Notices


Reply
Thread Tools
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#531
I'm afraid only PIN. But to catch it just decrease the 8th digit by 1 and run reaver manually from command-line, it will try it and retrieve the password for you (alternatively connect to the WPS-advertised variant with the PIN and fish for the password where they are stored on maemo, can't remember atm, quick search should help)

Edit: found it, just run this after one successful connection with PIN:
gconftool-2 -R /system/osso/connectivity/IAP

Last edited by szopin; 2012-04-11 at 18:16.
 

The Following 2 Users Say Thank You to szopin For This Useful Post:
Posts: 43 | Thanked: 16 times | Joined on Mar 2010
#532
Originally Posted by szopin View Post
I'm afraid only PIN. But to catch it just decrease the 8th digit by 1 and run reaver manually from command-line, it will try it and retrieve the password for you (alternatively connect to the WPS-advertised variant with the PIN and fish for the password where they are stored on maemo, can't remember atm, quick search should help)

Edit: found it, just run this after one successful connection with PIN:
gconftool-2 -R /system/osso/connectivity/IAP
You have been a fantastic help Szopin!

Ok 2 more questions and i promise no more bugging you!

1. I know how to run reaver from command line but what do you mean by this"But to catch it just decrease the 8th digit by 1" ?

2. The command you gave me is that simply the "WPA keys" app that lets me know what passwords i have used for the access points i have saved in my n900 unit?

thanks again!
 
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#533
In the file <MACAddrOfAP>.wpc just change the 8th digit in it - 8 to 7, 1 to 0, 0 to... 9 and previous char also in same manner (then again this might not be even neccesary, not sure if last tried number is held there or the next, just make a backup before you edit this file, as it keeps the PIN I would assume it is the last tried so need to lower it to repeat the finding, just give it a try to find out). Reaver should pull the pass for you then.
2: Yup, once you connect to the AP with PIN you should have the password stored in known/connected to APs list, so standard connection and the command should provide the pass in cleartext
 

The Following 2 Users Say Thank You to szopin For This Useful Post:
Posts: 43 | Thanked: 16 times | Joined on Mar 2010
#534
Originally Posted by szopin View Post
In the file <MACAddrOfAP>.wpc just change the 8th digit in it - 8 to 7, 1 to 0, 0 to... 9 and previous char also in same manner (then again this might not be even neccesary, not sure if last tried number is held there or the next, just make a backup before you edit this file, as it keeps the PIN I would assume it is the last tried so need to lower it to repeat the finding, just give it a try to find out). Reaver should pull the pass for you then.
2: Yup, once you connect to the AP with PIN you should have the password stored in known/connected to APs list, so standard connection and the command should provide the pass in cleartext
ahhh i see! thats answered both my questions! thanks again for your time
 
Estel's Avatar
Posts: 5,028 | Thanked: 8,613 times | Joined on Mar 2011
#535
Reaver *should* also store WPA key (alongside other informations) in /home/user/reaver/reaver.db - database file, which can be browser easily on-device, using dbBrowser (available from repositories).
---

Using latest 1.4 reaver build from this thread, I wasn't able to crack a single WPS PIN, despite trying on many different routers (although, with UP-To-Date firmwares). It just cycles up to 100% and start again from 0... WTF? Anyone else experiencing it?

BTW, I have also noticed, that many routers - after firmware upgrades - started to work differently, considering WPS. Now, when trying to connect to them "holy way" - via Maemo connection's manager - it shows me random PIN and instructions to input it into access point, instead of asking for PIN to be input on N900 side. MAy it be cause of inability to crack PIN - it started to expect certain PIN on AP web interface side on every connection, instead of using pre-defined PIN, required from client by AP? That would explain why it can try every possible PIN and still fail...

I wonder if such changes are effect of all buzz around Reaver - manufacturers releasing some lame update... Why the heck should anyone care for WPS, if she/he must login to AP web interface, before using it? Doing so, one can just copy proper Passphrase to device. It seems to kill all intended time-saving of WPS, alongside ease of use.

/Estel
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
 

The Following User Says Thank You to Estel For This Useful Post:
Posts: 43 | Thanked: 16 times | Joined on Mar 2010
#536
Originally Posted by Estel View Post
Reaver *should* also store WPA key (alongside other informations) in /home/user/reaver/reaver.db - database file, which can be browser easily on-device, using dbBrowser (available from repositories).
---

Using latest 1.4 reaver build from this thread, I wasn't able to crack a single WPS PIN, despite trying on many different routers (although, with UP-To-Date firmwares). It just cycles up to 100% and start again from 0... WTF? Anyone else experiencing it?

BTW, I have also noticed, that many routers - after firmware upgrades - started to work differently, considering WPS. Now, when trying to connect to them "holy way" - via Maemo connection's manager - it shows me random PIN and instructions to input it into access point, instead of asking for PIN to be input on N900 side. MAy it be cause of inability to crack PIN - it started to expect certain PIN on AP web interface side on every connection, instead of using pre-defined PIN, required from client by AP? That would explain why it can try every possible PIN and still fail...

