Intel WiFi Link 4965: Fake Authentication

[mixit]

There has been an issue using the iwl4965 card for fake authentication since the pre final stages of BT4, and this problem persists in BT4 final. The card/driver supports injection no problem, but in order to fake authenticate, one must use a workaround. The problem/workaround is detailed here:

4965 agn - Remote Exploit Forums

The short version is that the standard fake authentication using aireplay-ng does not work. In order to effectively fake authenticate, one must use wpa_supplicant as follows:

Code:

wpa_supplicant -c fake.conf -i wlan0 -Dwext -B

where fake.conf refers to a text file containing:

Code:

network={
ssid="INSERT ESSID"
key_mgmt=NONE
wep_key0="fakeauth"
}

This method of fake authentication will work, and then injection will work after this, however this is a bit annoying. It is especially annoying when trying to use GUI WEP/WPA crackers such as gerix or grimwepa, which attempt to do the fake authentication for you. It fails every time, preventing the use of these tools.

I realize there are relatively few people using this particular NIC, but it would be greatly appreciated if one of the dev's could look into this. If you need any additional information, I will be more than willing to provide it. Thank you.

[Benzene]

Can you actually get this card working even with the wpa_supplicant or anyone else with an Intel 4965agn for that matter?

I can't seem to get it working on BT4 final although on BT4 beta it DOES work. I am not sure what's wrong I do the exact same commands in both and get different results.

[RageLtMan]

Check my thread in the fixes section regarding iwl5k injection, i dont have a 49XX to test on, but it may well work for you

[kalashnikov]

There has been an issue using the iwl4965 card for fake authentication since the pre final stages of BT4, and this problem persists in BT4 final. The card/driver supports injection no problem, but in order to fake authenticate, one must use a workaround. The problem/workaround is detailed here:

4965 agn - Remote Exploit Forums

The short version is that the standard fake authentication using aireplay-ng does not work. In order to effectively fake authenticate, one must use wpa_supplicant as follows:

Code:

wpa_supplicant -c fake.conf -i wlan0 -Dwext -B

where fake.conf refers to a text file containing:

Code:

network={
ssid="INSERT ESSID"
key_mgmt=NONE
wep_key0="fakeauth"
}

This method of fake authentication will work, and then injection will work after this, however this is a bit annoying. It is especially annoying when trying to use GUI WEP/WPA crackers such as gerix or grimwepa, which attempt to do the fake authentication for you. It fails every time, preventing the use of these tools.

I realize there are relatively few people using this particular NIC, but it would be greatly appreciated if one of the dev's could look into this. If you need any additional information, I will be more than willing to provide it. Thank you.

thank you very much

thank youvery much

Check my thread in the fixes section regarding iwl5k injection, i dont have a 49XX to test on, but it may well work for you

[randalth0r]

I got a UL30VT with Intel WiFi Link 1000. Fake auth does not work for me either.

wpa_supplicant workaround works though. It's a bit of a pain though. Would like to see this fixed. Don't know if it's Backtracks fault. I'm thinking the iwlagn driver might be the the cause.