reaver won't associate with AP

skyer · 2013-10-27 11:54:01

I'm trying to reaver to work, but it won't associate. I'm a beginner, please excuse the possible obvious mistakes

0. My wireless card is Intel Corporation Wireless 7260 (rev 73), kernel driver in use iwlwifi.
The network is WPA2, PSK, WPS is enabled (checked from beacon frames.)
Reaver version is 1.4.

1. When I run reaver, it sends out authentication packets but the AP doesn't respond to them, no association happens. I CAN associate using wpa_supplicant.
Using wpa_supplicant, I was able to get reaver through the associating stage to start trying pins.

2. Some people report success when they let aireplay-ng associate them and make reaver skip the part using -A. The AP ignores all fakeauth authentication attempts.

3. Might be somehow related, I also tried capturing a successful authentication packet and then replay it with aireplay-ng, but for some reason, it just returns 'End of file'. I'm quite a beginner so I'm not sure if I didnt set some selection flag wrong. However, I tried it with bigger pcap files and set the filter to something quite simple (like me being the source address) - still nothing.

If I try it with live capture, aireplay get's stuck on 'read X packets', it never does anything else.

4. I tried injection test but no AP seems to respond. I tried multiple APs, so it leads me to question if my card/driver can actually inject at all.

[root@sigma caps]# aireplay-ng -9 mon0
12:32:13  Trying broadcast probe requests...
12:32:15  No Answer...
12:32:15  Found 2 APs

Additional information:
Wash -i mon0 always fails with '[!] Found packet with bad FCS, skipping...'
It seems that reaver 1.3 get's stuck on 'waiting on beacon from [AC]' and doesn't even send AUTH requests.
interfaces:

iwconfig
wlp2s0    IEEE 802.11abgn  ESSID:off/any  
          Mode:Managed  Frequency:2.412 GHz  Access Point: Not-Associated   
          Tx-Power=0 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:on
          
mon0      IEEE 802.11abgn  Mode:Monitor  Frequency:2.432 GHz  Tx-Power=0 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

ip addr
3: wlp2s0: <BROADCAST> mtu 1500 qdisc mq state DOWN qlen 1000
    link/ether 0c:8b:fd:51:d9:ca brd ff:ff:ff:ff:ff:ff
5: mon0: <BROADCAST,ALLMULTI,PROMISC,NOTRAILERS,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN qlen 1000
    link/ieee802.11/radiotap 0c:8b:fd:51:d9:ca brd ff:ff:ff:ff:ff:ff

Thanks for any help. I'm getting hopeless about this.

//more information
My attempt to use reaver:

[root@sigma caps]# airodump-ng mon0
 CH 13 ][ Elapsed: 20 s ][ 2013-10-27 13:04                                         
                                                                                                                                                   
 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID                                                                    
                                                                                                                                                   
 AA:AA:AA:AA:AA:AA  -63       32        0    0   6  54e  WPA2 CCMP   MGT  AP 
...  
...                                                              
                                                                                                                                                   
 BSSID              STATION            PWR   Rate    Lost  Packets  Probes   

[root@sigma caps]# reaver -b AA:AA:AA:AA:AA:AA -i mon0 -vv -c 6

Reaver v1.3 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

[+] Switching mon0 to channel 6
[+] Waiting for beacon from AA:AA:AA:AA:AA:AA
[+] Switching mon0 to channel 6
[!] WARNING: Failed to associate with AA:AA:AA:AA:AA:A (ESSID: AP)

Getting more desperate, I tried multiple APs, so the signal isn't always that bad. Same results.

Last edited by skyer (2013-10-27 12:12:20)

Resistance · 2013-11-05 11:03:34

skyer wrote:

2. Some people report success when they let aireplay-ng associate them and make reaver skip the part using -A. The AP ignores all fakeauth authentication attempts.

You can't associate with aireplay-ng, but can with wpa_supplicant ? That's weird..
Try http://www.aircrack-ng.org/doku.php?id= … entication

For your original issue, https://code.google.com/p/reaver-wps/is … ail?id=205
"It would seem that if the router you are targeting does not show when you use 'wash', reaver can't work with it." and "I believe this happens because the AP turns of the WPS function after so many failed attempts."

Last edited by Resistance (2013-11-05 11:04:03)

skyer · 2013-11-15 14:08:57

'Fake authentication cannot be used to authenticate/associate with WPA/WPA2 Access Points. '
Tried that one already, doesn't work.

WPS is not turned off. For me, wash does not display anything except for the 'invalid FCS' message - no matter where I am and which AP I try to associate with.

opt1mus · 2013-11-15 14:48:22

Make sure the dir /usr/etc/reaver/ exists, and tell wash to ignore frame checksum errors with -C --ignore-fcs.

Arch Linux

#1 2013-10-27 11:54:01

reaver won't associate with AP

#2 2013-11-05 11:03:34

Re: reaver won't associate with AP

#3 2013-11-15 14:08:57

Re: reaver won't associate with AP

#4 2013-11-15 14:48:22

Re: reaver won't associate with AP

Board footer