Two different WIFI cards....No Luck...NEED HELP!

[spyder]

Long post...here goes.

I have a Lenovo T61 and am trying to use BT2.

Short story:
Having issues with two cards.....the buffalo won't fakeauth and the dlink doesn't work with airoscript.

Yes I did issue a mkdir/home/root and yes both the cards are turned on and working and can connect to my AP normally (and I can surf the web....yada yada yada)

Long story

Issues:

1)Buffalo WLI-CB-G54A : (Broadcom 4306 chipset) When I try to do a fake auth it will keep sending the requests but never actually authenticate.

Since both the HCL and this link httttp://bcm43xx.berlios.de/?go=devices list the 4306 as a supported chipset for injection......any ideas on this one?

Using both airoscript and the aireplay program itself yields the same results....neither work but I can scan/monitor just fine.

When I startup the card I do the following:

ifconfig eth1 up
iwconfig eth1 mode Monitor

I've also tried using Airmon to set monitor mode and channel info...it sets the info mode/channel but still won't fakeauth.

2)Dlink DWL-650 v.M1 (Realtek 8180 chipset) This card will do a fakeauth however when I try and run airoscript (to save time...not cause I don't know the commands to the programs...) it does not detect the card, iif/iwconfig list the card as wlan0.

Even if I edit the script and specify wlan0.....running a scan will cause a terminal to pop up for a split second and then close.

Same as above.

ifconfig wlan0 up
iwconfig wlan0 mode Monitor

Airmon pop's up an error when I try to set the channel but it does say that it is in monitor mode so I'm not sure whats going on there.

So it would seem that neither of these cards are working quite right.....I would like to get the Buffalo card working over the Dlink since it b/g and I have an external antenna for it .

I wouldn't consider myself a linux newbie but I'm certainly not a blackbelt linux ninja either so keep that in mind!

Thanks for any help.

[TrialAndError]

If you know the commands and they work on the D-Link then why bother with airoscript?

I've never really used it but I seem to recall reading airoscript was pretty flakey, but if you really want to use an automated program then update to the latest aircrack 1.0 beta and check out wesside-ng. It didn't work for me last time I tried it, (about a month ago), but I was using an Atheros card and apparently there were issues with it and Atheros chipsets at the time...I couldn't tell you whether that's been fixed yet but it doesn't matter to you because you're using a Realtek chipset anyway.

The Buffalo card is a Broadcom chipset, which is code for pretty dodgy, so if I was you I'd just use the D-Link and wesside-ng, (if you really must use an automated script).

Clearly you have two separate issues here:
1) airoscript isn't working

2) you've not sorted out your Broadcom to inject...hence why it's not fake-authing.

My advice:
1) forget airoscript, or search the forum to see if anyone else has got it working.

2) search the forum for how to get your Broadcom chipset, (Buffalo card), to inject...personally I'd just ditch it and stick to the D-Link, but that's me.

[johnyt]

I've had problems like this but I just took the easy way out and bought an ALFA Networks AWUS036H with the Realtek 8187 chipset. Works right out of the box ( detected as wlan0 )I've never had any grief with it.

[spyder]

Trial...thanks for the reply.

I did what you said and now:

1)Aircrack has been updated to .9x
2)The broadcom driver has been patched

The card is authenticating to the AP however ...

after reading over 100K packets it doesn't give me a single ARP request....


Any ideas???

Thanks again.

[shamanvirtuel]

broadcom support is sketchy at best.......

stop using this fu....g cards....

do a simple search on the forum for bcm43xx ....

you will see the feedbacks by yourself and judge that you will be really lucky if you can do something with a broadcom more than connect to internet....

[TrialAndError]

Firstly, I never use the aireplay -3 attack...It's too much hassle and takes too long to get an ARP, unless you have a spare computer to create an ARP with. You can do this by either using a wired computer and pinging a non existent IP, or using a wireless system and connecting to the network...but it's extra hassle, it's fine for initial experiments but I like things to be easy and immediate.

Personally, I always use the chop-chop, (-4), attack instead because it's doesn't rely on waiting or using another computer. You'll find a few tutorials for it both here and on the aircrack wiki...as well as a good video by Xploitz on the tutorials forums.

