Please login or register.

Login with username, password and session length

Post reply

Message icon:

(Clear Attachment)
(more attachments)
Restrictions: 10 per post, maximum total size 8920KB, maximum individual size 1536KB
Note that any files attached will not be displayed until approved by a moderator.
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
What OS is Kali based off of, Lowercase.:

shortcuts: hit alt+s to submit/post or alt+p to preview

Topic Summary

Posted by: BarryArils
« on: July 06, 2019, 06:33:25 am »

because I had a lot of Qualcomm Atheros Wireless Cards and the firmware came in the kernel or in the firmware-linux metapackage with the non-free repo. Had you tried to apt update and install the firmware-linux?
Posted by: potuz
« on: January 13, 2019, 07:35:04 am »

Couldn't get injection to work. Monitor mode does work albeit some random firmware crashes that require a cold boot. But the injection test has never passed. Running on a Killer 1535 QCA6174. I see this patch in the kernel tree (the one providing the kernel modules used above)

And in the description I see that the use cases are precisely for raw Tx injection, am I reading this wrong?. Has anyone ever manage to get injection working on this card?
Posted by: potuz
« on: January 12, 2019, 12:35:04 pm »

A little more info at least in my case, Dell XPS 9360. Qualcomm Atheros QCA6174 802.11ac. firmware-version: RM.4.4.1.c2-00057-QCARMSWP-1. Running 4.18 on Gentoo. Loading the module
Code: [Select]
modprobe ath10k_core rawmode=1 cryptmode=1
As per recommendation in this thread it seems that I can get the card in promiscuous mode and airodump finds some APs
Code: [Select]
# airodump-ng wlp58s0mon
       TX packets 0  bytes 0 (0.0 B)
 CH  6 ][ Elapsed: 24 s ][ 2019-01-12 15:16                                         
 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID   
 F2:F2:6D:78:FA:3C  -45       75        0    0   6  720  WPA2 CCMP   PSK  campari-guest                                                                                       
 F4:F2:6D:78:FA:3C  -48       87        5    0   6  720  WPA2 CCMP   PSK  campari-2.4                                                                                         
 FC:15:B4:D4:77:FE  -63        3        0    0   1  54e. WPA2 CCMP   PSK  HP-Print-FE-Deskjet 3540 series                                                                     
 48:F8:B3:27:9C:CE  -64        5        0    0   1  130  WPA2 CCMP   PSK  LCR                                                                                                 
 0A:05:D0:13:7C:F2  -65       13        1    0   9  130  WPA2 CCMP   PSK  (((DudueDan)))                                                                                       
 38:6B:BB:B7:47:C9  -66        3        0    0   6   65  WPA  CCMP   PSK  Dr. Ricardo Eisenstein                                                                               
 24:A0:74:78:89:54  -67        1        0    0   6  195  WPA2 CCMP   PSK  Egberto's Wi-Fi Network                                                                             
 4C:D0:8A:AC:D7:4A  -70        2        0    0  11  130  WPA2 CCMP   PSK  Net-Virtua-5433-2.4G                                                                                 
 6C:B5:6B:56:22:10  -69        5        0    0  11  130  WPA2 CCMP   PSK  ZSARNO                                                                                               
 4E:D0:8A:AC:D7:4B  -71        3        0    0  11  130  OPN              #NET-CLARO-WIFI                                                                                       
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                                                                                                     
 F4:F2:6D:78:FA:3C  A8:96:75:23:EB:A4  -60    0e- 1      0        8                                                                                                             
 0A:05:D0:13:7C:F2  F8:62:14:ED:E8:ED   -1    1e- 0      0        1
However I can set the channel to anything cause iwconfig does not see the wireless extensions
Code: [Select]
# iwconfig
wlp58s0mon  no wireless extensions.
But anyway running an attack on my own AP I see
Code: [Select]
# aireplay-ng --ignore-negative-one -0 0 -a F4:F2:6D:78:FA:3C wlp58s0mon
15:19:53  Waiting for beacon frame (BSSID: F4:F2:6D:78:FA:3C) on channel -1
NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).
15:19:53  Sending DeAuth (code 7) to broadcast -- BSSID: [F4:F2:6D:78:FA:3C]
15:19:54  Sending DeAuth (code 7) to broadcast -- BSSID: [F4:F2:6D:78:FA:3C]
15:19:54  Sending DeAuth (code 7) to broadcast -- BSSID: [F4:F2:6D:78:FA:3C]
Posted by: potuz
« on: January 12, 2019, 11:23:23 am »

1. Yes, I've looked a lot. I think there is no one complaining about this error because it does not affect wireless connection.
2. I cloned the firmware files to /lib/firmware/ath10k/. It's not built-in because it's a relatively new network card (heard Fedora 25 already includes it, but I haven't checked yet).

