RT2870 BT4 Guide (working!!!)

[apocolipse269]

Ok there have been a slew of threads following me posting my driver, but this is going to be an all encompasing guide answering most questions about getting this chipset working properly with BT4 (or any linux 2.6.27+).

One thing to keep in mind is you can find an official, better working driver for this chipset from Ralink's website. This driver DOES support monitor mode but DOESN'T support injection. Seeing as how injection is kind of necessary to the point of thats probably why you got Backtrack, this is the answer for you .

Other things to note: If you are using BT3 and wish to get the card working, you can use the hirte driver located here:
http://hirte.aircrack-ng.org/rt2870-...-hirte.tar.bz2

This driver will work perfectly for BT3. If you are using BT3 and it does not work, please follow my instructions below on how to add your device ID to the driver.

Another note: The rt2870-nemesis driver is simply the hirte driver with the deviceID for a linksys wusb card, so unless you have the card, and are using BT3, its useless.


On to getting this thing working in BT4beta:

go here to get my driver rt2870-2.6.28-apocolipse.tar.gz:
rt2870-2.6.28-apocolipse.tar.gz - FileFactory

once you get this extract it with your preferred method.


Section: Editing the rt2870.h file
This section is important to both BT3 with the hirte driver, and BT4beta with my driver (or any other distro with kernel 2.6.27+).
The first thing you need to do is open up a terminal, then issue the following commands:

Code:

:-$ cd rt2870-2.6.27-apocolipse                   (assuming you are in its parent directory)
:-$ cd include
:-$ lsusb
Bus 001 Device 002: ID 1058:0701 Western Digital Technologies, Inc. 
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 003: ID 046d:c501 Logitech, Inc. Cordless Mouse Receiver
Bus 004 Device 002: ID 413c:2003 Dell Computer Corp. Keyboard
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 002: ID 0E66:0009 Hawking Technologies, Inc   <------The line for my device

The last line for me is my device, find the deviceID for your device accordingly. The ID is the 8 digit hex address, in my case it is "0E66:0009", yours WILL be different (unless you have a HWUN2 from Hawking Technologies)

Now we're going to edit the include file to add the new device entry. to do this type:
(rt2870-2.6.27-apocolipse/include folder still assumed)

Code:

:-$  nano rt2870.h

Now, navigate down in this file untill you see a section that looks like this:

Code:

#define RT2870_USB_DEVICES	\
{	\
	{USB_DEVICE(0x148F,0x2770)}, /* Ralink */		\
	{USB_DEVICE(0x148F,0x2870)}, /* Ralink */		\
	{USB_DEVICE(0x0B05,0x1731)}, /* Asus */			\
	{USB_DEVICE(0x0B05,0x1732)}, /* Asus */			\
	{USB_DEVICE(0x0B05,0x1742)}, /* Asus */			\
	{USB_DEVICE(0x0DF6,0x0017)}, /* Sitecom */		\
	{USB_DEVICE(0x0DF6,0x002B)}, /* Sitecom */		\
	{USB_DEVICE(0x0DF6,0x002C)}, /* Sitecom */		\
	{USB_DEVICE(0x0DF6,0x002D)}, /* Sitecom */		\
	{USB_DEVICE(0x14B2,0x3C06)}, /* Conceptronic */		\
	{USB_DEVICE(0x14B2,0x3C28)}, /* Conceptronic */		\
	{USB_DEVICE(0x2019,0xED06)}, /* Planex Communications, Inc. */		\
	{USB_DEVICE(0x07D1,0x3C09)}, /* D-Link */		\
	{USB_DEVICE(0x14B2,0x3C07)}, /* AL */			\
	{USB_DEVICE(0x050D,0x8053)}, /* Belkin */		\
	{USB_DEVICE(0x14B2,0x3C23)}, /* Airlink */		\
	{USB_DEVICE(0x14B2,0x3C27)}, /* Airlink */		\
	{USB_DEVICE(0x07AA,0x002F)}, /* Corega */		\
	{USB_DEVICE(0x07AA,0x003C)}, /* Corega */		\
	{USB_DEVICE(0x07AA,0x003F)}, /* Corega */		\
	{USB_DEVICE(0x1044,0x800B)}, /* Gigabyte */		\
	{USB_DEVICE(0x15A9,0x0006)}, /* Sparklan */		\
	{USB_DEVICE(0x083A,0xB522)}, /* SMC */			\
	{USB_DEVICE(0x083A,0xA618)}, /* SMC */			\
	{USB_DEVICE(0x083A,0x7522)}, /* Arcadyan */		\
	{USB_DEVICE(0x0CDE,0x0022)}, /* ZCOM */			\
	{USB_DEVICE(0x0586,0x3416)}, /* Zyxel */		\
	{USB_DEVICE(0x0CDE,0x0025)}, /* Zyxel */		\
	{USB_DEVICE(0x1740,0x9701)}, /* EnGenius */		\
	{USB_DEVICE(0x1740,0x9702)}, /* EnGenius */		\
	{USB_DEVICE(0x0471,0x200f)}, /* Philips */		\
	{USB_DEVICE(0x14B2,0x3C25)}, /* Draytek */		\
	{USB_DEVICE(0x13D3,0x3247)}, /* AzureWave */	\
	{USB_DEVICE(0x083A,0x6618)}, /* Accton */		\
	{USB_DEVICE(0x15c5,0x0008)}, /* Amit */			\
	{USB_DEVICE(0x0E66,0x0001)}, /* Hawking */		\
	{USB_DEVICE(0x0E66,0x0003)}, /* Hawking */		\
	{USB_DEVICE(0x129B,0x1828)}, /* Siemens */		\
        {}			 /* end marker */	\
}

You can see there is already a slew of devices in there, however not EVERY device is present. Look and see if you can find your device ID, the numbers are arranged differently, therefor my "0E66:0009" will look like "0x0E66,0x0009", the preceding 0x is just a marker that the number that follows is base 16, or hexidecimal. You can see on the bottom that there are 2 "Hawking" but neither are my 0009 hawking device, so i'm going to copy one of the entries and make the changes myself. Take a look at how this is done below, remember, copy an ENTIRE line, and make sure the ONLY thing different on the line is your device ID and if you want to be picky, the manufacturer string:

Code:

1.

	{USB_DEVICE(0x0E66,0x0001)}, /* Hawking */		\
	{USB_DEVICE(0x0E66,0x0003)}, /* Hawking */		\
	{USB_DEVICE(0x129B,0x1828)}, /* Siemens */		\

2.

	{USB_DEVICE(0x0E66,0x0001)}, /* Hawking */		\
	{USB_DEVICE(0x0E66,0x0003)}, /* Hawking */		\
	{USB_DEVICE(0x0E66,0x0003)}, /* Hawking */		\
	{USB_DEVICE(0x129B,0x1828)}, /* Siemens */		\

3. 


	{USB_DEVICE(0x0E66,0x0001)}, /* Hawking */		\
	{USB_DEVICE(0x0E66,0x0003)}, /* Hawking */		\
	{USB_DEVICE(0x0E66,0x0009)}, /* Hawking */		\
	{USB_DEVICE(0x129B,0x1828)}, /* Siemens */		\

Now that this is changed, press ctrl+o to save, ctrl+x to exit.
Now that your back to the terminal, go up a directory back to the driver dir:

Code:

:-$ cd ..

Now to compile and install the driver:

Code:

:-$ sudo make && make install

you will get a lot of compiler output after that, and it will be installed. If it fails to install, look in the compiler output for any errors, and please post them here and i'll assist in getting them working.

After compiling and installing, all you need to do is type:

Code:

:-$ modprobe rt2870sta

Then to check if your device is up type:

Code:

:-$ iwconfig ra0

if you see information about your device you're good to go, if you see "ra0 no device present" there's a problem, if there's a problem post your device name, devID, and preferably compiler output here again for assistance.

Once its up and working, you can edit /etc/modules and add rt2870sta to the list of drivers to add on startup, after that get to pen testing!! congrats you now have injection!!

EDIT:
Changed to /etc/modules for loading it on boot, thanks fnord0

[Zermelo]

Just installed this driver in BT4 for the AWUS050NH, as the hex id was already in the list, no modification was needed, just downloaded the driver, compiled and installed it.

Worked perfectly after that:





Good work apocolipse269, as this adapter will no doubt be very popular within the community, you made a lot of people happy.

I couldn't get it compiled on Intrepid 2.6.27, but I don't have the output right here. I'll try a few more things and get back to you. But a big thanks.

EDIT: Tried to compile again on Intrepid, no errors. The first time, I don't believe I ran a "make clean" on it, so that might have been the problem. In any case, great work. (Sorry for the big pics, I'll use thumbnails next time, lol).

[Jano]

Hi,
- With Kernel 2.6.28 on Ubuntu Jaunty, all attacks are supported. (0 to 5)
- Little problem for connection with Network-Manager. (but recognized with default driver rt2870)
- To connect to the Internet (wep/wpa) I use the utility "Ralink Wireless Station".
- Only problem for me, is to change the mac-address, because the card it resets with the original.

Bye Jano

[fnord0]

thanks a ton for the guide + the driver apocolipse269! u da man

one thing of note ::

Once its up and working, you can edit /etc/modules.conf and add rt2870sta to the list of drivers to add on startup

now that BT4 is using debian/ubuntu as it's base distro, you gotta wrassle with a little different file structure as far as modules and startup files as concerned.

so, in BT4beta the file to edit/update is /etc/modules to tell yr system to load a specific set of modules at boot time - as the /etc/modules.conf is for BT3 and slax/slackware systems (probably other distro's too).

all in all, EXCELLENT GUIDE. -bookmarked-

peace-
fnord0

[apocolipse269]

thanks a ton for the guide + the driver apocolipse269! u da man
...
all in all, EXCELLENT GUIDE. -bookmarked-

peace-
fnord0

i totally gave myself a high five after reading that hahaha

[Zermelo]

A little more news to report, has anyone tried this driver on a 64-bit setup? I did a fresh install of Intrepid on my laptop, but this time 64 bit, however, after I did "airmon-ng stop ra0", "airmon-ng start ra0", and tried "airodump-ng ra0", my system locked up. I tried it again after booting back up and it crashed the system.

Jano or anyone have you tried them on a 64bit os yet? I'm interested in seeing if it is something unique to my configuration.

[apocolipse269]

A little more news to report, has anyone tried this driver on a 64-bit setup? I did a fresh install of Intrepid on my laptop, but this time 64 bit, however, after I did "airmon-ng stop ra0", "airmon-ng start ra0", and tried "airodump-ng ra0", my system locked up. I tried it again after booting back up and it crashed the system.

Jano or anyone have you tried them on a 64bit os yet? I'm interested in seeing if it is something unique to my configuration.

fortunately for you it isn't unique to you. I tested it on my 64 bit ubuntu after writing it and got frequent crashes. I'm currently trying to get in touch with hirte who wrote the origional driver so I can get some information on how to patch the official driver for injection. Untill then you'll have to use bt4 or 32 bit Linux. This is after all the Backtrack4beta forum :P

[fnord0]

alright... my network card got here last night!
apocolipse269, this document is right on the money! works for me and my alfa AWUS050NH - many thanks for that... (I didn't even have to mess around with the device ID, as per Zermelo's note)

root@bt:~# lsusb -v -s 001:007
Bus 001 Device 007: ID 148f:2770 Ralink Technology, Corp.
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x148f Ralink Technology, Corp.
idProduct 0x2770
bcdDevice 1.01
iManufacturer 1 Ralink
iProduct 2 802.11 n WLAN
iSerial 3 1.0
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 53
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(Bus Powered)
MaxPower 450mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 5
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 255 Vendor Specific Subclass
bInterfaceProtocol 255 Vendor Specific Protocol
iInterface 5 1.0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01 EP 1 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x04 EP 4 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Device Qualifier (for other device speed):
bLength 10
bDescriptorType 6
bcdUSB 2.00
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
bNumConfigurations 1
Device Status: 0x0000
(Bus Powered)

root@bt:~# modinfo rt2870sta
filename: /lib/modules/2.6.28.1/kernel/drivers/net/wireless/rt2870sta.ko
description: RT2870 Wireless Lan Linux Driver
author: Paul Lin <paul_lin@ralinktech.com>
license: GPL
alias: usb:v129Bp1828d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0E66p0009d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0E66p0003d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0E66p0001d*dc*dsc*dp*ic*isc*ip*
alias: usb:v15C5p0008d*dc*dsc*dp*ic*isc*ip*
alias: usb:v083Ap6618d*dc*dsc*dp*ic*isc*ip*
alias: usb:v13D3p3247d*dc*dsc*dp*ic*isc*ip*
alias: usb:v14B2p3C25d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0471p200Fd*dc*dsc*dp*ic*isc*ip*
alias: usb:v1740p9702d*dc*dsc*dp*ic*isc*ip*
alias: usb:v1740p9701d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0CDEp0025d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0586p3416d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0CDEp0022d*dc*dsc*dp*ic*isc*ip*
alias: usb:v083Ap7522d*dc*dsc*dp*ic*isc*ip*
alias: usb:v083ApA618d*dc*dsc*dp*ic*isc*ip*
alias: usb:v083ApB522d*dc*dsc*dp*ic*isc*ip*
alias: usb:v15A9p0006d*dc*dsc*dp*ic*isc*ip*
alias: usb:v1044p800Bd*dc*dsc*dp*ic*isc*ip*
alias: usb:v07AAp003Fd*dc*dsc*dp*ic*isc*ip*
alias: usb:v07AAp003Cd*dc*dsc*dp*ic*isc*ip*
alias: usb:v07AAp002Fd*dc*dsc*dp*ic*isc*ip*
alias: usb:v14B2p3C27d*dc*dsc*dp*ic*isc*ip*
alias: usb:v14B2p3C23d*dc*dsc*dp*ic*isc*ip*
alias: usb:v050Dp8053d*dc*dsc*dp*ic*isc*ip*
alias: usb:v14B2p3C07d*dc*dsc*dp*ic*isc*ip*
alias: usb:v07D1p3C09d*dc*dsc*dp*ic*isc*ip*
alias: usb:v2019pED06d*dc*dsc*dp*ic*isc*ip*
alias: usb:v14B2p3C28d*dc*dsc*dp*ic*isc*ip*
alias: usb:v14B2p3C06d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0DF6p002Dd*dc*dsc*dp*ic*isc*ip*
alias: usb:v0DF6p002Cd*dc*dsc*dp*ic*isc*ip*
alias: usb:v0DF6p002Bd*dc*dsc*dp*ic*isc*ip*
alias: usb:v0DF6p0017d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0B05p1742d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0B05p1732d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0B05p1731d*dc*dsc*dp*ic*isc*ip*
alias: usb:v148Fp2870d*dc*dsc*dp*ic*isc*ip*
alias: usb:v148Fp2770d*dc*dsc*dp*ic*isc*ip*
depends:
vermagic: 2.6.28.1 SMP mod_unload 486
parm: mac:rt28xx: wireless mac addr (charp)

usb 1-8: new high speed USB device using ehci_hcd and address 7
usb 1-8: configuration #1 chosen from 1 choice
rtusb init --->
=== pAd = f8ca3000, size = 491248 ===
<-- RTMPAllocAdapterBlock, Status=0
MAC: 00,31,2E,xx,xx,xx
MAC: 00,31,2E,xx,xx,xx
usbcore: registered new interface driver rt2870

all looks fine and dandy, until I get here ::

root@bt:~# iwconfig
lo no wireless extensions.

eth0 no wireless extensions.

Warning: Driver for device ra0 has been compiled with an ancient version
of Wireless Extension, while this program support version 11 and later.
Some things may be broken...

ra0 RT2870 Wireless ESSID:"" Nickname:""
Mode:Auto Frequency=2.412 GHz
Link Quality:0 Signal level:0 Noise level:113
Rx invalid nwid:0 invalid crypt:0 invalid misc:0

let me note that monitor mode seems to work fine, I can inject packets... all seems fine, but I don't like that warning in iwconfig... does anyone getthat warning? (Zermelo) I have so far failed miserably at recompiling the wireless extensions... any suggestions? *feel free to PM me* I'd love to chat with someone who may be able to help (( my attempts are dying with references to /bin/sh --- i've tred to delete that, and re-symlink it to /bin/bash, etc, etc... no luck ))

thanks sooo much for this tutorial and driver, i be loving it... hooray injection!

[apocolipse269]

alright... my network card got here last night!
apocolipse269, this document is right on the money! works for me and my alfa AWUS050NH - many thanks for that... (I didn't even have to mess around with the device ID, as per Zermelo's note)








all looks fine and dandy, until I get here ::



let me note that monitor mode seems to work fine, I can inject packets... all seems fine, but I don't like that warning in iwconfig... does anyone getthat warning? (Zermelo) I have so far failed miserably at recompiling the wireless extensions... any suggestions? *feel free to PM me* I'd love to chat with someone who may be able to help (( my attempts are dying with references to /bin/sh --- i've tred to delete that, and re-symlink it to /bin/bash, etc, etc... no luck ))

thanks sooo much for this tutorial and driver, i be loving it... hooray injection!

Ok, glad to hear you got monitor mode and injection working thats the idea (for now). Dont worry about the warning, thats simply due to the kernel changes in wireless extiensions (the driver still uses the legacy version), the driver is simply modified to compile and work on newer kernels. Once i get in touch with hirte i'll be going after the current official driver to get injection working with it hopefully. untill then, live with the bugs!!! :P

[fnord0]

Ok, glad to hear you got monitor mode and injection working thats the idea (for now).

that makes me glad too! heheh

Dont worry about the warning

ok = "warning blinders" ON

Once i get in touch with hirte i'll be going after the current official driver to get injection working with it hopefully. untill then, live with the bugs!!! :P

oh, oh - me too, me too! heh, I really wanna work on recompiling with the new wireless drivers too (I also looking to try the rt2800usb driver from compat-wireless but that isn't panning out so good either ... yet) - so I will be trying this right along side you guys... I thinking of hitting the good `ol IRC to see if I can get me some help with this. so yeah, I am gonna try the same. thanks for everything!