Aircrack-ng forum
General Category => Newbies => Topic started by: leste on January 14, 2017, 11:11:35 pm
-
I've been the past month trying to make aircrack-ng work with my main computer, which has a Qualcomm Atheros QCA6174 chipset. The wireless works fine on the ath10k drivers (that I had to install manually), and I know my network card supports monitor mode and injection(fonts: https://www.aircrack-ng.org/doku.php?id=compatibility_drivers see Chipset section, besides, I can use
nmap -sPto see all the devices connected to my network).
The problem is evident when i use airmon-ng start wlan0 and airodump-ng wlan0monnext, but airodump-ng does not detects any AP's. Killing processes like network-manager, wpa_supplicant and dhclient does not affect this output at all (neither with service stop <process> nor with airmon-ng check kill or killall <process>.
My main lead is this output of dmesg | grep -i ath10k:
[ 11.772460] ath10k_pci 0000:02:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0
[glow=red,2,300][ 12.090548] ath10k_pci 0000:02:00.0: firmware: failed to load ath10k/pre-cal-pci-0000:02:00.0.bin (-2)
[ 12.090745] ath10k_pci 0000:02:00.0: Direct firmware load for ath10k/pre-cal-pci-0000:02:00.0.bin failed with error -2
[ 12.090795] ath10k_pci 0000:02:00.0: firmware: failed to load ath10k/cal-pci-0000:02:00.0.bin (-2)
[ 12.090985] ath10k_pci 0000:02:00.0: Direct firmware load for ath10k/cal-pci-0000:02:00.0.bin failed with error -2[/glow]
[ 12.101282] ath10k_pci 0000:02:00.0: firmware: direct-loading firmware ath10k/QCA6174/hw3.0/firmware-5.bin
[ 12.101297] ath10k_pci 0000:02:00.0: qca6174 hw3.2 target 0x05030000 chip_id 0x00340aff sub 1028:0310
[ 12.101302] ath10k_pci 0000:02:00.0: kconfig debug 0 debugfs 0 tracing 0 dfs 0 testmode 0
[ 12.103646] ath10k_pci 0000:02:00.0: firmware ver WLAN.RM.2.0-00088-QCARMSWPZ-1 api 5 features ignore-otp crc32 4dcf5871
[ 12.729288] ath10k_pci 0000:02:00.0: firmware: direct-loading firmware ath10k/QCA6174/hw3.0/board-2.bin
[ 12.730343] ath10k_pci 0000:02:00.0: board_file api 2 bmi_id N/A crc32 6fc88fe7
[ 15.020077] ath10k_pci 0000:02:00.0: htt-ver 3.14 wmi-op 4 htt-op 3 cal otp max-sta 32 raw 0 hwcrypto 1
because I think the failures can be related. Some other outputs that might be interesting:
$airmon-ng start wlan0
Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to run 'airmon-ng check kill'
PID Name
652 NetworkManager
858 wpa_supplicant
6252 dhclient
PHY Interface Driver Chipset
phy0 wlan0 ath10k_pci Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
(mac80211 station mode vif disabled for [phy0]wlan0)
-------------
$aireplay -9 wlan0mon
18:47:12 Trying broadcast probe requests...
18:47:14 No Answer...
18:47:14 Found 0 APs
-
1. Issue airmon-ng check kill first as explained by the index page of aircrack-ng.org
2. There seems to be firmware issues
3. Is the card working in managed mode?
4. Why did you install the drivers?
5. What is the output of uname -a?
-
1. I did, didn't work.
2. Yes, but I can use commands like nmap, netdiscover and iwlist scan, so it should work, right?
3. Yes, it works fine on managed mode.
4. Because every distro I've ever put on this computer didn't recognize the drivers at first, so I always have installed them manually ( on /lib/firmware/ath10k/QCA6174/hw...)
5.Linux localhost.localdomain 4.8.0-kali2-amd64 #1 SMP Debian 4.8.15-1kali1 (2016-12-23) x86_64 GNU/Linux
-
1. Calibration firmware, have you looked up the errors on google on how to solve those?
2. How did you install the driver? It should be built-in
-
1. Yes, I've looked a lot. I think there is no one complaining about this error because it does not affect wireless connection.
2. I cloned the firmware files https://github.com/kvalo/ath10k-firmware to /lib/firmware/ath10k/. It's not built-in because it's a relatively new network card (heard Fedora 25 already includes it, but I haven't checked yet).
