Intel iwlwifi drivers with injection * WORKING with 3945 & 4965 cards *

[MuffloN]

Will the drivers work on the latest BT3 USB beta? (No idea what kernel it is on that one) If so I'll gladly help out testing the Intel 4965AGN.

[darkAudax]

MuffloN,

Do "uname -r" to get the kernel number of BT3.  iwlwifi needs 2.6.22 or greater.

d.

[kernel]

For all of you getting wlan0_rename interfaces...
If wlan0 gets called wlan0_rename, I'm curious about what happens to the master interface, whose usual name is wmaster0.
More important yet, I wonder if this has any bad effect on the normal operation of those interfaces.

This issue seems to affect debian but may also be present on other distributions.

It happened to me once and I found out the important file in this situation was /etc/udev/rules.d/z25_persistent-net.rules.
(other possible files to look, as darkAudax said, are 70-persistent-net.rules and 75-persistent-net-generator.rules in the directory /etc/udev/rules)

No '/etc/udev/rules.d/z25_persistent-net.rules' here:

Code:

$ grep -r eth1 etc/udev/*
etc/udev/rules.d/70-persistent-net.rules:SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=
="00:##:##:##:##:##", NAME="eth1"
$ grep -r wlan etc/udev/*
etc/udev/rules.d/75-persistent-net-generator.rules:ACTION=="add", SUBSYSTEM=="net", KERNE
L=="eth*|ath*|wlan*|ra*|sta*" \

Anyway, I found this in the Intel doc

Known issues
------------

* Strange wireless device names:

On Ubuntu and Fedora you may end up with strange network device names,
for example, wlan0_rename. This is a known issue and will be worked on.

[MuffloN]

MuffloN,

Do "uname -r" to get the kernel number of BT3.  iwlwifi needs 2.6.22 or greater.

d.

I was more asking for someone to check it before I start downloading it and put it on a USB stick because I'd need to clean a USB stick and take a hit to the metered line I'm on right now 

[Zermelo]

I was more asking for someone to check it before I start downloading it and put it on a USB stick because I'd need to clean a USB stick and take a hit to the metered line I'm on right now

You can always use the live-CD to check the kernel.  The download isn't that large.

[kernel]

Solved: wlan0_rename issue on Ubuntu/7.10

Following advice of darkAudax, I edited /etc/udev/rules.d/70-persistent-net.rules, i.e. commented out the eth1 interface:

Code:

# PCI device 0x8086:0x4222 (ipw3945)
#SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:11:22:33:44:55", NAME="eth1"

and rebooted the system.  Afterwards, loading the iwl driver went without a problem:

Code:

# modprobe -r ipw3945
# modprobe iwl3945
# lsmod | grep iwl3945
iwl3945                88168  0
iwlwifi_mac80211      175112  1 iwl3945

Then I turned on the wifi, and configured the interface

Code:

# ifconfig wlan0 down
# iwconfig wlan0 rate 1M
# iwconfig wlan0 mode monitor
# iwconfig wlan0 channel 6
# ifconfig wlan0 up
# ifconfig
--snip--
wlan0     Link encap:UNSPEC  HWaddr 00-##-##-##-##-##-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:212 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:43401 (42.3 KB)  TX bytes:0 (0.0 b)

wmaster0  Link encap:UNSPEC  HWaddr 00-##-##-##-##-##-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

which I hope is what we are supposed to get under Ubuntu/Fedora too?

Code:

# aireplay-ng --test wlan0
02:11:34  Trying broadcast probe requests...
02:11:34  No Answer...
02:11:34  Found 3 APs
--snip--
#aireplay-ng -1 0 -e essid -a --snip-- -h --snip-- wlan0
02:15:54  Waiting for beacon frame (BSSID: --snip--)
02:15:54  Sending Authentication Request
02:15:56  Sending Authentication Request
02:15:58  Sending Authentication Request
02:16:00  Sending Authentication Request
02:16:02  Sending Authentication Request
02:16:04  Sending Authentication Request
02:16:06  Sending Authentication Request

