Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Alfa AWUS036H (rtl8187) - Can't Inject anything

  1. #1
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    5

    Unhappy Alfa AWUS036H (rtl8187) - Can't Inject anything

    Hello everyone.

    Recently I became interested in wireless security. Having read a lot about wireless cards to test my router's security, I purchased through eBay an Alfa Networks 500mw AWUS036H USB dongle with the rtl8187 chipset, plus a 9dbi antenna.

    However, using the Backtrack 3 or Backtrack 4 beta live CD/DVD, I found out that my Alfa couldn't inject my own router (or any other, for that matter)

    These are the steps I took:

    airmon-ng stop wlan1
    Code:
    Interface	Chipset		Driver
    
    wlan1		RTL8187 	rtl8187 - [phy0]
    				(monitor mode disabled)
    airmon-ng start wlan1

    Code:
    Interface	Chipset		Driver
    
    wlan1		RTL8187 	rtl8187 - [phy0]
    				(monitor mode enabled on mon0)
    iwconfig

    Code:
    wlan1     IEEE 802.11bg  ESSID:""  
              Mode:Managed  Frequency:2.437 GHz  Access Point: Not-Associated   
              Tx-Power=27 dBm   
              Retry min limit:7   RTS thr:off   Fragment thr=2352 B   
              Encryption key:off
              Power Management:off
              Link Quality:0  Signal level:0  Noise level:0
              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    
    mon0      IEEE 802.11bg  Mode:Monitor  Frequency:2.437 GHz  Tx-Power=27 dBm   
              Retry min limit:7   RTS thr:off   Fragment thr=2352 B   
              Encryption key:off
              Power Management:off
              Link Quality:0  Signal level:0  Noise level:0
              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    aireplay-ng -9 mon0

    Code:
    For information, no action required: Using gettimeofday() instead of /dev/rtc
    05:22:56  Trying broadcast probe requests...
    05:22:58  No Answer...
    05:22:58  Found 13 APs
    
    05:22:58  Trying directed probe requests...
    05:22:58  00:05:59:08:C8:8D - channel: 6 - 'NetFasteR IAD (PSTN)'
    0/30:   0%
    05:23:04   0/30:   0%
    
    05:23:04  00:13:33:0A:75:08 - channel: 6 - 'OTE CONNX'
    0/30:   0%
    05:23:11   0/30:   0%
    
    05:23:11  00:15:56:B5:86:8E - channel: 6 - 'spidernest'
    0/30:   0%
    05:23:17   0/30:   0%
    
    05:23:17  00:1D:19:70:76:24 - channel: 6 - 'CONNXV'
    0/30:   0%
    05:23:24   0/30:   0%
    
    05:23:24  00:1A:2A:8A:58:2A - channel: 6 - 'CONNX'
    0/30:   0%
    05:23:30   0/30:   0%
    
    05:23:30  00:13:33:0C:8F:46 - channel: 6 - 'test'
    0/30:   0%
    05:23:37   0/30:   0%
    
    05:23:37  00:05:59:04:20:AF - channel: 6 - 'NetFasteR IAD (ISDN)'
    0/30:   0%
    05:23:43   0/30:   0%
    
    05:23:43  00:15:56:CE:1C:CE - channel: 6 - 'OTE6834'
    0/30:   0%
    05:23:50   0/30:   0%
    
    05:23:50  00:13:33:18:FD:DC - channel: 6 - 'OTE CONNX'
    0/30:   0%
    05:23:56   0/30:   0%
    
    05:23:56  00:15:56:B4:E6:16 - channel: 6 - 'OTENET_4859'
    0/30:   0%
    05:24:02   0/30:   0%
    
    05:24:02  00:13:33:10:14:6C - channel: 6 - 'OTE CONNX'
    0/30:   0%
    05:24:09   0/30:   0%
    
    05:24:09  00:15:56:B7:4D:EC - channel: 6 - 'OTENET_9529'
    0/30:   0%
    05:24:15   0/30:   0%
    
    05:24:15  00:15:56:B5:D3:9B - channel: 6 - 'OTE'
    0/30:   0%
    05:24:22   0/30:   0%
    (btw my router is 00:13:33:10:14:6C - channel: 6 - 'OTE CONNX')

    Is there anything I am doing wrong? Could it be the driver's fault, that it can't inject? (I am pretty sure that backtrack has the correct driver for RTL8187 chipset)

    Since the pretty powerful Alfa could detect so many APs, I doubt that the problem is distance, at least one should be in the correct distance (and my router is 3 meters from the Alfa).

