[TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

First of all, thank you lxp for making the wifi drivers! :)

In this tutorial, I will explain (the n00b way) on how to use aircrack-ng on the N900.

remember: use this tutorial only for educational purposes
oh and if something happens to your N900, go to your mommy and cry... because I'm not responsible :p (hehe)


Allright let's start.

Step 1:
Donate lxp for the wifi drivers to get the files. (Donate buttons are at the bottom)
You will receive the drivers.

Step 2:
When you got the drivers and downloaded them on your PC/Mac, just copy the file (wl1251-maemo-0.1.tar.gz) into your N900 using the usb cable in the MyDocs. When done, disconnect the cable.

Step 3:
(this part is from the inlcuded README file)

Installation:

• Open X Terminal

type the following commands to unpack the file:
Step 4:
Now let's install aircrack-ng and the drivers:
* Install customized osso-wlan (optional)
This fixes a bug where WLAN gets stuck, when you are connected to an access point and go out-of-range.

WARNING: Installing the customized osso-wlan will break seamless upgrades to new PR versions.
Most likely you will have to reinstall normal osso-wlan version before you can do OTA upgrades.

You can also skip this step, but keep in mind that the above mentioned bug can occur. If this bug is triggered you have 3 options:
manually unset ssid, unload and reload driver or reboot your phone.

Side note: The packages osso-wlan-dbg and osso-wlan-doc are also included but not needed.

Step 5:
This step is only needed if you have multiboot on your N900 (credits goes to stlpaul):
if you haven't installed leafpad type:
Next, create the file /etc/multiboot.d/01-Maemo-2.6.28.10power46-wl1.item using leafpad:
and write this into leafpad:
save the file

Power off and boot your phone again while the keyboard is slide open.
Select the kernel from the boot list:
Maemo 2.6.28.10power46-wl1


Step 6:
Using the driver:
This procedure is required after every reboot of your phone, if you want to use this driver!

Open X Terminal
* Load the driver
* Unloading the driver (just in case you run into problems and want to switch back to the stock wl12xx driver)
Step 7:
Follow this tutorial:
http://www.youtube.com/watch?v=9LRSxQ7UoAc
This is the EASIEST video there is
(watch and follow the tutorial from 1:25 till end)
just keep in mind that you have to type in wlan0 instead of mon0!

But before you start video, you have to know this:
the Drivers has to be loaded.
When you open X terminal and everytime you open a new X Terminal, you need to be root

That's all ! :)

Edit:
Yes, you NEED the install the new kernel!

Edit 2:
I will upload a video soon how to do it on your N900

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

Hi!
1st I think the installation of kernel-power-headers_2.6.28-maemo46-wl1_armel.deb is not neccesary unless you want to make your own module in the device(For developers only)

2nd the installation of kernel-power-bootimg_2.6.28-maemo46-wl1_armel.deb and the whole multiboot is also optional. You won't need all that unless you have nitdroid installed.

Those I mentioned take up a huge amount of rootfs space so unless they are needed I don't think you should include them on your tutorial.

And lastly thanks for the video tutorial :p

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

thanks for starting new, freash, noob tutorial including video!!


one qustion do i really need download kernel-power-headers_2.6.28-maemo46-wl1_armel.deb????


i am googing to get it tomorrow and hope everything will go fine
THANKS! again

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

hi,
i followed the tutorial and its not working for me. i never get a handshake :( where am i going wrong?

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

Are you listening on one channel, or channel hopping?

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

Hmmm, the headers may indeed be unnecessary. I installed them when I got the driver just because, well, it was in the instructions. I thought maybe they got used later on in the install process. Not sure.

Quick note (all credits to hawaii for doing this way before I ever did, putting me up to this and answering some of my questions along the way that helped me make sure I was on the right path): You can use scratchbox (remarkably easy to set up inside a Debian virtual machine) to compile the latest Aircrack-NG code (using SVN to get it, which is preinstalled in Scratchbox, if I remember correctly) for the N900. If I ever get the motivation and figure out how, I will see if I can take over maintenance of the current aircrack-ng package in the repositories, and push out the latest versions that way. But until then, the aforementioned is a good way to relatively painlessly get the latest versions of aircrack-ng.

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

what do you mean by this? :$ i am a bit new to this

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

I'd recommend that you do some reading on the topic and on the aircrack-ng suite before you start out, or else your going to get confused very easy.

But to answer your question.
When you find the access point that you want to capture that handshake of, you must tell airodump to only listen on that channel the router is on.
To do this just add the -c switch to the command, so:
airodump-ng -c "A" -w "B" --bssid "C" wlan0
(where "A" is the channel, "B" is the name of the capture file, and "C" is the MAC address of the router)

Only experiment with this on you own router, especially when using aireplay-ng; you can really p*ss people off otherwise.

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

ok.have a question with the multi boot, is it require as i haven't installed nitroid..it looks like it can all be run in terminal..thanks

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

sorry i didnt know the technical terms but yes i am doing what you just recommended but it doesnt work. i even followed the tutorial on aircrack-ng website and still i dont get any handshake :( can you please tell me exactly what i have to do to get the handshake? i just want to check if i am doing something wrong. do we have to do something about iw? when i type airmon-ng start wlan0 i get an error saying neigther the sysfs interface nor the iw command is available.

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

I just did. :)

1. Make sure you are fairly close to the access point.
2. Type: airodump-ng -c "X" wlan0 (where X is the channel number)
3. Connect another wireless device to the access point (this is the only way you can capture a handshake).

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

i am sitting in the same room so the router must be about 1.5 metres away from me. I tried that but it didnt work :( This is getting frustrating. i have spent my whole day trying to figure this out..
can you help me with why i cant get into monitor mode with airmon-ng command?

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

Did you run load.sh first, to make sure you're on the right driver? Also, airmon-ng doesn't properly work with the version of aircrack-ng in the repos, because it conflicts with installing iw, and iw is apparently necessary for airmon-ng working right. In otherwords, I don't know all the technical details.

Do this to put your card into monitor mode if airmon-ng doesn't work:

Notice that the first and third command are iFconfig, the second one is iWconfig. If you use ifconfig instead of iwconfig it'll just give you an error. I never used iwconfig instead of ifconfig, so I'm not sure what it does. Also, I'm pretty sure you need to be root to do it.

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

ya this is actually how i am getting into monitor mode.. and yes i am using bleeding edge driver. i guess then the problem is just with handshaking.. i dont know where i am going wrong. i have tried two tutorial and no success :(

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

Do as MT said above, and also you may have to use iwconfig to manually set the channel.

So, iwconfig wlan0 channel X (again X is the channel number).

In all you should be doing:
1. Loading the modules with the load.sh script.
2. Manually putting the card into monitor mode (as MT said above)
3. Manually set the channel to match that of your access point:
(as above)
4. Running airodump: airodump -c [Channel Number] wlan0

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

ok i just tried that but now i get " fixed channel wlan: 2"
lol any guess now?

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

Some other process is trying to change the channel.
Reboot and try it all again.

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

My phone's battery died as soon as i restarted and im not at home atm :P lol i guess i will try it when i get back home.

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

typo:

/home/user/MyDocs/wl1251-maemo/binary/kernel-power # cd /boot
/boot # mv zImage-2.6.28-maemo46-wl1 multiboot/wmlinuz-2.6.28.10power46-wl1

should be a v

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

i realize that when i using aircrack my root is getting full there no way to delete them

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

First post updated :)

(I think I just have to make a how to video with my N900 to show how it works....)

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

try specifying a path for the output file i guess, like /home/something

do these tools really need root? that probably makes sense because its a security problem if apps can write raw packets. well, in some environments anyways. i'd rather not think about it!

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

yeah i have old aircrack stuff installed and its asking for "iw" , never heard of that... also what other tools can we use? i'm pretty lazy at typing on the n900 so i'm hoping for wesside-ng or something easy :)

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

Yes. Not just a security thing per se (though that might be the deep down OS-level reason for what I'm about to say), but the OS often won't allow software to craft packets unless it has root level permissions. That's why NMap can only run most of its port scans as root.