Some output that might be useful:

after airmon-ng start wlan0:
Code: [Select]
root@localhost:/home/leste# iwconfig
eth0      no wireless extensions.

lo        no wireless extensions.

wlan0mon  IEEE 802.11  Mode:Monitor  Frequency:2.457 GHz  Tx-Power=0 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on
I have the same card
# lspci -s 3a:00
3a:00.0 Network controller: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)
And same driver with right firmware from kvalo's github.
# dmesg | grep -i ath10 | grep firmware
[    2.316840] ath10k_pci 0000:3a:00.0: firmware ver RM.4.4.1.c2-00057-QCARMSWP-1 api 6 features wowlan,ignore-otp,no-4addr-pad,raw-mode crc32 e061250a
However I do not get wireless extensions on wlp58s0mon:
# airmon-ng start wlp58s0

Found 3 processes that could cause trouble.
Kill them using 'airmon-ng check kill' before putting
the card in monitor mode, they will interfere by changing channels
and sometimes putting the interface back in managed mode

  PID Name
19227 NetworkManager
19506 wpa_supplicant
19528 dhclient

PHY   Interface   Driver      Chipset

phy0   wlp58s0      ath10k_pci   Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)

      (mac80211 monitor mode vif enabled for [phy0]wlp58s0 on [phy0]wlp58s0mon)
      (mac80211 station mode vif disabled for [phy0]wlp58s0)

# iwconfig
wlp58s0mon  no wireless extensions.

lo        no wireless extensions.

sit0      no wireless extensions.

Running airmon-ng check kill before does not help.
Posted by: pilililo2
« on: January 02, 2019, 08:47:49 pm »

Same problem here, Killer Wireless 1535 QCA6174. Running Manjaro Linux kernel 4.20, and still not working. I can turn on monitor mode, but airodump and aireplay both dont work, nothing shows up.

BTW, the guy in this thread that "got it working" has a QCA6164, maybe he doesn't know how to read the title of the thread, but he is misleading everyone into thinking that it works just like that, but only for him, but you can see on his las screenshot that his card is a QCA6164 not QCA6174.

Please, if anyone has a solution to enable monitor mode on QCA6174 cards, please post something here.

EDIT: Seems there is a newer version since 15 days ago, the 4.4.1 in the kvalo github. Im running 4.4.1.c2 right now, which seems to be the candidate 2 which is from 3 months ago. Lets see if the next linux firmware package includes this 4.4.1 version and it fixes monitor mode. Praying.
Posted by: Sarthak Thakur
« on: January 01, 2019, 03:33:38 am »

I have the same issue with this card. Did anyone else manage to solve this issue?

Output of ethtool -i wlp2s0
Code: [Select]
driver: ath10k_pci
version: 4.20.0-042000-generic
firmware-version: WLAN.RM.4.4.1-00079-QCARMSWPZ-1
bus-info: 0000:02:00.0
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no

Output of uname -a:
Code: [Select]
Linux Predator 4.20.0-042000-generic #201812232030 SMP Mon Dec 24 01:32:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Posted by: inspire sayan
« on: October 08, 2018, 12:11:29 am »

Aircrack on Qualcomm Atheros QCA6174. Good One for WIFI

Posted by: virgosun
« on: April 25, 2018, 08:12:22 am »

I tried recompile kernel with Kali inject patch as per GUIDE but no luck, no injection
Posted by: Heaj
« on: April 20, 2018, 05:20:48 pm »

Hey, the link is down, do u have another link?
Posted by: virgosun
« on: April 19, 2018, 03:44:28 am »

I swear doing nothing and it works

Posted by: mPp4
« on: April 10, 2018, 10:10:29 am »

I just install the said firmware, also change something in
sudo echo "options ath10k_core skip_otp=y" > /etc/modprobe.d/ath10k_core.conf
And it work immediately
I haven't tried creating 2 virtual interface but I got the same behavior with another laptop RT5390
Other laptop with Intel3165 doesn't have that lux, only 1 mode at a time

Hi, Could you be so nice and give us step by step tutorial how you were able to enable monitor mode?


Posted by: Chris Stone
« on: December 29, 2017, 10:52:35 am »

Great news
This latest official firmware solve monitor mode (no injection though)
Just download and install

I'm running latest firmware from here

Still seeing nothing in monitor mode  >:(

What firmware are you running? To find out run ethtool -i wlan0
Posted by: virgosun
« on: December 08, 2017, 04:02:15 am »

I just install the said firmware, also change something in
sudo echo "options ath10k_core skip_otp=y" > /etc/modprobe.d/ath10k_core.conf
And it work immediately
I haven't tried creating 2 virtual interface but I got the same behavior with another laptop RT5390
Other laptop with Intel3165 doesn't have that lux, only 1 mode at a time
Posted by: iczero
« on: December 08, 2017, 01:42:13 am »

Can you explain how you got that working? Did you use any parameters when loading the kernel module? It doesn't seem to be working for me.

By the way, it is completely possible to have two virtual interfaces, one in station mode (you can use it normally for browsing the web etc) and one in monitor mode (for packet capture and injection). airmon-ng just usually disables the station vif when it starts the monitor vif.
Posted by: virgosun
« on: December 04, 2017, 04:59:24 am »