rt73 + aireplay-ng = packet injection
 

I finally managed to get aireplay-ng to compile in scratchbox, after alot of cussing and driving my girlfriend totally nuts.
Anyway I loaded the rt73 driver and then iwpriv wlan1 rfmontx 1, after that I tested injection with aireplay-ng wlan1 --test, and aireplay found one AP and reported that injections worked.

I don't have the skills (yet) to make a deb package, but if anyone of you guys want to trie it out I can put up the binary files + driver.

Pardon my slightly confused post and bad english, but I have been at this this for about 9 hours non-stop.

Re: rt73 + aireplay-ng = packet injection
 

That's incredible! I hope it's fully working. Thanks for all your effort! Can you please tell me how to do this on my N800? Please keep us up to date. Thanks again.

Re: rt73 + aireplay-ng = packet injection
 

Binary + files + a nice readme to boot please :)

Re: rt73 + aireplay-ng = packet injection
 

i would also appreciate the binaries

Re: rt73 + aireplay-ng = packet injection
 

Ok I'll post a little howto tomorrow + all the needed file, but right now I gotta get some sleep.

Re: rt73 + aireplay-ng = packet injection
 

Great news!!!!!!!!!!!!!!!!!! Dude you`re the man!

Re: rt73 + aireplay-ng = packet injection
 

muahahahaha ::evilgrin:: been waitin for that, i thought it was a hardware issue, didn't know it could be resolved so easily..

not bad my good friend, the n8x0 just went up a couple notches ;).. anyone try metasploit on os2008?.. i remember msfweb being pretty darn slow on os2007.. haven't tried it as of yet

Re: rt73 + aireplay-ng = packet injection
 

1 install package becomroot
2 install package wirelesstools, dl from http://olya.com/maemo/ (big thanks to ag2).
3 in xterm type "sudo gainroot"
4 dowload test.tar.gz to N800 internal memory ie /home/user/MyDocs/.documents/
http://rapidshare.com/files/77821232/test.tar.gz.html

5 extract test.tar.gz with "tar -xvzf test.tar.gz"

You will now have a folder called test that should contain:
aircrack-ng aireplay-ng airodump-ng rt73.bin rt73.ko

6 type "cd test", then copy rt73.bin to /lib/firmware/ with "cp rt73.bin /lib/firmware/"
7 Now activate host mode "echo host > /sys/devices/platform/musb_hdrc/mode"
8 Plug in wifi adapter to powerd hub
9 Load the driver with insmod ./rt73.ko
10 check that everything worked by checking the output from dmesg or iwconfig

You should now have an new interface called wlan1

11 Activate injection with "iwpriv wlan1 rfmontx 1" verify with "iwpriv wlan1 get_rfmontx"
12 Check injection with aireplay-ng, "./aireplay-ng wlan1 --test", aireplay-ng needs a AP in range in order to test injection, I had to run it a couple of times ,and move my wifi adapter before it worked.
Sometimes you need to run "ifconfig wlan1 up", so try that if you get into trouble.

Well that's it, and please let me know if something is wrong (I'm no linux guru)

Re: rt73 + aireplay-ng = packet injection
 

Oh and another thing, I bought myself a mini powerd usb-hub that runs on 5V from the AC adapter, but instead I'm running it of 4 R6 (AA) batteries hooked up in series -> 1.2V x 4 (nimh battries) = 4.8V and that's close enough, it works great so now I'm mobile.
Just remember to use nimh rechargable batteris, regular one have an higher voltage (1.5V) and might fry your equipment.

Re: rt73 + aireplay-ng = packet injection
 

I cant do this using the built-in wifi chip ? i need a external wifi adapter for this to work ? Great work BTW :)

Re: rt73 + aireplay-ng = packet injection
 

Thanks :)
As far as I know, packet injection is not possible on the built-in chip, the drivers need to modified to make it possible to pass raw data on the "wire".
But that would be the best solution.

Re: rt73 + aireplay-ng = packet injection
 

But since the relevant part of the driver is closed source it's impossible to modify, so the only way is using an external adapter.

Re: rt73 + aireplay-ng = packet injection
 

what wifi adapter are you using?
Thanks!

Re: rt73 + aireplay-ng = packet injection
 

I have a Belkin F5D7050B good unit but needs to be modded if you want to attach a ext aerial it if:

A good list of cards/chipsets and if they are working for injection:

http://backtrack.offensive-security....elkin_F5D7050B

Re: rt73 + aireplay-ng = packet injection
 

Edimax 7318USg, really cheap and has an external rp-sma antenna connector.
http://www.edimax.com/en/produce_det...id=1&pl2_id=44

Re: rt73 + aireplay-ng = packet injection
 

The Best USB device at the moment is the "Alfa USB 500mW WiFi Adapter".
It has custom drivers written by the AirCrack team IIRC and has a ext SMA connection. {But a driver will need to be compiled for the 2008 Kernel)

I'm trying to source one in Ireland or EU at the moment , the best place seems to be http://www.yatow.de/ ; there is a special offer for at

http://babelfish.altavista.com/babel...91906dd0653e0c

Can a German speaking person on here please register a account on the Wardriving forum for me I've tried but there a few anti-spam secuirty question that are translating properly.


----------
Edit:

I found aplace that has US/UK/CANADIA - http://www.data-alliance.net/servlet...6H-Alfa/Detail

Re: rt73 + aireplay-ng = packet injection
 

I think the next logical program port to the n800 would be MDK3 :cool:

Re: rt73 + aireplay-ng = packet injection
 

Anyone curious on how to install the driver for a Alfa AWUS036H usb or airlink 101 Zydas zd1211-BC usb? I am? I can get them recognized using usb hub but cant get them into wlan1 mode using existing drivers that work for BT and Ubuntu,but realized theres no way that will work,any help in the right direction, give me an arm! if by the grace of the n800 gods can help me, i would be forever in debt to you with major payments of many,many thank yous.

Re: rt73 + aireplay-ng = packet injection
 

You'll need to recompile from drivers from source under the Maemo SDK.
I'm trying to find a source for one of these card in EU that does not charge a crazy P&P price.

Re: rt73 + aireplay-ng = packet injection
 

mutex - what modifications did you make to aireplay-ng to get it to compile for the n8x0?

After all, the source code is GPL'd and you're only redistributing binaries. ;p

Re: rt73 + aireplay-ng = packet injection
 

@Mutex thanks for the tutorial
i used edimax ew-7318usg wifi adapter and with powered usb hub everything seems ok and i have wlan1 as you described.

But when i tried to run aireplay-ng, it say aireplay-ng not found can you help with this matter.

Re: rt73 + aireplay-ng = packet injection
 

Try ./aireplay-ng while you are in the same directory as the application

Re: rt73 + aireplay-ng = packet injection
 

There's no need to modify the source at all.
When I get some spare time I'll make an deb I have also manage to compile mdk3, which is a wirless DoS (Denial of Service) application.

Re: rt73 + aireplay-ng = packet injection
 

I tried ./aireplay-ng in the same directory as the application but it says Permission Denied, am I doing something wrong?

Re: rt73 + aireplay-ng = packet injection
 

chmod +x

(no my message isn't too short ! stupid rule !)

Re: rt73 + aireplay-ng = packet injection
 

was just wondering instead of a powered hub could you use a power injector?

http://www.siliconchip.com.au/cms/A_102685/article.html

Re: rt73 + aireplay-ng = packet injection
 

sorry right after that post i found this:
http://tabletblog.com/2006/01/usb-power-injector-2.html

was wondering if this would work instead of the aforementioned more complicated design??

Re: rt73 + aireplay-ng = packet injection
 

I tried to use it on N770 running 2007HE.
Aireplay can be executed - although I can't insmod this driver - there's an error about format (probably some kernel issue).
Is there any way to compile this driver for my kernel format to make it universal?
Or maybe I should reflash the kernel itself - if so - which kernel I could use?

Why limit such exciting thing to N800 extended users only :)

Re: rt73 + aireplay-ng = packet injection
 

I have EDIMAX ew-7318usg
I do not work my edimax, I can do?
I have USB Injector, usb host work

EDIMAX works in my ubuntu linux

Re: rt73 + aireplay-ng = packet injection
 

So I got a $25 RT73 adapter and a powered hub and I (finally) got the N800 to recognize the adapter and make it into wlan1...

Funny thing is, the aireplay-ng injection test thing isn't working. It runs, it just doesn't succeed. Is there some way to specify an SSID? wifi-radar picks up lots of APs when I tell it to use wlan1...

EDIT: Sorry, my usual post-before-research idiocy. The official site has all of the docs that I need...

I was able to find some APs when I ran this in another window:

Strange, I couldn't use the "-b XX:XX:XX:XX:XX:XX" parameter with aireplay-ng to focus on a specific AP... It just tried every AP in the neighbourhood... :o

However, I'm still getting "0/30 0%" on all the APs.

Re: rt73 + aireplay-ng = packet injection
 

So I've noticed a power drain on captured packets while injecting and dumping from the same interface (afaik the most common practice). I anxiously awaiting my r73 dongle, but wanted to pose this question.

Is there any reason to not to use wlan0 for airodump and wlan1 for aireplay? Wouldn't this provide a much better packet capture then using wlan1 for everything?

Knowing that wifi chips are full duplex, this may be a non-issue. Any thoughts? :)

Re: rt73 + aireplay-ng = packet injection
 

Isn't it -a BSSID?

Re: rt73 + aireplay-ng = packet injection
 

I cant seem to get my Belkin F5D7050 working yet. After I follow the steps and load the RT73.ko, my n800 would get segmentation faults if I try to us iwconfig, ifconfig or even sudo gainroot in another terminal. Sometimes it would just restart as well. Here is a dmesg before it decided to restart.

Anyone else have this issue? I am using a powered usbhub.

Re: rt73 + aireplay-ng = packet injection
 

here's a quick question frm a nerd!! what is it for? i read in the net its to crack wep keys. is it correct? do i need external hardware for it to work coz i tried but got confused in your step 8 when you refered to plug in wifi adapter to powered hub. thanks..

Re: rt73 + aireplay-ng = packet injection
 

Yes aireplay can be used to crack wep keys, and for that matter wpa keys. Packet injection is not something we can do using wireless from the tablet, so we need to use an external usb wireless card. To ensure we have enough power to power the external usb card we need a powered hub.

Re: rt73 + aireplay-ng = packet injection
 

Ok, so I'll need MicroUSB male to USB femal adapter, don't I? As I'm just a new kid in the town, can anyone please suggest me of one such good adaper. Thanks

Re: rt73 + aireplay-ng = packet injection
 

I think it might be easier for you to just use a USB Gender Changer, like this one, to attach to your microUSB cord then attach a standard male to female usb cord to the hub.

Re: rt73 + aireplay-ng = packet injection
 

hey by the way,any wireless network adapter will do or does it have to be of a particular brand? thnx

Re: rt73 + aireplay-ng = packet injection
 

you'll need one with an rt73 chipset or one that supports injection. I suggest getting a Hawking hwug1a from bestbuy, they're like 40 bucks and it has an external antanna that can be upgradeable.

Re: rt73 + aireplay-ng = packet injection
 

Hi I have the Alpha Network AWSUS036H but can't get aireplay to work on Ubuntu 8.04. I had this working with Fedora Core 6 a while back with the patch from aircrack-ng. I installed Ubuntu yesterday and followed the same steps but couldn't get it to work.

When I run:
sudo aireplay-ng -1 0 -e bigjoejack -a 00:1C:10:1B:0E:C1 -h 00:c0:ca:19:cd:48 wlan1

it tells me that the attack was unsuccessful.

Linux pcuser-laptop 2.6.24-19-generic #1 SMP Wed Aug 20 22:56:21 UTC 2008 i686 GNU/Linux

Patched it following the link below:
http://www.aircrack-ng.org/doku.php?id=r8187

Patch was applied successfully....

I followed these steps for the cracking:
http://s32.photobucket.com/player.sw...fs=1&os=1&ap=1

Why can I get this going in FC but not Ubuntu?

I'm in the process of download the BT3 ISO but would prefer using Ubuntu.

Thanks for reading and hope I hear back from someone soon.

Later,

BigJoeJack