Attack was unsuccessful. Possible reasons:
--snip--

Now, checking the  /etc/udev/rules.d/70-persistent-net.rules, I find this entry added:

Code:

# PCI device 0x8086:0x4222 (iwl3945)
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:##:##:##:##:##", ATTRS{type}=="1", NAME="wlan0"

To get the old driver back, I edited 70-persistent-net.rules again, commenting out the new wlan0 and activating eth1 interface again, then:

Code:

# ifconfig wlan0 down
# modprobe -r iwl3945
# modprobe ipw3945
# iwconfig wlan0 mode managed ap <ap_mac> key <key> essid isadora channel 6
# ifconfig wlan0 up

[ml]

http://www.cross-lfs.org/~mlankhorst/iwl3945_injection.patch is a patch needs to be applied to iwlwifi, it allows iwl3945 injection in linux v2.6.23 if you use the 1.0-dev branch of aircrack. 'aireplay-ng' seems to work fine with it.

Code:

# time /usr/src/aircrack-ng/src/aireplay-ng -9 wlan0
08:42:04  Trying broadcast probe requests...
08:42:04  Injection is working!
08:42:06  Found 2 APs

08:42:06  Trying directed probe requests...
08:42:06  00:XX:XX:XX:XX:XX - channel: 1 - 'nameremoved'
08:42:09  Ping (min/avg/max): 2.555ms/42.859ms/113.292ms Power: 166.85
08:42:09  20/30:  66%

08:42:09  00:XX:XX:XX:XX:XX - channel: 1 - 'alsogone'
08:42:11  Ping (min/avg/max): 22.055ms/67.266ms/95.931ms Power: 181.38
08:42:11  26/30:  86%


real    0m7.296s
user    0m0.423s
sys     0m2.366s

[MuffloN]

Right, the kernel on the USB version is to old, could anyone tell me how to update it if it's possible at all in a live environment?

I'm not totally clueless on Linux but I'm no pro either :p

[wildnux]

wildnux,

Your pastebin shows the following error: "eeprom_93cx6.h: No such file or directory".

That means you are missing required headers.  You will have determine which package for your distribution supplies this file then install it.  If you get similar errors, then use the same technique to resolve the problem.

d.

make file errors:

http://wilnux.pastebin.org/13227

kernel version:  Linux 2.6.22.13-0.3-default i686

what i missed??

I am not sure.....  i have the linux headers installed though. ( i have compiled the ipwraw-ng )
but while compiling ipwraw-ng  I had to edit a line in  /util/makefile      from:


gcc -I$(IEEE80211_PATH) -Wall -c -o $@ $<

to :

gcc -I/usr/src/linux/include -Wall -c -o $@ $<


Any idea how i can do it ?

[Hwagm]

Testing: http://www.cross-lfs.org/~mlankhorst/iwl3945_injection.patch

LInux: wifiway-1.0-beta2 install USB (no mode liveUSB)
Kernel: 2.6.23.12

Latest iwl3945 uCode:
Jul 27 2007
iwlwifi-3945-ucode-2.14.1.5.tgz

Latest iwlwifi snapshot:
Dec 25 2007
iwlwifi-1.2.23.tgz

Latest mac80211 package:
Jan 07 2008
mac80211-10.0.4.tgz

Suite aircrack-ng:  1.0 beta 1 r862

Interface: wlan0

Fake MAC macchanger:  KO
Captured data - airodump-ng : K0 ( 0 data)
Attack 0: Deauthentication = OK
Attack 1: Fake authentication = OK
Attack 3: ARP request replay attack = KO
Attack 9: Injection test = OK

The principal problem is: airodump-ng & iwl3945 (iwl3945_injection.patch) ----------  0 data

-------------------

Also and integrated the new driver (iwl4965_injection.patch) ,  for if someone who uses wifiway-1.0-beta2 wants to prove it, the best form is installed in USB with livecd wifiway-1.0-beta2 (kernel 2.6.21.5) and update with new kernel Kernel: 2.6.23.12

[Zermelo]

