IWL4965 Howto without kernel-compile - Ubuntu 8.04

[karlrt]

Hi out there!

With the help of this forum, i got my iwl4965 card working, so now i want to give something back, as this is easier for most ubuntu users, all other tutorials are with new kernel compiling, and suggest to compile the new aircrack rc1. But it works without, and here it is:

1.) install aircrack-ng

Install aircrack-ng from repository, this is only 1.0  beta but it does work too:

Code:

# aptitude install aircrack-ng

2.) let the kernel be

I didnt do any kernel-baking, all the options in http://aircrack-ng.org/doku.php?id=iwl4965#preparing_the_kernel were enabled by default.

3.) compile driver

then i compiled the driver: (all this got thanks to grandstream http://tinyshell.be/aircrackng/forum/index.php?topic=2898.msg21350#msg21350) you need to have libnl-dev and libcss-dev installed:

Code:

aptitude install libnl-dev libssl-dev

go into directory

Code:

cd /usr/src/

get the compat-wireless driver source d injection-patches

Code:

wget http://www.orbit-lab.org/kernel/compat-wireless-2.6/2008/06/compat-wireless-2008-06-25.tar.bz2
wget http://patches.aircrack-ng.org/mac80211_2.6.26-rc8-wl_frag.patch

download http://tinyshell.be/aircrackng/forum/index.php?action=dlattach;topic=2898.0;id=360 into /usr/src for 0001-iwlwifi-Fix-packet-injection-in-iwl3945-and-iwl4965.patch

decompress and extract compat-wireless

Code:

bunzip2 compat-wireless-2008-06-25.tar.bz2
tar -vxf compat-wireless-2008-06-25.tar

now patch it, compile it and install it:

Code:

cd compat-wireless-2008-06-25
patch -p1 < /usr/src/0001-iwlwifi-Fix-packet-injection-in-iwl3945-and-iwl4965.patch
patch -p1 < /usr/src/mac80211_2.6.26-rc6-wl_frag.patch
make
make install
make load
rmmod iwl4965
modprobe iwl4965

4.) new firmware

the new driver is now loaded, next step is the firmware:

Code:

wget http://www.intellinuxwireless.org/iwlwifi/downloads/iwlwifi-4965-ucode-4.44.1.20.tgz
tar -vxzf iwlwifi-4965-ucode-4.44.1.20.tgz
cp ./iwlwifi-4965-ucode-4.44.1.20/iwlwifi-4965-1.ucode  /lib/firmware/

5.) test it

now you should be able to inject:
disable the wlan in networkmanager (right click)
then do

Code:

iwconfig wlan0 mode monitor

if this gives errors (card in use or so) it is not shut down properly, a

Code:

rmmod iwl4965
modprobe iwl4965

helps, if not, you need to reboot.

and then try injection:

Code:

aireplay-ng --test wlan0

everything else can be found in various cracking-tutorials

[.NetRolller 3D]

Step 5 is all wrong. It would be correct for ieee80211softmac drivers, but iwl4965 is mac80211-based. Read the mac80211 page on the wiki for the proper way to set up a monitor interface on mac80211. (Basically, you don't set the interface to monitor mode, instead you add a monitor interface.)

[.NetRolller 3D]

# aptitude install aircrack-ng

This won't work. As you say, this installs 1.0-beta2, but that is NOT enough - because iwl4965 is a mac80211 driver, 1.0-rc1 is required.

[jmesmon]

recently it appears that intel has released a new ucode update for the 4965, marked as incompatible with older drivers for the card (notice the -2 on the end of the ucode name). Does anyone know how this could effect the development of injection on this card?

[s0ullight]

Step 5 is all wrong. It would be correct for ieee80211softmac drivers, but iwl4965 is mac80211-based. Read the mac80211 page on the wiki for the proper way to set up a monitor interface on mac80211. (Basically, you don't set the interface to monitor mode, instead you add a monitor interface.)

well in fact you're right, but what he says works too.
so wether you can change the mode of the interface to the desired one, or you can add an interface.

[ena2tria]

Hello!

Thank you all for your posts. I am trying to do it on a Vaio VGN-FZ31E on Hardy 8.04

... yet I fail

I am lost and can't find my way through. I followed the steps exactly.
About the mac thing (I don't understand it). Could someone give instructions? Thank you very much! 

Code:

root@fantomas:/tmp# airmon-ng


Interface       Chipset         Driver

wlan0                   iwl4965 - [phy0]

root@fantomas:/tmp# airmon-ng check wlan0


Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID     Name
5212    NetworkManager
5226    NetworkManagerD
5259    avahi-daemon
5260    avahi-daemon
5401    dhcdbd
root@fantomas:/tmp# kill 5212 5226 5259 5260 5401
root@fantomas:/tmp# airmon-ng check wlan0
root@fantomas:/tmp# airmon-ng start wlan0


Interface       Chipset         Driver

wlan0                   iwl4965 - [phy0]/usr/sbin/airmon-ng: 833: cannot create /sys/class/ieee80211/phy0/add_iface: Directory nonexistent
Error for wireless request "Set Mode" (8B06) :
    SET failed on device mon0 ; No such device.
mon0: ERROR while getting interface flags: No such device

