Alfa AWUS036H (rtl8187) - Can't Inject anything

[loulisk]

Hello everyone.

Recently I became interested in wireless security. Having read a lot about wireless cards to test my router's security, I purchased through eBay an Alfa Networks 500mw AWUS036H USB dongle with the rtl8187 chipset, plus a 9dbi antenna.

However, using the Backtrack 3 or Backtrack 4 beta live CD/DVD, I found out that my Alfa couldn't inject my own router (or any other, for that matter)

These are the steps I took:

airmon-ng stop wlan1

Code:

Interface	Chipset		Driver

wlan1		RTL8187 	rtl8187 - [phy0]
				(monitor mode disabled)

airmon-ng start wlan1

Code:

Interface	Chipset		Driver

wlan1		RTL8187 	rtl8187 - [phy0]
				(monitor mode enabled on mon0)

iwconfig

Code:

wlan1     IEEE 802.11bg  ESSID:""  
          Mode:Managed  Frequency:2.437 GHz  Access Point: Not-Associated   
          Tx-Power=27 dBm   
          Retry min limit:7   RTS thr:off   Fragment thr=2352 B   
          Encryption key:off
          Power Management:off
          Link Quality:0  Signal level:0  Noise level:0
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

mon0      IEEE 802.11bg  Mode:Monitor  Frequency:2.437 GHz  Tx-Power=27 dBm   
          Retry min limit:7   RTS thr:off   Fragment thr=2352 B   
          Encryption key:off
          Power Management:off
          Link Quality:0  Signal level:0  Noise level:0
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

aireplay-ng -9 mon0

Code:

For information, no action required: Using gettimeofday() instead of /dev/rtc
05:22:56  Trying broadcast probe requests...
05:22:58  No Answer...
05:22:58  Found 13 APs

05:22:58  Trying directed probe requests...
05:22:58  00:05:59:08:C8:8D - channel: 6 - 'NetFasteR IAD (PSTN)'
0/30:   0%
05:23:04   0/30:   0%

05:23:04  00:13:33:0A:75:08 - channel: 6 - 'OTE CONNX'
0/30:   0%
05:23:11   0/30:   0%

05:23:11  00:15:56:B5:86:8E - channel: 6 - 'spidernest'
0/30:   0%
05:23:17   0/30:   0%

05:23:17  00:1D:19:70:76:24 - channel: 6 - 'CONNXV'
0/30:   0%
05:23:24   0/30:   0%

05:23:24  00:1A:2A:8A:58:2A - channel: 6 - 'CONNX'
0/30:   0%
05:23:30   0/30:   0%

05:23:30  00:13:33:0C:8F:46 - channel: 6 - 'test'
0/30:   0%
05:23:37   0/30:   0%

05:23:37  00:05:59:04:20:AF - channel: 6 - 'NetFasteR IAD (ISDN)'
0/30:   0%
05:23:43   0/30:   0%

05:23:43  00:15:56:CE:1C:CE - channel: 6 - 'OTE6834'
0/30:   0%
05:23:50   0/30:   0%

05:23:50  00:13:33:18:FD:DC - channel: 6 - 'OTE CONNX'
0/30:   0%
05:23:56   0/30:   0%

05:23:56  00:15:56:B4:E6:16 - channel: 6 - 'OTENET_4859'
0/30:   0%
05:24:02   0/30:   0%

05:24:02  00:13:33:10:14:6C - channel: 6 - 'OTE CONNX'
0/30:   0%
05:24:09   0/30:   0%

05:24:09  00:15:56:B7:4D:EC - channel: 6 - 'OTENET_9529'
0/30:   0%
05:24:15   0/30:   0%

05:24:15  00:15:56:B5:D3:9B - channel: 6 - 'OTE'
0/30:   0%
05:24:22   0/30:   0%

(btw my router is 00:13:33:10:14:6C - channel: 6 - 'OTE CONNX')

Is there anything I am doing wrong? Could it be the driver's fault, that it can't inject? (I am pretty sure that backtrack has the correct driver for RTL8187 chipset)

Since the pretty powerful Alfa could detect so many APs, I doubt that the problem is distance, at least one should be in the correct distance (and my router is 3 meters from the Alfa).