Some output that might be useful:
after airmon-ng start wlan0:
root@localhost:/home/leste# iwconfig
eth0 no wireless extensions.
lo no wireless extensions.
wlan0mon IEEE 802.11 Mode:Monitor Frequency:2.457 GHz Tx-Power=0 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:on
-
OK, but what about the driver that you mention you had to install manually. Where do you get it from?
-
Sorry, I confused the terms. What I installed manually was just the firmware
-
Out of curiosity, what are the results with the stock firmware (firmware-4.bin) ?
And by the way, when running injection test, make sure you're on a channel with APs.
-
Yes, I am doing it with many AP's nearby, although airodump-ng caches nothing. What do you mean by the results?
-
Stuff being displayed in Airodump-ng and maybe results in the injection test.
-
Airodump-ng displays nothing, and the injection fails.
-
same card, same dmesg warnings, airmon-ng displays nothing.
-
Same problem here with Qualcomm Atheros QCA6174 on ath10k firmware.
Tried almost anything, including manual firmware install, but without any success, airodump-ng keeps scanning through channels and cant find anything.
-
Joined just to say i have the same issue on same chipset on killer 1535. I dont think monitor mode is supported on firmware 3.0 but was on 2.1. Need someone to create a patch for injection and monitor mode
-
I heard recently you might have to use some parameters when loading the ath10k driver for monitor mode. rawmode on ath10k_core and maybe set cryptmode to 1 (software).
-
Ive look everywhere for a patch, there isnt one for killer 1535 hardware 3.0.
-
I have QCA6174 in my dell 5557 and the monitor mode works fine, but the injection no works for me
my setup:
sudo lshw -C Network
*-network
descrição: Interface sem fio
produto: Qualcomm Atheros
fabricante: Qualcomm Atheros
ID físico: 0
informações do barramento: pci@0000:02:00.0
nome lógico: wlan0
versão: 32
serial: 68:14:01:a6:64:33
largura: 64 bits
clock: 33MHz
capacidades: pm msi pciexpress bus_master cap_list ethernet physical wireless
configuração: broadcast=yes driver=ath10k_pci driverversion=3.19.0-42-generic firmware=WLAN.RM.2.0-0008 8-QCARMSWPZ-1 ip=10.45.50.165 latency=0 link=yes wireless=IEEE 802.11abgn
recursos: irq:125 memória:d5000000-d51fffffuname -a
Linux inspiron-5557 3.19.0-42-generic #48~14.04.1-Ubuntu SMP Fri Dec 18 10:24:49 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
-
I'm seeing exactly the same problem as the OP.
I have a 2016 Dell XPS 13 laptop natively running Kali Linux. It has a Killer 1535 802.11ac WiFi card which underneath is a Qualcomm Atheros QCA6174 chipset. I'm using the ath10k_pci driver and I've not touched the firmware.
# airmon-ng
PHY Interface Driver Chipset
phy0 wlan0 ath10k_pci Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)
The documentation suggests this combination supports injection and monitoring, and I am able to switch my card into monitor mode, however while running airodump-ng in that mode, I don't see any responses.
# airmon-ng check
Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to run 'airmon-ng check kill'
PID Name
558 NetworkManager
824 wpa_supplicant
2965 dhclient
# airmon-ng check kill
Killing these processes:
PID Name
824 wpa_supplicant
Killing the other two processes manually just to be sure (NetworkManager and dhclient) didn't seem to have any effect either.
# airmon-ng start wlan0
PHY Interface Driver Chipset
phy0 wlan0 ath10k_pci Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
(mac80211 station mode vif disabled for [phy0]wlan0)
# iwlist wlan0mon channel
wlan0mon 32 channels in total; available frequencies :
Channel 01 : 2.412 GHz
Channel 02 : 2.417 GHz
Channel 03 : 2.422 GHz
Channel 04 : 2.427 GHz
Channel 05 : 2.432 GHz
Channel 06 : 2.437 GHz
Channel 07 : 2.442 GHz
Channel 08 : 2.447 GHz
Channel 09 : 2.452 GHz
Channel 10 : 2.457 GHz
Channel 11 : 2.462 GHz
Channel 12 : 2.467 GHz
Channel 13 : 2.472 GHz
Channel 36 : 5.18 GHz
Channel 40 : 5.2 GHz
Channel 44 : 5.22 GHz
Channel 48 : 5.24 GHz
Channel 52 : 5.26 GHz
Channel 56 : 5.28 GHz
Channel 60 : 5.3 GHz
Channel 64 : 5.32 GHz
Channel 100 : 5.5 GHz
Channel 104 : 5.52 GHz
Channel 108 : 5.54 GHz
Channel 112 : 5.56 GHz
Channel 116 : 5.58 GHz
Channel 120 : 5.6 GHz
Channel 124 : 5.62 GHz
Channel 128 : 5.64 GHz
Channel 132 : 5.66 GHz
Channel 136 : 5.68 GHz
Channel 140 : 5.7 GHz
Current Frequency:2.457 GHz (Channel 10)
I tried the injection test to no avail...
# aireplay-ng -9 wlan0mon
10:19:54 Trying broadcast probe requests...
10:19:56 No Answer...
10:19:56 Found 0 APs
Although here the channel is showing as 10, that's just where I grabbed it; as it was running it was cycling through the channels. Most notably, it never shows any results here despite there being my own wireless network and others within reach. There are other devices on my network too so there should be lots of wireless conversation. My network's set up to broadcast its ssid too.
# airodump-ng wlan0mon
CH 10 ][ Elapsed: 7 mins ][ 2017-03-04 10:32
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
BSSID STATION PWR Rate Lost Frames Probe
I do have driver errors in the startup log, but as the card works fine in managed mode I'm not sure whether these are cause for concern? If they are, I don't know what to do about them?
# dmesg | grep ath10k
[ 2.866583] ath10k_pci 0000:3a:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0
[ 3.145011] ath10k_pci 0000:3a:00.0: firmware: failed to load ath10k/pre-cal-pci-0000:3a:00.0.bin (-2)
[ 3.145014] ath10k_pci 0000:3a:00.0: Direct firmware load for ath10k/pre-cal-pci-0000:3a:00.0.bin failed with error -2
[ 3.145034] ath10k_pci 0000:3a:00.0: firmware: failed to load ath10k/cal-pci-0000:3a:00.0.bin (-2)
[ 3.145036] ath10k_pci 0000:3a:00.0: Direct firmware load for ath10k/cal-pci-0000:3a:00.0.bin failed with error -2
[ 3.145313] ath10k_pci 0000:3a:00.0: firmware: failed to load ath10k/QCA6174/hw3.0/firmware-5.bin (-2)
[ 3.145315] ath10k_pci 0000:3a:00.0: Direct firmware load for ath10k/QCA6174/hw3.0/firmware-5.bin failed with error -2
[ 3.145319] ath10k_pci 0000:3a:00.0: could not fetch firmware file 'ath10k/QCA6174/hw3.0/firmware-5.bin': -2
[ 3.146517] ath10k_pci 0000:3a:00.0: firmware: direct-loading firmware ath10k/QCA6174/hw3.0/firmware-4.bin
[ 3.146528] ath10k_pci 0000:3a:00.0: qca6174 hw3.2 target 0x05030000 chip_id 0x00340aff sub 1a56:1535
[ 3.146531] ath10k_pci 0000:3a:00.0: kconfig debug 0 debugfs 0 tracing 0 dfs 0 testmode 0
[ 3.148007] ath10k_pci 0000:3a:00.0: firmware ver WLAN.RM.2.0-00180-QCARMSWPZ-1 api 4 features wowlan,ignore-otp,no-4addr-pad crc32 75dee6c5
[ 3.210973] ath10k_pci 0000:3a:00.0: firmware: direct-loading firmware ath10k/QCA6174/hw3.0/board-2.bin
[ 3.211175] ath10k_pci 0000:3a:00.0: board_file api 2 bmi_id N/A crc32 6fc88fe7
[ 5.333030] ath10k_pci 0000:3a:00.0: htt-ver 3.26 wmi-op 4 htt-op 3 cal otp max-sta 32 raw 0 hwcrypto 1
[ 9773.569984] WARNING: CPU: 3 PID: 4523 at /build/linux-4C5mD3/linux-4.9.13/drivers/net/wireless/ath/ath10k/mac.c:3519 ath10k_mac_tx.isra.63+0x4dc/0x4f0 [ath10k_core]
[ 9773.569985] Modules linked in: ctr ccm fuse arc4 pci_stub vboxpci(O) vboxnetadp(O) vboxnetflt(O) nfnetlink_queue nfnetlink_log nfnetlink vboxdrv(O) snd_hda_codec_hdmi dell_led snd_hda_codec_realtek snd_hda_codec_generic hid_multitouch i2c_designware_platform dell_laptop i2c_designware_core dell_wmi dell_smbios dcdbas intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass snd_soc_skl snd_soc_skl_ipc snd_soc_sst_ipc snd_soc_sst_dsp snd_hda_ext_core snd_soc_sst_match snd_soc_core joydev snd_compress evdev pcspkr snd_hda_intel serio_raw snd_hda_codec snd_hda_core snd_hwdep snd_pcm ath10k_pci iTCO_wdt snd_timer ath10k_core snd iTCO_vendor_support soundcore ath mac80211 cfg80211 rtsx_pci_ms memstick idma64 virt_dma shpchp uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2
[ 9773.570206] [<ffffffffc0c0908c>] ? ath10k_mac_tx.isra.63+0x4dc/0x4f0 [ath10k_core]
[ 9773.570224] [<ffffffffc0c09a94>] ? ath10k_mac_op_tx+0x144/0x210 [ath10k_core]
[ 9773.570437] ath10k_pci 0000:3a:00.0: failed to transmit frame: -524
[ 9774.170480] ath10k_pci 0000:3a:00.0: failed to transmit frame: -524
[ 9774.770510] ath10k_pci 0000:3a:00.0: failed to transmit frame: -524
Many thanks,
Alec
-
Also have Killer 1535 which is hw rev 32.
With monitor mode allegedly enabled, I can't see any BSSIDs around me, echoing previous comments.
What I can bring to the party is:
I can see the BSSID if I'm already connected - i.e. startup NetworkManager, connect to the BSSID as normal, and then run airodump-ng.
If I then disconnect, and reconnect I manage to capture the WPA authentication, and can then brute force the pcap successfully.
I'm not experienced enough to conclude if monitor mode really is working, or if I'm just capturing my own packets through normal operation.
-
I heard recently you might have to use some parameters when loading the ath10k driver for monitor mode. rawmode on ath10k_core and maybe set cryptmode to 1 (software).
Hi,
i've got the exectly same problem.
Could you help me getting trough the process you just described?
Thanks in advnace
-
I heard recently you might have to use some parameters when loading the ath10k driver for monitor mode. rawmode on ath10k_core and maybe set cryptmode to 1 (software).
Running:
modprobe -r ath10k_pci
modprobe -r ath10k_core
modprobe ath10k_core rawmode=1 cryptmode=1
modprobe ath10k_pci
Results in 2 errors in dmesg:
cryptmode > 0 requires raw mode support from firmware
rawmode = 1 require support from firmware
So it appears the firmware, WLAN.RM.2.0-00180-QCARMSWPZ-1 (firmware-4.bin) does not support these needed modes.
-
Same deal with firmware-5.bin from sumdog/ath10k-firmware
-
Hey, I was wondering if you ever got this working. And if so, how? Been brainstorming for two weeks now and I'm really at the end of my rope here
-
Hello,
same problem here on manjaro with kernel 4.10.8.
Airodump-ng is totally blind with near to 20 APs in the area.
-
Having the same issues reported above on a 9360 XPS 13 with Ubuntu 16.04. Wifi works fine in Managed, can be switched to monitor, but airodump sees nothing around it.
I tried changing the firmware to the latest available in kvalo at github (firmware-5) but that seemed to break it completely (it stopped working even in managed mode) - then again, I'm very new to this firmware stuff so maybe I needed to do something other than just copying the new file?
Thanks.
-
I have exactly the same problem, but apparently nobody gives a shit.
-
Well, ewqqwe, what do you expect people to do?
The issue is in the driver/firmware. If you want to complain or file a bug report regarding that issue, it should be done in the linux-wireless mailing list (for the driver) and to Qualcomm for the firmware.
-
"hw3.0 QCA6174 hw3.0: change 4.4 branch to use FW API 6 17 days ago"
source : https://github.com/kvalo/ath10k-firmware/tree/master/QCA6174
"wireless-drivers-next patches for 4.12
Lots of bugfixes as usual but also some new features.
Major changes:
ath10k
* improve firmware download time for QCA6174 and QCA9377, especially
helps resume time"
source : https://www.spinics.net/lists/linux-wireless/msg160990.html
I'm personally waiting kernel 4.12 to resolve bugs and maybe monitor, if not : 8265NGW
-
I will try this: https://www.amazon.de/gp/product/B00P115WMY/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1
as an alternative untill they got the firmware fixed.
-
"This" is "TP-Link Archer T2UH AC600 Dual Band High Gain WLAN Adapter"
(http://pix.toile-libre.org/upload/original/1494513126.png)
-
To add information about kcdtv posts, any driver that has "sta" in its name will be crap -> no monitor mode since vendor driver.
