Page 4 of 4 FirstFirst ... 234
Results 31 to 39 of 39

Thread: HOW TO: iwl3945 BackTrack 4

  1. #31
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    3

    Default

    Got it to work. Somehow. Followed some references from "iceman_3233" post,played with some vmware settings.

    In fact, still can't connect but the ALFA i visible. Wicd manager is stuck at "obtaining ip address" for some time. Than "not connected". While trying anything, led on ALFA is off all the time. But can see wireless networks.

  2. #32
    Member iceman_3233's Avatar
    Join Date
    Jan 2010
    Location
    Fort Washington
    Posts
    56

    Default

    Quote Originally Posted by BStep View Post
    Got it to work. Somehow. Followed some references from "iceman_3233" post,played with some vmware settings.

    In fact, still can't connect but the ALFA i visible. Wicd manager is stuck at "obtaining ip address" for some time. Than "not connected". While trying anything, led on ALFA is off all the time. But can see wireless networks.
    My alfa led is off as well. In vmware look for an addon button. Also try YouTube vmware backtrack videos that might help. I use virtualbox. The last time I got it to work was in backtrack 2.
    The enemy is no longer ignorance - It is vigilance

  3. #33
    Junior Member PwnStar's Avatar
    Join Date
    Jul 2008
    Posts
    34

    Default

    this turned out to be a great work-around as the BT4pf 3945 drivers dont work on channels 12-14 and these ones do so thanks fella
    Thanks to everyone who has contributed towards bt3 and all the other great tools within it, especially shamanvirtuel, spoonwpa is just awesome to a noob like me. hope you find somewhere to live.

  4. #34
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    3

    Default

    Seriously, this problem is growing long in the tooth. I have searched high and low and tons of people claim that aireplay-ng works fine just using the iwlwifi drivers. The -9 test is the only thing that works for me. The -3 ARP injection functionality does nothing. I try to install the ipwraw setup and it fails on the make. Apparently neither solution works and I could really use some help, especially getting the iwlwifi drivers to properly perform ARP injection. If you're concerned about security and prefer to PM me that's fine but I really need some direction here...

  5. #35
    Junior Member Armagedeon's Avatar
    Join Date
    Feb 2008
    Posts
    86

    Default

    Hello everyone

    Same problem where. same wireless card

    Code:
    root@bt:~# sudo lshw -C network
      *-network
           description: Ethernet interface
           product: L1 Gigabit Ethernet Adapter
           vendor: Attansic Technology Corp.
           physical id: 0
           bus info: pci@0000:02:00.0
           logical name: eth0
           version: b0
           serial: 00:1e:8c:29:3b:66
           capacity: 1GB/s
           width: 64 bits
           clock: 33MHz
           capabilities: pm msi pciexpress vpd bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
           configuration: autonegotiation=on broadcast=yes driver=atl1 driverversion=2.1.3 firmware=N/A latency=0 link=no multicast=yes port=twisted pair
      *-network
           description: Wireless interface
           product: PRO/Wireless 3945ABG [Golan] Network Connection
           vendor: Intel Corporation
           physical id: 0
           bus info: pci@0000:03:00.0
           logical name: wmaster0
           version: 02
           serial: 00:1c:bf:5e:84:3b
           width: 32 bits
           clock: 33MHz
           capabilities: pm msi pciexpress bus_master cap_list logical ethernet physical wireless
           configuration: broadcast=yes driver=iwl3945 ip=XX.XX.XX.XX latency=0 module=iwl3945 multicast=yes wireless=IEEE 802.11abg

    Tried it all...

    In BT3 ipwraw drivers used to work fine...
    In BT4 tried installing them but got erros in the make command.

    I tried everything

    aireplay-ng -9 wlan0 reports injection capable:

    Code:
    root@bt:~# aireplay-ng -9 wlan0
    23:04:24  Trying broadcast probe requests...
    23:04:24  Injection is working!
    23:04:26  Found 1 AP
    
    23:04:26  Trying directed probe requests...
    23:04:26  00:14:7F:71:76:7F - channel: 1 - 'SpeedTouchD53AD3'
    23:04:26  Ping (min/avg/max): 1.239ms/8.870ms/95.915ms Power: -86.96
    23:04:26  28/30:  93%
    I started to airodump in mon0
    aireplay-ng -1 and aireplay-ng -3 in wlan0

    I wait for a while and get an ARP packet, it then starts to send thousands of packets but but ARP count and Data count remain the same (low)

    Code:
    root@bt:~# aireplay-ng -3 -b 00:24:B2:79:86:82 -h 00:16:44:F9:7E:32 wlan0
    00:26:52  Waiting for beacon frame (BSSID: 00:24:B2:79:86:82) on channel 6
    Saving ARP requests in replay_arp-0128-002652.cap
    You should also start airodump-ng to capture replies.
    Read 46916 packets (got 1 ARP requests and 14 ACKs), sent 189395 packets...(499 pps)
    I've pass through all the steps reported where and still can't get injection...

    Can anyone help???

    Thanks

  6. #36
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    10

    Post

    I have to agree with the above posters. BT3 works very well using the ipwraw drivers on the Intel 3945. BT4 final is at best patchy; you can enable monitor mode, associate and capture but the capture rate is very slow rate indeed.

    We must therefore be patient and wait for an effective update to the BT4 iso to return the lost i3945 functionality.

  7. #37
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    4

    Default

    Quote Originally Posted by Armagedeon View Post
    Hello everyone

    Same problem where. same wireless card

    [...]

    Can anyone help???
    After you tried an aireplay -3 run could you try a 'dmesg' and see if "rtc timeout" messages are displayed? Because that seems to be the regular problem... Somehow the driver/kernel/whatever does not seem to be able to keep up with the packet rate?

