Aircrack-ng forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

Aircrack-ng 1.6 release


Post reply

Name:
Email:
Subject:
Message icon:

Attach:
(Clear Attachment)
(more attachments)
Restrictions: maximum individual size 10240KB
Note that any files attached will not be displayed until approved by a moderator.
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Which Aircrack-ng program replays traffic? Lowercase:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: misterx
« on: August 10, 2021, 02:53:36 pm »

3. There are more to look for than that to confirm these frames are related. Things such as timing, and other parts info in the frames. I could tell, but I'd need to look at the PCAP itself.
3.5. That's a driver issue, there isn't anything we can do. You'll need to debug/profile the driver, and fix whatever bottleneck there is. Excessive logging needs to be addressed.
4. Please use pastebin or a similar site instead.
5. Driver issue (same as 3.5)
Posted by: superdutyf3
« on: August 09, 2021, 11:45:43 pm »

3. I found the 1/4,2/4,3/4,4/4 handshake packets in the capture file on another capture. So it is capturing handshakes just not showing me.

3.5 What about airodump-ng saying "fixed channel wlan0:0"? Also it wont do anything unless I set a channel, so scanning for networks is difficult because channel changing takes at least 7 seconds. Anything we can do about this?

4. I did dmesg > test.txt and got a better dmesg log. I only ran airodump-ng for about 10 seconds and the log is really long. It will only let me post 20,000 characters here so i couldn't put the dmesg log here. Please see https://net-pro.tech/phone/test.txt

5. It wont inject packets. aireplay-ng wlan0 -9 shows 0%. Can we do anything about this as well?

Thanks for taking the time to look at this
Posted by: misterx
« on: August 09, 2021, 10:26:24 pm »

3. Could you check the "WPA capture explained" page in the wiki and see what's missing from the handshake? Typically, you should see in the info column "(Message 1/4)" (FYI, the pictures in the tutorial need an update), followed by 2/4, 3/4, and 4/4, for the EAPOL frames.
4. I don't see anything obviously wrong.
Posted by: superdutyf3
« on: August 09, 2021, 06:38:36 pm »

3. Checked the capture, there are eapol packets present. but did not detect handshake.
4. Dmesg is very active when i load airodump-ng. All this comes up when I load the program.

Code: [Select]
[  378.340192] R0: [airodump-ng][7752335378] [14:29:43.058926]  wlan: [7756:E :HDD] __hdd_netdev_notifier_call: 476: __hdd_netdev_notifier_call: Driver module is closed
[  378.340288] R0: [airodump-ng][7752338574] [14:29:43.059093]  wlan: [7756:E :QDF] cds_get_context: Module ID 18 context is Null
[  378.340321] R0: [airodump-ng][7752339200] [14:29:43.059126]  wlan: [7756:E :QDF] ol_txrx_vdev_register: vdev/txrx_ops is NULL!

[  378.340360] R0: [airodump-ng][7752339979] [14:29:43.059166]  wlan: [7756:E :QDF] cds_get_context: Module ID 18 context is Null
[  378.340392] R0: [airodump-ng][7752340597] [14:29:43.059198]  wlan: [7756:E :TRX] ol_txrx_register_peer: 5707: Pdev is NULL
[  378.340429] R0: [airodump-ng][7752341292] [14:29:43.059235]  wlan: [7756:E :HDD] hdd_set_mon_rx_cb: 2376: ol_txrx_register_peer() failed to register. Status= 4 [0x00000004]
[  378.340454] device wlan0 entered promiscuous mode
[  380.281170] afe_tdm_port_start: top_id:10001ccc acdb_id:512 port_id:0x9011
[  380.322388] afe_tdm_port_start: top_id:10000ccc acdb_id:513 port_id:0x9010
[  384.104230] msm_crus_store_imped: right impedance 6.85379828 ohms
[  384.106417] msm_crus_store_imped: left impedance 7.65672082 ohms
[  384.148195] afe_close: port_id = 0x9010
[  384.168203] afe_close: port_id = 0x9011
[  390.752372] logd: logdr: UID=2000 GID=2000 PID=7932 n tail=0 logMask=80 pid=0 start=0ns timeout=0ns
[  390.753280] logd: Skipping 256 entries from slow reader, pid 7932, from LogBuffer::kickMe()
[  390.753747] logd: Skipping 256 entries from slow reader, pid 7932, from LogBuffer::kickMe()
[  396.067933] type=1400 audit(1628533800.783:305): avc: denied { read } for comm="screencap" name="gpu_model" dev="sysfs" ino=48812 scontext=u:r:dumpstate:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file permissive=1
[  396.068329] type=1400 audit(1628533800.783:306): avc: denied { open } for comm="screencap" path="/sys/devices/platform/soc/5000000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_model" dev="sysfs" ino=48812 scontext=u:r:dumpstate:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file permissive=1
[  396.068535] type=1400 audit(1628533800.783:307): avc: denied { getattr } for comm="screencap" path="/sys/devices/platform/soc/5000000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_model" dev="sysfs" ino=48812 scontext=u:r:dumpstate:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file permissive=1

[  446.028788] R0: [sh][9051957718] [14:30:50.747597]  wlan: [9937:I :QDF] Allowing SSR/Driver unload for con_mode_handler
[  446.028816] R0: [sh][9051958455] [14:30:50.747635]  wlan: [9937:I :HDD] __con_mode_handler: 12676: con_mode handler: 0

[  446.028839] R0: [sh][9051958898] [14:30:50.747658]  wlan: [9937:F :HDD] hdd_wlan_stop_modules: 10575: stop WLAN module: entering driver status=3
[  446.028851] R0: [sh][9051959129] [14:30:50.747670]  wlan: [9937:W :HDD] hdd_wlan_stop_modules: 10593: External threads 1, Debugfs threads 0, wiphy suspend 0
[  446.028861] R0: [sh][9051959331] [14:30:50.747681]  wlan: [9937:E :QDF] PID 9937 is executing con_mode_handler
[  446.028872] R0: [sh][9051959542] [14:30:50.747692]  wlan: [9937:I :HDD] hdd_wlan_stop_modules: 10611: Present Driver Status: 3
[  446.028883] R0: [sh][9051959760] [14:30:50.747703]  wlan: [9937:I :HDD] hdd_wlan_stop_modules: 10621: Modules already closed
[  446.028894] R0: [sh][9051959969] [14:30:50.747714]  wlan: [9937:F :HDD] hdd_wlan_stop_modules: 10709: stop WLAN module: exit driver status=3
[  446.028982] R0: [sh][9051961645] [14:30:50.747801]  wlan: [9937:I :HDD] wlan_hdd_release_intf_addr: 2844: Releasing MAC from provisioned list
[  446.028995] R0: [sh][9051961887] [14:30:50.747814]  wlan: [9937:I :HDD] wlan_hdd_release_intf_addr: 2847: 58:cb:52:20:11:93
[  446.029647] [RMNET:HI] rmnet_config_notify_cb(): Kernel is trying to unregister wlan0
[  446.029677] R0: [sh][9051974982] [14:30:50.748496]  wlan: [9937:E :HDD] __hdd_netdev_notifier_call: 476: __hdd_netdev_notifier_call: Driver module is closed
[  446.080025] [RMNET:HI] rmnet_config_notify_cb(): Kernel is trying to unregister wlan0
[  446.080092] R0: [sh][9052942915] [14:30:50.798909]  wlan: [9937:E :HDD] __hdd_netdev_notifier_call: 476: __hdd_netdev_notifier_call: Driver module is closed
[  446.080265] R0: [sh][9052946225] [14:30:50.799081]  wlan: [9937:I :HDD] wlan_hdd_get_provisioned_intf_addr: 2809: Assigning MAC from provisioned list58:cb:52:20:11:93
[  446.080341] R0: [sh][9052947685] [14:30:50.799158]  wlan: [9937:I :HDD] hdd_set_tso_flags: 2661: TSO Enabled
[  446.080419] R0: [sh][9052949204] [14:30:50.799237]  wlan: [9937:E :HDD] __hdd_netdev_notifier_call: 476: __hdd_netdev_notifier_call: Driver module is closed
[  446.086040] R0: [sh][9053057062] [14:30:50.804854]  wlan: [9937:E :HDD] __hdd_netdev_notifier_call: 476: __hdd_netdev_notifier_call: Driver module is closed
[  446.086844] R0: [sh][9053072512] [14:30:50.805659]  wlan: [9937:I :HDD] hdd_open_adapter: 4255: Disabling queues
[  446.087103] R0: [sh][9053077501] [14:30:50.805919]  wlan: [9937:I :HDD] hdd_open_adapter: 4376: wlan0 interface created. iftype: 0
[  446.087162] R0: [sh][9053078664] [14:30:50.805979]  wlan: [9937:E :HDD] wlan_hdd_get_provisioned_intf_addr: 2805: No free provisioned Addresses
[  446.087179] R0: [sh][9053079003] [14:30:50.805997]  wlan: [9937:I :HDD] wlan_hdd_get_derived_intf_addr: 2791: Assigning MAC from derived list5a:cb:52:20:11:92
[  446.087226] R0: [sh][9053079886] [14:30:50.806043]  wlan: [9937:I :HDD] hdd_set_tso_flags: 2661: TSO Enabled
[  446.087293] R0: [sh][9053081195] [14:30:50.806111]  wlan: [9937:E :HDD] __hdd_netdev_notifier_call: 476: __hdd_netdev_notifier_call: Driver module is closed
[  446.092596] R0: [sh][9053182943] [14:30:50.811411]  wlan: [9937:E :HDD] __hdd_netdev_notifier_call: 476: __hdd_netdev_notifier_call: Driver module is closed
[  446.093977] R0: [sh][9053209461] [14:30:50.812792]  wlan: [9937:I :HDD] hdd_open_adapter: 4255: Disabling queues
[  446.094174] R0: [sh][9053213268] [14:30:50.812990]  wlan: [9937:I :HDD] hdd_open_adapter: 4376: wlan1 interface created. iftype: 0
[  446.094229] R0: [sh][9053214347] [14:30:50.813046]  wlan: [9937:E :HDD] wlan_hdd_get_provisioned_intf_addr: 2805: No free provisioned Addresses
[  446.094247] R0: [sh][9053214689] [14:30:50.813064]  wlan: [9937:I :HDD] wlan_hdd_get_derived_intf_addr: 2791: Assigning MAC from derived list5a:cb:52:20:11:93
[  446.094300] R0: [sh][9053215713] [14:30:50.813117]  wlan: [9937:I :HDD] hdd_set_tso_flags: 2661: TSO Enabled
[  446.094381] R0: [sh][9053217278] [14:30:50.813199]  wlan: [9937:E :HDD] __hdd_netdev_notifier_call: 476: __hdd_netdev_notifier_call: Driver module is closed
[  446.100468] R0: [sh][9053333862] [14:30:50.819271]  wlan: [9937:E :HDD] __hdd_netdev_notifier_call: 476: __hdd_netdev_notifier_call: Driver module is closed
[  446.100910] R0: [sh][9053342595] [14:30:50.819726]  wlan: [9937:I :HDD] hdd_open_adapter: 4255: Disabling queues
[  446.101078] R0: [sh][9053345874] [14:30:50.819897]  wlan: [9937:I :HDD] hdd_open_adapter: 4376: p2p0 interface created. iftype: 7
[  446.101129] R0: [sh][9053346858] [14:30:50.819948]  wlan: [9937:I :HDD] hdd_wlan_start_modules: 2203: Wlan transition (CLOSED -> OPENED)
[  446.102686] ipa ipa3_uc_reg_rdyCB:1727 bad parm. inout=          (null)
[  446.156702] IPC_RTR: process_new_server_msg: Server 00001003 create rejected, version = 0
[  446.158430] R0: [sh][9054446992] [14:30:50.877247]  wlan: [9937:I :HDD] hdd_napi_create: 131: napi instances were created. Map=0x602
[  446.158452] R0: [sh][9054447495] [14:30:50.877273]  wlan: [9937:E :QDF] cds_get_context: Module ID 21 context is Null
[  446.160275] R0: [cds_mc_thread][9054482391] [14:30:50.879090]  wlan: [9941:I :QDF] cds_mc_thread: MC Thread 9941 (cds_mc_thread) starting up
[  446.160462] R0: [sh][9054486093] [14:30:50.879283]  wlan: [9937:E :QDF] cds_get_context: Module ID 21 context is Null
[  446.161150] R0: [sh][9054498556] [14:30:50.879932]  wlan: [9937:E :QDF] error while creating debugfs dir for WMI1

[  446.161185] R0: [sh][9054499941] [14:30:50.880004]  wlan: [9937:E :QDF] ol_if_dfs_attach: called; ptr=0000000000000000, radar_info=0000000000000000

[  446.167963] R0: [sh][9054629866] [14:30:50.886772]  wlan: [9937:E :QDF] Target Ready! TX resource : 2 size:2184, MaxMsgsPerHTCBundle = 1
[  446.167988] R0: [sh][9054630532] [14:30:50.886806]  wlan: [9937:E :QDF] SVS Index : 1 TX : 0x100 : alloc:2
[  446.168006] R0: [sh][9054630887] [14:30:50.886824]  wlan: [9937:E :QDF] SVC:0x0001, ULpipe:0 DLpipe:2 id:0 Ready
[  446.168490] R0: [sh][9054640139] [14:30:50.887306]  wlan: [9937:I :HTT] full_reorder_offloaded 1
[  446.168513] R0: [sh][9054640601] [14:30:50.887330]  wlan: [9937:I :HTT] ce_classify 1
[  446.169111] R0: [sh][9054652106] [14:30:50.887930]  wlan: [9937:E :QDF] SVC:0x0300, ULpipe:4 DLpipe:1 id:1 Ready
[  446.169121] R0: [sh][9054652334] [14:30:50.887941]  wlan: [9937:E :QDF] SVC:0x0300 ep:1 TX flow control disabled
[  446.169210] R0: [sh][9054654032] [14:30:50.888030]  wlan: [9937:I :HIF] hif_map_service_to_pipe: ul pipe is NOT updated for service 769
[  446.169216] R0: [sh][9054654173] [14:30:50.888037]  wlan: [9937:E :QDF] SVC:0x0301, ULpipe:0 DLpipe:9 id:2 Ready
[  446.169239] R0: [sh][9054654285] [14:30:50.888043]  wlan: [9937:E :QDF] SVC:0x0301 ep:2 TX flow control disabled
[  446.169245] R0: [sh][9054654728] [14:30:50.888066]  wlan: [9937:I :HIF] hif_map_service_to_pipe: ul pipe is NOT updated for service 769
[  446.169317] R0: [sh][9054656108] [14:30:50.888138]  wlan: [9937:I :HIF] hif_map_service_to_pipe: ul pipe is NOT updated for service 770
[  446.169324] R0: [sh][9054656232] [14:30:50.888144]  wlan: [9937:E :QDF] SVC:0x0302, ULpipe:0 DLpipe:10 id:3 Ready
[  446.169329] R0: [sh][9054656344] [14:30:50.888150]  wlan: [9937:E :QDF] SVC:0x0302 ep:3 TX flow control disabled
[  446.169335] R0: [sh][9054656454] [14:30:50.888156]  wlan: [9937:I :HIF] hif_map_service_to_pipe: ul pipe is NOT updated for service 770
[  446.169528] R0: [sh][9054660148] [14:30:50.888348]  wlan: [9937:I :HIF] hif_map_service_to_pipe: ul pipe is NOT updated for service 1536
[  446.169534] R0: [sh][9054660287] [14:30:50.888355]  wlan: [9937:E :QDF] SVC:0x0600, ULpipe:0 DLpipe:11 id:4 Ready
[  446.169540] R0: [sh][9054660390] [14:30:50.888361]  wlan: [9937:E :QDF] SVC:0x0600 ep:4 TX flow control disabled
[  446.169616] R0: [sh][9054661849] [14:30:50.888437]  wlan: [9937:E :QDF] SVC:0x0100, ULpipe:3 DLpipe:2 id:5 Ready
[  446.169855] R0: [sh][9054666434] [14:30:50.888676]  wlan: [9937:E :QDF] HTC using TX credit flow control
[  446.170270] R0: [cds_mc_thread][9054674410] [14:30:50.889091]  wlan: [9941:I :WMA] wma_rx_service_ready_event: Firmware build version : 225b0145
[  446.170280] R0: [cds_mc_thread][9054674590] [14:30:50.889100]  wlan: [9941:W :WMA] wma_rx_service_ready_event: Board version is unknown!
[  446.170286] R0: [cds_mc_thread][9054674725] [14:30:50.889107]  wlan: [9941:I :TRX] ol_tx_set_desc_global_pool_size: 762: Global pool size: 3600

[  446.201479] R0: [cds_mc_thread][9055273570] [14:30:50.920297]  wlan: [9941:I :HDD] hdd_update_tgt_cfg: 1736: hw_mac is zero
[  446.201513] R0: [cds_mc_thread][9055274269] [14:30:50.920334]  wlan: [9941:W :PE ] cfg_set_int: 271: Value: 866 out of range: [0,780] cfg id: 138
[  446.201521] R0: [cds_mc_thread][9055274404] [14:30:50.920341]  wlan: [9941:E :HDD] hdd_update_tgt_vht_cap: 1266: Failed to set rx_supp_data_rate
[  446.201527] R0: [cds_mc_thread][9055274543] [14:30:50.920348]  wlan: [9941:W :PE ] cfg_set_int: 271: Value: 866 out of range: [0,780] cfg id: 139
[  446.201534] R0: [cds_mc_thread][9055274656] [14:30:50.920354]  wlan: [9941:E :HDD] hdd_update_tgt_vht_cap: 1273: Failed to set tx_supp_data_rate
[  446.201602] R0: [cds_mc_thread][9055275972] [14:30:50.920422]  wlan: [9941:I :HDD] hdd_update_wiphy_vhtcap: 1086: Updated wiphy vhtcap:0x381fbfa, CSNAntSupp:7, NumSoundDim:1
[  446.201609] R0: [cds_mc_thread][9055276109] [14:30:50.920430]  wlan: [9941:I :HDD] hdd_nan_datapath_target_config: 108: enable_nan_datapath: 1
[  446.219475] R0: [sh][9055618946] [14:30:50.938287]  wlan: [9937:I :HTT] HTT: full reorder offload enabled
[  446.250233] R0: [sh][9056209600] [14:30:50.969049]  wlan: [9937:I :HDD] hdd_wlan_start_modules: 2276: Wlan transition (now OPENED)
[  446.250251] Host SW:6.0.0.0A, FW:2.2.5.325.0, HW:HW_VERSION=40030001.
[  446.250259] R0: [sh][9056210177] [14:30:50.969079]  wlan: [9937:I :HDD] hdd_wlan_start_modules: 2299: Wlan transition (OPENED -> ENABLED)
[  446.252158] R0: [sh][9056246605] [14:30:50.970976]  wlan: [9937:I :HDD] hdd_ipa_wdi_conn_pipes:1709: CONS DB pipe out 0x1e720c8 TX PIPE Handle 0x10
[  446.253602] R0: [sh][9056274307] [14:30:50.972419]  wlan: [9937:I :HDD] hdd_ipa_wdi_conn_pipes:1801: PROD DB pipe out 0x1e720c0 RX PIPE Handle 0x7
[  446.253620] R0: [sh][9056274724] [14:30:50.972441]  wlan: [9937:I :HDD] hdd_ipa_wdi_conn_pipes:1810: exit: stat=0
[  446.253667] R0: [sh][9056275634] [14:30:50.972488]  wlan: [9937:I :QDF] cds_enable: wma correctly started
Posted by: misterx
« on: August 08, 2021, 11:43:44 pm »

3. Not in airodump-ng, but in the PCAP generated with wireshark.
4. Could you clear dmesg before running airodump-ng, Then run dmesg again after getting the error message, and paste the output here, within 'code' tags (# icon)
Posted by: superdutyf3
« on: August 08, 2021, 10:02:21 pm »

Thanks for reply  ;D

1. All network managers dead. (airmon-ng check shows nothing)
2. If i don't set a channel, it attempts to channel hop and scan all channels like it should but only gets data about every 10 seconds or so. If I use -c to set a specific channel, it goes to that channel after a few seconds and will read data but at the top it says "fixed channel wlan0:0.
3. Yes i have seen eapol frames at the bottom of airodump-ng when testing on my home network.
4. Dmesg is full of fun when I run airodump-ng. Please see https://net-pro.tech/phone/phone.html for full dmesg from the time i launched airodump-ng. (made a quick webpage because the log was too long to post here.)

Posted by: misterx
« on: August 08, 2021, 08:31:11 pm »

1. Did you kill network managers prior to enabling monitor mode?
2. Are you on a specific channel (not hopping)?
3. Is there any eapol frames in the capture?
4. Anything in dmesg about it while running airodump-ng?
Posted by: superdutyf3
« on: August 08, 2021, 03:39:40 pm »

Monitor mode is working but channel changing is very slow on the Pixel 3a XL. Also airodump says fixed channel 0 for wlan0.
I cant seem to capture a handshake with wifite or manually.
OS: Lineage 18.1
Nethunter generic (latest build)
wifi driver says nciss

Any help greatly appreciated.