                                (monitor mode enabled on mon0)

root@fantomas:/tmp# ls /sys/class/ieee80211/phy0
device  index  macaddress  power  subsystem  uevent
root@fantomas:/tmp# airmon-ng


Interface       Chipset         Driver

wlan0                   iwl4965 - [phy0]

root@fantomas:/tmp#

Code:

root@fantomas:/tmp# aireplay-ng -9 wlan0
11:30:48  Trying broadcast probe requests...
11:30:50  No Answer...
11:30:50  Found 0 APs
root@fantomas:/tmp#

[.NetRolller 3D]

ena2tria: Your aircrack-ng is too old. Install 1.0-rc1 from www.aircrack-ng.org. (Don't use the aircrack-ng package offered by aptitude/synaptic, it's an old version.)

[ena2tria]

Thank you. I installed the rc1 version and it plays

However, although there are many AP, aireplay -9 only finds 1 and the probe is always 0/30

I did crack it because it was WEP but it took ~5 hours to gather < 30000 IVs

Is it normal? I suspect I don't really inject because the #data in airodamp kept increasing no matter what I did with aireplay.

All -* did nothing sucesfully except perhaps -3 but I had lots of ARPs and very few ACKS and only when I used -h with a known client. Does this mean I am not injecting?

If so, now what?
What can I do to have succesful injection? Newer kernel? Magic? 

On a happier note, the password that was found was 26:11:19:62:35
How do I use it? -s did nothing.
Can I use this in some form from the windows vista network manager?

Thank you, and sorry for asking trivial questions.

[darkAudax]

ena2tria,

This is not a hacking forum.  We don't support or endorse people accessing networks which do not belong to them.  Continued hacking questions will get you banned.

Use your own AP to learn and experiment on.  Start by taking the time to read the wiki and the the tutorials.

d.

[ena2tria]

Oh, sorry for violating the rules. It was not on purpose.
Please ignore all non forum accepted content! 

[tobito]

Cooool  it work!!

But..

you have to change the command line "patch -p1 < /usr/src/mac80211_2.6.26-rc6-wl_frag.patch"  with  "patch -p1 < /usr/src/mac80211_2.6.26-rc8-wl_frag.patch"  .

And for installing easily aircrack rc1  go download aircrack-ng_1.0~rc1-2ubuntu1_i386.deb  from http://ubuntu2.cica.es/ubuntu/ubuntu/pool/universe/a/aircrack-ng/

add the following lines into the file /etc/apt/sources.list

deb http://archive.ubuntu.com/ubuntu/ intrepid main restricted
deb-src http://archive.ubuntu.com/ubuntu/ intrepid main restricted

Then, we need to update Ubuntu's information about the available packages. That can be done by invoking this command   sudo apt-get update

install the debs and remove from /etc/apt/sources.list
deb http://archive.ubuntu.com/ubuntu/ intrepid main restricted
deb-src http://archive.ubuntu.com/ubuntu/ intrepid main restricted

then update Ubuntu's information about the available packages again.

Hope this will help

[tobito]

Finaly dont work for me aireplay hung with attack -1 & 3.. I've got this:

The interface MAC (00:1F:3B:24:80:35) doesn't match the specified MAC (-h).
   ifconfig mon0 hw ether 00:11:22:33:44:55
19:31:38  Waiting for beacon frame (BSSID: 00:17:33:2B:55:5D) on channel 11
19:31:48  No such BSSID available.

what can i do?? 

[darkAudax]

tobito,

It means you PC did not hear the beacon from the AP.

Possibilities:

- out of range of the AP
- you specified the wrong BSSID and/or ESSID
- channel has changed on your system

d.

[tobito]

Thanks darkAudax  but i finaly instaled intrepid and it work juste find.. without fakeauth...

[jikuty]

Worked perfectly. I followed the below advice along with the guide:

Cooool  it work!!

But..

you have to change the command line "patch -p1 < /usr/src/mac80211_2.6.26-rc6-wl_frag.patch"  with  "patch -p1 < /usr/src/mac80211_2.6.26-rc8-wl_frag.patch"  .

And for installing easily aircrack rc1  go download aircrack-ng_1.0~rc1-2ubuntu1_i386.deb  from http://ubuntu2.cica.es/ubuntu/ubuntu/pool/universe/a/aircrack-ng/

add the following lines into the file /etc/apt/sources.list

deb http://archive.ubuntu.com/ubuntu/ intrepid main restricted
deb-src http://archive.ubuntu.com/ubuntu/ intrepid main restricted

Then, we need to update Ubuntu's information about the available packages. That can be done by invoking this command   sudo apt-get update

install the debs and remove from /etc/apt/sources.list
deb http://archive.ubuntu.com/ubuntu/ intrepid main restricted
deb-src http://archive.ubuntu.com/ubuntu/ intrepid main restricted

then update Ubuntu's information about the available packages again.

Hope this will help

Also, after downloading the necessary files (Step 3), I disabled my wireless networking (by right clicking on the network manager). I kept the wireless disabled until I finished with Step 4.

Thanks!