    (And offtopic, I also purchased and received an 1W, Alpha AWUS036H.. Works perfectly out of the box with BT4!)

  8. #38
    Junior Member Armagedeon's Avatar
    Join Date
    Feb 2008
    Posts
    86

    Default

    Quote Originally Posted by EgWel View Post
    After you tried an aireplay -3 run could you try a 'dmesg' and see if "rtc timeout" messages are displayed? Because that seems to be the regular problem... Somehow the driver/kernel/whatever does not seem to be able to keep up with the packet rate?

    (And offtopic, I also purchased and received an 1W, Alpha AWUS036H.. Works perfectly out of the box with BT4!)
    Hello there EgWel

    This is what I get:


    Code:
    aireplay-ng -3 -b 00:26:F2:0B:FB:95 -h 00:16:44:F9:7E:32 wlan0
    
     CH 12 ][ BAT: 1 hour 38 mins ][ Elapsed: 2 mins ][ 2010-02-01 18:40
    
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB  ENC  CIPHER AUTH ESSID
    
     00:26:F2:0B:FB:95  177 100     1379        2    0  12  54  WEP  WEP         ZON-6322
    
     BSSID              STATION            PWR   Rate  Lost  Packets  Probes
    Code:
    root@bt:~# aireplay-ng -3 -b 00:26:F2:0B:FB:95 -h 00:16:44:F9:7E:32 wlan0
    18:37:55  Waiting for beacon frame (BSSID: 00:26:F2:0B:FB:95) on channel 12
    Saving ARP requests in replay_arp-0201-183755.cap
    You should also start airodump-ng to capture replies.
    Read 4966 packets (got 2 ARP requests and 0 ACKs), sent 53749 packets...(499 pps)
    Code:
    root@bt:~# dmesg
    
    ADDRCONF(NETDEV_UP): wlan0: link is not ready
    device mon0 entered promiscuous mode
    device wlan0 entered promiscuous mode
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    __ratelimit: 62 callbacks suppressed
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    .
    .
    .
    hpet1: lost 1 rtc interrupts
    __ratelimit: 661 callbacks suppressed
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    Hope this helps

    P.S.-Thanks for the tip about the Alpha AWUS036H but I'm not about to buy one just to be back at square one the next time another Backtrack version comes out. If this works out for some it should work for all... I Think.....

  9. #39
    Junior Member Armagedeon's Avatar
    Join Date
    Feb 2008
    Posts
    86

    Default

    Update

    After EgWel suggestion I remembered that I had a USB dongle that came with my first router a Sitecom.
    Decided to give it a try and voilà successful cracked my AP in 9 min.
    Where are some outputs:

    Code:
    root@bt:~# airmon-ng stop wlan1
    
    Interface       Chipset         Driver
    
    wlan0           Intel 3945 a/b/g        iwl3945 - [phy0]
    wlan1           Ralink 2573 USB rt73usb - [phy1]
                                    (monitor mode disabled)
    
    root@bt:~# ifconfig wlan1 down
    root@bt:~# macchanger --mac 00:16:44:F9:7E:32 wlan1
    Current MAC: 00:0c:f6:22:08:3b (Sitecom Europe Bv)
    Faked MAC:   00:16:44:f9:7e:32 (unknown)
    root@bt:~# iwconfig wlan1 rate 1M
    root@bt:~# iwconfig wlan1 mode monitor
    root@bt:~# iwconfig wlan1 channel 6
    root@bt:~# ifconfig wlan1 up
    root@bt:~# airmon-ng start wlan1
    
    
    Interface       Chipset         Driver
    
    wlan0           Intel 3945 a/b/g        iwl3945 - [phy0]
    wlan1           Ralink 2573 USB rt73usb - [phy1]
                                    (monitor mode enabled on mon0)
    
    root@bt:~# iwconfig
    lo        no wireless extensions.
    
    eth0      no wireless extensions.
    
    wmaster0  no wireless extensions.
    
    wlan0     IEEE 802.11abg  ESSID:""
              Mode:Managed  Frequency:2.412 GHz  Access Point: Not-Associated
              Tx-Power=0 dBm
              Retry min limit:7   RTS thr:off   Fragment thr:off
              Encryption key:off
              Power Management:off
              Link Quality:0  Signal level:0  Noise level:0
              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    
    wmaster1  no wireless extensions.
    
    wlan1     IEEE 802.11bg  Mode:Monitor  Frequency:2.437 GHz  Tx-Power=10 dBm
              Retry min limit:7   RTS thr:off   Fragment thr:off
              Encryption key:off
              Power Management:off
              Link Quality:0  Signal level:0  Noise level:0
              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    
    mon0      IEEE 802.11bg  Mode:Monitor  Frequency:2.437 GHz  Tx-Power=10 dBm
              Retry min limit:7   RTS thr:off   Fragment thr:off
              Encryption key:off
              Power Management:off
              Link Quality:0  Signal level:0  Noise level:0
              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    Used the same method

    airodump on mon0 and aireplay on wlan1

    after first ARP it worked like a charm...

    this is the output from dmesg:

    Code:
    rt73usb 2-4:1.0: firmware: requesting rt73.bin
    device mon0 entered promiscuous mode
    device wlan1 entered promiscuous mode
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    hpet1: lost 1 rtc interrupts
    the difference between rt73usb and iwl3945 drivers is
    Code:
    t73usb 2-4:1.0: firmware: requesting rt73.bin
    instead of:

    Code:
    ADDRCONF(NETDEV_UP): wlan0: link is not ready
    those this points someone in a direction???
    I would steel like to be dongle free and use iwl3945 drivers if I could...

    Thanks

Page 4 of 4 FirstFirst ... 234

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •