Cracking WiFi Protected Setup with Reaver
Wednesday, December 28, 2011 at 12:51 UPDATE: Reaver Pro now available on the HakShop!
Yesterday, Stefan over at .braindump released a white paper detailing vulnerabilities in the WiFi Protected Setup (WPS) protocol that allows attackers to recover WPA/WPA2 passphrases in a matter of hours.
This is a capability that we at TNS have been testing, perfecting and using for nearly a year. But now that this vulnerability has been discussed publicly we have decided to announce and release Reaver, our WPS attack tool, to the open source community. Reaver is capable of breaking WPS pins and recovering the plain text WPA/WPA2 passphrase of the target access point in approximately 4-10 hours (attack time varies based on the access point).
While we have released Reaver as an open source project, we also offer a commercial version with additional features and functionality as well as a support plan. Since nearly all access points manufactured in the past few years have WPS support enabled by default, attacking WPS provides several advantages over attacking WPA directly:
- Cracking the WPS pin is, obviously, much faster.
- Once you have the WPS pin you can instantly recover the WPA passphrase, even if the owner changes the passphrase.
- Access points with multiple radios (2.4/5GHz) can be configured with multiple WPA keys. Since the radios use the same WPS pin, knowledge of the pin allows an attacker to recover all WPA keys.
Of course the disadvantage is that WPS can be disabled. However, in our experience even security experts with otherwise secure configurations neglect to disable WPS; further, some access points don't provide an option to disable WPS, or don't actually disable WPS when the owner tells it to.
To learn more about Reaver, visit our product page, or the open source project on Googlecode.
References (59)
References allow you to track sources for this article, as well as articles that were written in response to this article.
-
WiFi hacking has long been a favorite pastime of hackers, penetration testers, and people too cheap to
-
Response: diaita astrapithanks for sharing..
-
Response: Celular MexicoYesterday, Stefan over at .braindump released a white paper detailing vulnerabilities in the WiFi Protected Setup (WPS) protocol that allows attackers to recover WPA/WPA2 passphrases in a matter of hours.
-
Response: dui lawyersThis one helped me for a thesis which I am writing. Thank you for giving me another point of view on this difficult situation. Now I can easily complete my article. Thanks
-
Response: Mike SweenyI would like to thank you for your nicely written post, its informative and your writing style encouraged me to read it till end. Thanks
-
Response: Septic Tank Pumping Michigan
-
Response: restroom trailers michigan
-
Response: water damage
-
Response: water damage leads
-
Response: zumba
-
Response: real estate agent brighton mi
-
Response: how do you start an seo business
-
Response: water damage baltimore md
-
Response: water damage Wilmington de
-
Response: loyalty cardsThere are a lot of sites and articles out there on this particular point, but you have captured another side of the subject. This is good content thank you for adding it here.
-
Response: how to lose weight fastThis is a terrific article, and I would like more information if you have any. I am fascinated with this topic and your post has been one of the best I have read.
-
Response: locksmith miamiI am researching this topic for use in a future business I am thinking about starting. Thank you for this information, it has been educational and helpful to me.
-
Response: pool cleaning sarasotaI am interested in this subject matter and would like to explore out some more information as my colleague need information on this topic. Do you have any other post on this? Cheers!
-
Response: neueseo.comYour post had provided me with another point of view on this topic. I had no idea that things can work in this manner as well. Thank you for sharing your perspective.
-
Response: Wifi hackerTactical Network Solutions - News - Cracking WiFi Protected Setup with Reaver
-
Response: Peoria bankruptcy lawyerI would like to thank you for your nicely written content, its useful and your writing style helped me to read it without any difficulty. Thanks
-
Response: personalised usb sticksYour post contains useful information on this point as I am working on a college project. Thank you posting relative information and its now becoming easier to complete this topic.
-
Response: mold testing
-
Response: you can have eye twitchI am about to complete a university thesis on this topic and your post has helped me with the facts and figures I needed to accomplish it. Cheers!
-
Response: Vapor Blogger.comI would like to thank you for your best written post, its informative and your writing style helped me to read it till end. Thanks man!
-
Response: websiteI have been searching for quite some time for information on this topic and no doubt your website saved my time and I got my desired information. Your post has been very helpful. Thanks.
