Results 1 to 10 of 10

Thread: Intel 3945 txpower and WPA cracking

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default Intel 3945 txpower and WPA cracking

    Dear all,

    I've googled around as for trying to understand better how WPA cracking relates to txpower of the wireless card used (in my case it's an intel 3945ABG). I even tried here to find something but i haven't found anything which helps in establishing a straight correlation between WPA cracking attacks and the effective transmission power of the attacking wifi card.
    I ask this because while making my tests at home, i've found that it's almost impossible for me to capture handshakes if i sit down with my laptop at the opposite side of the apartement while targeting my AP. Between me and the AP there's no more than 7 meters and a couple of walls. The connected client is my other laptop running winxp which in fact never disconnects while running deauths. If i get closer (let's say about 5 meters), then everything works as expected.
    What looks strange to me is the fact that i can easily connect to the AP at max speed (the signal strenght is always marked as excellent) from everywhere. It looks like i haven't got enough txpower while i'm far away...
    I've tried to raise the power of my card (iwconfig wifi0 txpower 16), but with no success.
    Moreover, if i start my BT3 using the other laptop which uses the same chipset, everything works from everywhere without any need to mess with the txpower params...
    Does someone has any suggestion about this? Please, do not tell me "change your laptop!"..I do know it would work, but i'm checking out with a laptop model that is used in my company, therefore i do need to check this specific laptop model capability. It's an HP NX7300. The access point is a linksys WRT150N.
    Thank's in advance...

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Are you using BT3 on both machines or are you using BT4 on the machine which is having issues?
    Tiocfaidh ár lá

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default

    Quote Originally Posted by KMDave View Post
    Are you using BT3 on both machines or are you using BT4 on the machine which is having issues?
    BT3 on both...

  4. #4
    Junior Member
    Join Date
    Feb 2009
    Posts
    25

    Default

    Can you deauth a client from that range? Can you pick up any packets at that distance when sniffing? What sniffer are you using to capture the handshake?

  5. #5
    Junior Member digitalfriction's Avatar
    Join Date
    Mar 2010
    Posts
    84

    Default

    Quote Originally Posted by Chobin73 View Post
    I've tried to raise the power of my card (iwconfig wifi0 txpower 16), but with no success.
    I tried this on my 3945ABG, but the command should be 'iwconfig wlan0 txpower 16dBm'
    I am running BT4 however, so apologies if this is the reason the command is different. I could not get the tx to increase, so I guess 15dBm is the max without a modified driver.

    That said, I have seen a lot of posts on google stating 27dBm, is this just a different driver? I dont know.

  6. #6
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default

    Quote Originally Posted by digitalfriction View Post
    I tried this on my 3945ABG, but the command should be 'iwconfig wlan0 txpower 16dBm'
    I am running BT4 however, so apologies if this is the reason the command is different. I could not get the tx to increase, so I guess 15dBm is the max without a modified driver.

    That said, I have seen a lot of posts on google stating 27dBm, is this just a different driver? I dont know.
    Well, i think on BT4 the command should be different since the 3945 driver in there is the new one. On BT3 the ipwraw driver names the interface as "wifi0" and does not accepts nothing more than 16 as txpower value...

    To Abraxas: Well, my problem is that i cannot deauth from that range. I can sniff, i can connect, i can do almost everything except deauth clients. I can capture handshakes only if i manually connect a client on the other side. I'm using airodump to capture handshakes..

  7. #7
    Junior Member
    Join Date
    Feb 2009
    Posts
    25

    Default

    Quote Originally Posted by Chobin73 View Post
    Well, i think on BT4 the command should be different since the 3945 driver in there is the new one. On BT3 the ipwraw driver names the interface as "wifi0" and does not accepts nothing more than 16 as txpower value...

    To Abraxas: Well, my problem is that i cannot deauth from that range. I can sniff, i can connect, i can do almost everything except deauth clients. I can capture handshakes only if i manually connect a client on the other side. I'm using airodump to capture handshakes..
    The new 3945 driver should create a wlan0 interface and a wmaster0 interface. Wlan0 is the only interface that you need to worry about though.

  8. #8
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default

    Quote Originally Posted by Abraxas View Post
    The new 3945 driver should create a wlan0 interface and a wmaster0 interface. Wlan0 is the only interface that you need to worry about though.
    Right, the iwl3945 creates Wlan0 and Wmaster0...
    Unfortunately, in order to have monitor on and injection capabilities with the intel chipset, i need to use the ipwraw driver which creates a wifi0 inferface...
    I made some other tests, however, and i discovered that i can hardly deauth a blackberry connected to my wifi network even if my laptop, the blackberry and the AP are in the same room!

  9. #9
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    2

    Default

    Quote Originally Posted by Chobin73 View Post
    Right, the iwl3945 creates Wlan0 and Wmaster0...
    Unfortunately, in order to have monitor on and injection capabilities with the intel chipset, i need to use the ipwraw driver which creates a wifi0 inferface...
    I made some other tests, however, and i discovered that i can hardly deauth a blackberry connected to my wifi network even if my laptop, the blackberry and the AP are in the same room!
    On BT4Demo i use:

    "airmon-ng start wlan0"

    it should create "mon0" interface and switches wlan0 to monitor mode.

    Then I used aireplay-ng to test packet injection on my router.

  10. #10
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default

    Again: thank's a lot.
    But i am using BT3final with iwl3945 and ipwraw drivers, not BT4beta.
    I'm not asking how to run aireplay or airodump.
    I'm asking if there's a direct correlation between txpower and packet injection.
    Thank's however...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •