wifi password cracker

**bub** · 4th September 2012

Thanks for the tips Burner, I did also hear that if a WPS router had never been connected with its pin it will give me that issue. I must admit I have never used the WPS on it so that must be the problem. I will try the command line you gave me when reaver has finished doing my friends router which is next door and I already have the key for.
I have been messing around with Xiapan which has Reaver built in, it gave the same results on my network so it obviously works. Its a nice point and click interface with all the Reaver feaures there to be selected without the need to remember any command lines. When you first run it, it shows you all the AP which are WPS enabled and are good to go, so saves on the Wash command. The only problem I am having is thats its been running nearly 2 days now and is only at 25%. Also for some reason on the AP its not showing what pins have been tried on the progress report. Its not as if the signal is weak (-65db). at this rate its going to take a week. Its a Virginmedia router

**burner1** · 4th September 2012

Originally Posted by bub

Thanks for the tips Burner, I did also hear that if a WPS router had never been connected with its pin it will give me that issue. I must admit I have never used the WPS on it so that must be the problem. I will try the command line you gave me when reaver has finished doing my friends router which is next door and I already have the key for.
I have been messing around with Xiapan which has Reaver built in, it gave the same results on my network so it obviously works. Its a nice point and click interface with all the Reaver feaures there to be selected without the need to remember any command lines. When you first run it, it shows you all the AP which are WPS enabled and are good to go, so saves on the Wash command. The only problem I am having is thats its been running nearly 2 days now and is only at 25%. Also for some reason on the AP its not showing what pins have been tried on the progress report. Its not as if the signal is weak (-65db). at this rate its going to take a week. Its a Virginmedia router

Have a look at the power rating given in Wicd network manager for the AP as opposed to what it says in other apps mate. 40+ seconds per pin is very slow imo. I'm usually getting 2 seconds/pin on average. Another issue may be other connections to the AP throttling bandwith so time slicing is slowed with that. Also worth trying direct in reaver as opposed to other apps that integrate it (wifite is another app that utilises reaver and is quite good for WEP, but for stand alone WPA, I prefer reaver alone)

**bub** · 4th September 2012

Thanks Burner, I think I'll leave it running for now as it a lappy that I don't use much. Once it's done I'll run Reaver in Backtracker and see if there is a difference.

Bub

**Over Carl** · 4th September 2012

Originally Posted by bub

Best card to get for packet injection and long range is the Alfa AWUS036H. You can purchase one from the bay for �20

I read about them but preferred the idea of an internal card (the laptop I hoped to do this with has decent aerials, wifi amplifier, 2 pcie slots and got great reception with the internal). So I looked up that alfa is based on the RTL8139 and got a card with that chipset.

Results I got were terrible so I just gave up on the idea. Do you know if the Alfa has a built in booster or something? Also I believe there are two variants of that alfa, some with 500mw power and some with 1000mw.

**burner1** · 4th September 2012

Originally Posted by Over carl

I read about them but preferred the idea of an internal card (the laptop I hoped to do this with has decent aerials, wifi amplifier, 2 pcie slots and got great reception with the internal). So I looked up that alfa is based on the RTL8139 and got a card with that chipset.

Results I got were terrible so I just gave up on the idea. Do you know if the Alfa has a built in booster or something? Also I believe there are two variants of that alfa, some with 500mw power and some with 1000mw.

I have the alfa AWUS036H and it comes up as an RTL8187, not 8189. It's imo, a cracking device (I'm using the USB version) although most cards based on the 8187 are decent enough. There is a N version which is a later one (supposed 1000mw), but from what I've read, results aren't so good.

As for power output, that depends on a number of factors: there are 'country codes' based within an OS that are supposed to set the output rating depending on where you live as the rules governing output power are regulated worldwide. You're supposed to be able to change it though within Linux. I've never bothered as it may well make my device knock out a more powerful signal but considering most routers only run tx/rx on less than 100mw, doesn't seem to be any point. It's akin to shouting across an open space and although someone can hear you, they can't shout loud enough for you to actually 'hear' what they're saying back.

**bub** · 4th September 2012

The one I recently got from Amazon is set to 1000mw. You can download power control software from the Alpha website that adjusts the power output of the Alpha AWUS036H, this definately uses the RTL8187 chipset

Power control here
http://www.alfa.com.tw/in/front/bin/...ategory=105463

**Over Carl** · 4th September 2012

Strange, just checked and must have got muddled up as the card here is an RTL8187L.

I tried setting it to the bolivian region to allow max power but that barely made any difference.

**drdude** · 4th September 2012

BTHub3 near me doesn't show up with the wash command so presume WPS has been switched off. Tried using reaver on it regardless and got nowhere.

O2wireless was vulnerable but kept triggering "WARNING: Detected AP rate limiting...". After 5 incorrect PIN attempts I got locked out for 5 minutes, so my seconds/pin figure was well over >60

However the --ignore-locks switch was a nifty workaround for this block, as the router kept accepting requests regardless. I'm now working at 8 seconds/pin. Presumably it's just a matter of time before the first and second halves of the PIN are cracked...

wash doesn't report the new Sky routers as vulnerable (grey ones given out for Sky Fibre) when WPS is disabled.

**drdude** · 5th September 2012

Hmm allow me to go back on my --ignore-locks suggestion. Seems that Reaver cycled round all the way to the end and gave up, so perhaps the AP rejects any PIN attempts whilst you are meant to be limited?

**burner1** · 5th September 2012

Originally Posted by drdude

Hmm allow me to go back on my --ignore-locks suggestion. Seems that Reaver cycled round all the way to the end and gave up, so perhaps the AP rejects any PIN attempts whilst you are meant to be limited?

Doesn't seem to do that for me mate. I do however, sometimes ctl-c the process if it keeps failing on wps negotiation (which isn't often), then after 30 seconds or so rerun the app and press Y for restore session. What does wash say about the WPS in the WPS locked column? if it says yes, then it probably won't get the WPS/PSK mate.

**drdude** · 7th September 2012

Originally Posted by burner1

Doesn't seem to do that for me mate. I do however, sometimes ctl-c the process if it keeps failing on wps negotiation (which isn't often), then after 30 seconds or so rerun the app and press Y for restore session. What does wash say about the WPS in the WPS locked column? if it says yes, then it probably won't get the WPS/PSK mate.

Hmm that's interesting mate. I will try running it again with --ignore-locks set as wash reported no in the WPS locked column.