Recently there has been quite a bit of talk about this new cool called
reaver. It’s a tool for bruteforcing WPS keys to achieve WPS registrar access, breaking WPA/WPA2 in the process. Previously I hadn’t thought too much about WPS shipping on these new big box routers, really just thinking, “Hey look, it’s another button on the router I’m never going to use”. It turns out however that WPS seems to ship activated on almost all big box routers to date, leaving every one of them out there effectively defenceless. Another reason
reaver is so powerful is that, even if router manufacturers release a firmware update and correct the problem, almost no one will actually get around to installing it.
Something I didn’t know was that having WPS registrar access allows you to change many of a router’s common settings, settings like wireless network configurations. Strangely enough, while being a WPS registrar, you can change settings that you previously wouldn’t have been able to change without having access to the router’s administration panel. Settings like wireless packet encryption, rendering any security a network may have had before insignificant.
From their website:
Reaver is a WPA attack tool developed by Tactical Network Solutions that exploits a protocol design flaw in WiFi Protected Setup (WPS). This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community. – Tactical Network Solutions
reaver do it’s work, I decided I had to give it a try myself, trying it out on my home network. The following is a guide for how I set it up on my laptop (tested running Ubuntu 11.10 and Backtrack 5) to work with
reaver. Your mileage may vary.
OPTION 1: Build it yourself
- Build your dependencies from the repositories
sudo apt-get update
sudo apt-get install build-essential libpcap0.8 libpcap-dev libsqlite3-0 libsqlite3-dev
- Download and untar the latest version of
reaper(currently v1.4 from Google Code)
tar -xvvzf reaver-1.4.tar.gz
- Compile and install
sudo make install
Congrats! You’ve installed reaper from source! To test your installation, run the command
which reaver in the terminal. If your installation has been set up in the proper directories, you should get a file path for the reaper executable something like this
OPTION 2: Get the script to do it
After writing this guide, I figured I might as well write a bash script to make what was documented above that little bit easier and a couple minutes later it was complete. To use my script, just download it from the link below and then run it as an executable, remembering to set the executable bit with
chmod or nautilus.