first of all i would like to thank the developers for this new release BT3beta, i have followed backtrack since it began and appreciate every ounce of time put in by everyone involved. finding that the 3 beta was released was (i know its a geeky thing to say) the best christmas present i got this year!
having spent roughly three working days reading, not only 30 odd posts here but various google pages including jasuns prism stuff and aircrack-ng forums, i still cannot inject with my senao card or indeed another card i have with prism II. i know it has been discussed at length in various posts but please believe me that i have read those and acted upon the information within to no avail hence i have opened my own thread to try and overcome my issues.
what i would like to ask is a couple of questions, forgiveme if i have posted in the wrong area and please move this thread if need be.
having blacklisted all the necesary modules and saved the config using persistent change mode then flashed the firmware on my card to the suggested pri pk101010 and sta sf10704 it would appear that my card and setup are identical to some who report correct injection it still fails to work.
wifi0: NIC: id=0x800c v1.0.0
wifi0: PRI: id=0x15 v1.1.1
wifi0: STA: id=0x1f v1.7.4
the correct drivier loads hostap_cs
aireplay -9 yields 0% results over multiple tries
bt ~ # aireplay-ng -9 wlan1
12:29:15 Trying broadcast probe requests...
12:29:17 No Answer...
12:29:17 Found 1 AP
12:29:17 Trying directed probe requests...
12:29:17 00:14:7F:5C:xx:xx - channel: 1 - 'BTHomeHub-xxxx'
12:29:23 0/30: 0%
i have noticed that in my searching i came across more than 3 pk010101 files that were different byte sizes. also similar can be said for the 1.7.4 firmware.
are the injection patches for hostap installed already? i see the files so im unsure.
can anyone suggest what might be wrong here to prevent the injection from working?? i also checked with wireshark and see previously mentioned malformed packets one below (xxxx is altered)
one other thing i notice is that i appear to be unable to lock the card to a specific channel. either through airmon-ng start wlan1/wifi0 CHAN or with iwconfig wlan1/wifi0 channel CHAN. i know that if imnot locked on channel the aireplay stuff will fail. i can lock it on channel when i airodump using the --channel CHAN filter.
0000 40 00 00 00 ff ff ff ff ff ff 00 37 43 79 ae 1f @..........7Cy..
0010 ff ff ff ff ff ff 30 00 00 0e 42 54 48 6f 6d 65 ......0...BTHome
0020 48 75 62 2d 37 44 43 35 01 04 02 04 0b 16 32 08 Hub-xxxx......2.
0030 0c 12 18 24 30 48 60 6c ...$0H`l
alternatively can someone who has had success with BT3beta and the senao card injecting kindly post the primary, secondary firmware and the pda thet they use so that i may eliminate the possibility of having some part of that wrong.
i have successfully flashed the card from BT3 command shell and from windows and i dont want to keep flashing the card again and again for obvious reasons.
thank you in advance for any help/advice recieved