-
Response: leak services Dallas
-
Response: used cars in irelandWow! I really appreciate the thought that you put into this article. This topic has been something I have been looking into for a few hours and your post is one of the best I have read.
-
Response: online doctorThis topic has always been one of my favorite subjects to read about. I have found your post to be very rousing and full of good information. I will check your other articles shortly.
-
Response: fat loss factor review
-
Response: Brighton CleanerYour site contains useful information on this topic as I am working on a school project. Thank you posting relative information and its now becoming easier to complete this topic.
-
Response: she became a cna and is really happyAs part of a college thesis for research I have to search sites with relevant information on given topic and provide them to teacher our opinion and the article. Your article helped me a lot.
-
Response: printing companies athens gaI am doing a report on this subject. Your article is full of really useful information. I will make sure to come back to check out your posts for my next report. Cheers
-
Response: SanowiczI like the way you described the topic with such clarity. This is something I have been thinking about for a long time and you really captured the essence of the subject.
-
-
Response: Adonis Golden Ratio
-
Response: tablet pc with simYour article is very exciting and informational. I am trying to decide on a career move and this has helped me with one aspect. Thank you so much!
-
Response: modeladores yogaAs part of an assignment for research I have to find an article with relevant information on this topic and give the teacher our opinion and the article. Your article helped me a lot.
-
Response: water damage company
-
Response: www.worldofsolar.comI am in the middle of working on a school report on this topic and your post has helped me with the information I needed to complete it. Thanks.
-
Response: replica phillip limWhat's up to every one, the contents existing at this website Tactical Network Solutions - News - Cracking WiFi Protected Setup with Reaver are genuinely awesome for people knowledge, well, keep up the nice work fellows.
-
Response: click hereI am currently teaching a class and part of the curriculum involves this subject matter. Do you have any other posts I can look at regarding this?
-
Response: hack wifi androidTactical Network Solutions - News - Cracking WiFi Protected Setup with Reaver
-
Response: curing hemmerhoids
-
Response: fire damage cleanup
-
Response: Duluth MN Workers Compensation Attorney
-
Response: water damage doylestown pa
-
Response: water damage restoration
-
Response: flood damage
-
low price and cheap cell phone plans for smart phones verizon wireless att
-
Response: mold remediation
-
Response: http://www.chicago-classified.comTactical Network Solutions - News - Cracking WiFi Protected Setup with Reaver
-
Response: baterie egoGreat info here!
-
Response: phen375 reviewTactical Network Solutions - News - Cracking WiFi Protected Setup with Reaver
-
Response: water damage restoration
-
Response: flooded basement cleanup
-
Response: flooded basement
-
Response: Treatment
-
Response: mold removal
Reader Comments (36)
Nice job!
Please continue, we need much more security-aware people on the internet and I'd say this will help a little to raise awareness.
What string of commands do I use in reaver to recover the passphrase again once I have the pin?
Do I have to start from scratch or can I use the pin to get the passphase or wpa key?
Once you have the pin you can re-run Reaver and it will give you the passphrase.
great, it really helps someone like me who is not a very computer literate person.
Using latest version of Reaver to crack a WPA2 but the MAC addy is ALL numeric and Reaver just kicks back the ' failed to associate'. Any ideas/suggestions?
So my router has its WPS enabled, but... when i created the WPA2 PSK connection i didn't use the WPS button, but entered a passfrase in the router's menu. Is my network vulnerable in this case?
@cmyk If you router has WPS enabled you are vulnerable.
What OS should I use to run Reaver Pro on my win7 pc, I thought it would run from windows?
@N00d L if u ran it off a live cd such as ubuntu then reaver will not remeber your pin so u wil have to put a -p 12345678 where the numbers r the pin in ur command so for example
"sudo reaver -i mon0 -b 00:01:02:03:04:05 -L -p 12345670 -vv"
@mm use a linux operating system such as ubuntu or backtrack they both come in live cd versions or u can just use them through vertual machines such as vmware or virtualbox
guy i do really need Reaver and where can i download it.?
This is an extremely interesting subject, could you please expand on what exactly happens when WPS is disabled?