Intel iwlwifi drivers with injection * WORKING with 3945 & 4965 cards *

[Zermelo]

Interesting, I am not getting the

association successful :-)

For me, the problem is that once I run aireplay-ng it stops the capturing of information in airodump, no beacon frames, no client information, and no power or quality readings.  I have to restart the adapter for it to capture information again.  However, it could be a problem with installing the drivers on my part, although I am not sure what else I could do.

I have also tried to inject data with the 4965 card and capture data on another card (my alfa) with similar results, data will begin injecting then stop quickly.  I can't read spanish, so I can't read the results of your users test on the forum.  However, you may want to trying injecting with the 4965 card and recording data on another card.  If the only problem is airodump-ng recording data, then the rest of the attacks should work.  However, I think there is more to the situation than just problems with airodump.

[Hwagm]

In my case, everything works well, including airodump-ng sample correct information on beacons on PRW simply is that whenever this column data to 0.

I can't read spanish, so I can't read the results of your users test on the forum

Try to relocate here the evidence for iwl4965 injection.

Tests with the iwl3945 am doing myself

[Hwagm]

I had downloaded the wifiway-1.0 Beta2 iso and it actually booted as a liveCD.  Are you saying that no wireless drivers will work in the Live CD mode using the Beta2 iso?

No, beta2 has all the drivers test wireless, but regarding ipw3945 leads the ipwraw and respect ipw4965 carries only monitor mode.

The drivers are treated in this post (iwlwifi drivers with injection) are not, these drivers are obtained with the update1.sh, it is because they need a kernel that day today is not possible in a livecd because of the live-linux -scripts

I tried to run wifiBeta2 as a guest o/s via VMware 6.02 and XP as host o/s but the program froze during boot up.

   
And livecd mode from the lector DVD/CD?

[alacrityathome]

I ran the LiveCD from the CD boot.

I ran VMWare from the ISO on the hard drive.

[Zermelo]

In my case, everything works well, including airodump-ng sample correct information on beacons on PRW simply is that whenever this column data to 0.

I can't read spanish, so I can't read the results of your users test on the forum

Try to relocate here the evidence for iwl4965 injection.

Tests with the iwl3945 am doing myself

Since you're using the iwl3945 drivers and I'm using the iwl4965 drivers, this may account for the differences in our results.  Since you are saying everything is working for you except data capture in airodump, you may want to try an attack with the 3945 like -3, and then use a different adapter to capture the data.  If the only problem is airodump, then the -3, -4, -5 attacks should work which would really narrow down the problem.  Perhaps a ticket for airodump could be created with this driver.  Also, if you can't capture any arp packets with -3, since you didn't list the status of the -4 and -5 attacks, you may want to try making an arp-packet with packetforge with another adapter, and then using the 3945 to reinject it, or you can use a replay file obtained with another adapter and try to replay those packets (-2) with aireplay on the 3945, if the only problem is airodump this injection should work.

[Hwagm]

OK, you have reason, this test if serious conclusive   

[ml]

My injection post adds RXON_FILTER_CTL2HOST_MSK, what if you replace it with RXON_FILTER_CTL2HOST_MSK|RXON_FILTER_PROMISC_MSK ? The adapter should then log any packet.

[Zermelo]

My injection post adds RXON_FILTER_CTL2HOST_MSK, what if you replace it with RXON_FILTER_CTL2HOST_MSK|RXON_FILTER_PROMISC_MSK ? The adapter should then log any packet.

Ok, I'm not 100% sure about the syntax, so if it's wrong please let me know.  As you stated in the original patch I changed:

Code:

case IEEE80211_IF_TYPE_STA:
                     priv->staging_rxon.dev_type = RXON_DEV_TYPE_ESS;
-                    priv->staging_rxon.filter_flags = RXON_FILTER_ACCEPT_GRP_MSK;
+                   priv->staging_rxon.filter_flags = RXON_FILTER_ACCEPT_GRP_MSK |
+                                                                 RXON_FILTER_CTL2HOST_MSK;
break;

with

Code:

case IEEE80211_IF_TYPE_STA:
                     priv->staging_rxon.dev_type = RXON_DEV_TYPE_ESS;
-                    priv->staging_rxon.filter_flags = RXON_FILTER_ACCEPT_GRP_MSK;
+                   priv->staging_rxon.filter_flags = RXON_FILTER_ACCEPT_GRP_MSK |
+                                                                RXON_FILTER_CTL2HOST_MSK|RXON_FILTER_PROMISC_MSK;
break;

which excatly replaces RXON_FILTER_CTL2HOST_MSK; with RXON_FILTER_CTL2HOST_MSK|RXON_FILTER_PROMISC_MSK;

I removed the old drivers and modules, patched the iwl4965 drivers with the modified patch and tried the testing again.  Same results, injection test works, but once I try to fakeauth, I get an initial successful result with no confirmation then airodump stops showing any output.  Also airodump still doesn't show any data in the data column.

