How to use Reaver and Aircrack Suite to crack WPA WPS WiFi Security

For educational purposes only: The content in this article is for evaluation and testing. You are not advised to test it on someone else as it's illegal in many countries.

This article is going to focus on the use of aircrack-ng and reaver which can be used to crack any WPS enabled WiFi router.

Preparing for Installation (for Ubuntu 14.04+ users)
Onwards Ubuntu 14.04, the two libraries that reaver requires have been upgraded to a newer version. However, reaver hasn't been updated to a newer version which will support those libraries. Therefore, the only solution to run reaver perfectly is to downgrade those libraries. Please make sure that any software that relies on the newer libraries will either not work or won't work correctly. If you don't apply this fix, reaver won't be able to associate with the router and will result in the following error:

Follow the steps below to downgrade the libraries and to get rid of the error:

• Open Terminal. Enter sudo su followed by yodfur password (after pressing Enter) to grant root privileges to Terminal.
• We'll now download the libraries. Now execute wget http://linux.cu.ma/main/libp/libpcap0.8-dev_1.4.0-2_amd64.deb http://linux.cu.ma/main/libp/libpcap0.8_1.4.0-2_amd64.deb. Please replace amd64 with i386 if you are running a 32-bit version of Ubuntu.
• We'll now commence the downgrade process. Finally execute this command dpkg -i libpcap0.8-dev_1.4.0-2_amd64.deb libpcap0.8_1.4.0-2_amd64.deb. Again, replace amd64 with i386 if you downloaded the 32-bit libraries.
• During the process, you'll be asked to confirm the downgrade process. Act promptly, and press y to confirm the process.

Installing reaver and aircrack-ng
We'll now start the preliminary steps. Both the utilities are in the official Ubuntu repositories. Hence, they can be simply installed by firing up Terminal and issuing the command sudo apt-get install aircrack-ng reaver.

However, if they are not, nothing to worry about. Just follow the steps below:

• Fire up Terminal and enter sudo su to attain root privileges.

• We'll now download reaver and aircrack-ng. Just execute, wget http://ftp.us.debian.org/debian/pool/main/r/reaver/reaver_1.4-2_amd64.deb http://ftp.us.debian.org/debian/pool/main/a/aircrack-ng/aircrack-ng_1.2-0~beta3-4_amd64.deb. Don't forget to replace amd64 with i386 depending on the architecture of your Ubuntu installation.

• Now finally enter dpkg -i reaver_1.4-2_amd64.deb aircrack-ng_1.2-0~beta3-4_amd64.deb. Don't forget amd64 replacement if necessary.

If the installation reported any dependency errors, execute apt-get -f install to finish installation of any unmet dependencies.

Hacking the WiFi password

• Fire up Terminal and execute sudo su. This will grant root privileges to the Terminal.
• Firstly, we have to know how Ubuntu identifies our wireless hardware interface. So execute iwconfig. This will list all active wireless interfaces. The interface will be wlan0 where 0 replaces with any real number.
  
  So if yours reports wlan1 then it is your wireless interface and you will be using it throughout the tutorial.
• We'll now activate monitor mode on your wireless interface. This will allow us to see all wireless connections around you bundled with some useful information. So execute airmon-ng start wlan0. Make sure to replace wlan0 with your wireless interface. This will enable monitor mode. Carefully see the screen shot. Remember the underlined word in the shot. For me it's mon0. It will be usually the same for you but if it differs, you'll use it throughout the tutorial.
  
• Now we'll see all active wireless connections around you. So enter airodump-ng mon0 replacing mon0 with yours. 
  

We'll stop here. Let us take some time to understand the window.
BSSID: All wireless connections have a unique identifier. Copy the BSSID of the wireless network you are about to hack.
Beacons: They are data packets. Greater the rate of their increase, greater the probability of the accuracy and penetration of pin injections to the wireless router. So make sure you sit close enough to the router.
ENC: The method which has been used to encrypt the password. For our tutorial only WPA/WPA2 methods will work.
Finally make sure the network you are trying to hack into has WPS (Wireless Protected Setup) enabled. We'll now continue with our main tutorial.

• Finally, we'll start the hacking process. So enter, reaver -i mon0 -b YOUR_BSSID -vv replacing YOUR_BSSID with the BSSID of the network you wish to hack and mon0 with your monitor interface.

All is done! Reaver will now commence sending WPS pins to the router. When a correct one is send, the router will be forced to send the WiFi password which will be shown to you in the main reaver screen. The process can take a couple of hours so be patient! :)
After you're done, you might want to turn off monitor mode. Just execute airmon-ng stop mon0 (replacing mon0 with your monitor interface) to achieve it!

Troubleshooting
Q. I am getting WARNING: Failed to Associate error.
Did you applied the fix in Preparing for Installation section?

Q. I am getting Waiting for Beacon from BSSID error.
Are you siting close enough to the router? Does the router has WPS enabled?

Q. After few pin attempts I'm getting AP Rate Limiting Detected error.
This means that the router will block further pin attempts for a specific duration if multiple failed pin transactions have occurred in a row. Disable it in your router's settings to continue the hack.