Also, if you pay attention, half the binaries for aircrack-ng suite are in /usr/bin (the ones that don't need root, like, I think, aircrack-ng itself, which does the cracking), and a bunch are in /usr/sbin - the ones that, like aireplay-ng and airbase-ng (speaking of which, someone could probably make the N900 work like an infrastructure wifi access point [instead of showing up as ad-hoc network] using airbase-ng as a backend... Unconventional, but should work).

At any rate, even if you make the argument that such tools don't need root, the Linux kernel writers would disagree - so even if the tools aren't in the root path, the OS wouldn't let them craft packets anyway.

I suppose you could screw around with sudoers and give it root-level permissions even when ran by user, but eh. I think it's also good practice - when you need to run something where serious damage or moral considerations come into play, making yourself root should be there as something of an awareness-raising check.

When I compiled the latest Aircrack-NG code with unstable=true and sqlite=true, wessid-ng (or wesside-ng ... I'm too lazy to look up how it's spelled), and quite a few things, were compiled with it.

Anyway, yeah, with the in-repo aircrack-ng, I had to bring wlan0 down, set it into monitor mode, bring it back up. I just ran airmon-ng on wlan0 with iw installed (just use "apt-get install iw" - it's definitely in devel, not sure if it's in the lower ones), and it did everything for me, and not only that, but it also spawned the mon0 interface - no need to take wlan0 down, monitor mode it, then bring it up again.

It's pretty cool. wlan0 is still in managed mode, so I think you can both connect normally and inject. IDK, I'm a newb to this too. I suspect you can also drop wlan0 into monitor mode, and thus do fancy things. *Shrug*

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

worked coool
i will show photos

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

first ( problem can't see all data (can't see wifi name :( - screen is small ))http://img706.imageshack.us/img706/1...1010815042.png

injection test
http://img64.imageshack.us/img64/615...1010815060.png

http://img412.imageshack.us/img412/4...1010815210.png

wait for video

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

when i restart and start normal maemo after used the driver they show me :
can't flash karnel, required files not found guru meditation #0000025 , 62017712

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

Is the Power Kernel really necessary to have the bleeding-edge drivers working? If not, which step should be modified/deleted in order to make the driver work under stock kernel?

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

did i forget thing ?
i have nitdroid , maemo , 46power , backupmenu , this driver

i have to retype the cmd in evrytime to it's works :(

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

i have to write the cmd in avrytime i won't to start


http://img440.imageshack.us/img440/6...1010815060.png
http://img638.imageshack.us/img638/8...1010815091.png
http://img824.imageshack.us/img824/5...1010815115.png
http://img375.imageshack.us/img375/5...1010815204.png
http://img600.imageshack.us/img600/4...1010815223.png

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

.............

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

what step i will skip if i didnt install any power kernel? im just using stock kernel.. :)

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

You cannot use this driver with the stock kernel.

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

Well, unless you're an epic level hacker and compile the requisite modules... But then you might as well be running a modified power kernel, and you don't really need this question answered for you if you're that good.

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

ok. too bad.. :(

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

Success!!! much thanks to OP for posting the youtube vid, combined with
instructions at :
http://www.aircrack-ng.org/doku.php?id=simple_wep_crack

managed to successfully capture the wep key, :D

the value of my n900 just shot up, heh.

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

when i type this
airmon-ng start wlan0

i got this errore
Interface Chipset Driver

wlan0 Unknown w112xx - [phy0]

ERROR: Neither the sysfs interface links nor the iw command is available.
Please download and install iw from http://dl.aircrack-ng.org/iw.tar.bz2

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

you can't use that command to enter monitor mode. instead use:

that should do the trick, then you can proceed.

Re: [TUTORIAL] How to use aircrack-ng with the bleeding-edge wifi drivers
 

Yes, airmon-ng is pretty handy. It does have bugs though - it attempts to set the channel of the mon0 interface (if you pass one in, and bizarrely uses the legacy iwconfig to do so, despite knowing iw is present on the system) prior to issuing an ifconfig mon0 up, which of course fails; it doesn't retain the MAC address of wlan0 if you've faked it beforehand; and finally it doesn't issue a final ifconfig mon0 down, so you have to do so manually before faking the MAC yourself.

These are all easily fixable, mind you..