packet injection with b43

[Fred Foobar]

(Hope this is the right place to post, move me if not.)

Hi, i have trouble with injection using the new b43 driver (not the legacy one, not bcm43xx).

My System: Slackware 12.0, kernel 2.6.24.3 with the included b43xx driver as module (and firmware v4.80.53.0)
i tried aircrack-ng-0.9.3 and 1.0-beta2, both build from source.

What i did:

Code:

#airmon-ng start wlan0

doesnt work (a bug?):

Code:

/usr/local/sbin/airmon-ng: line 357: /sys/class/ieee80211/phy0/add_iface: No such file or directory
mon0: ERROR while getting interface flags: No such device

but

Code:

#iwconfig wlan0 mode monitor

helps (iwconfig says now the mode is "Monitor"),
wlan0 goes up with ifconfig (and also wmaster0 which is implemented by mac80211)
and now the problem:

Code:

#aireplay-ng -9 wlan0
20:44:52  Trying broadcast probe requests...
20:44:54  No Answer...
20:44:54  Found 1 AP

20:44:54  Trying directed probe requests...
20:44:54  00:04:0E:75:CB:5E - channel: 10 - 'fritzbox_ap'
20:45:00   0/30:   0%

I read
http://tinyshell.be/aircrackng/forum/index.php?PHPSESSID=135b99bc7968a16be192cf9bbe52c3c9&topic=2498.0
http://lists.berlios.de/pipermail/bcm43xx-dev/2008-January/006661.html

and other sources which say it should work (b43/mac80211 is not listed in the wiki yet, right?).

SO, can somebody give me a hint where to look for the problem
Thx

[darkAudax]

Fred,

Use the wiki aireplay-ng inection testing page (http://aircrack-ng.org/doku.php?id=injection_test)  troubleshooting tips to confirm or deny that your card can inject.

d.

[Mister_X]

Try also latest sources from svn.

[Fred Foobar]

Fred,

Use the wiki aireplay-ng inection testing page (http://aircrack-ng.org/doku.php?id=injection_test)  troubleshooting tips to confirm or deny that your card can inject.

d.

I read this already. I would just say b43 doesnt support injection but other people proved the opposite.

Try also latest sources from svn.

nope, same problem

i also tried several other ap in the neighborhood (only for testing)

thanxs for help again anyway

[darkAudax]

Fred,

There is a slim possibility that the failed injection test is incorrect.  Try a fake auth to your own AP.  If it works then injection is actually working.

d.

[Fred Foobar]

wow, seems like you are right. It works but not very well.

When i start the injection the rate of captured data packets is increasing. However #/s goes only up to 15 so it takes pretty long.
Enough for cracking my first WEP key

Cause i have now idea how to improve it i simply have to wait for better hardware support (the old chestnut).

[|QED|]

wow, seems like you are right. It works but not very well.

When i start the injection the rate of captured data packets is increasing. However #/s goes only up to 15 so it takes pretty long.
Enough for cracking my first WEP key

Cause i have now idea how to improve it i simply have to wait for better hardware support (the old chestnut).

Have you tried to load the module with

Code:

modprobe b43 long_retry=0 short_retry=0

?

[LatinSuD]

I finished my work.

For b43 (with short_retry=0) it's about 70~80 pps without the patch, and ~350 pps with the patch (note that with the patch you don't need to pass special parameters to the module).

http://www.latinsud.com/bcm/

[morgalion]

Hi,
What is the easiest way to compile the patched b43 driver ?
I do it by downloading kernel sources and compiling all my kernel modules with make. After that, i copy b43.ko in my /lib/modules/2.6.24.15..... directory.
But this operation can take a long time ...
Thank you for your answer
(sorry for english, it's not my native language :p)

[darkAudax]

morgalion,

Do a Google search for "compile single kernel module" and you find quite a bit of material.

Here a couple of links that seem relevant:

http://www.linuxquestions.org/questions/linux-kernel-70/rebuilding-a-single-kernel-module-595116/
http://forums12.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1207399350521+28353475&threadId=982761

d.

[morgalion]

Thank you very much

[Nergar]

Do you mind expanding the details?

Im using Ubuntu 8.04, kernel 2.6.24-15-generic, Aircrack-ng 1.0 beta1 and module b43 (the one that comes with ubuntu)

I dont get a few things, how do i know which firmware do i have, lspci shows this:

Code:

Broadcom Corporation BCM4311 [AirForce 54g] 802.11a/b/g PCI Express Transceiver (rev 02)

isn't beta1 new enough? or do i have to update and compile to newest version.

i unloaded the module with

Code:

rmmod b43

and reloaded it again with

Code:

modprobe b43 long_retry=0 short_retry=0

but it isnt working at all,
haven't patched it because i dont know how.

I can inject in backtrack 3 beta but it is using the bcm43xx module and it always fails with some message about allocating memory or something.

any help is appreciated!

[darkAudax]

Nergar,

You must patch the kernel module and recompile to work.  There is lots of information on the internet plus the limited information here:

http://aircrack-ng.org/doku.php?id=b43

d.

[pakamon]

Nergar,

The same story on my laptop (Dell Vostro 1700).
I tried Backtrack. It worked for packet injection. I had memory allocation error but if you use "-x 15" parameter to aireplay, it should work for you as well.
Today I tested range of numbers and it was working properly up to "-x 450". Just give a try and let us know about your results.

I have Ubuntu 8.04 beta installed from scratch on my Vostro and I couldn't get injection working (kernel 2.6.24-15-generic and module b43 which comes with Ubuntu)
And now the funny part:

I have other Dell notebook (Inspiron 1501)at work with the same Ubuntu 8.04b, kernel and the same module b43.
I swapped wifi cards between them and injection on 1501 is working perfect!! 

Any idea? Anyone? 

[afallenhope]

I have the same question.
I have a b43 driver running Ubuntu 8.04 (Hardy Heron ), and I patched the driver but packet injection all test failed.
Anyone able to elab?
I'm running the svn copy of aircrack-ng 1b02 or something.