-
Thank You for the helpfull information.
I ordered this aswell: https://www.amazon.de/gp/product/B002SZEOLG/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1
It is just pity that there semms not to be a AC usb stick with a compatible driver :(
-
There is one, but it's not atheros and its driver is crappy now.
-
The RTL 8812AU seems to be at least fair for my needs:
root@nsc10:/home/bob# aireplay-ng -9 wlan149
06:22:59 Trying broadcast probe requests...
06:23:00 Injection is working!
06:23:01 Found 2 APs
06:23:01 Trying directed probe requests...
06:23:01 10:10:7F:25:E7:4C - channel: 149 - 'XXXXXXX'
06:23:01 Ping (min/avg/max): 0.658ms/1.366ms/3.155ms Power: -52.90
06:23:01 30/30: 100%
06:23:01 10:10:7F:25:E7:4D - channel: 149 - 'YYYYYY'
06:23:01 Ping (min/avg/max): 0.595ms/1.592ms/5.794ms Power: -52.80
06:23:01 30/30: 100%
I got the driver from here:
8812au driver from Realtek - Engenius ac1200 adapters for 2x2:2 802.11ac with USB
https://github.com/astsam/rtl8812au
This may or may not be the one noted as less than optimal in a previous comment, so perhaps it is not all that good. There are complaints, but I don't know how relevant to the intended use.
You can always get one of these https://www.alftel.com/pages/product-airbud (https://www.alftel.com/pages/product-airbud) and then have multiple miniPCIe slots for Intel/Atheros/etc. chipsets to try...
-
i have the same problems with my one too
any advance on the issue?
a lot of us need to make work our chipsets atheros with aircrack-ng
will be wonderfull
please any nice soul can help?
-
No and there most likely won't be any fix, part of it because wireless developers are giving up due to having firmware crashes (wireless card crashing) that can only be recovered (if they can) after a reboot. That make developing a driver pretty much useless.
So, the bottom line is to swap the card for another atheros (QCA9xxx or ath9k) or use a compatible card.
-
ok thanks anyway
-
Tested "firmware-6.bin" from : https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/ath10k/QCA6174/hw3.0
Only thing i noticied is device recovering by itself when firmware crash :
[ 1395.974921] ath10k_pci 0000:3e:00.0: firmware crashed! (uuid [...])
[...]
[ 1395.979354] ath10k_pci 0000:3e:00.0: firmware register dump:
[...]
[ 1395.979416] ath10k_pci 0000:3e:00.0: Copy Engine register dump:
[...]
[ 1396.049568] ath10k_pci 0000:3e:00.0: device has crashed during init
[ 1396.076212] ath10k_pci 0000:3e:00.0: device has crashed during init
[ 1396.076215] ath10k_pci 0000:3e:00.0: failed to wait for target init: -70
[ 1396.077381] ieee80211 phy0: Hardware restart was requested
[ 1398.264975] ath10k_pci 0000:3e:00.0: Unknown eventid: 90118
[ 1398.360664] ath10k_pci 0000:3e:00.0: device successfully recovered
Also had to rename firmwmare-6.bin to firmware-5.bin because it is looking for firmware-X.bin (X between 2 and 5)
So :
Monitor still doesn't work
Firmware still crash when connected to 802.11ac AP, but it now recover without a reboot
Latency is stil going over 100ms every 120sec
-
Hi everyone, I'm encountering this problem too, I'm wondering if it would be possible to use the ath9k driver instead of the ath10k for the Qualcomm Atheros QCA6174 network adapter. And if, how ? I'm not really a noob on linux, but I'm not comfortable enough to know how to do it.
I'm really embarrassed with this issue, and I don't want to buy an external adapter.
-
You can't just use another driver because one isn't working. A driver is meant for a specific set of cards and there are no 2 drivers (in the kernel) that can handle the same card.
-
Dear all,
I have just created an account to say that even when using the 4.12 kernel from the Ubuntu mainline, on a Ubuntu 17.04 machine (the default kernel was 4.10), the QCA6174 card is not able to see any access points.
As a result, I have replaced the Killer WiFi card from my Dell XPS 15 9560 with an Intel 8265NGW, and I confirm that this new card sees access points and has allowed me to capture handshakes. It fails the injection test, however (but that is not a show-stopper).
-
same here QCA61x4 stock kernel 4.10. Wifi ok, airodump-ng nothing
-
Great news
This latest official firmware solve monitor mode (no injection though)
Just download and install http://mirrors.kernel.org/ubuntu/pool/main/l/linux-firmware/linux-firmware_1.170_all.deb
-
Someone please confirm strange behavior Managed mode and Monitor mode at the sane time?
airmon-ng start wlp2s0
airodump-ng
capture ok
Still surfing web at the same time?
In fact I am typing this and reply till the dump is running?(http://)
-
(https://i.imgur.com/mQqK2i3.png)
-
Can you explain how you got that working? Did you use any parameters when loading the kernel module? It doesn't seem to be working for me.
By the way, it is completely possible to have two virtual interfaces, one in station mode (you can use it normally for browsing the web etc) and one in monitor mode (for packet capture and injection). airmon-ng just usually disables the station vif when it starts the monitor vif.
-
I just install the said firmware, also change something in
sudo echo "options ath10k_core skip_otp=y" > /etc/modprobe.d/ath10k_core.conf
And it work immediately
I haven't tried creating 2 virtual interface but I got the same behavior with another laptop RT5390
Other laptop with Intel3165 doesn't have that lux, only 1 mode at a time
-
Great news
This latest official firmware solve monitor mode (no injection though)
Just download and install http://mirrors.kernel.org/ubuntu/pool/main/l/linux-firmware/linux-firmware_1.170_all.deb
I'm running latest firmware from here https://github.com/kvalo/ath10k-firmware/tree/master/QCA6174/hw3.0/4.4.1
Still seeing nothing in monitor mode >:(
What firmware are you running? To find out run ethtool -i wlan0
-
I just install the said firmware, also change something in
sudo echo "options ath10k_core skip_otp=y" > /etc/modprobe.d/ath10k_core.conf
And it work immediately
I haven't tried creating 2 virtual interface but I got the same behavior with another laptop RT5390
Other laptop with Intel3165 doesn't have that lux, only 1 mode at a time
Hi, Could you be so nice and give us step by step tutorial how you were able to enable monitor mode?
Thanks.
-
I swear doing nothing and it works
(https://i.imgur.com/uHZBzQm.jpg)
-
Hey, the link is down, do u have another link?
-
I tried recompile kernel with Kali inject patch as per GUIDE but no luck, no injection
(https://user-images.githubusercontent.com/10823037/39138219-007639e2-470f-11e8-900d-97faffb0df7f.png)
-
Aircrack on Qualcomm Atheros QCA6174. Good One for WIFIhttps://www.inspiresayan.com/best-funny-wi-fi-names-router-ssid-2018.html (https://www.inspiresayan.com/best-funny-wi-fi-names-router-ssid-2018.html).
-
I have the same issue with this card. Did anyone else manage to solve this issue?
Output of ethtool -i wlp2s0
driver: ath10k_pci
version: 4.20.0-042000-generic
firmware-version: WLAN.RM.4.4.1-00079-QCARMSWPZ-1
expansion-rom-version:
bus-info: 0000:02:00.0
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no
Output of uname -a:
Linux Predator 4.20.0-042000-generic #201812232030 SMP Mon Dec 24 01:32:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
-
Same problem here, Killer Wireless 1535 QCA6174. Running Manjaro Linux kernel 4.20, and still not working. I can turn on monitor mode, but airodump and aireplay both dont work, nothing shows up.
BTW, the guy in this thread that "got it working" has a QCA6164, maybe he doesn't know how to read the title of the thread, but he is misleading everyone into thinking that it works just like that, but only for him, but you can see on his las screenshot that his card is a QCA6164 not QCA6174.
Please, if anyone has a solution to enable monitor mode on QCA6174 cards, please post something here.
EDIT: Seems there is a newer version since 15 days ago, the 4.4.1 in the kvalo github. Im running 4.4.1.c2 right now, which seems to be the candidate 2 which is from 3 months ago. Lets see if the next linux firmware package includes this 4.4.1 version and it fixes monitor mode. Praying.
-
1. Yes, I've looked a lot. I think there is no one complaining about this error because it does not affect wireless connection.
2. I cloned the firmware files https://github.com/kvalo/ath10k-firmware to /lib/firmware/ath10k/. It's not built-in because it's a relatively new network card (heard Fedora 25 already includes it, but I haven't checked yet).
Some output that might be useful:
after airmon-ng start wlan0:
root@localhost:/home/leste# iwconfig
eth0 no wireless extensions.
lo no wireless extensions.
wlan0mon IEEE 802.11 Mode:Monitor Frequency:2.457 GHz Tx-Power=0 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:on
I have the same card
# lspci -s 3a:00
3a:00.0 Network controller: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)
And same driver with right firmware from kvalo's github.