The main difference with the chop-chop attack is that you need to use packetforge-ng to make an ARP from the "keystream", (.xor file) that the -4 attack gives you...although if you suss that out then you can do ARP Amplification and it all gets a lot quicker, which is why I use chop-chop ;0)

Secondly, I was actually suggesting you get the development beta 1.0, (if you want wesside-ng)...but that needs compiling, you can't just get a .lzm module for it. Although saying that, if you have a look on the Slax Module site someone may have compiled and posted it. There is also an issue that you need to update the sqlite module to get the 1.0 beta working, Balding Parrot has compiled and posted the module you'll need, (do a forum search for it).

Finally, if you're using 0.9...make sure it's 0.9.1, (or possibly later if they've released one), because there were some bugs with the 0.9 release...can't remember what they were, but that could well be your problem.

Oh, and if you're using 0.9.x then you can also use the PTW attack, (which speeds things up even further), by using a -z argument when using aircrack. If you want to use the PTW attack make sure you don't use the --ivs argument to airodump-ng when you start your capture though, (and your capture file will be suffixed .cap rather than .ivs).

If you watch Xploitz's video you'll get all the info to pull it off, except he's using the 1.0 beta...which confusingly can perform a PTW attack on a .ivs capture file. So, in a nutshell, follow Xploitz's chop-chop attack video but ignore the --ivs command to airodump and add .cap rather than .ivs to your argument to aircrack about the capture file from airodump.

[spyder]

Trial,

Thanks for all your help and the kick in the nuts to go get the latest driver for my broadcom card

I got it to work once with the -4 attack but a couple of weird items:

3 out of the 6 times the card would shut off in the middle of a capture (forcing me to restart my computer to get the card running again??)

Twice it took forever (45minutes+....) before I gave up on finding a packet

and then 1 glorious time it actually worked...generated traffic and cracked my wep key in about 6 minutes!

So....any ideas why the system might be shutting off the card????

Keep in mind this is after the drivers have been updated for injection and aircrack has been updated to .9.1.

Since I'm thinking about picking up a better card this is purely for academic reasons to see if I can get it to work on a consistant basis.

Thanks again your info has been much appreciated!

[TrialAndError]

You're welcome spyder.

I've never tried using Broadcom, but as Shamanvirtuel constantly says...Broadcom is sketchy at best! I've no idea why it'd be causing your system to freeze, sounds like buggy drivers to me but I'm neither a Linux nor BT expert by any means.

If you're going for a new card then my personal suggestion would be a Netgear WG511T, it works out of the box, and whilst it doesn't offer the best range, it does OK and it's cost effective. I've got a Ubiquiti SRC 300mW with a 9dB antenna, (which cost substantially more), and it doesn't seem to offer much of an improvement on my Netgear.

If you want a USB interface instead, then search the forum...but if like me you're going to be sat next to, (or at least close to), your AP then I wouldn't bother going with an Alfa (500mW)...which is what most people will recommend.

When it comes to buying an interface, doing research is the key. The Wiki is fairly upto date, but forum searches are generally the best way to go...after all if people are regularly reporting success with a specific interface then you're onto a winner.

Finally, once you get the hang of it all, get yourself the latest aircrack 1.0 beta and mess around with the new development tools...but it's best to get yourself acquainted with the basics first.

[spyder]

Sorry to drag up an aging post but I just wanted to report that my Buffalo (Broadcom 4306) is working great with v.9.1 and updated drivers.

In regards to the freezing up issue it appears to have been a random problem because I no longer experience it.

Also it appears that I was not being patient enough when using the chop-chop attack.....I've gotten it to work fairly reliably every other time I used it.

Finally got off my arse to automate most of the upgrades and setup with a script and the whole process now takes about 3 minutes from a cold boot to testing.

That being said I am considering a AWUS036H USB card based on the postive reviews I've seen here.

Thanks all for your help. - Spyder

[TrialAndError]

It's good that you did report back with your experiences Spyder.

Too often threads get left with an element of ambiguity...and as this a knowledge base that people will search in the future, (well that's the idea anyway), then it's good to have conclusions that future readers will benefit from!I'm glad to hear that you've got your Broadcom card working as you'd like too.

I too have been considering getting an Alfa AWUS036H, but as I already have two cards that work fine it's hard to justify...especially as the range thing isn't an issue for me, but it is tempting to get one just to find out whether it stands up to all the hype!

Maybe when I come into some extra cash I'll pick one up, but I can't say I'll be rushing out to buy one anytime soon...and by then I'm sure it'll have been superceded by something else anyway