Tutorial: Injection with ZyDAS zd1211 and zd1211b (zd1211rw)

[gordonbrown]

The post you quoted is dated January 29, today being August 17, did it not occur to you that everything's resolved and the patches are readjusted?

The fixed -1 channel isn't related to the zd1211rw driver, nor the patch. There are proposed fixes, which suggest a workaround, but you being an idiot you probably don't know where to look.

This section of  the forum should be made for registered users only. Make it harder for idiots to spew bollocks all the time.

SLEEK YOURE SOME MORON U SAID UPDATED PATHCES FORM PAGE 13 THEN U LIE ABOUT WORKING COMPAT AND YOU KNOW THAT THERE IS A FLOW AND THAT NEW COMPAT THE SAME LIKE PREVIOUS VERSIONS HAVE ISSUE WITH AIRCRACK AND MON0 BEING FIXED ON CHANNEL 1. YOURE SOME MORON ARE YOU FROM AFGHANISTAN OR SOMETHING?

I SEE YOU POST ON SEVERAL PAGES YOUR COMMENTS BUT U SHOULDNT LIE BY SAYING U INJECT WITH 800PPS OR THAT NEW COMAPT IS WORKING CUZ U KNOW IT DOESNT

OR IF YOU DONT GO AND ASK PEOPLE ON THE CHANNEL LINUX-WIRELESS THEY MAYBE EXPLAIN IT TO YOU BETTER.

I DONT KNOW MAN ABOUT U BUT YOU SHOULD GO BACK TO WHERE U COME FROM THE LESS PEOPLE IKE YOU OVER HERE THE BETTER. AND STOP POSTING NO WORKING PATHCES AND TALKING RUBBISH ABOUT SOMETHING WORKING IF IT DOESNT

IM SURE YOURE FROM MEXICO OR AFGHANISTAN WHY DONT YOU GO BACK HOME ?

OTHER THING

[sleekUsuck]

SLEEK

if youre looking for patches for zd1211rw i would like  to provide useful website with updated patches

http://patches.aircrack-ng.org/

those patches work with zd1211 but with older version of compat cuz as i said the new versions have problem with mon0 being fixed permanently on channel 1

unless you have own patches (made in Afghanistan) do they still use over there wep keys ??

anyway have fun sleek

and good luck sleek

[Mister_X]

Stop that or you're both banned.

[sleek]

The zd1211rw-inject+dbi-fix-2.6.26.patch file on http://patches.aircrack-ng.org/ is outed. Hunk 3 fails thus power readings are disabled. You can override it from the link in the first post which has hunk 3 working, in case people use http://patches.aircrack-ng.org/ to get the patch zd1211rw injection + readings patch.

Also, zd1211rw_inject_2.6.23.patch is really old. You should really place where it belongs, in the "old" directory.

[jonny54665]

updated tutorial for zd1211rw

I had a problem with wlan0 being fixed on channel -1 no matter what compat i used every compat i tried gave me the same result wlan0 mon0 fixed on ch -1 but i found some solution so if anyone have problem with mon0 being fixed on channel -1 this will help you.

my kernel 2.6.35.19 and this will work with any other kernel too

download latest compat from http://wireless.kernel.org/download/compat-wireless-2.6/
 next u need is patch for zd1211

--- drivers/net/wireless/zd1211rw/zd_mac.c   2010-01-12 18:24:21.000000000 +0200
+++ drivers/net/wireless/zd1211rw/zd_mac.c   2010-01-12 18:41:21.000000000 +0200
@@ -220,14 +220,19 @@ void zd_mac_clear(struct zd_mac *mac)
 static int set_rx_filter(struct zd_mac *mac)
 {
    unsigned long flags;
-   u32 filter = STA_RX_FILTER;
+   struct zd_ioreq32 ioreqs[] = {
+      {CR_RX_FILTER, STA_RX_FILTER},
+      { CR_SNIFFER_ON, 0U },
+   };
 
    spin_lock_irqsave(&mac->lock, flags);
-   if (mac->pass_ctrl)
-      filter |= RX_FILTER_CTRL;
+   if (mac->pass_ctrl) {
+      ioreqs[0].value |= 0xFFFFFFFF;
+      ioreqs[1].value = 0x1;
+   }
    spin_unlock_irqrestore(&mac->lock, flags);
 
-   return zd_iowrite32(&mac->chip, CR_RX_FILTER, filter);
+   return zd_iowrite32a(&mac->chip, ioreqs, ARRAY_SIZE(ioreqs));
 }
 
 static int set_mc_hash(struct zd_mac *mac)
@@ -814,7 +819,8 @@ int zd_mac_rx(struct ieee80211_hw *hw, c
    /* Caller has to ensure that length >= sizeof(struct rx_status). */
    status = (struct rx_status *)
       (buffer + (length - sizeof(struct rx_status)));
-   if (status->frame_status & ZD_RX_ERROR) {
+   if ((status->frame_status & ZD_RX_ERROR) ||
+      (status->frame_status & ~0x21)) {
       if (mac->pass_failed_fcs &&
             (status->frame_status & ZD_RX_CRC32_ERROR)) {
          stats.flag |= RX_FLAG_FAILED_FCS_CRC;
@@ -827,7 +833,8 @@ int zd_mac_rx(struct ieee80211_hw *hw, c
    stats.freq = zd_channels[_zd_chip_get_channel(&mac->chip) - 1].center_freq;
    stats.band = IEEE80211_BAND_2GHZ;
    stats.signal = status->signal_strength;
-
+   stats.signal = stats.signal - 90;
+   
    rate = zd_rx_rate(buffer, status);
 
    /* todo: return index in the big switches in zd_rx_rate instead */
@@ -1154,7 +1161,7 @@ struct ieee80211_hw *zd_mac_alloc_hw(str
    hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &mac->band;
 
    hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
-          IEEE80211_HW_SIGNAL_UNSPEC;
+          IEEE80211_HW_SIGNAL_DBM;
 
    hw->wiphy->interface_modes =
       BIT(NL80211_IFTYPE_MESH_POINT) |


next patch u need is mac patch:

diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 0855cac..221bed6 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -677,11 +677,19 @@ int tid;
 
    /*
     * Packet injection may want to control the sequence
-    * number, if we have no matching interface then we
-    * neither assign one ourselves nor ask the driver to.
+    * number, so if an injected packet is found, skip
+    * renumbering it. Also make the packet NO_ACK to avoid
+    * excessive retries (ACKing and retrying should be
+    * handled by the injecting application).
+    * FIXME This may break hostapd and some other injectors.
+    * This should be done using a radiotap flag.
     */
-   if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
+   if (unlikely((info->flags & IEEE80211_TX_CTL_INJECTED) &&
+      !(tx->sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))) {
+      if (!ieee80211_has_morefrags(hdr->frame_control))
+         info->flags |= IEEE80211_TX_CTL_NO_ACK;
       return TX_CONTINUE;
+   }
 
    if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
       return TX_CONTINUE;


next u need is this patch

commit fffd6e63ea75850dafbf2ccfb38a4189f43c0282
Author: Maxim Levitsky <maximlevitsky@xxxxxxxxx>
Date:   Tue Jun 1 15:43:21 2010 +0300

    wireless: allow to retrieve the channel set on monitor interface
    
    This will allow to preserve compatibility with userspace
    
    Signed-off-by: Maxim Levitsky <maximlevitsky@xxxxxxxxx>

diff --git a/net/wireless/chan.c b/net/wireless/chan.c
index b01a6f6..09d979b 100644
--- a/net/wireless/chan.c
+++ b/net/wireless/chan.c
@@ -49,9 +49,12 @@ int cfg80211_set_freq(struct cfg80211_registered_device *rdev,
 {
    struct ieee80211_channel *chan;
    int result;
+   struct wireless_dev *mon_dev = NULL;
 
-   if (wdev && wdev->iftype == NL80211_IFTYPE_MONITOR)
+   if (wdev && wdev->iftype == NL80211_IFTYPE_MONITOR) {
+      mon_dev = wdev;
       wdev = NULL;
+   }
 
    if (wdev) {
       ASSERT_WDEV_LOCK(wdev);
@@ -76,5 +79,8 @@ int cfg80211_set_freq(struct cfg80211_registered_device *rdev,
    if (wdev)
       wdev->channel = chan;
 
+   if (mon_dev)
+      mon_dev->channel = chan;
+
    return 0;
 }

------------------------------------------------------------------------------------------

now copy those patches to your compat directory save as a text file make it exe name it whatever u want to i named it first one x second one c and third one d

cd compat directory

and apply it by first one;   patch -Np0 -i x
second one;                       patch -Np1 -i c
and third;                            patch -Np1 -i d

everything should be ok nothing will fail.

next step make and sudo make install after it finished
still from compat directory sudo make wlunload and sudo make btunload
than modprobe zd1211rw or whatever card u have and test it airmon-ng start wlan0(or whatever u got)
aireplay-ng -9 mon0
and airodump-ng mon0 u wont see anymore channel being fixed on -1

tested on 2.6.35 tested ok 2.6.34 on backtrack and lucid 10.04 internet and aircrack work without any problem

thanks to this man Author: Maxim Levitsky

[sleek]

The fixed channel issue isn't zd1211rw specifically related.

No need to paste all the patches.

[guest123221]

sleek

this tutorial will work with any other wireless card supported by compat-wireless

u just need to skip zd1211 patch

test it if u want to on any other  rt73 etc card supported by compat

[sleek]

My point exactly.

Except, if you skip the zd1211 patch, you won't be able to inject, which just so happens is the whole point of the tutorial.

[guest1234]

as i said tested on different kernels 2.6.35 2.6.32 ubuntu 10.10 and backtrack

iwl4956

aireplay-ng -9 mon0
19:21:36  Trying broadcast probe requests...
19:21:36  Injection is working!
19:21:38  Found 4 APs


zd1211rw

aireplay-ng -9 mon1
19:24:16  Trying broadcast probe requests...
19:24:16  Injection is working!
19:24:16  Found 7 APs

rt73

aireplay-ng -9 mon0
19:26:23  Trying broadcast probe requests...
19:26:23  Injection is working!
19:26:23  Found 6 APs


sleek so why if u have iwl or rt or whatever just test it if it is working or not? instead talking rubbish?

if u have zd chip u have to apply all patches if u have iwl u dont need zd1211 patch

the last patch will help your card not to be fixed on channel -1 anymore

so sleek test it instead talking

[darkAudax]

guest1234,

Please show respect for sleek and other people on the forum.  He took the trouble of creating a tutorial to be helpful.

d.

[guest1234]

i do have respect darkAudax  i was just trying to help people to make compat work cuz it doesnt without third patch now it does but sleek say it does with zd1211 and not with other cards  and he didnt even try it.

[Mister_X]

So, which patch should be added?

[guest1234]

Mister_X if u have iwl 4965 iwl 5100  rt 73 rt2800 or any other card supported by compat wireless and u want to use compat wireless u dont need patch for zd1211rw the first one i posted just the second and third

third patch is to correct (bug) compat wireless and wlan0 mon0 being fixed on channel -1

if u have zd1211 apply all three patches

[sleek]

What an astonishing revelation !!!

[guest1234]

sleek thank you Sir,

but u should thank the man who made patch and fixed problem with wlan0  mon0 being fixed on channel -1