Reaver/Wash not working for me

moonlight · October 12, 2023, 8:36pm

Hi...
I got an TP-LINK WR841N v13 with Openwrt 23.05.0 installed.
I downloaded reaver through opkg and it installed fine.
Since I really don't have enough space to install aircrack... I had to think another way to setup a monitor interface.
I searched google and one of the first results it's an archived post from the openwrt forum.
That post shows someone telling to add 4 lines to /etc/config/wireless and I did that to my file and rebooted.
When I go to Network -> Wireless, I see a new item named "?".
If I go to the shell and type ifconfig, I see mon0 listed.
I typed wash -i mon0, wash starts normally but no single station is picked.
So I started from scratch... I suddenly remember that if I use add button and open Mode dropdown, I can pick Monitor, so I did that, I have a new wireless instance with a name this time using Monitor mode... but.... wash -i phy0-mon0 still shows nothing. Not even wash .... -2 -a ...
Is there someone out there with experience using wash/reaver on a router running Openwrt?

psherman · October 12, 2023, 9:04pm

Have you tried this with any previous versions of OpenWrt (such as 22.03.5)? Reason being that 23.05.0 isn't actually officially realeased yet (it is probably still building... more on that in the link below), and it would be good to know if it was working in a previous version and broke with the newest.

FWIW, I also think that aircrack has been broken for a long time, but this is not my area of expertise so I may be mistaken here.

mk24 · October 12, 2023, 9:20pm

As you have found, the OpenWrt configuration system can start up a monitor interface directly, there is no need for airmon-ng. The monitor interface should be the only one on the radio device. Do not try to run an AP or STA at the same time on the same radio (that router only has one radio).

Is there an AP advertising WPS in range? I don't think there is any output from those tools unless and until a potentially vulnerable AP is found.

ercolino · October 12, 2023, 9:37pm

wash, reaver and aircrack-ng are working fine on openwrt. your device have mt7628 radio, i do not know if the wireless driver are ok for that.

moonlight · October 12, 2023, 9:54pm

Yes, there are lots of wifi stations with WPS enabled, except mine own wifi router/modem provided by my isp.
I wanted to use this router (TP-LINK) to check the little far away from me.
IF I click SCAN from Network -> Wireless, I do see some networks that I can't see with a regular laptop antenna nor with an usb wireless dongle (In this case, I can see some far away networks but I have to check all directions to get the best reception).

moonlight · October 12, 2023, 9:57pm

We will have to find out. It should work, unless something is not correctly configured.

moonlight · October 12, 2023, 10:09pm

When I click Add, I can select Monitor instead of Access Point.
Selecting Monitor, I can see ESSID (I put some dummy name like Mon) and Network which says Unspecified (I tried leaving as is and wwan).
In Advanced Settings, I simply left it as is as well.
Save, Save and Apply button, wash -i phy0-mon0 still shows nothing.
I just tried with a TP-LINK WR1043N v5, same basically plus a warning...
phy0 listed above phy0-mon0

phy0-mon0 Link encap:UNSPEC  HWaddr B0-4E-26-B0-92-C0-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7816 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1934821 (1.8 MiB)  TX bytes:0 (0.0 B)

root@OpenWrt:~# wash -i phy0-mon0
BSSID               Ch  dBm  WPS  Lck  Vendor    ESSID
--------------------------------------------------------------------------------
[!] Found packet with bad FCS, skipping...

ercolino · October 13, 2023, 7:22am

Please show
wash -h

moonlight · October 13, 2023, 10:34am

login as: root
root@192.168.2.1's password:


BusyBox v1.36.1 (2023-10-09 21:45:35 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 23.05.0, r23497-6637af95aa
 -----------------------------------------------------
root@WR841N:~# wash -h

Wash v1.6.6 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner

Required Arguments:
        -i, --interface=<iface>              Interface to capture packets on
        -f, --file [FILE1 FILE2 FILE3 ...]   Read packets from capture files

Optional Arguments:
        -c, --channel=<num>                  Channel to listen on [auto]
        -n, --probes=<num>                   Maximum number of probes to send to each AP in scan mode [15]
        -O, --output-file=<filename>         Write packets of interest into pcap file
        -F, --ignore-fcs                     Ignore frame checksum errors
        -2, --2ghz                           Use 2.4GHz 802.11 channels
        -5, --5ghz                           Use 5GHz 802.11 channels
        -s, --scan                           Use scan mode
        -u, --survey                         Use survey mode [default]
        -a, --all                            Show all APs, even those without WPS
        -j, --json                           print extended WPS info as json
        -U, --utf8                           Show UTF8 ESSID (does not sanitize ESSID, dangerous)
        -p, --progress                       Show percentage of crack progress
        -h, --help                           Show help

