Ok this is my first post. I searched all over the place to try and do this so I wanted to give back and give a simple short walk through. I hope this helps someone out there.
First thing is to install the firmware for the bcm43xx
$wget
http://downloads.openwrt.org/sources/broadcom-wl-4.80.53.0.tar.bz2$sudo apt-get install bcm43xx-fwcutter
$sudo bcm43xx-fwcutter -w /lib/firmware wl_apsta-3.130.20.0.o
Now the firmware is in the right place and correct.
$wget
http://patches.aircrack-ng.org/bcm43xx-injection-linux-2.6.22.patch$sudo apt-get install linux-source-2.6.22 build-essential gawk
ok now we should have everything needed to put together the patch and install it
$cd /usr/src
$tar jxvf linux-source-2.6.22.tar.bz2
$cd linux-source-2.6.22
$sudo cp ~/bcm43xx-injection-linux-2.6.22.patch bcm43xx-injection-linux-2.6.22.patch
$sudo cp ../linux-headers-2.6.22-14-generic/.config .config
$sudo patch -p1 -i bcm43xx-injection-linux-2.6.22.patch
should say something like patching file blah blah I dont remember exactly. Just as long as you dont see failed
Now it is time to compile our driver
$sudo make modules
This part take forever...*Suggest you go see a movie*
$sudo make modules_install
Now we should have the .ko file we need
$sudo cp /usr/src/linux-source-2.6.22/drivers/net/wireless/bcm43xx/bcm43xx.ko /lib/modules/2.6.22-14-generic/kernel/drivers/net/wireless/bcm43xx/bcm43xx.ko
$sudo rmmod bcm43xx
$sudo modprobe bcm43xx
$sudo reboot
Ok now we should have a patched driver for our wireless card...Yay!!!
Now for aircrack-ng 0.9.1
$wget
http://download.aircrack-ng.org/aircrack-ng-0.9.1.tar.gz$tar -zxvf aircrack-ng-0.9.1.tar.gz
$cd aircrack-ng-0.9.1
$make
$make install
Now you should have Aircrack-ng
To avoid trouble later go to the 2 computers looking icon up by the time and right click and make sure that there is not a check next to Enable Wireless.
To put your wireless card into monitor mode. My card is listed as eth1
$sudo ifconfig eth1 up
$sudo iwconfig eth1 mode monitor essid <yourapname> channel <yourapchannel>
$sudo aireplay-ng -9 eth1
If there are access points around it should say injection is working.
For more information on using aircrack-ng suite check the aircrack-ng website at
www.aircrack-ng.orgTo install and configure kismet
$sudo apt-get install kismet
$sudo gedit /etc/kismet/kismet.conf
change the following line
source=bcm43xx,eth1,kismet
save
$sudo kismet
Now you should be in business.
Once again I hope this helps someone and that I did not forget anything. If I did please let me know of any errors you get as I have probably seen all of them hehe. Oh and I am still having trouble with aireplay when I used option -1 and -3 for aircrack-ptw and so I update my aircrack-ng version to beta 1.0.0 still getting memory error in 0.9.1 and 1.0.0. If anyone has ideas on that I would love to know. I have tried to set my rate at 1M, 5.5M, and even 11M but no help. Does not happen any other time. I have successfully cracked my 128bit key in about 8hr and I think that is because my PPS is only like 12 or 15. But it did work. If you experience freezing in 0.9.1 I suggest going to beta 1.0.0
-Romsieze
UPDATE*
I have figured out my issue with the memory error I was receiving it was the write_wi() or wi_write error alot of people are getting. I figured out that the closer you are to the AP the higher you set your rate to. for instance:
Im two feet from my AP
$sudo iwconfig eth1 rate 54M
My friend Bonnie's AP next door
$sudo iwconfig eth1 rate 1M <--could probably go higher as I do get decent signal from her. 2 Bars according to windows xp machine
so now everything is working 100%. Thank you to the developers of all programs, drivers and patches used.
Aircrack-ng
Author
Logged
