ALFA AWUS036NHR - chip RTL8188RU - compat-wireless driver rtl8192cu

I'm in the same condition as Justus on this, I move to Bolivia or hack the CRDA, but still can't go above 20dbm. Mostly posting to see if anyone had figured that one out (custom driver?)

Quote:

---

Originally Posted by Irongeek

I'm in the same condition as Justus on this, I move to Bolivia or hack the CRDA, but still can't go above 20dbm. Mostly posting to see if anyone had figured that one out (custom driver?)

---

Hi, i have this card too.
I used this manual too fix ignores the regulatory set by the CRDA service.

Quote:

---

If you try to change the CRDA to Bolivia (in that country are very low wireless regulatory) with the following command

iw reg set BO

you will not get any changes. So if you try to change the txpower (dBm) of your card to more than 20 you will get

iwconfig wlan0 txpower 30dBm
Error for wireless request "Set Tx Power" (8B26) :
SET failed on device wlan0 ; Invalid argument.

Also you still have only the first 11 channels available.
So let’s check out the latest wireless driver package (you should use a newer one. Can be found on the linuxwireless homepage at http://linuxwireless.org/download/co...ireless-2.6/):

wget http://linuxwireless.org/download/co...-04-11.tar.bz2
tar xf compat-wireless-2012-04-11.tar.bz2
cd compat-wireless-2012-04-11

Now we try to find some infos about regulatory options packed in the rtl driver packages:

find . -name '*reg*'|grep rtl

I got this output:

./drivers/net/wireless/rtlwifi/regd.c
./drivers/net/wireless/rtlwifi/rtl8192cu/reg.h
./drivers/net/wireless/rtlwifi/regd.h
./drivers/net/wireless/rtlwifi/rtl8192ce/reg.h
./drivers/net/wireless/rtlwifi/rtl8192se/reg.h
./drivers/net/wireless/rtlwifi/rtl8192de/reg.h

You see that all the rtl8192 drivers are affected by this bug.

It seems that the regulatory engine of the realtek driver package is in regd.c. So let’s edit it with your preferred editor. I use vim:

vim ./drivers/net/wireless/rtlwifi/regd.c

At line 53 and 54 you see something like that:

#define RTL819x_2GHZ_CH01_11 \
REG_RULE(2412-10, 2462+10, 40, 0, 20, 0)

This is a regulatory definition that CRDA uses too. I will only change the values of the RTL819x_2GHZ_CH01_11 definition and will pimp them to use all 14 channels available worldwide and to use a maximum dBm of 33 (what is about 2000 mW, the maximum of my card).

The REG_RULE function is defined as follow:
REG_RULE(min_freq, max_freq, kHz, max_dbm_with_antenna, max_dbm, flags)

Here is my pimped REG_RULE:

REG_RULE(2412-10, 2484+10, 40, 0, 33, 0)

Replace the old rule with this one and you will get the maximum out of your hardware.

Now unload already loaded realtek drivers, rebuild and install them:

modprobe -r `lsmod|grep ^rtl`
make && make install

When you plug-in your wifi device iwconfig should output something like that:

wlan0 IEEE 802.11bgn ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=0 dBm
Retry long limit:7 RTS thr=2347 B Fragment thr:off
Encryption key:off
Power Management:on

---

Have a nice day!
Chears!

Hey people

I tried 71m30u7 suggestion and it dosent work for me.

i had a fresh persistant usb drive with bt5r3, so as i understood the thread i only used 71m30u7 manual ending up with an unbootable usb stick.

i really dont know what i am doing and why. so its hard du get the alfa proplerly working on 33 dbm.

I recently bought the AWUS036NHR and I'm having issues with it in BT5 r3. I've tried both the Gnome 64 and KDE 32 ISOs, booting my system off the live DVD instead of a HDD installation. Should there be any difference in device support between using BT on the live DVD versus a HDD installation?