[bitmus]

Hi. all

i'have installed ipwraw, but  below is appeared when run ipwraw.

ipwraw: Invalid event log pointer 0x00000000

plz help me

my wireless card is Intel Corporation PRO/Wireless 3945ABG and ipw3945 is running ok.
and i wanted to use aircrack which needs ipwraw. then downloaded ipwraw and installed and
copied iwlwifi-3945.ucode into /lib/firmware.
then
[root@lnxea ipwraw-ng]# ipw3945-stop
[root@lnxea ipwraw-ng]# modprobe ipwraw
then errors appeared
[root@lnxea ipwraw-ng]# ipwraw: Invalid event log pointer 0x00000000
ipwraw: Invalid event log pointer 0x00000000

tnx

[Zermelo]

i'have installed ipwraw, but  below is appeared when run ipwraw.

Are you using the ipwraw drivers, or the iwlwifi drivers, they are different.  The iwlwifi drivers are the newer ones by intel.

[Hwagm]

Finally I have tried with the second card, and if I can it confirms that the attack  1 is cost (fake-authentication), since then I can reinject with 2 interface (ralink-rausb0-rt73)  on the false client, the Attack 0: Deauthentication 0 already test it afresh, but the attack 3 is not possible, the interface  with iwlwifi drivers injection (iwlwifi3945) does not inject well the ARP that have been obtained by means of the second one interface.

ARP request replay attack - attack 3, the interface with iwlwifi-3945 drivers injection

It indicates that this sending 8 ARP but the data remains increased, capturing with both interfaces (airodump-ng wlna0 and airodump-ng rausb0)

In our case it still has to us for proving them iwl4965 injecton.

[eXPeri3nc3]

-------------------------------------------- kernel 2.6.21.5 driver ipwraw + iwl4965 (no injection)

wget http://www.seguridadwireless.org/update/update-1.sh
chmod +x update-1.sh
./update-1.sh

----------------------------------- kernel 2.6.23.12 support boot in usb + drivers iwlwifi with injection (iwl3945 injection + iwl4965 injection

Hi! May I know how do you install http://www.seguridadwireless.org/update/update-1.sh locally? As I don't have internet connection at home.

Thanks!

[GieltjE]

In the 2.6.24 kernerls the iwlwifi drivers are default do I need those, and are there chanches these patches will become default?

For some reason your files fail to work with the 2.6.23 and .24 gentoo kernels (using 4965), giving segfaults or compile error's.

[nullaresnata]

Packet injection works ok with Linux Mint but i don’t understand why. I have a 4965 wireless adaptor and I run Ubuntu most of the time. I have tried the latest beta with 2.6.24 kenel without any success. What’s the reason for this to work with Linux Mint (I believe it uses the same kernel as Ubuntu)?

edit: I have tried aircrack-ng in Linux Mint 4.0 live CD.

[bennolo]

I'm fighting with this but ... I'm loosing


root@bennolonb:~/compat-wireless-2.6# make
make -C /lib/modules/2.6.22-14-generic/build M=/root/compat-wireless-2.6 modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.22-14-generic'
  CC [M]  /root/compat-wireless-2.6/drivers/net/wireless/b43/main.o
In file included from /root/compat-wireless-2.6/drivers/net/wireless/b43/b43.h:8,
                 from /root/compat-wireless-2.6/drivers/net/wireless/b43/main.c:44:
/root/compat-wireless-2.6/include/linux/ssb/ssb.h:134: error: field ‘id’ has incomplete type
/root/compat-wireless-2.6/drivers/net/wireless/b43/main.c:78: error: array type has incomplete element type
/root/compat-wireless-2.6/drivers/net/wireless/b43/main.c:79: warning: implicit declaration of function ‘SSB_DEVICE’
/root/compat-wireless-2.6/drivers/net/wireless/b43/main.c:86: error: ‘SSB_DEVTABLE_END’ undeclared here (not in a function)
make[4]: *** [/root/compat-wireless-2.6/drivers/net/wireless/b43/main.o] Error 1
make[3]: *** [/root/compat-wireless-2.6/drivers/net/wireless/b43] Error 2
make[2]: *** [/root/compat-wireless-2.6/drivers/net/wireless] Error 2
make[1]: *** [_module_/root/compat-wireless-2.6] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.22-14-generic'
make: *** [modules] Error 2

Other info from my kubuntu:
[/i]root@bennolonb:~# dmesg |grep iwl
[   14.420000] iwl4965: Intel(R) Wireless WiFi Link 4965AGN driver for Linux, 1.1.0
[   14.420000] iwl4965: Copyright(c) 2003-2007 Intel Corporation
[   14.420000] iwl4965: Detected Intel Wireless WiFi Link 4965AGN
[   14.796000] iwl4965: Tunable channels: 13 802.11bg, 19 802.11a channels
[   14.796000] wmaster0: Selected rate control algorithm 'iwl-4965-rs'

root@bennolonb:~/compat-wireless-2.6# uname -a
Linux bennolonb 2.6.22-14-generic #1 SMP Fri Feb 1 04:59:50 UTC 2008 i686 GNU/Linux
root@bennolonb:~/compat-wireless-2.6#

uh, btw, kismet runs fine ...

Any hints?

thx anyway!