I am trying out WEP security with backtrack. I have bought a Belkin USB wireless adapter. It is the exact model F5D7050B as reported on the back of the device.
I am running backtrack from the BT3-final vmware image through fusion on a MBP.
When you insert the USB adapter it is recognised immediately and uses the RT73 driver.
I am having issues with it running the injection test as laid out on the aircrack-ng wiki.
when I run aireplay-ng --test rausb0
It does not report that injection works and when it does the directed probes I get no replies. Sniffing rausb0 in wireshark shows that the device is sending out malformed packets.
Not letting that deter me I have tried testing the WEP tutorial in the same wiki. It seems to work, I can put the card into monitor mode, capture packets with airodump-ng and send a fake authentication. The fake authentication packets show up as packet malformed in wireshark as well.
However it's extremely temperamental, it seems to just stop working for no reason sometimes.
At this point I have not been able to break WEP yet using this adapter. Is there something I am missing? Some sort of driver I need to install? According the to BT HCL:wireless list this device should just work right out of the box.
I have gotten the injection test working correctly finally.
Its very VERY odd. Basically what happens when I boot backtrack is that I have to disconnect the adapter from the image using vmware. Reconnect it then run
airmon-ng start rausb0 13
twice. Yep if i only run the command once it doesn't work.
aireplay-ng -9 rausb0 only works if I run the previous command twice after reconnecting the device.
Checking dmesg reveals something very interesting. When the device is able to inject there is an entry in there
"device rausb0 entered promiscuous mode"
without this entry it always fails the injection test.
Note that if I stop the device with airmon-ng stop rausb0 and then restart it it never works again. You have to disconnect the device and reconnect it and run airmon-ng start rausb0 twice.
Any ideas on what is causing this odd quirk?
Some things still don't work however. I am not able to send deauth's to remote clients to force a handshake. I never get any acks. (I'm testing with other machines AND the airport extreme on the MBP).
I've managed to get deauths to work in a very limited scenario.
Using an old thinkpad and a netgear AP running WPA I've managed to get aireplay-ng to deauth the thinkpad from the netgear.
I can see the windows zero point configuration utility lose connection and then re-establish it.
Packet captures in wireshark on my backtrack virtual machine shows that the deauths are sent (shows up as malformed packets) and then a very small wait afterwards authentication packets are sent out from the thinkpad to the netgear.
aireplay-ng shows no acks, and the packet captures support that as there are no acks in wireshark either.
So I know it can work but I'll have to dig further on where it stops working.
I have just tested the F5D7050B USB adapter with a desktop running BT3 booted from a USB stick. The computer is some ancient compaq.
Same issue still can't run packet injection test without inputting the airmon-ng start command twice.
I updated the drivers for the rt73 chipset according to the help guide here
h t t p : / / f orum.remote-exploit.org/showthread.php?t=17135