Booting with the AWUS036NHR plugged in, I put the device into monitoring mode with airmon-ng and test with "aireplay-ng --test" and all attacks are reported as Failed during card-to-card injection. Then I use the following commands based on information from the wiki to force the card into an enabled state.

Code:

---

rmmod rtl8192cu
rfkill block all
rfkill unblock all
modprobe rtl8192cu
rfkill unblock all
ifconfig wlan0 up

---

Testing again with "aireply-ng --test", aireply reports OK for Attack -0, Attack -1 (open), Attack -1 (psk), but Failed for Attack -2/-3/-4/-6 and Attack -5/-7. At one point during it did report OK for all attack tests, but it has not lately. The other issue I'm seeing is that airodump-ng either does not show stations when another card does, or shows all stations as "(not associated)".

For those that claim the device is working out of box on BT5r3, are you it from the live DVD or a HDD installation? Any help would be appreciated.

Having the same trouble as some others in this thread.
I'm not able to attain WPA handshake in backtrack 5 r3. I can get it in Beini. Anyone know a workaround to fix's this?
Running Backtrack 5 r3 in VMware Fusion on a macbook 15" retina.

I bought Alfa AWUS036NHR few weeks ago and works "plug and play" on bt5_r3. I'm using BT5 R3 64bit_KDE in HDD and W8 vmware. I tried to crack my router but no luck. I tried crack other routers with reaver and looks like it works fine, I cracked 3 wpa2 AP's per 24h. Moreover I cant connect Wicd to AP's, display error "bad password".
When I use airodump-ng I can see over 15 AP's and many not associated clients. During cracking wep I can't get IV's fast, I lost many of data. Looks like it is driver problem. During airodump-ng I noticed that my card (or driver) can't see (or hear) traffic between AP's and clients. I noob at linux so don't know how to solve this problem, I tried install latest compat-wireless with 2.6.39 patches or without, I got no luck, even worse!
Need a professional at Linux and bt help :)

Quote:

---

Originally Posted by manzamanna

--- BT5r1 Gnome 32bit fresh install:
--- upgarde:

Code:

---

apt-get update
apt-get dist-upgrade
apt-get autoremove

---

--- prepare kernel sources:

Code:

---

prepare-kernel-sources
cd /usr/src/linux
cp -rf include/generated/* include/linux/
ln -s /usr/src/linux /lib/modules/2.6.39.4/build
apt-get install linux-headers
ln -s /usr/src/linux-headers-2.6.39.4/Module.symvers  /usr/src/linux-source-2.6.39.4/Module.symvers

---

--- buil and install drivers:

Code:

---

cd /usr/src/
wget http://linuxwireless.org/download/compat-wireless-2.6/compat-wireless-2011-10-06.tar.bz2
tar jxpf compat-wireless-2011-10-06.tar.bz2
wget http://www.backtrack-linux.org/2.6.39.patches.tar
tar xpf 2.6.39.patches.tar
cd compat-wireless-2011-10-06
patch -p1 < ../patches/mac80211-2.6.29-fix-tx-ctl-no-ack-retry-count.patch
patch -p1 < ../patches/mac80211.compat08082009.wl_frag+ack_v1.patch
patch -p1 < ../patches/zd1211rw-2.6.28.patch
patch -p1 < ../patches/ipw2200-inject.2.6.36.patch
make
make install

---

-- I don't want udev persistent rules on my cards...

Code:

---

mv /lib/udev/write_net_rules ~
mv /etc/udev/rules.d/70-persistent-net.rules ~

---

-- unplug AWUS036NHR and any other if present

Code:

---

reboot

---

-- test it: (I have two wlan, wlan1 is ALFA AWUS036NHR, wlan0 is the one I'll use to determine which attacks it supports)

Code:

---

iwconfig

---

-- plug AWUS036NHR

Code:

---

iwconfig
airmon-ng check kill
airmon-ng start wlan0
airmon-ng start wlan1 (just to be shure it works even in monitor mode)
aireplay-ng -9 -i mon0 wlan1

---

--I get:
Trying broadcast probe requests...
No Answer...
Found 0 APs

Trying card-to-card injection...
Attack -0: OK
Attack -1 (open): OK
Attack -1 (psk): OK
Attack -2/-3/-4/-6: OK
Attack -5/-7: OK
Injection is working!