I appreciate any of your help (and please excuse any language mistakes, english isn't my native tongue)

p.s. I have also tried going further into cracking my own router, using aireplay -1 and aireplay -3 commands, but since nothing is injected in the test, those failed miserably too...

[yop fr]

patch the driver

[loulisk]

Thanks!

I feel so stupid. No1 noob rule: if you don't know squat about something, DON'T guess (I guessed Backtrack's driver would already be patched).

Since I run Backtrack from a Live DVD (and to avoid repatching at every reboot), you think it would be better to patch the ubuntu driver, or run Backtrack through VMware?

Also, the backtrack driver is ieee80211 or mac80211?

[imported_blackfoot]

ieee80211 is a header file it is not a driver.

I think you need to focus on mode switching rather than patching.

mac80211 is used to compile soft mac drivers or code. I do not think you need to be concerned with it from the style of your post.

If I am wrong and your subsequent question is very specific I will help further.

[loulisk]

ieee80211 is a header file it is not a driver.

I think you need to focus on mode switching rather than patching.

mac80211 is used to compile soft mac drivers or code. I do not think you need to be concerned with it from the style of your post.

If I am wrong and your subsequent question is very specific I will help further.

Well, what could be the problem with the mode switching? How should I do it right?

[imported_blackfoot]

rtfm

try:

man ifconfig
man iwconfig

typically:

iwconfig iface mode monitor

rtfm

[loulisk]

It was my undestanding that "iwconfig wlan1 mode monitor" and "airmon-ng start wlan1" had the exact same effect, putting the network interface in monitor mode.

(with the difference that the iwconfig command would put wlan1 in monitor mode, whereas the airmon-ng would create a mon0 interface which would operate in monitor mode)

Anyway, I tried "iwconfig wlan1 mode monitor", but "aireplay-ng -9 wlan1" still produced a perfect zero.

I hope patching the drivers will do the trick for me.

Well, I did the following:

-blacklisted the mac80211 driver I already had installed

-downloaded h++p://dl.aircrack-ng.org/drivers/rtl8187_linux_26.1010.zip drivers,

-patched them with h++p://patches.aircrack-ng.org/rtl8187_2.6.27.patch

-make, make install, reboot

-the driver is installed correctly, the wireless is working

-iwconfig wlan1 mode monitor

-aireplay-ng -9 wlan1

and...

And nothing. Zilch, nada.

In the end, the injection test still produces a perfect zero.

I 'm becoming pretty desperate... What the heck am I doing wrong?

[butmuncher]

Sorry to say, but mine just came in post and is working straight out the box with bt4 liveCD so it does work, maybe its our systems/confingerations?
Well ive gotten as far as -

Airmon-ng

airmon-ng start wlan1 ( as this is my wifi adpter i want to use )

then gives me a monitor interface called mon0

aireplay-ng -9 mon0

says injection working .

off to work now so will let you know if it cracks my wep later when back from work

Well i thought i posted this morning but obviously not.
I'm running
advent 8112 lappy
dual duo cpu
intel 965gm chipset

monitor and injection work from the box for me with bt4 beta, just done my own wep so def confirmed as working.
Hope you sort it.

[loulisk]

Apparently, my stupid Alfa was busted, right out of the box. It can't even connect normaly to my router, let alone inject anything.

I hope I sort it out with the warranty, to get at last a working Alfa and stop being so frustrated.

[M1TH1K]

In my point of view the driver that BT4 uses with this chipset is not good. Is very difficult to inject (the ap has to be at max 3m away) and has bad power to capture aps....

so i blacklisted the rtl8187 and installed the old driver and the performance increased dramatically.

And BT4b is working nicely with the old ieee80211 driver. Cant inject and crack everything.

Note: the only problem has you know is that this driver doesn't support wpa. So to connect wpa you has to change temporarily the driver to ndiswrapper.