My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
  Advanced search   Search tips   Subscriptions
Issue 134: Reaver associates with AP but wont start trying pins
18 people starred this issue and may be notified of changes. Back to list
Status:  NeedMoreInfo

Sign in to add a comment
Reported by, Jan 12, 2012
A few things to consider before submitting an issue:

0. We write documentation for a reason, if you have not read it and are
having problems with Reaver these pages are required reading before
submitting an issue:
1. Reaver will only work if your card is in monitor mode.  If you do not
know what monitor mode is then you should learn more about 802.11 hacking
in linux before using Reaver.
2. Using Reaver against access points you do not own or have permission to
attack is illegal.  If you cannot answer basic questions (i.e. model
number, distance away, etc) about the device you are attacking then do not
post your issue here.  We will not help you break the law.
3. Please look through issues that have already been posted and make sure
your question has not already been asked here:
4. Often times we need packet captures of mon0 while Reaver is running to
troubleshoot the issue (tcpdump -i mon0 -s0 -w broken_reaver.pcap).  Issue
reports with pcap files attached will receive more serious consideration.

Answer the following questions for every issue submitted:

0. What version of Reaver are you using? Reaver 1.3

1. What operating system are you using Backtrack5

2. Is your wireless card in monitor mode Yes mon0

3. What is the signal strength of the Access Point you are trying to crack? 100% I am in the same room.

4. What is the manufacturer and model # of the device you are trying to
crack? Cisco epc2425

5. What is the entire command line string you are supplying to reaver?
reaver -i mon0 -b XX:XX:XX:XX:XX -VV

6. Please describe what you think the issue is. Reaver waits for the beacon, switches channel and then associates with the AP and then does nothing, even if I leave it on all night

7. Paste the output from Reaver below. Associated with XX:XX:XX:XX:XX

Jan 13, 2012
Try to put the channel argument, and the -VV must be -vv.
Maybe it is the AP problem or even your chipset.
Do you manage to use aircrack properly (injection support etc...)?
Jan 13, 2012
Project Member #2
Can you provide a pcap while you have Reaver running?
Status: NeedMoreInfo
Jan 13, 2012
Thanks for the speedy reply guys. Unfortunately I'm new to Linux/Backtrack and dont really understand "channel argument, aircrack or pcap". I did however use -vv in the code, I accidently typed it in capitals in the comments.
Jan 14, 2012
I'm actually having this same issue. I had it at one point and then it worked.. let me see if I can reproduce it.
Jan 14, 2012
maybe should try wash or walsh mon0 to make sure that WPS is even running on the modem ?
May 2, 2012
Hello, I am facing the same problem on BT5|R2 32bit installed on the PC as main and only OS , I'm using an RTL8187BvB(early) chipset Wifi USB2.0 with the rtl8187 drivers integrated in the OS .The device is working prefectly with the aircrack-ng (injection,monitor mode ect.) But when I type the command it simply shows me 

Swiching mon0 to channel 1 

and then

Associated with XX:XX:XX:XX:XX and remains there forever ....

I'm using the 1.4 version of reaver and the AP signal is 90/95%.

Any Ideas ?
Jun 28, 2012
same here ;(

I'm using RT2870/3070 Chipset with RT2800usb driver
In BT5R2, can monitor & Inject

but when I use  reaver -i mon0 -b XX:XX:XX:XX:XX -vv  with a very good AP signal
nothing happen after Association ok

Jul 11, 2012
I'm using the rt2800usb drivers both provided with Ubuntu 12.04 and via and my rt2870 fails to work with Reaver.  Granted, I haven't gotten it to work perfectly with aircrack-ng, but even my Atheros card fails with Reaver and works perfectly with aircrack-ng.
I'm presently right next to my router so there's no issue with distance.  I'm thinking that reaver 1.4 needs to be updated to utilize more up-to-date and/or simplified commands.
I'll give it this, it does manage to change channels better than aireplay-ng does, but it doesn't even like to associate on its own.

In similar news, I absolutely have to run wash with the -C option or it fails.  This indicates to me a checksum error that can be circumvented via an option or minor tweak in code.  Most likely, it's an issue with the rt2800usb drivers.  If this is so, there might need to be a patch in place with the compat backports.  : /
Oct 13, 2012
Make sure network-manager does not run
sudo stop network-manager

Bring up your wlan0 interface with ifconfig wlan0 up

Patch your code with
Index: reaver-r113/src/exchange.c
--- reaver-r113.orig/src/exchange.c	2012-10-13 20:20:23.452675557 +0200
+++ reaver-r113/src/exchange.c	2012-10-13 20:29:39.741682088 +0200
@@ -273,7 +273,12 @@
+	if (get_external_association()) 
+	{
+		deauthenticate();
+	}
 	return ret_val;
Oct 13, 2012
Regarding the above try to authenticate with aircrack-ng -1 5 -e YOUR_SSID mon0 and use reaver with the -A switch
Jan 12, 2013
I I have the same problem when I was in the folder: / reaver-wps-read-only/src and inscription:. / reaver-i mon0-b xx: xx: xx: xx: xx: xx:-e-c xxy xxy - w as associated with ap
and when I write: reaver-i mon0-b xx: xx: xx: xx: xx: xx-vv shows me:

[+] Switching mon0 to channel 1
[+] Switching mon0 to channel 2
[+] Switching mon0 to channel 3
[+] Switching mon0 to channel 4
[+] Switching mon0 to channel 5
[+] Switching mon0 to channel 6
[+] Switching mon0 to channel 7
[+] Switching mon0 to channel 8
[+] Switching mon0 to channel 9
[+] Switching mon0 to channel 11
Jan 18, 2013
each time i had this kind of problem i used aireplay-ng -0 0 -a xx:xx:xx:xx:xx:xx mon0 - sending deauthentication frames to an AP for few seconds then restarting attack with reaver and it worked each time
Dec 20, 2013
Hi My Dear Brothers,
I got success in cracking over WPA-PSK routers/modem by using Reaver1.4 and Currently i am using BackTrack5R3.
While cracking WPA2-PSK ( Wash tell me that -WPS Locked-"No". So i run Reaver1.4 to crack it, i use Reaver -i mon0 -c XX -b XX -S -L -vv
" switching mon0 channel xx
Waiting Becon from xx:xx:xx:xx:xx
associating with xx:xx:xx:xx:xx (ESSID:XXXX)
Trying Pin 12345670
Sending EAPOL start request
Received Identity request
Sending Identity Repose.
Now it stop here does not go further. Even waited one hour.
Then i Saw in google code that in this case open another konsol and try
aireplay-ng -1 120 -a BSSID mon0
But Issue remain same. Is there any issue over attacking WPA2-Psk Pin Codes.

Guidance is required about this Issue on this forum.

Sign in to add a comment

Powered by Google Project Hosting