maemo.org - Talk - rt73 + aireplay-ng = packet injection

maemo.org - Talk (https://talk.maemo.org/index.php)

- Applications (https://talk.maemo.org/forumdisplay.php?f=41)

- - rt73 + aireplay-ng = packet injection (https://talk.maemo.org/showthread.php?t=13458)

Re: rt73 + aireplay-ng = packet injection

Can someone help me out? I have a usb WiFI adapter with a RT8187 chipset. Do I need to compile the drivers for my 770 myself, or are there already some around somewhere?

Re: rt73 + aireplay-ng = packet injection

someone compiled r8187/rtl8187 already? just still waiting for...

Re: rt73 + aireplay-ng = packet injection

Quote:

Originally Posted by mrgreaper (Post 249969)

nice,
i have emailed the C I B (citezens advice beuru) they should be able to advise me where to report this to.you serously believe everyone here just wants to check there wifi security?

BAHAHAHAHAHA

i'm sorry, it must be something in the water because people seem to getting more insane every day. Watch FOX news much? :eek:

Re: rt73 + aireplay-ng = packet injection

I need help. I just can't get it to work on my N800... I have an Edimax EW-7318Ug.

I'm stuck at loading the driver. When I enter "insmod ./rt732.ko" the command line freezes. Output from dmesg:

Code:

[ 3964.796875] usb 1-1: khubd timed out on ep0in len=0/64

[ 3965.796875] usb 1-1: khubd timed out on ep0in len=0/64

[ 3966.796875] usb 1-1: khubd timed out on ep0in len=0/64

[ 3966.906250] usb 1-1: device descriptor read/64, error -110

[ 3972.015625] usb 1-1: khubd timed out on ep0in len=0/64

[ 3977.015625] usb 1-1: khubd timed out on ep0in len=0/64

[ 3982.015625] usb 1-1: khubd timed out on ep0in len=0/64

[ 3982.125000] usb 1-1: device descriptor read/64, error -110

[ 3982.234375] musb_stage0_irq 569: VBUS_ERROR in a_host (91, <VBusValid), retry #1, port1 00030111

[ 3982.296875] hub 1-0:1.0: port_wait_reset: err = -22

[ 3982.296875] hub 1-0:1.0: port 1 not enabled, trying reset again...

[ 3982.421875] musb_stage0_irq 645: CONNECT (a_host) devctl 5d

[ 3982.507812] hub 1-0:1.0: port_wait_reset: err = -22

[ 3982.507812] hub 1-0:1.0: port 1 not enabled, trying reset again...

[ 3982.507812] musb_stage0_irq 569: VBUS_ERROR in a_host (91, <VBusValid), retry #1, port1 00130111

[ 3982.695312] musb_stage0_irq 645: CONNECT (a_host) devctl 5d

[ 3982.718750] hub 1-0:1.0: port_wait_reset: err = -22

[ 3982.718750] hub 1-0:1.0: port 1 not enabled, trying reset again...

[ 3982.718750] musb_stage0_irq 569: VBUS_ERROR in a_host (91, <VBusValid), retry #1, port1 00130111

Output from lsmod:

Code:

# lsmod | grep rt73

rt73 312624 1 - Loading 0xbf098000

#

I can't kill the insmod proccess even with the -9 switch. I have to unplug the adapter.

After plugging it back in lsmod says:

Code:

# lsmod | grep rt73

rt73 312484 0 - Live 0xbf098000

#

and dmesg output is:

Code:

[ 6307.531250] musb_stage0_irq 569: VBUS_ERROR in a_wait_bcon (91, <VBusValid), retry #1, port1 00000100

[ 6307.710937] musb_stage0_irq 645: CONNECT (a_host) devctl 5d

[ 6307.710937] hub 1-0:1.0: state 8 ports 1 chg 0000 evt 0000

[ 6307.710937] usb usb1: usb auto-resume

[ 6307.710937] usb usb1: finish resume

[ 6307.710937] hub 1-0:1.0: hub_resume

[ 6307.734375] hub 1-0:1.0: port 1, status 0101, change 0001, 12 Mb/s

[ 6307.890625] hub 1-0:1.0: debounce: port 1: total 100ms stable 100ms status 0x101

[ 6307.890625] musb_stage0_irq 569: VBUS_ERROR in a_host (91, <VBusValid), retry #2, port1 00000111

[ 6308.015625] usb 1-1: new high speed USB device using musb_hdrc and address 48

[ 6308.085937] musb_stage0_irq 645: CONNECT (a_host) devctl 5d

[ 6308.453125] cx3110x: PSM dynamic with 200 ms CAM timeout.

[ 6309.015625] usb 1-1: khubd timed out on ep0in len=0/64

[ 6310.015625] usb 1-1: khubd timed out on ep0in len=0/64

[ 6311.015625] usb 1-1: khubd timed out on ep0in len=0/64

[ 6311.125000] usb 1-1: device descriptor read/64, error -110

It seems that the driver is not loaded, though... iwconfig only shows lo and wlan0:

Code:

# iwconfig

lo        no wireless extensions.



wlan0     IEEE 802.11b/g  ESSID:"TP-LINK"  

          Mode:Managed  Frequency:2.437 GHz  Access Point: 00:1D:0F:E5:58:DC   

          Bit Rate=54 Mb/s   Tx-Power=19 dBm   Sensitivity=0/200  

          RTS thr:off   Fragment thr:off

          Encryption key:3132-3334-3536-3738-3930-3132-33   Security mode:restricted

          Power Management:on

          Link Quality=65/0  Signal level=-29 dBm  Noise level=-94 dBm

          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0

          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

Can anyone help me? Can you recommend me another adapter?
Thanks!

Re: rt73 + aireplay-ng = packet injection

Quote:

Originally Posted by b0rka7a (Post 271185)

Can anyone help me? Can you recommend me another adapter?

I don't have that adapter anymore... Please, recommend me another one, that's tested with the N800 and is 100% working.

Thanks!

Re: rt73 + aireplay-ng = packet injection

Quote:

Originally Posted by b0rka7a (Post 271185)

Can anyone help me? Can you recommend me another adapter? Thanks!

I'm getting the -exact- error messages you are, to the letter.

Code:

[ 4805.835937] hub 1-0:1.0: port_wait_reset: err = -22

[ 4805.835937] hub 1-0:1.0: port 1 not enabled, trying reset again...

[ 4805.835937] hub 1-0:1.0: Cannot enable port 1.  Maybe the USB cable is bad?

[ 4805.835937] hub 1-0:1.0: state 7 ports 1 chg 0000 evt 0002

[ 4805.835937] hub 1-0:1.0: reset change on port 1

[ 4805.835937] hub 1-0:1.0: port 1, status 0101, change 0013, 12 Mb/s

[ 4805.835937] EAC mode: play disabled, rec disabled

[ 4805.859375] musb_stage0_irq 645: CONNECT (a_host) devctl 5d

[ 4806.031250] hub 1-0:1.0: debounce: port 1: total 125ms stable 100ms status 0x101

[ 4806.031250] musb_stage0_irq 569: VBUS_ERROR in a_host (91, <VBusValid), retry #1, port1 00000111

[ 4806.156250] usb 1-1: new high speed USB device using musb_hdrc and address 96

[ 4806.265625] musb_stage0_irq 645: CONNECT (a_host) devctl 5d

[ 4807.156250] usb 1-1: khubd timed out on ep0in len=0/64

[ 4808.156250] usb 1-1: khubd timed out on ep0in len=0/64

[ 4809.156250] usb 1-1: khubd timed out on ep0in len=0/64

[ 4809.265625] usb 1-1: device descriptor read/64, error -110

And just to check I followed the same steps you did to debug it and I got all of the exact same results, I'd like to clarify though that the lsmod changes it to "Live" after the devices is removed, not when it's plugged back in... Also that if you insmod while the device is -not- plugged in, it doesn't hang, and drops the driver into the "Live" status immediately. Seems like it gets stuck on something only while the device is plugged in, but regardless, the device never works.

I'm currently not using a self powered USB hub, so that very well be the cause... Seems consistent that those weird timeout errors could be due to lack of power. I'm going to get a self powered hub in the next few days so i'll report back about whether or not it was the problem.

For the record I'm using a linksys WUSB54GC which I purchased from target about 6 months ago and can inject with successfully in ubuntu using this patch. I'm running on diablo on my N810, and am using a hacked usb cable for host mode (though I also tried dumping in 'host' to no additional effect).

Re: rt73 + aireplay-ng = packet injection

Quote:

Originally Posted by jcwilk (Post 288299)

I'm going to get a self powered hub in the next few days so i'll report back about whether or not it was the problem.

I got a battery pack hooked up to a self powered hub (portable w00t) and now it works perfectly... I had some issues at first but after reloading the driver and fiddling with it, the original instructions by mutex seem to work...

Except that I can't seem to get injection working... Testing with aireplay yields:

Code:

root@Noki test # ./aireplay-ng -9 wlan1

23:01:06  Trying broadcast probe requests...

23:01:07  No Answer...

23:01:07  Found 1 AP 



23:01:07  Trying directed probe requests...

23:01:07  XX:XX:XX:XX:XX:XX - channel: 6 - 'wifinetwork'

23:01:17  0/30: 0%

And doing using aireplay's replay attack doesn't seem to be affecting the data count. I caught many packets passively though, so that seems to work fine, but then when I tried running aircrack I ran into more problems...

No matter what I did after capturing about 140k IVs I couldn't coerce the key out of it, using PTW, -z, regular aircrack-ng, nothing. Could be due to the older version of aircrack? I transferred the cap file over to my desktop and it cracked it in 2 seconds with the default settings of aircrack-ng 1.0 rc1... ??? lol

Anyways, mixed success... I'll let you guys know if I get injection working and can figure out what I was doing wrong, otherwise let me know if you're not yet to the point I'm at and need elaboration on something.

Re: rt73 + aireplay-ng = packet injection

So does anyone know if a patch for the tablets internal NIC driver is possible or is it still wishfull thinking.

Re: rt73 + aireplay-ng = packet injection

Has anyone got the rt73.ko and rt73.bin for 2.6.21?

Edit: found them here http://wiki.maemo.org/USB_to_ethernet_networking

Re: rt73 + aireplay-ng = packet injection

mrgreaper while your at it you need to "Report" Rapidshare.com for hosting millions of illegal files !!!!

Also you cant stop information ....Freedom of speech also means written words..... if not what about all the def people out there ???