Reaver vs Netgear DGN2200


The guys from Tactical Network Solutions released an open source project called reaver that implements an attack on WPA using WPS.

“Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in

I tested this against my home router a Netgear DGN2200 using my eee-pc with an Atheros wireless chipset and the FOSS ath5k driver.

Target: Netgear DGN220

After tweaking the command line parameters a bit, I managed to crack the password in 7 hours 45 minutes.

Cracked in 7 hours 45 minutes later

 Lessons learnt:

1. It is all about hardware / drivers – tried using other hardware – about three times slower using HP laptop with Intel chipset
2. Tweaking the command line helps a lot, in this case the delay between attempts and the way it handles AP lock outs

Next step

The WPS feature can be disabled in the Netgear control panel  – I disabled WPS and am running reaver against it again


Netgear FAIL – when you turn-off the WPS pin, it only slows down the brute force attack, but does not prevent it.  It took 30 hours to crack.

Netgear FAIL

Posted in: Random

This article has 2 comments

  1. matevoz 04/08/2012, 10:26 pm:


    Do you mind sharing what tweaks you used in order to make reaver work?

    Have you ever ran across an issue where it was getting stuck at ‘Sending EAPOL START request’ and timing out?



Leave a Reply

Get involved

Mailing List / Forum:
Google Group



Subscribe for course announcements