Enjoy

note: I've edited with latest compat-wireless version and added linux-headers with a link to Module.symvers, it was needed:

Code:

---

WARNING: Symbol version dump /usr/src/linux-source-2.6.39.4/Module.symvers
          is missing; modules will have no dependencies and modversions.

---

feel free to check if it is ok

note2: After this upgrade, "FRITZ!WLAN USB STICK N", (based on Atheros AR9170 Chipset, using carl9170 driver) stop load his firmware. So.. download newer "carl9170-1.fw" (now is 1.9.4) from here http://linuxwireless.org/en/users/Drivers/carl9170 in "/lib/firmware" and it will load

---

Epic waste of time,
This card works out of the box for things like reaver and cracking WEP so this tutorial is pointless.
The problem with this card is that it doesnt allow you to connect to AP's.
I can sometimes connect to APs if after my first attempt to connect i cancel the connection unplug my alfa card and then pllug it back in, Remembering NOT to refresh Wicd.
Then it connects but only after the second attempt.
Obviously it still doesnt go above 20db.
This is the best card by far even without proper drivers....imagine how powerful it would be if it worked properly.
Ive had 3 of these for about 8 months now and still havent found the solution or a working driver :(

Please help these has been an endless errors route im starting to get frustrated fyi im running parallels 7 on mountain lion with parallels tools installed after doing the tut i get

root@bt:~# aireplay-ng -9 -i mon0 wlan1
Interface wlan1:
ioctl(SIOCGIFINDEX) failed: No such device


root@bt:~# aireplay-ng -9 -i mon0 wlan0
ioctl(SIOCSIWMODE) failed: Device or resource busy

ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211,
ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Make
sure RFMON is enabled: run 'airmon-ng start wlan0 <#>'
Sysfs injection support was not found either.


Does anybody have an idea about whats going on ???!? ive already erased and reinstalled and did all the process to install drivers 3 times !! always getting to the same result...

some extra info dont know if it helps:

root@bt:~# Attack -0: OK
No command 'Attack' found, did you mean:
Command 'attack' from package 'ladr4-apps' (universe)
Attack: command not found
root@bt:~# attack -0
need 2 args: head interp
root@bt:~# attack -0: ok


root@bt:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1c:42:08:d1:0f
inet addr:10.211.55.9 Bcast:10.211.55.255 Mask:255.255.255.0
inet6 addr: fec0::fea9:21c:42ff:fe08:d10f/64 Scope:Site
inet6 addr: fe80::21c:42ff:fe08:d10f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:96 errors:0 dropped:0 overruns:0 frame:0
TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:24615 (24.6 KB) TX bytes:2098 (2.0 KB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:84 errors:0 dropped:0 overruns:0 frame:0
TX packets:84 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12377 (12.3 KB) TX bytes:12377 (12.3 KB)

wlan0 Link encap:Ethernet HWaddr 00:c0:ca:6b:16:8b
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)



root@bt:~# iwconfig
lo no wireless extensions.

wlan0 IEEE 802.11bgn ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry long limit:7 RTS thr=2347 B Fragment thr:off
Encryption key:off
Power Management:off

eth0 no wireless extensions.



Also when using Wicd it shows wifi signals but it wont connect it gets stuck resolving ip address...

Thanks 71m30u7, that post worked for me 33dbm it is. :)

Quote:

---

Originally Posted by mohab1220

It is working with Kde backtrack 5 rc1 fine now thank you

but still some software is not working like
Gerix wifi crack
the problem when you start sniffing using airodump
in finding clients is not working probable for Gerix but if you do it manually is fine

---

i got the same problem :(
you managed to solve the problem?
tnks