Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Constant deauth in MacOS #275

Open
freehalalmeats opened this issue Mar 16, 2019 · 5 comments
Open

Constant deauth in MacOS #275

freehalalmeats opened this issue Mar 16, 2019 · 5 comments

Comments

@freehalalmeats
Copy link

freehalalmeats commented Mar 16, 2019

When attempting to use Reaver on macOS:

sudo reaver -i en0 -b 14:A5:1A:09:7F:A3 -F -vvv

Reaver v1.6.5-git-18-g48a0a8b WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

[+] Waiting for beacon from 14:A5:1A:09:7F:A3
[+] Switching en0 to channel 1
[+] Switching en0 to channel 2
[+] Switching en0 to channel 3
[+] Switching en0 to channel 4
[+] Switching en0 to channel 5
[+] Received beacon from 14:A5:1A:09:7F:A3
[+] Vendor: Broadcom
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
     31 32 33 34 35 36 37 30                           12345670        
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:337
send_packet called from authenticate() 80211.c:368
[+] Sending authentication request
send_packet called from associate() 80211.c:421
[+] Sending association request
[+] Associated with 14:A5:1A:09:7F:A3 (ESSID: --Hepburn--)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
[+] Received deauth request
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
[+] Received deauth request
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161

I have tried moving closer to the router, too.

Are there any other mac compatible pieces of software that I can use to handle authentication? (aireplay-ng isn't supported, it seems)

@rofl0r
Copy link
Collaborator

rofl0r commented Mar 16, 2019

[+] Received deauth request

some routers do that, i haven't yet figured out why. maybe try with another type?

@freehalalmeats
Copy link
Author

Have tried with several routers now, but the results are all the same. Most of the routers are running WPS version 2.0. Could this possibly be the cause?

@rofl0r
Copy link
Collaborator

rofl0r commented Mar 17, 2019

no, that's not related. maybe the mac driver adds some invalid stuff to the packets, causing the routers to force a deauth. apparently mac monitor drivers are pretty buggy, so far there's only one apple device known working, iirc macbook white (2004) which @DJDan owns

@elig0n
Copy link

elig0n commented Jul 27, 2020

I get the same type of response on linux but without
[+] Received deauth request
Observing the packets it seems that right after a successful Authentication & Association the AP sends Dissassociate with reason:
Reason code: IEEE 802.1X authentication failed (0x0017)
and later a Start->Deauth cycle with 4 Deauthentication packets after each EAP Start with the reason:
Reason code: Class 2 frame received from nonauthenticated STA (0x0006)
eventually I've noticed there's also a Code 4 Failure EAP packets (type 0) send after awhile together Start

So maybe the AP deauthenticate & disassociates the client after the very first authentication failure

I have also tried sending aireplay-ng fake association before running reaver to no avail.
My antenna is less than 1 meter from the AP and I've also tried extending timeouts durations.

My suggestion is that the many similar issues open are at most the same thing.

@rofl0r
Copy link
Collaborator

rofl0r commented Jul 27, 2020

I have also tried sending aireplay-ng fake association before running reaver to no avail.
My antenna is less than 1 meter from the AP and I've also tried extending timeouts durations.

could you sniff with a second antenna when you associate to the AP using wpa_supplicant or anything that works, and compare what they do differently ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants