Problems on attacking Vodafone Easybox 803

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Attack Vodafone EasyBox 803 (or probably any device manufactured by arcadyan 
with wps-pin)
2. Sniff with Wireshark whats happening

What is the expected output?
It's expectet that your tool iterates through the pins

What do you see instead?
It does not iterate through the pins, instead:
---------------------
root@fuckup:src $ ./reaver -i mon0 -b 7C:4F:B5:C8:64:09 -vv

Reaver v1.1 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from 7C:4F:B5:C8:64:09
[+] Switching mon0 to channel 1
[+] Associated with 7C:4F:B5:C8:64:09 (ESSID: EasyBox-C86429)
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[!] Warning: Out of order packet received, re-trasmitting last message
[+] Trying pin 52941009
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[!] Warning: Out of order packet received, re-trasmitting last message
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[!] Warning: Out of order packet received, re-trasmitting last message
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[!] Warning: Out of order packet received, re-trasmitting last message
[+] Trying pin 52941009
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[!] Warning: Out of order packet received, re-trasmitting last message
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 52941009
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[!] Warning: Out of order packet received, re-trasmitting last message
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[!] WARNING: 10 failed connections in a row
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] Trying pin 52941009
[!] WARNING: Receive timeout occurred
[+] 0.00% complete @ 0 seconds/attempt
---------------------

What version of the product are you using?
SVN Version of today

On what operating system?
BackTrack 5R1 x85 KDE


Please provide any additional information below.
Packet-Dump is attached.
I use the alfa awus036h with the rtl8187 chipset (as you do)
I looked into the dump allready together with Stefan Viehboeck and he is of the 
opintion that this "WPS, MD2" packet in the EAP-packets should normally not be 
there.

I am pretty sure it should work since i can log in with wps-pin from windows7 
into the device. That device is also the one which got Stefan initially started 
to research the problem. Would be great if you could take a look into the dump.

cya

Original issue reported on code.google.com by S3M73X on 29 Dec 2011 at 10:55

• Merged into: Repeating same pin #8

Attachments:

• alfa_easybox_reaver_debuglog.pcap

[GoogleCodeExporter]

The timeout issues were also encountered while working on issue #6, and seem to 
have been fixed with the latest SVN check-in (r20). Please check out the latest 
code and see if you are still having these problems.

Original comment by cheff...@tacnetsol.com on 30 Dec 2011 at 2:39

• Changed state: Accepted

[GoogleCodeExporter]

Still the same problem, see below and attached pcap-dump:

root@bt:~/reaver-wps-read-only/src# svn up
At revision 25.
root@bt:~/reaver-wps-read-only/src# ./reaver -i mon0 -b 7C:4F:B5:C8:64:09 -vv

Reaver v1.1 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
<cheffner@tacnetsol.com>

[+] Waiting for beacon from 7C:4F:B5:C8:64:09
[+] Switching mon0 to channel 1
[+] Associated with 7C:4F:B5:C8:64:09 (ESSID: EasyBox-C86429)
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] Trying pin 72785881
[!] WARNING: Last message not processed properly, reverting state to previous 
message
[!] Warning: Out of order packet received, re-trasmitting last message
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] Trying pin 72785881
[!] WARNING: 10 failed connections in a row
[+] Trying pin 72785881
[+] 0.00% complete @ 0 seconds/attempt
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] Trying pin 72785881
[+] 0.00% complete @ 0 seconds/attempt
^C
root@bt:~/reaver-wps-read-only/src# 

I was planning to make a blogpost about this tool btw.

Original comment by S3M73X on 30 Dec 2011 at 4:24

[GoogleCodeExporter]

This appears to be the same as issue #8: the AP is responding with WSC NACK 
messages after it receives the M2 message. This behavior has also been seen in 
the WRT54G2, not sure what is causing it yet. 

Merging the two tickets.

Original comment by cheff...@tacnetsol.com on 30 Dec 2011 at 4:29

• Changed state: Duplicate

[GoogleCodeExporter]

Same issue here it associates once tries the first pin then continues to 
recieve timeout then try the same pin.

Original comment by jeffmose...@gmail.com on 30 Dec 2011 at 6:43

[GoogleCodeExporter]

I have the same issue. Backtrack 5r1 gnome, RTL8187. I can't find the star icon 
so I'm adding a comment. Sorry.

Original comment by DanielRe...@gmail.com on 31 Dec 2011 at 12:56

[GoogleCodeExporter]

I have the same issue. Backtrack 5r3 gnome ;/

Original comment by nasilows...@googlemail.com on 20 Feb 2013 at 12:22