I wonder if such changes are effect of all buzz around Reaver - manufacturers releasing some lame update... Why the heck should anyone care for WPS, if she/he must login to AP web interface, before using it? Doing so, one can just copy proper Passphrase to device. It seems to kill all intended time-saving of WPS, alongside ease of use.

/Estel
cheers Estel, im gonna try the db browser method. interesting.

What revision are you using for 1.4?
I also am getting the PIN told to me when connecting the "Holy Way" to input into the AP. it seemes strange
 
Estel's Avatar
Posts: 5,028 | Thanked: 8,613 times | Joined on Mar 2011
#537
Originally Posted by shockingfm View Post
What revision are you using for 1.4?
No idea, there are so many versions circulating now, that I simply don't remember :/

As for PIN given to be put into AP - Was You (or someone else) actually successful in cracking such AP, i.e. proper passphrase was given? Maybe it's just some inconsistency between Maemo connections manager and current WPS implementations?

/Estel
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
 

The Following User Says Thank You to Estel For This Useful Post:
Posts: 43 | Thanked: 16 times | Joined on Mar 2010
#538
Im using 1.4 R112 on both my devices. Everytime i get one of these revisions i simply delete everything in the .reaver folder and start again with the contents of new revision.

As ive stated before, on one of my devices it cracks it it but the window closes so fast i cant make out the WPA code and PIN. However thanks to you and Szopin i now have multiple ways of extracting that , the best being that DBbrowser method!

On my other phone the window stays open ? anyway...

I suggest doing this to see isolate where your problem is:

Pre-requisites: have ready the ESSID of the WPS enabled device

1. put on bleeding edge drivers
2. open xterminal
3. gain root
4. put wireless into monitor mode (airmon-ng start wlan0)
5. wait until the message tell you that the card is in monitor mode usually by displaying "mon0" or "mon1" etc....
6. the reaver command i use is this "reaver -i mon0 -b (now enter the ESSID) -vv -N -S -d 0"

tell me what happens during your trial. this way we can see if your reaver implementation is working . if successful, then it could be your installation of Cleven.

you probably have done all the above anyway , im just a noob to this ...

The following routers i have tested on
Netgear (superhub virgin)
Netgear (sky)
Dlink ( sky)
sagem (sky)
normal dlink and netgear routers
Talk Talk routers
Attached Files
File Type: gz reaver+wash1.4-r112.tar.gz (387.6 KB, 97 views)
 

The Following User Says Thank You to shockingfm For This Useful Post:
Posts: 43 | Thanked: 16 times | Joined on Mar 2010
#539
Originally Posted by shockingfm View Post
Im using 1.4 R112 on both my devices. Everytime i get one of these revisions i simply delete everything in the .reaver folder and start again with the contents of new revision.

As ive stated before, on one of my devices it cracks it it but the window closes so fast i cant make out the WPA code and PIN. However thanks to you and Szopin i now have multiple ways of extracting that , the best being that DBbrowser method!

On my other phone the window stays open ? anyway...

I suggest doing this to see isolate where your problem is:

Pre-requisites: have ready the ESSID of the WPS enabled device

1. put on bleeding edge drivers
2. open xterminal
3. gain root
4. put wireless into monitor mode (airmon-ng start wlan0)
5. wait until the message tell you that the card is in monitor mode usually by displaying "mon0" or "mon1" etc....
6. the reaver command i use is this "reaver -i mon0 -b (now enter the ESSID) -vv -N -S -d 0"

tell me what happens during your trial. this way we can see if your reaver implementation is working . if successful, then it could be your installation of Cleven.

you probably have done all the above anyway , im just a noob to this ...

The following routers i have tested on
Netgear (superhub virgin)
Netgear (sky)
Dlink ( sky)
sagem (sky)
normal dlink and netgear routers
Talk Talk routers
Sorry Estel just to add as i forgot to address one of your questions.....

once Reaver cracks the AP it gives me the PIN and Passphrase on the xterminal window.

Also, the DBbrowser just gives the password and not the PIN
 

The Following User Says Thank You to shockingfm For This Useful Post:
Estel's Avatar
Posts: 5,028 | Thanked: 8,613 times | Joined on Mar 2011
#540
OK, but trying to connect (by WPS, not by providing WPA2 passphrase!) "holy way" to the device that You've got PIN/password cracked, You also get PIN told to You, and order to input it *into* AP? Are You able to connect N900 to such device, via using WPN and correct PIN?

I'm asking this, cause I would like to filter out, if such "take PIN and input it into AP" is really some upgrade to WPS implementations (aiming to filter out reaver usage), or just bug in communication between Maemo connectivity manager and WPS of AP.
---

As for Your instructions, reaver works on my device - some AP's just doesn't seem to accept any PIN, so reaver cycles through all 10 000 PINS and start from scratch.

I would like to filter out, if it may be related to WPS implementation not compatible with reaver, or just bad NACK related setting - i.e. reaver trying correct PIN at some point -> AP failing to response properly -> reaver thinking, that PIN was rejected and marking it as invalid.

/Estel
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
 
Reply

Tags
aircrack, cleven, reaver

Thread Tools

 
Forum Jump


All times are GMT. The time now is 13:42.