Fake MAC macchanger:  KO
Captured data - airodump-ng : K0 ( 0 data)
Attack 0: Deauthentication = OK
Attack 1: Fake authentication = OK
Attack 3: ARP request replay attack = KO
Attack 9: Injection test = OK

The principal problem is: airodump-ng & iwl3945 (iwl3945_injection.patch) ----------  0 data

Does KO mean it worked and didn't work.  I tested the iwl4965 with ml's patch and got similar results.  No data in airodump-ng, the injection test was successful, but fakeauth would not complete, I would get an initial success and the mac would be posted by airodump as associated, but I would never get a comfired authentication by aireplay.  My results are posted here: http://tinyshell.be/aircrackng/forum/index.php?topic=2606.15

[Hwagm]

Thank you, already law yesterday, but I believe that it is better to treat it in this post: iwlwifi drivers with injection
In order that this forum mas tidy

Thank you

Does KO mean it worked and didn't work = yes, No data in airodump-ng

but yes fakeauth and Deauthentication (Attack 0 and Attack 1 checked OK)

Besides I use an equipment interferences domestic that tested if the injection is positive.

Attack 3: ARP request replay attack = Logically this attack is not possible if the captured data is void with the tests of the airodump-ng

[Zermelo]

Thank you, already law yesterday, but I believe that it is better to treat it in this post: iwlwifi drivers with injection
In order that this forum mas tidy

Thank you

Does KO mean it worked and didn't work = yes, No data in airodump-ng

but yes fakeauth and Deauthentication (Attack 0 and Attack 1 checked OK)

Besides I use an equipment interferences domestic that tested if the injection is positive.

Attack 3: ARP request replay attack = Logically this attack is not possible if the captured data is void with the tests of the airodump-ng

You're english is kind of confusing I don't understand "equipment interferences domestic"

When you did fake-authentication, did you get a successful confirmation in aireplay-ng:

18:18:20  Sending Authentication Request
18:18:20  Authentication successful
18:18:20  Sending Association Request
18:18:20  Association successful :-)

I could only get:

18:18:20  Sending Authentication Request
18:18:20  Authentication successful
18:18:20  Sending Association Request

18:18:20  Sending Authentication Request (Open System)

18:18:20  Sending Authentication Request (Open System)

18:18:20  Sending Authentication Request (Open System)

Authentication would not fully be verified by aireplay, although airodump showed my adapter as an associated client.

Maybe you can post your fakeauth output since it would be easier to understand.

[Hwagm]

Code:

Association successful :-)

equipment interferences domestic = Any equipment transmission in the frequency of 2.4Ghz

for example:

Attack 1 and 0 is correct.

The problem with iwlwifi drivers with injection (iwl3945) is that are not captured data with airodump-ng

I have all the ussers of seguridadwireless effecting tests with these new drivers with wifiway-1.0-beta2 and one update of kernel for hard disk or pendrive.

--------------------------
http://download.wifislax.com/wifiway-1.0-beta2.iso

MD5: e24ca81486718e546246788ec5834d02  wifiway-1.0-beta2.iso

-------------------------------------------- kernel 2.6.21.5 driver ipwraw + iwl4965 (no injection)

wget http://www.seguridadwireless.org/update/update-1.sh
chmod +x update-1.sh
./update-1.sh

----------------------------------- kernel 2.6.23.12 support boot in usb + drivers iwlwifi with injection (iwl3945 injection + iwl4965 injection

-------------------

install wifiway in usb or hdd.

-----------------------

The livecd with these drivers is not possible still due to limitation current of the linux-live-scripts to 2.6.21.5

Sorry, I am a person with many limitations in the English language

[alacrityathome]

Hwagm,

Many thanks for all your good work and postings.  I may have to learn Spanish in order to get the full benefit of your inputs and the postings on your Spanish website!

I had downloaded the wifiway-1.0 Beta2 iso and it actually booted as a liveCD.  Are you saying that no wireless drivers will work in the Live CD mode using the Beta2 iso?  Also, for your beta feedback, I tried to run wifiBeta2 as a guest o/s via VMware 6.02 and XP as host o/s but the program froze during boot up.

Alacrity