patch the driver
Recently I became interested in wireless security. Having read a lot about wireless cards to test my router's security, I purchased through eBay an Alfa Networks 500mw AWUS036H USB dongle with the rtl8187 chipset, plus a 9dbi antenna.
However, using the Backtrack 3 or Backtrack 4 beta live CD/DVD, I found out that my Alfa couldn't inject my own router (or any other, for that matter)
These are the steps I took:
airmon-ng stop wlan1
airmon-ng start wlan1Code:Interface Chipset Driver wlan1 RTL8187 rtl8187 - [phy0] (monitor mode disabled)
iwconfigCode:Interface Chipset Driver wlan1 RTL8187 rtl8187 - [phy0] (monitor mode enabled on mon0)
aireplay-ng -9 mon0Code:wlan1 IEEE 802.11bg ESSID:"" Mode:Managed Frequency:2.437 GHz Access Point: Not-Associated Tx-Power=27 dBm Retry min limit:7 RTS thr:off Fragment thr=2352 B Encryption key:off Power Management:off Link Quality:0 Signal level:0 Noise level:0 Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 mon0 IEEE 802.11bg Mode:Monitor Frequency:2.437 GHz Tx-Power=27 dBm Retry min limit:7 RTS thr:off Fragment thr=2352 B Encryption key:off Power Management:off Link Quality:0 Signal level:0 Noise level:0 Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0
(btw my router is 00:13:33:10:14:6C - channel: 6 - 'OTE CONNX')Code:For information, no action required: Using gettimeofday() instead of /dev/rtc 05:22:56 Trying broadcast probe requests... 05:22:58 No Answer... 05:22:58 Found 13 APs 05:22:58 Trying directed probe requests... 05:22:58 00:05:59:08:C8:8D - channel: 6 - 'NetFasteR IAD (PSTN)' 0/30: 0% 05:23:04 0/30: 0% 05:23:04 00:13:33:0A:75:08 - channel: 6 - 'OTE CONNX' 0/30: 0% 05:23:11 0/30: 0% 05:23:11 00:15:56:B5:86:8E - channel: 6 - 'spidernest' 0/30: 0% 05:23:17 0/30: 0% 05:23:17 00:1D:19:70:76:24 - channel: 6 - 'CONNXV' 0/30: 0% 05:23:24 0/30: 0% 05:23:24 00:1A:2A:8A:58:2A - channel: 6 - 'CONNX' 0/30: 0% 05:23:30 0/30: 0% 05:23:30 00:13:33:0C:8F:46 - channel: 6 - 'test' 0/30: 0% 05:23:37 0/30: 0% 05:23:37 00:05:59:04:20:AF - channel: 6 - 'NetFasteR IAD (ISDN)' 0/30: 0% 05:23:43 0/30: 0% 05:23:43 00:15:56:CE:1C:CE - channel: 6 - 'OTE6834' 0/30: 0% 05:23:50 0/30: 0% 05:23:50 00:13:33:18:FD:DC - channel: 6 - 'OTE CONNX' 0/30: 0% 05:23:56 0/30: 0% 05:23:56 00:15:56:B4:E6:16 - channel: 6 - 'OTENET_4859' 0/30: 0% 05:24:02 0/30: 0% 05:24:02 00:13:33:10:14:6C - channel: 6 - 'OTE CONNX' 0/30: 0% 05:24:09 0/30: 0% 05:24:09 00:15:56:B7:4D:EC - channel: 6 - 'OTENET_9529' 0/30: 0% 05:24:15 0/30: 0% 05:24:15 00:15:56:B5:D3:9B - channel: 6 - 'OTE' 0/30: 0% 05:24:22 0/30: 0%
Is there anything I am doing wrong? Could it be the driver's fault, that it can't inject? (I am pretty sure that backtrack has the correct driver for RTL8187 chipset)
Since the pretty powerful Alfa could detect so many APs, I doubt that the problem is distance, at least one should be in the correct distance (and my router is 3 meters from the Alfa).
I appreciate any of your help (and please excuse any language mistakes, english isn't my native tongue)
p.s. I have also tried going further into cracking my own router, using aireplay -1 and aireplay -3 commands, but since nothing is injected in the test, those failed miserably too...
patch the driver
I feel so stupid. No1 noob rule: if you don't know squat about something, DON'T guess (I guessed Backtrack's driver would already be patched).
Since I run Backtrack from a Live DVD (and to avoid repatching at every reboot), you think it would be better to patch the ubuntu driver, or run Backtrack through VMware?
Also, the backtrack driver is ieee80211 or mac80211?
ieee80211 is a header file it is not a driver.
I think you need to focus on mode switching rather than patching.
mac80211 is used to compile soft mac drivers or code. I do not think you need to be concerned with it from the style of your post.
If I am wrong and your subsequent question is very specific I will help further.
iwconfig iface mode monitor
It was my undestanding that "iwconfig wlan1 mode monitor" and "airmon-ng start wlan1" had the exact same effect, putting the network interface in monitor mode.
(with the difference that the iwconfig command would put wlan1 in monitor mode, whereas the airmon-ng would create a mon0 interface which would operate in monitor mode)
Anyway, I tried "iwconfig wlan1 mode monitor", but "aireplay-ng -9 wlan1" still produced a perfect zero.
I hope patching the drivers will do the trick for me.
Well, I did the following:
-blacklisted the mac80211 driver I already had installed
-downloaded h++p://dl.aircrack-ng.org/drivers/rtl8187_linux_26.1010.zip drivers,
-patched them with h++p://patches.aircrack-ng.org/rtl8187_2.6.27.patch
-make, make install, reboot
-the driver is installed correctly, the wireless is working
-iwconfig wlan1 mode monitor
-aireplay-ng -9 wlan1
And nothing. Zilch, nada.
In the end, the injection test still produces a perfect zero.
I 'm becoming pretty desperate... What the heck am I doing wrong?
Sorry to say, but mine just came in post and is working straight out the box with bt4 liveCD so it does work, maybe its our systems/confingerations?
Well ive gotten as far as -
airmon-ng start wlan1 ( as this is my wifi adpter i want to use )
then gives me a monitor interface called mon0
aireplay-ng -9 mon0
says injection working .
off to work now so will let you know if it cracks my wep later when back from work
Well i thought i posted this morning but obviously not.
advent 8112 lappy
dual duo cpu
intel 965gm chipset
monitor and injection work from the box for me with bt4 beta, just done my own wep so def confirmed as working.
Hope you sort it.
Apparently, my stupid Alfa was busted, right out of the box. It can't even connect normaly to my router, let alone inject anything.
I hope I sort it out with the warranty, to get at last a working Alfa and stop being so frustrated.
In my point of view the driver that BT4 uses with this chipset is not good. Is very difficult to inject (the ap has to be at max 3m away) and has bad power to capture aps....
so i blacklisted the rtl8187 and installed the old driver and the performance increased dramatically.
And BT4b is working nicely with the old ieee80211 driver. Cant inject and crack everything.
Note: the only problem has you know is that this driver doesn't support wpa. So to connect wpa you has to change temporarily the driver to ndiswrapper.