Example:
        wash -i wlan0mon

root@WR841N:~#

ercolino · October 13, 2023, 4:37pm

You can try to use 22.03 versione or you can try on current version
iw phy phy0 interface add mon0 type monitor

moonlight · October 13, 2023, 9:48pm

I kind don't know how to downgrade. I always updated in-place. Should I just download the sysupgrade from 22.03 or lower and use the normal process of upgrade? Maybe 22.03 also will not do it but I got the feeling that I need perhaps 19.x or lower, as one post suggests.

That iw command is a neat trick to enable monitor mode without having to create a specific interface with Monitor mode, but... It also does not work.
When I type wash -i phy0-ap0 (or phy0-mon or phy0-sta0), wash runs but shows no station listed as I was saying at the beginning when I created the topic.

root@WR841N:~# wash -i phy0-ap0
BSSID               Ch  dBm  WPS  Lck  Vendor    ESSID
--------------------------------------------------------------------------------

It should list things but it doesn't.
I am at middle of my house testing all this and when I click Scan (Network -> Wireless), I can see wifi networks that are impossible to see with a regular laptop, which proves that the TP-Link antennas are really good.

ercolino · October 13, 2023, 9:56pm

Yes download 22.3 version and flash It,Just Do not keep setting. I think the problema here could be the name of the interface. 22.3 version for sure work.
The name of the interface on 22.03 should be wlan0.

mk24 · October 14, 2023, 1:38am

Defining a monitor interface should be simply this:

config wifi-iface 'monitor'
	option device 'radio0'
	option mode 'monitor'
	option ifname 'wlmon0'

The ifname can be whatever you want.
Then iw dev should show your monitor interface (as the only one)

phy#0
	Interface wlmon0
		ifindex 22
		wdev 0x2
		addr XX:XX:XX:XX:XX:XX
		type monitor
		channel 1 (2412 MHz), width: 20 MHz (no HT), center1: 2412 MHz
		txpower 20.00 dBm

FInally, try running tcpdump on the interface to see if wireless packets are being received.

moonlight · October 14, 2023, 11:59am

After fiddling around, I managed to do it. Indeed, 23.05 changes the wlan0 to phy0-xx.
So I downloaded 22.03.0...the firrmware.... then I realised there was 22.03.5 if I scrolled a bit more. Flashed the 22.03.5 ramips 76x8 without saving settings.
Then I had to turn off the wireless of this laptop because WR1043N uses 192.168.1.1 and WR841N will also 192.168.1.1 after reset/flash.
Entered Web Interface, changed hostname (just because), set a password, defined 192.168.2.1 as ip and 8.8.8.8/8.8.4.4 under 'use custom dns servers', a reboot.
Entered Web Interface again, Network -> Wireless , set a client using Scan button and connect to the WR1043N.
Then I joined shell via ssh, opkg update and opkg install reaver nano-plus.
Edited the /etc/config/wireless and added those 4 lines above. Saved. Rebooted.
Got rid of the client under Network -> Wireless, just left radio0 and the defeault disabled access point named Openwrt (EDIT: AND the interface '?' with Monitor Mode)..
Entered shell via ssh again.

last part of ifconfig:

wlmon0    Link encap:UNSPEC  HWaddr D4-6E-0E-F5-F0-CC-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1486 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:234200 (228.7 KiB)  TX bytes:0 (0.0 B)

root@WR841N:~# wash -i wlmon0
BSSID               Ch  dBm  WPS  Lck  Vendor    ESSID
--------------------------------------------------------------------------------
70:8A:09:xx:xx:xx    6  -76  2.0  No   Broadcom  xx
xx:xx:91:xx:xx:xx    6  -80  2.0  No  Broadcom  xxx
xx:xx:91:xx:xx:xx   11  -92  2.0  No  Broadcom  xx
xx:xx:91:xx:xx:xx   11  -77  2.0 No  Broadcom  xxx
(.....)

I can see plenty of wireless networks.
I hope this gets fixed with 23.05 or so. OR perhaps a workaround thread.
Hope this thread helps others as well.
EDIT: Thanks Francesco and the others that tried to help. Very appreciated.

system · October 24, 2023, 11:59am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.