Alright, I'm going to be "that guy" for my first post but I did join the website to get help I'm using an internal atheros AR5B95 wireless card in my laptop and I can't for the life of me get the thing to work right. I've used it in Backtrack 4 pre release, Backtrack 5 r3, Ubuntu 12.1, and Xiaopan 0.4.1 all with no luck from Reaver, Inflator, Wifite or aircrack-ng. I'm trying to crack my wpa on a linksys wrt54g router and it's driving me bonkers!!! 3 days of researching and experimenting has brought me to the brink and I'm about to just move on... The card will go into monitor mode and pass the injection test. But all programs either stop or timeout over and over on the first or second pin. I'm assuming its either a kernel problem (mad wifi or compat?) or it just doesn't work. So any help or info or suggestions will be well appreciated in an attempt to accomplish this goal.
Hey kanuga, and thanks for joining Strange behavior indeed. It has passed everything that you need. Can we get some more info regarding: RSSI average (don't be too far and not too close) Output of verbose mode (-vv) in a Reaver attack Are you using the latest compat-wireless? After 3 days of searching I am sure you know you need the set of ath9k drivers. http://wireless.kernel.org/en/users/Drivers/ath9k Personally I am not familar with madwifi. It might be loading the wrong specific driver or a less suitable one which means you might need to blacklist some within the ath9k set. If you are getting Channel -1 error you need to patch the driver or install the latest compat-wireless.
Ok i have it running on a seperate laptop so I have to start it up. In the mean time I'm pretty new to this stuff still so a couple of questions. 1: How would i get a copy of the verbose output after i run reaver. 2: Is backtrack 5r3 my best bet because i don't feel very comfortable with building kernels.
1. From memory to copy text from a terminal window it is either ctrl + shift + c or ctrl + c. With a mac, I believe ctrl is equivalent to the command button. To pause the window, I think it is spacebar. 2. Backtrack 5R3 32bit Gnome is what I would be using.
Ok I'm using the 64 bit do you think that matters?? My RSSI hovers around high 50's low 60's its down stairs. Here's the reaver output I put X's for safety lol. I also just attached it because I can't figure out how to put it in that cool blue box. There is also an iwconfig and a uname -a file as well. The iw is after I put the card in monitor mode. I'm using the stock kernels for Backtrack 5 r3. And those outputs are from the live cd I'm reinstalling it now though. While I'm at it is there any other information I can give you to help resolve the issue?
What you get Code: Select All root@bt:~# iwconfig lo no wireless extensions. mon0 IEEE 802.11bgn Mode:Monitor Frequency:2.432 GHz Tx-Power=15 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:on wlan0 IEEE 802.11bgn ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=15 dBm Retry long limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on When you enter this Code: Select All airmon-ng start wlanX Do you get this: Code: Select All wlan0 Atheros ath9k - [phy1] (monitor mode enabled on mon0) phyX means you are using mac80211 drivers. Build Code: Select All root@bt:~# uname -a Linux bt 3.2.6 #1 SMP Fri Feb 17 10:34:20 EST 2012 x86_64 GNU/Linux Nothing seems out of place here, except the kernel (3.2.6) might be too great. Reaver -VV Output Code: Select All root@bt:~# reaver -i mon0 -b XX:XX:XX:XX:XX:XX -vv -d 15 Reaver v1.4 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]> [+] Waiting for beacon from XX:XX:XX:XX:XX:XX [+] Switching mon0 to channel 5 [+] Associated with XX:XX:XX:XX:XX:XX(ESSID: Mine) [+] Sending WSC NACK [!] WPS transaction failed (code: 0x03), re-trying last pin [+] Trying pin 12345670 [!] WPS transaction failed (code: 0x02), re-trying last pin [!] WARNING: Receive timeout occurred [+] Sending WSC NACK [!] WPS transaction failed (code: 0x02), re-trying last pin [+] Trying pin 00005678 [!] WPS transaction failed (code: 0x03), re-trying last pin [+] 0.01% complete @ 2012-12-31 09:17:25 (122 seconds/pin) [+] Trying pin 00005678 [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [!] WARNING: Receive timeout occurred [+] Sending WSC NACK [!] WPS transaction failed (code: 0x02), re-trying last pin [+] Trying pin 00005678 [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [!] WARNING: Receive timeout occurred [+] Sending WSC NACK [!] WPS transaction failed (code: 0x02), re-trying last pin [+] Trying pin 00005678 [+] Sending EAPOL START request [!] WARNING: Receive timeout occurred [+] Sending EAPOL START request [!] WARNING: Receive timeout occurred [+] Sending EAPOL START request [!] WARNING: Receive timeout occurred [+] Sending EAPOL START request [!] WARNING: Receive timeout occurred [+] Sending EAPOL START request [!] WARNING: Receive timeout occurred [+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received M1 message [+] Sending M2 message [+] Received M1 message [+] Sending WSC NACK [+] Sending WSC NACK [!] WPS transaction failed (code: 0x03), re-trying last pin So you are getting 0x03, 0x02 and time out issues, RSSI is optimal....and you have implemented the d flag which is great. Can you increase this to 30? and run again.
airmon-ng start wlanX returns: Code: Select All wlan0 Atheros ath9k - [phy0] No monitoring. Above it, it also says Code: Select All PID's 1564 and 1621 both dhclient 3 could cause trouble. Increasing d to 30 still times out with 0x03, 0x02
I ran: airmon-ng start wlan0 to get into monitor mode then i ran the attched lines. I kill them but they come back. Could you also tell me what I need to gather to change the drivers? (if I need to change them)
I think dhclient3 is your problem if your drivers pass the injection test they should be ok. Could be upstart-udev-bridge restarting dhcp try Code: Select All sudo service upstart-udev-bridge stop airmon-ng check kill
Alright meknb tried that too but no luck. Still timing out... I know this is something small because there's lots of reports of the ar9's working. I just can't figure out what i'm missing...
I read on the backtrack linux forum that the AR9285 and probably other ath9k have issues with the 3.2.6 Kernel. Here is the thread And this is what I would do to figure out what is wrong and it is going to take some work on your part: 1. Find out exactly what PCI-E card you have in there.... open it up 2. Go back to 2.6.39 Kernel so may as well use BT5r1 (I think) or 3. Try updating BackTrack (How to) [I think this will update your Kernel to 3.7.1] 4. Install latest compat-wireless (How to)
Ok awesome Penguin I have no problem doing work I was just looking for some direction. I 'll get to work and post back here when I get done. Thanks.
I've never had any problems with Atheros chipsets been using them for years but haven't used backtrack 5. Have you tried different switches for reaver ? try the -N or -L switch. Also is your router a push button to enable wps ? I remember i've got one which was a pain to crack you had to press a button on the back to enable wps but wps would only stay on for a hour or so, the only way i could crack that is with the -L switch. You can check to see if your router is vulnerable here https://docs.google.com/spreadsheet/ccc?key=0Ags-JmeLMFP2dFp2dkhJZGIxTTFkdFpEUDNSSHZEN3c#gid=0 also check the logs on your router to see whats going on there.
Just sharing, tested AR9285 with BT5R2 Gnome and Xiaopan 0.4.2.1 both running live (USB) No problem so far
Sharing too , I have an Atheros AR9285 internal on my minilap, no problem at all running BT5R2- Xiaopan 0.4.1 (Xiaopan 0.4.2-0.4.2.3 need some extra steps to make it work) - Reaver Pro - Backbox- or any pentest tool and yes, AR5B95 & AR9285 is exactly the same thing