    I appreciate any of your help (and please excuse any language mistakes, english isn't my native tongue)

    p.s. I have also tried going further into cracking my own router, using aireplay -1 and aireplay -3 commands, but since nothing is injected in the test, those failed miserably too...

  2. #2
    Member
    Join Date
    Jan 2008
    Posts
    245

    Default

    patch the driver

  3. #3
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    5

    Default

    Thanks!

    I feel so stupid. No1 noob rule: if you don't know squat about something, DON'T guess (I guessed Backtrack's driver would already be patched).

    Since I run Backtrack from a Live DVD (and to avoid repatching at every reboot), you think it would be better to patch the ubuntu driver, or run Backtrack through VMware?

    Also, the backtrack driver is ieee80211 or mac80211?

  4. #4
    Member imported_blackfoot's Avatar
    Join Date
    Jun 2007
    Posts
    386

    Default ieee80211

    ieee80211 is a header file it is not a driver.

    I think you need to focus on mode switching rather than patching.

    mac80211 is used to compile soft mac drivers or code. I do not think you need to be concerned with it from the style of your post.

    If I am wrong and your subsequent question is very specific I will help further.
    Lux sit

  5. #5
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    5

    Default

    Quote Originally Posted by blackfoot View Post
    ieee80211 is a header file it is not a driver.

    I think you need to focus on mode switching rather than patching.

    mac80211 is used to compile soft mac drivers or code. I do not think you need to be concerned with it from the style of your post.

    If I am wrong and your subsequent question is very specific I will help further.
    Well, what could be the problem with the mode switching? How should I do it right?

  6. #6
    Member imported_blackfoot's Avatar
    Join Date
    Jun 2007
    Posts
    386

    Default rtfm

    rtfm

    try:

    man ifconfig
    man iwconfig

    typically:

    iwconfig iface mode monitor

    rtfm
    Lux sit

  7. #7
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    5

    Default

    It was my undestanding that "iwconfig wlan1 mode monitor" and "airmon-ng start wlan1" had the exact same effect, putting the network interface in monitor mode.

    (with the difference that the iwconfig command would put wlan1 in monitor mode, whereas the airmon-ng would create a mon0 interface which would operate in monitor mode)

    Anyway, I tried "iwconfig wlan1 mode monitor", but "aireplay-ng -9 wlan1" still produced a perfect zero.

    I hope patching the drivers will do the trick for me.

    Well, I did the following:

    -blacklisted the mac80211 driver I already had installed

    -downloaded h++p://dl.aircrack-ng.org/drivers/rtl8187_linux_26.1010.zip drivers,

    -patched them with h++p://patches.aircrack-ng.org/rtl8187_2.6.27.patch

    -make, make install, reboot

    -the driver is installed correctly, the wireless is working

    -iwconfig wlan1 mode monitor

    -aireplay-ng -9 wlan1

    and...

    And nothing. Zilch, nada.

    In the end, the injection test still produces a perfect zero.

    I 'm becoming pretty desperate... What the heck am I doing wrong?

  8. #8
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    5

    Default

    Sorry to say, but mine just came in post and is working straight out the box with bt4 liveCD so it does work, maybe its our systems/confingerations?
    Well ive gotten as far as -

    Airmon-ng

    airmon-ng start wlan1 ( as this is my wifi adpter i want to use )

    then gives me a monitor interface called mon0

    aireplay-ng -9 mon0

    says injection working .

    off to work now so will let you know if it cracks my wep later when back from work

    Well i thought i posted this morning but obviously not.
    I'm running
    advent 8112 lappy
    dual duo cpu
    intel 965gm chipset

    monitor and injection work from the box for me with bt4 beta, just done my own wep so def confirmed as working.
    Hope you sort it.

  9. #9
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    5

    Default

    Apparently, my stupid Alfa was busted, right out of the box. It can't even connect normaly to my router, let alone inject anything.

    I hope I sort it out with the warranty, to get at last a working Alfa and stop being so frustrated.

  10. #10
    Junior Member
    Join Date
    Dec 2008
    Posts
    43

    Default

    In my point of view the driver that BT4 uses with this chipset is not good. Is very difficult to inject (the ap has to be at max 3m away) and has bad power to capture aps....

    so i blacklisted the rtl8187 and installed the old driver and the performance increased dramatically.

    And BT4b is working nicely with the old ieee80211 driver. Cant inject and crack everything.

    Note: the only problem has you know is that this driver doesn't support wpa. So to connect wpa you has to change temporarily the driver to ndiswrapper.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •