ReaverWPS Fork 1.5.2 Stable

Reaver modified version uses the attack Pixie Dust to find the correct pin number of wps

This resource is being watched by 868 members.
  1. Mr. Penguin

    Reaver-wps-fork-t6x is a modification done from a fork of reaver (
    This modified version uses the attack Pixie Dust to find the correct pin number of wps
    The attack used in this version was developed by Wiire (


    Install Required Libraries and Tools

    Libraries for reaver
    Select All
    sudo apt-get install libpcap-dev aircrack-ng sqlite3 libsqlite3-dev
    You must have installed the pixiewps created by Wiire (

    Compile and Install

    Build Reaver
    Select All
    cd reaver-1.4 cd src ./configure make
    Install Reaver
    Select All
    sudo make install

    Select All
    Reaver v1.5.1 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]> mod by t6_x <[email protected]> mod by DataHead Required Arguments: -i, --interface=<wlan> Name of the monitor-mode interface to use -b, --bssid=<mac> BSSID of the target AP Optional Arguments: -m, --mac=<mac> MAC of the host system -e, --essid=<ssid> ESSID of the target AP -c, --channel=<channel> Set the 802.11 channel for the interface (implies -f) -o, --out-file=<file> Send output to a log file [stdout] -s, --session=<file> Restore a previous session file -C, --exec=<command> Execute the supplied command upon successful pin recovery -D, --daemonize Daemonize reaver -a, --auto Auto detect the best advanced options for the target AP -f, --fixed Disable channel hopping -5, --5ghz Use 5GHz 802.11 channels -v, --verbose Display non-critical warnings (-vv for more) -q, --quiet Only display critical messages -K, --pixie-dust Test Pixie Dust [1] Basic(-S) [2] With E-Once(-S) [3] With PKR -Z, --no-auto-pass Not run automatically reaver to get the password when the pixiewps retrieves the pin -h, --help Show help Advanced Options: -p, --pin=<wps pin> Use the specified 4 or 8 digit WPS pin -d, --delay=<seconds> Set the delay between pin attempts [1] -l, --lock-delay=<seconds> Set the time to wait if the AP locks WPS pin attempts [60] -g, --max-attempts=<num> Quit after num pin attempts -x, --fail-wait=<seconds> Set the time to sleep after 10 unexpected failures [0] -r, --recurring-delay=<x:y> Sleep for y seconds every x pin attempts -t, --timeout=<seconds> Set the receive timeout period [5] -T, --m57-timeout=<seconds> Set the M5/M7 timeout period [0.20] -A, --no-associate Do not associate with the AP (association must be done by another application) -N, --no-nacks Do not send NACK messages when out of order packets are received -S, --dh-small Use small DH keys to improve crack speed -L, --ignore-locks Ignore locked state reported by the target AP -E, --eap-terminate Terminate each WPS session with an EAP FAIL packet -n, --nack Target AP always sends a NACK [Auto] -w, --win7 Mimic a Windows 7 registrar [False] -X, --exhaustive Set exhaustive mode from the beginning of the session [False] -1, --p1-index Set initial array index for the first half of the pin [False] -2, --p2-index Set initial array index for the second half of the pin [False] -P, --pixiepust-loop Set Into PixieLoop mode ( doesnt send M4, and loops through to M3 [False]
    Select All
    reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv -K 1;
    Option (K)

    Select All
    The -K option 1 run pixiewps without PKR and the hash1 = hash2 = 0 The -K option 2 runs pixiewps without PKR and the hash1 = hash2 = 0 but using the -n option of pixiewps (E-Once) The -K option 3 runs pixiewps with PKR and the hash1 = hash2 = e-once
    **Use the reaver with the option -S when you take your test without the pkr


    Modifications made by t6_x
    Modifications made by DataHead

    Some ideas made by nooro
    AngelErick likes this.

Recent Reviews

  1. nafo
    Version: 1.5.2 Stable