# dmesg | grep -i ath10 | grep firmware
[ 2.316840] ath10k_pci 0000:3a:00.0: firmware ver RM.4.4.1.c2-00057-QCARMSWP-1 api 6 features wowlan,ignore-otp,no-4addr-pad,raw-mode crc32 e061250a
However I do not get wireless extensions on wlp58s0mon:
# airmon-ng start wlp58s0
Found 3 processes that could cause trouble.
Kill them using 'airmon-ng check kill' before putting
the card in monitor mode, they will interfere by changing channels
and sometimes putting the interface back in managed mode
PID Name
19227 NetworkManager
19506 wpa_supplicant
19528 dhclient
PHY Interface Driver Chipset
phy0 wlp58s0 ath10k_pci Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)
(mac80211 monitor mode vif enabled for [phy0]wlp58s0 on [phy0]wlp58s0mon)
(mac80211 station mode vif disabled for [phy0]wlp58s0)
# iwconfig
wlp58s0mon no wireless extensions.
lo no wireless extensions.
sit0 no wireless extensions.
#
Running airmon-ng check kill before does not help.
-
A little more info at least in my case, Dell XPS 9360. Qualcomm Atheros QCA6174 802.11ac. firmware-version: RM.4.4.1.c2-00057-QCARMSWP-1. Running 4.18 on Gentoo. Loading the module
modprobe ath10k_core rawmode=1 cryptmode=1
As per recommendation in this thread it seems that I can get the card in promiscuous mode and airodump finds some APs
# airodump-ng wlp58s0mon
TX packets 0 bytes 0 (0.0 B)
CH 6 ][ Elapsed: 24 s ][ 2019-01-12 15:16
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
F2:F2:6D:78:FA:3C -45 75 0 0 6 720 WPA2 CCMP PSK campari-guest
F4:F2:6D:78:FA:3C -48 87 5 0 6 720 WPA2 CCMP PSK campari-2.4
FC:15:B4:D4:77:FE -63 3 0 0 1 54e. WPA2 CCMP PSK HP-Print-FE-Deskjet 3540 series
48:F8:B3:27:9C:CE -64 5 0 0 1 130 WPA2 CCMP PSK LCR
0A:05:D0:13:7C:F2 -65 13 1 0 9 130 WPA2 CCMP PSK (((DudueDan)))
38:6B:BB:B7:47:C9 -66 3 0 0 6 65 WPA CCMP PSK Dr. Ricardo Eisenstein
24:A0:74:78:89:54 -67 1 0 0 6 195 WPA2 CCMP PSK Egberto's Wi-Fi Network
4C:D0:8A:AC:D7:4A -70 2 0 0 11 130 WPA2 CCMP PSK Net-Virtua-5433-2.4G
6C:B5:6B:56:22:10 -69 5 0 0 11 130 WPA2 CCMP PSK ZSARNO
4E:D0:8A:AC:D7:4B -71 3 0 0 11 130 OPN #NET-CLARO-WIFI
BSSID STATION PWR Rate Lost Frames Probe
F4:F2:6D:78:FA:3C A8:96:75:23:EB:A4 -60 0e- 1 0 8
0A:05:D0:13:7C:F2 F8:62:14:ED:E8:ED -1 1e- 0 0 1
However I can set the channel to anything cause iwconfig does not see the wireless extensions
# iwconfig
wlp58s0mon no wireless extensions.
But anyway running an attack on my own AP I see
# aireplay-ng --ignore-negative-one -0 0 -a F4:F2:6D:78:FA:3C wlp58s0mon
15:19:53 Waiting for beacon frame (BSSID: F4:F2:6D:78:FA:3C) on channel -1
NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).
15:19:53 Sending DeAuth (code 7) to broadcast -- BSSID: [F4:F2:6D:78:FA:3C]
15:19:54 Sending DeAuth (code 7) to broadcast -- BSSID: [F4:F2:6D:78:FA:3C]
15:19:54 Sending DeAuth (code 7) to broadcast -- BSSID: [F4:F2:6D:78:FA:3C]
-
Couldn't get injection to work. Monitor mode does work albeit some random firmware crashes that require a cold boot. But the injection test has never passed. Running on a Killer 1535 QCA6174. I see this patch in the kernel tree (the one providing the kernel modules used above)
https://patchwork.kernel.org/patch/6345131/
And in the description I see that the use cases are precisely for raw Tx injection, am I reading this wrong?. Has anyone ever manage to get injection working on this card?
-
because I had a lot of Qualcomm Atheros Wireless Cards and the firmware came in the kernel or in the firmware-linux metapackage with the non-free repo. Had you tried to apt update and install the firmware-linux?
-
here's how it works and why:
when you start mon interface with airmon-ng and have sta interface disconnected airodump will not find any AP
if you have sta interface connected to an AP and run airodump on mon interface it will find AP
or if you put sta interface down e.g. ifconfig wlanX down and leave only mon interface active airodump will find AP
this is at least how it works with qca9880 and it's probably the same with qca6174
-
Also with the problem Qualcomm Atheros QCA6174 or airodump-ng keeps searching the channels and finds nothing ...
-
Has anybody got this working?
-
This was tested and works on an XPS 15 9560 with a Killer Wireless 1535 QCA6174
STEPS:
1- Download https://github.com/kvalo/ath10k-firmware/blob/master/QCA6174/hw3.0/4.4.1.c3/firmware-6.bin_WLAN.RM.4.4.1.c3-00059 (https://github.com/kvalo/ath10k-firmware/blob/master/QCA6174/hw3.0/4.4.1.c3/firmware-6.bin_WLAN.RM.4.4.1.c3-00059)
2- Make a copy of /lib/firmware/ath10k/QCA6174/hw3.0/firmware-6.bin
3- Change downloaded file name, permissions(chmod), owner(chown) and group(chgrp) to match the original firmware-6.bin
4- Run this (replace wlp2s0 with your interface name): sudo airmon-ng stop wlp2s0 && sudo airmon-ng check kill && sudo modprobe -r ath10k_pci && sudo modprobe -r ath10k_core
5- Replace /lib/firmware/ath10k/QCA6174/hw3.0/firmware-6.bin with the downloaded file
6- Restart PC
7- Run the following to enable/disable monitoring (replace wlp2s0 with your interface name):
ENABLE:
sudo modprobe -r ath10k_pci
sudo modprobe -r ath10k_core
sudo modprobe ath10k_core rawmode=1 cryptmode=1
sudo modprobe ath10k_pci
sudo airmon-ng check kill
sudo airmon-ng start wlp2s0
DISABLE:
sudo modprobe -r ath10k_pci
sudo modprobe -r ath10k_core
sudo modprobe ath10k_core rawmode=0 cryptmode=0
sudo modprobe ath10k_pci
sudo airmon-ng stop wlp2s0
sudo service network-manager start
CREDITS: https://www.linuxquestions.org/questions/linux-networking-3/how-to-fix-qualcomm-atheros-qca6174-on-aircrack-ng-modem-mode-4175648771/ (https://www.linuxquestions.org/questions/linux-networking-3/how-to-fix-qualcomm-atheros-qca6174-on-aircrack-ng-modem-mode-4175648771/)
-
is this packet injection supported??
-
Confirming the above. Although I had to make some adjustments
replace the firmware
sudo mv /lib/firmware/ath10k/QCA6174/hw3.0/firmware-6.bin_bckp
sudo cp firmware-6.bin_WLAN.RM.4.4.1.c3-00059 /lib/firmware/ath10k/QCA6174/hw3.0/firmware-6.bin
sudo chmod 777 /lib/firmware/ath10k/QCA6174/hw3.0/firmware-6.bin
sudo chown root /lib/firmware/ath10k/QCA6174/hw3.0/firmware-6.bin
sudo chgrp root /lib/firmware/ath10k/QCA6174/hw3.0/firmware-6.bin
"Enable"
sudo modprobe -r ath10k_pci
sudo modprobe -r ath10k_core
sudo modprobe ath10k_core rawmode=1 cryptmode=1
sudo modprobe ath10k_pci
sudo reboot now
Solve potential rfkill problems
sudo rfkill unblock wifi; sudo rfkill unblock all
Stop some deamons -> less stuff to kill later
sudo service NetworkManager stop
sudo service avahi-daemon stop
sudo service wpa_supplicant stop
Change the wifi-card into the mon mode
sudo ifconfig wlp4s0 down
sudo iwconfig wlp4s0 mode monitor
sudo ifconfig wlp4s0 up
sudo airmon-ng check kill
sudo airmon-ng start wlp4s0
Scanning should work
sudo airodump-ng wlp4s0
Running ubuntu 20.04, btw, can't be bothered installing Kali or whatever.