Tutorial: Injection with ZyDAS 1211 and 1211b (zd1211)

[antalas]

 

thanks a lot, that's a great tuto, it's very simple to apply and injection works perfectly

[SudoRootMan]

Thanks too! This works. A small note: I run Karmic Koala. I replaced the gnome network-manager with wicd. Wicd stopped detecting AP's after I followed your patch. It may not like monitor mode. I reverted back to gnome net-mgr and that picks up my AP's again.

[latigokiller]

guys in ubuntu 9.10 not cant inyect with tp-linkwn422g , need help please help meeeeeeeeeeee , i use this patch but nothing

i need tutorial full
thks

[Snechkus]

This tutorial will explain how to achieve injection under linux with the Zydas zd1211 and zd1211b chips (also known as AR5007UG) seen nowadays on many USB Wireless devices. The following has been tested under Slax 6.1.x, Ubuntu 8.10, 9.04, Fedora 9, 10, 11 and BackTrack 4 Beta & Pre. It should work with the majority of the latest kernels starting from 2.6.25 and up.

We will not be compiling our kernel in order to gain injection, instead we'll opt for compat-wireless. Let's begin with the steps.

1. Go to http://wireless.kernel.org/download/compat-wireless-2.6/ and download the latest version of compat-wireless and untar the package: tar xfj compat-wireless-2.6.tar.bz2
2. Next up, cd to your /path/to/compat-wireless directory and download the patch required for injection: zd1211rw-inject+dbi-fix-2.6.26.patch and the mac80211.compat08082009.wl_frag+ack_v1.patch for higher injection speed. Visit the general mac80211 wiki page for details.
3. Apply the injection patch by patch -Np0 -i zd1211rw-inject+dbi-fix-2.6.26.patch.
4. Apply the mac80211 patch by: patch -Np1 -i mac80211.compat08082009.wl_frag+ack_v1.patch.
**Note: the zd1211rw-inject+dbi-fix-2.6.26.patch and mac80211.compat08082009.wl_frag+ack_v1.patch files must be in your compat-wireles-xxxx-xx-xx directory while patching, otherwise you will be asked to provide full path of the file which needs to be patched, example: /home/user/compat-wireless-xxxx-xx-xx/drivers/net/wireless/zd1211rw/zd_mac.c
5. Patching is complete and we are ready to compile our driver, type make for the process to begin and wait for few minutes to complete.
6. Barring any errors, next up is installing, make install
7. Now that the newly compiled driver is installed, we are ready to use it, but before that we have to unload the old driver by typing make unload
8. To load the new driver, just type modprobe zd1211rw or simply unplug and plug again your USB adapter.
9. That's it! This concludes the zd1211 injection tutorial. You should now be able to inject. Test your USB device, by setting it to monitor mode (airmon-ng)

# aireplay-ng -9 mon0
14:39:59  Trying broadcast probe requests...
14:39:59  Injection is working!
14:40:01  Found 1 AP

14:40:01  Trying directed probe requests...
14:40:01  00:00:00:00:00:00 - channel: 11 - 'LINKSYS'
14:40:01  Ping (min/avg/max): 0.881ms/12.418ms/37.725ms Power: -53.83
14:40:01  30/30: 100%

Voila 

Known issues at this point:
Fragmentation attack is not yet supported.

Feedback and notes welcome.

Thanks to .NetRolller 3D for contributing to this tutorial.

Hi I have maybe a silly question. because i'am new one in aircraking and in linux at all.
I'am using Slitaz live cd. I tried to patch my A-link USB device with  zd1211 chipset. But then I type in xterm ''patch Np0 -i zd1211rw-inject+dbi-fix-2.6.26.patch' systems says --invalid option 'N'.  I use July 4/2009  stilaz pack. Maybe there is another way to patch zd1211rw in stilaz? I tried to find an answer in stilaz and aircrack forums, but haven't find nothing.

[darkAudax]

Snechkus,

The "patch" program included with Slitaz simply does not support that option.  Just leave it off the command line.  You will find the Slitaz patch version lacks a lot of the standard functionality.

d.

[snechkus]

Thank u for your reply darkAudax.As I have understood to use Slitaz and my device it is no so possible. Maybe there are other variants  use aircrack-ng and the A-link usb  adapter in stilaz?

[sleek]

''patch Np0 -i zd1211rw-inject+dbi-fix-2.6.26.patch'

is incorrect, missing the "-" before Np0

patch -Np0 -i zd1211rw-inject+dbi-fix-2.6.26.patch

is the correct syntax.

[darkAudax]

snechkus: You should be able to install compat-wireless and the patch under Slitaz.  Eventually I will be releasing a version with it but I have no committed timeframe.  Alternatively try BT4 or Pentoo.  See the wiki links page.

sleek: Thanks for pointing out the missing dash.  However, that is not the problem under Slitaz.  Slitaz uses a stripped down BusyBox version of patch.

See:
BusyBox v1.12.0 (2009-09-21 16:29:43 CEST) multi-call binary

Usage: patch [-p NUM] [-i DIFF] [-R]

        -p NUM  Strip NUM leading components from file names
        -i DIFF Read DIFF instead of stdin
        -R      Reverse patch

Notice it does not allow the N option.

d.

[snechkus]

''patch Np0 -i zd1211rw-inject+dbi-fix-2.6.26.patch'

is incorrect, missing the "-" before Np0

patch -Np0 -i zd1211rw-inject+dbi-fix-2.6.26.patch

is the correct syntax.

Tahnk you sleek. I made a mistake writing the post, but I wrote corectly in command line.

darkAudax thank you for you time. I was well suprised than replies came so quickly. I will try your option. Sorry for english gramma I'am from Lithuania.