-
Notifications
You must be signed in to change notification settings - Fork 405
Troubleshooting
If reaver doesn't work as expected, there can be several possible causes. Before opening issues in this repo and asking easily searchable questions (is:closed), first follow this guide to find the issue yourself.
After updating your git checkout, always run make clean first. If you don't, weird things can and will happen.
Try injection test of the aircrack-ng suite:
aireplay-ng -9 -a 00:11:22:33:44:55 -e "ESSID_OF_AP" wlan0mon
Where 00:11:22:33:44:55 needs to be replaced with the mac address of the AP, ESSID_OF_AP with the essid (network name) of the network, and wlan0mon with your network card interface name.
If that fails, go and look how you can fix the driver. Sometimes there are regressions in the drivers built into the linux version, and updating to a newer kernel can fix the issue. Be sure your card supports monitor mode and injection. Lots of newer 802.11AC cards do not have good support yet.
If you add -vvv to reaver, you get very verbose output which makes it possible to see what reaver is trying to do.
The output will look like this:
...
[+] Trying pin "99999999"
send_packet called from deauthenticate() 80211.c:326
send_packet called from authenticate() 80211.c:357
[+] Sending authentication request
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
...
[!] WARNING: Receive timeout occurred
Look out for the last message send_packet called from that is not from resend_last_packet.
in this case: send_packet called from authenticate.
the first steps reaver does is:
- deauthenticate
- authenticate
- associate
- send EAPOL Start request.
If you don't progress until you see [+] Sending EAPOL START request, try to associate to the AP using aircrack-ng (go to step 3).
If you get there, skip to step 4.
aireplay-ng -1 0 -a 00:11:22:33:44:55 -e "ESSID_OF_AP" -h DE:AD:BE:EF:CA:FE wlan0mon
Where 00:11:22:33:44:55 needs to be replaced with the mac address of the AP, ESSID_OF_AP with the essid (network name) of the network, DE:AD:BE:EF:CA:FE with the mac address of your own network adapter, and wlan0mon with your network card interface name.
If that still doesn't work, you're probably too far away, there is too much congestion on the channel, or there is some kind of mac address filter on the AP.
Start wireshark and capture on your monitor interface while you are using reaver. Alternatively you may use tcpdump:
tcpdump -w output.cap -i wlan0mon
imagine you see this output of reaver:
...
[+] Trying pin "99999999"
send_packet called from deauthenticate() 80211.c:326
send_packet called from authenticate() 80211.c:357
[+] Sending authentication request
send_packet called from associate() 80211.c:410
[+] Sending association request
[+] Associated with C8:3A:35:xx:xx:xx (ESSID: Tenda_xxxxxx)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
...
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
[!] WARNING: Receive timeout occurred
This tells us that reaver tries to send EAPOL message but does not receive a reply. Now look at the packet capture in wireshark. Does the AP send anything to your mac address after the EAPOL packets start?
If so, there may be a real issue with reaver. If not, the router may simply have the functionality disabled OR enabled but not configured.