router which was interesting. It said:
    Waiting for beacon frame (BSSID: XX:XX:XX:XX:XX:XX) on channel -1
    Couldn't determine current channel for wlan1, you should either force the operation with --ignore-negative-one or apply a kernel patch

    Uh... what?

    EDIT:
    Figured it out... obviously whichever device is set to monitor mode, it takes on a new name? which is mon0 or mon1 depending on how many are in monitor mode and which is which. Can NOT believe I figured that out. Goes to show what a little whiskey will do for me. Had a few drinks the first time I figured out how to fix layered copper laptop mobo's too... don't like where this trend is going hah! Or do I?

    EDIT #2:
    Now what can I do about keeping it from getting stuck in the multiple pin issue. It will get stuck trying the same pin over and over again. I'm guessing thats because the AP realizes it's being attacked and tries to protect itself right? What can I do to figure out where it's lines are drawn?

  5. #5
    Junior Member
    Join Date
    Jun 2012
    Posts
    42

    Default Re: Method for users having trouble with reaver operating very slow.

    Quote Originally Posted by Str8fe View Post
    So I decided to play around with Reaver against my Belkin N150 wireless router. First thing i noticed was a lot of time outs and reaver was attempting the same pin over and over. Eventually it did move on to another pin but the second per pin ratio was 365s/pin. After 20h or so I reached 10% of pins used.. I knew something had to be wrong seeing it is advertised that it could be used to get the wpa passkey under 10 hours. I scoured the internet for why this might be happening and didn't find anything useful so i just started playing around with the different options it has and finally found something that worked.. it brought me down to 12s/pin.. so it's definitely operating a lot faster.

    This is what I did.
    1. switch interface to same channel as my wireless router by opening a konsole and using this command;
    "iwconfig (my wireless interface name ..wlan0, mon0 ect..) channel (channel of my router)"
    (without quotes)

    2. Manually associate to my router using aireplay-ng;
    "aireplay-ng -1 0 -a (router bssid) -h (my mac address) -e (router essid) (name of my wireless interface)"

    3.Use reaver to bruteforce WPS pin with these options;
    "reaver -i (name of my wireless interface) -b (bssid of my router) -T 1 -f -N -S -vv"

    That's it, I hope this helps for those having the same problem. Let me know if it works for you or if you find something even faster

    ~Str8fe
    Hey Str8fe, thanks for the info!

    I'm currently blackbox pentesting with Reaver 1.4, and started triggering WPS lockout with Reaver's default settings, just -i and -b. It ended up running about 120s/pin overnight—very slow.

    After quite a lot of tweaking, I found that adding -d 5 (wait 5 seconds between pin attempts) and -r 10:60 (after 10 pins, sleep for 60 seconds) seemed to avoid lockouts. Now we're down to about 16s/pin. Faster, but with current progress that sets me up for about a 2 day crack time.

    I'm not on-site with the reaver machine, not even on Linux, so can you please explain your tweaks? I know -S uses small Diffie-Hellman numbers, but I can't remember what -T, -f and -N switches do. Will they possibly get me more pins/s without triggering lockouts?

    Thanks again!

    -ternarybit

  6. #6
    Just burned his ISO
    Join Date
    Sep 2012
    Location
    Israel
    Posts
    3

    Thumbs up Re: Method for users having trouble with reaver operating very slow.

    Thank you, your method changed 3 sec/pin to 2 sec/pin on BackTrack 5 R3. Signal strength of access point is about -40,
    I'm using rtl8187. Seems like fakeautentificating with aireplay-ng also helps to start attack more quickly. For now reaver runs really fast.
    Will update post after attack will succeed/fail

  7. #7
    Just burned their ISO
    Join Date
    Sep 2012
    Posts
    7

    Default Re: Method for users having trouble with reaver operating very slow.

    IT worked just fine
    foun everything

  8. #8
    Just burned their ISO
    Join Date
    Sep 2012
    Posts
    7

    Default Re: Method for users having trouble with reaver operating very slow.

    Quote Originally Posted by ternarybit View Post
    Hey Str8fe, thanks for the info!

    I'm currently blackbox pentesting with Reaver 1.4, and started triggering WPS lockout with Reaver's default settings, just -i and -b. It ended up running about 120s/pin overnight—very slow.

    After quite a lot of tweaking, I found that adding -d 5 (wait 5 seconds between pin attempts) and -r 10:60 (after 10 pins, sleep for 60 seconds) seemed to avoid lockouts. Now we're down to about 16s/pin. Faster, but with current progress that sets me up for about a 2 day crack time.

    I'm not on-site with the reaver machine, not even on Linux, so can you please explain your tweaks? I know -S uses small Diffie-Hellman numbers, but I can't remember what -T, -f and -N switches do. Will they possibly get me more pins/s without triggering lockouts?

    Thanks again!

    -ternarybit
    Unfortunately, it still locks.
    What about the option "--auto"?

  9. #9
    Just burned his ISO
    Join Date
    Oct 2012
    Posts
    7

    Default Re: Method for users having trouble with reaver operating very slow.

    thanks a lot str8fe, worked great, i went from 10 seconds to 4 seconds!!! 1 day down to 8 hours or less!!!

Similar Threads

  1. Reaver 1.2 WPS Brute Forcer Video and Information
    By MartinBishop in forum BackTrack 5 Videos
    Replies: 3
    Last Post: 03-07-2012, 08:46 AM
  2. Macbook 8.1 rEFIt operating system not found / Initramfs trouble
    By peterrus in forum BackTrack 5 Beginners Section
    Replies: 3
    Last Post: 01-29-2012, 05:08 PM
  3. Inflator: Reaver Command generator 1.0 release
    By prince_vegeta in forum BackTrack 5 General Topics
    Replies: 1
    Last Post: 01-27-2012, 07:33 AM
  4. Backtrack 4 slow, not normal slow
    By fjuxed in forum BackTrack Bugs
    Replies: 10
    Last Post: 03-15-2010, 11:41 PM
  5. USB HDD: Install with USB method or HDD method?
    By floepie in forum Beginners Forum
    Replies: 0
    Last Post: 03-12-2010, 12:17 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •