rt73 + aireplay-ng = packet injection - Page 5 - maemo.org

Active Topics

Error after installing Leste on sdcard (13)
to Maemo 7 / Leste by Maemish - 22 hrs, 22 mins ago
TLS 1.2 for N9 is ready (29)
to MeeGo / Harmattan by smatkovi - 1 day, 7 hrs ago
Camera phone competition March 2023 "Endless" (35)
to General by Maemish - 4 days, 16 hrs ago
Maemo repository (3)
to Community by torsen - 5 days, 9 hrs ago
more...

Page 5 of 9

Thread Tools

	Benson	2008-09-06 , 16:30
	Posts: 4,930 \| Thanked: 2,272 times \| Joined on Oct 2007	#41

Originally Posted by bigjoejack

Hi I have the Alpha Network AWSUS036H but can't get aireplay to work on Ubuntu 8.04. I had this working with Fedora Core 6 a while back with the patch from aircrack-ng. I installed Ubuntu yesterday and followed the same steps but couldn't get it to work.

When I run:
sudo aireplay-ng -1 0 -e bigjoejack -a 00:1C:10:1B:0E:C1 -h 00:c0:ca:19:cd:48 wlan1

it tells me that the attack was unsuccessful.

Linux pcuser-laptop 2.6.24-19-generic #1 SMP Wed Aug 20 22:56:21 UTC 2008 i686 GNU/Linux

Patched it following the link below:
http://www.aircrack-ng.org/doku.php?id=r8187

Patch was applied successfully....

I followed these steps for the cracking:
http://s32.photobucket.com/player.sw...fs=1&os=1&ap=1

Why can I get this going in FC but not Ubuntu?

I'm in the process of download the BT3 ISO but would prefer using Ubuntu.

Thanks for reading and hope I hear back from someone soon.

Later,

BigJoeJack

I think you're on the wrong forum; internettablettalk is mainly about Nokia internet tablets, the 770, N800, and N810.

__________________
World's first inductively-charged N900!

Quote & Reply |

custode	2008-09-15 , 18:16
Posts: 1 \| Thanked: 0 times \| Joined on Sep 2008	#42

I am absolutely new to this area, but I noticed an item I wanted to run past those of you with more knowledge of the topic. The Immunity SILICA product is on the N770 or N800 depending on what you read, and seems to have some ability to breach networks. I'm not certain that this includes cracking wep/wpa, but would assume so, since they tout the usability of it. Anyway, my general question is:

It seems they have packet injection on the N770, and never mention any external adaptor. Does anyone have any more information or ideas on how that may have been done?

And, as a follow-on...is it POSSIBLE (assuming precision skills) to swap out a chipset? Are they somewhat uniform in power consumption, physical parameters, etc? Or would a unit require many other mods to accomodate?

Thanks so much.

Quote & Reply |

	jaeezzy	2008-09-19 , 13:17
	Posts: 664 \| Thanked: 160 times \| Joined on Jul 2008 @ Australia	#43

Hi, I got DLink DWA-110, will I be able to use this? has anybody tried with this? if so let me know.. thanks

Quote & Reply |

murphy	2008-09-23 , 10:35
Posts: 106 \| Thanked: 11 times \| Joined on Jun 2007	#44

Since the integrated wlan driver just became opensourced, is it now possible to use paquet injection with n800/810 ?

__________________
Linux rocks !
And so gnuite,penguinbait,qwerty12,qole,fanoush !

Quote & Reply |

	Benson	2008-09-23 , 10:46
	Posts: 4,930 \| Thanked: 2,272 times \| Joined on Oct 2007	#45

No, because that's not what happened. It's a new driver and it's still alpha. (Even if it was the existing driver open-sourced, someone would still need to write an injection patch...)

__________________
World's first inductively-charged N900!

Quote & Reply |

mike2k4	2008-10-03 , 04:02
Posts: 38 \| Thanked: 8 times \| Joined on Jan 2008	#46

Originally Posted by mike2k4

I cant seem to get my Belkin F5D7050 working yet. After I follow the steps and load the RT73.ko, my n800 would get segmentation faults if I try to us iwconfig, ifconfig or even sudo gainroot in another terminal. Sometimes it would just restart as well. Here is a dmesg before it decided to restart.

Code:

[   19.000000] hub 1-0:1.0: power on to power good time: 10ms
[   19.000000] hub 1-0:1.0: 200mA bus power budget for each child
[   19.000000] hub 1-0:1.0: local power source is good
[   19.000000] hub 1-0:1.0: enabling power on all ports
[   19.000000] drivers/usb/musb/tusb6010.c musb_platform_enable: dma not reactivated
[   19.109375] drivers/usb/core/inode.c: creating file '001'
[   19.109375] hub 1-0:1.0: state 7 ports 1 chg 0000 evt 0000
[   20.804687] EAC mode: play disabled, rec disabled
[   21.109375] hub 1-0:1.0: hub_suspend
[   21.109375] usb usb1: usb auto-suspend
[   24.046875] EAC mode: play enabled, rec enabled
[   31.648437] EAC mode: play disabled, rec disabled
[   37.539062] Adding 131064k swap on /media/mmc2/.swap.  Priority:-1 extents:1 across:131064k
[   42.671875] cx3110x: loading 3826.arm firmware.
[   42.929687] (c)opyright 2004 Conexant
[   42.929687]
[   42.929687] build info: PRISM SoftMAC
[   42.929687]   creator: [kvalo]
[   42.929687]   date: [07/10/05-11:45]
[   42.929687]
[   42.937500] cx3110x: MAC address 00:19:4f:d5:5e:56.
[   42.945312] cx3110x: libumac version 2.12.0.0.a.9.15-5
[   42.945312] cx3110x: lmac version 2.13.0.0.a.22.8
[   42.945312] cx3110x: PSM disabled.
[   44.796875] cx3110x: scanned 11 channels.
[   45.078125] cx3110x: shut down softmac.
[   45.546875] cx3110x: loading 3826.arm firmware.
[   45.804687] (c)opyright 2004 Conexant
[   45.804687]
[   45.804687] build info: PRISM SoftMAC
[   45.804687]   creator: [kvalo]
[   45.804687]   date: [07/10/05-11:45]
[   45.804687]
[   45.812500] cx3110x: MAC address 00:19:4f:d5:5e:56.
[   45.820312] cx3110x: libumac version 2.12.0.0.a.9.15-5
[   45.820312] cx3110x: lmac version 2.13.0.0.a.22.8
[   47.671875] cx3110x: scanned 11 channels.
[   49.898437] cx3110x: associated to 00:13:46:a5:47:da (bcn 100 msec, DTIM 1).
[   52.546875] cx3110x: PSM dynamic with 200 ms CAM timeout.
[   65.914062] JFFS2 notice: (402) check_node_data: wrong data CRC in data node at 0x0982b4b8: read 0xe061b648, calculated 0xc82d4081.
[   75.601562] JFFS2 notice: (402) check_node_data: wrong data CRC in data node at 0x09346764: read 0x13b525eb, calculated 0xaaeff032.
[   77.242187] JFFS2 notice: (402) check_node_data: wrong data CRC in data node at 0x0cd84bac: read 0xc637ee2c, calculated 0xbdd5c5e4.
[   78.484375] JFFS2 notice: (402) check_node_data: wrong data CRC in data node at 0x0eda6c78: read 0xebd8cca3, calculated 0x539ba63f.
[   78.554687] JFFS2 notice: (402) check_node_data: wrong data CRC in data node at 0x0a0e16d8: read 0xdd9e52f3, calculated 0x131d3113.
[   92.320312] DSP Pausing failed, skipping OP change!
[  142.039062] tusb_source_power 629: VBUS a_wait_vrise, devctl 81 otg 184 conf c0010001 prcm 00a80500
[  146.250000] cx3110x: PSM dynamic with 100 ms CAM timeout.
[  421.703125] EAC mode: play enabled, rec enabled
[  422.046875] cx3110x: PSM dynamic with 200 ms CAM timeout.
[  424.203125] EAC mode: play disabled, rec disabled
[  502.773437] musb_stage0_irq 570: VBUS_ERROR in a_wait_bcon (91, <VBusValid), retry #1, port1 00000100
[  513.710937] EAC mode: play enabled, rec enabled
[  516.210937] EAC mode: play disabled, rec disabled
[  537.460937] musb_stage0_irq 570: VBUS_ERROR in a_wait_bcon (91, <VBusValid), retry #2, port1 00000100
[  558.281250] tusb_source_power 629: VBUS a_wait_vrise, devctl 91 otg 15c conf c0010000 prcm 00a80500
[  558.375000] tusb_otg_ints 833: vbus too slow, devctl 81
[  558.375000] tusb_source_power 629: VBUS b_idle, devctl 80 otg 188 conf c0000000 prcm 00a80500
[  560.976562] musb_stage2_irq 817: SUSPEND (b_idle) devctl 91 power e0
[  562.835937] tusb_source_power 629: VBUS a_wait_vrise, devctl 91 otg 151 conf c0010000 prcm 00a80500
[  562.929687] tusb_otg_ints 833: vbus too slow, devctl 91
[  562.929687] tusb_source_power 629: VBUS a_wait_vfall, devctl 90 otg 151 conf c0000000 prcm 00a80500
[  563.804687] tusb_source_power 629: VBUS a_idle, devctl 90 otg 154 conf c0000000 prcm 00a80300
[  563.812500] tusb_source_power 629: VBUS a_idle, devctl 90 otg 154 conf c0000000 prcm 00a80300
[  570.984375] tusb_source_power 629: VBUS a_wait_vrise, devctl 91 otg 154 conf c0010001 prcm 00a80300
[  571.156250] musb_stage0_irq 646: CONNECT (a_host) devctl 5d
[  571.156250] hub 1-0:1.0: state 8 ports 1 chg 0000 evt 0000
[  571.156250] usb usb1: usb auto-resume
[  571.156250] usb usb1: finish resume
[  571.156250] hub 1-0:1.0: hub_resume
[  571.179687] hub 1-0:1.0: port 1, status 0101, change 0001, 12 Mb/s
[  571.335937] hub 1-0:1.0: debounce: port 1: total 100ms stable 100ms status 0x101
[  571.460937] usb 1-1: new high speed USB device using musb_hdrc and address 2
[  571.593750] usb 1-1: default language 0x0409
[  571.593750] usb 1-1: new device strings: Mfr=1, Product=2, SerialNumber=0
[  571.593750] usb 1-1: Product: USB2.0 Hub Controller
[  571.593750] usb 1-1: Manufacturer: NEC Corporation
[  571.593750] usb 1-1: hub v0409 p0058 is not supported
[  571.593750] usb 1-1: uevent
[  571.593750] usb 1-1: usb_probe_device
[  571.593750] usb 1-1: configuration #1 chosen from 1 choice
[  571.593750] usb 1-1: adding 1-1:1.0 (config #1, interface 0)
[  571.593750] usb 1-1:1.0: uevent
[  571.593750] hub 1-1:1.0: usb_probe_interface
[  571.593750] hub 1-1:1.0: usb_probe_interface - got id
[  571.593750] hub 1-1:1.0: USB hub found
[  571.593750] hub 1-1:1.0: 4 ports detected
[  571.593750] hub 1-1:1.0: standalone hub
[  571.593750] hub 1-1:1.0: individual port power switching
[  571.593750] hub 1-1:1.0: individual port over-current protection
[  571.593750] hub 1-1:1.0: Single TT
[  571.593750] hub 1-1:1.0: TT requires at most 16 FS bit times (1332 ns)
[  571.593750] hub 1-1:1.0: Port indicators are supported
[  571.593750] hub 1-1:1.0: power on to power good time: 100ms
[  571.601562] hub 1-1:1.0: local power source is good
[  571.601562] hub 1-1:1.0: enabling power on all ports
[  571.710937] drivers/usb/core/inode.c: creating file '002'
[  571.710937] hub 1-0:1.0: 100mA power budget left
[  571.710937] hub 1-0:1.0: state 7 ports 1 chg 0000 evt 0002
[  571.710937] hub 1-0:1.0: port 1 enable change, status 00000503
[  571.710937] hub 1-1:1.0: state 7 ports 4 chg 0000 evt 0002
[  571.710937] hub 1-1:1.0: port 1, status 0101, change 0001, 12 Mb/s
[  571.867187] hub 1-1:1.0: debounce: port 1: total 100ms stable 100ms status 0x101
[  571.953125] usb 1-1.1: new high speed USB device using musb_hdrc and address 3
[  572.085937] usb 1-1.1: new device strings: Mfr=0, Product=0, SerialNumber=0
[  572.085937] usb 1-1.1: hub v050d p7050 is not supported
[  572.085937] usb 1-1.1: uevent
[  572.085937] usb 1-1.1: usb_probe_device
[  572.085937] usb 1-1.1: configuration #1 chosen from 1 choice
[  572.085937] usb 1-1.1: adding 1-1.1:1.0 (config #1, interface 0)
[  572.085937] usb 1-1.1:1.0: uevent
[  572.085937] usbtest 1-1.1:1.0: usb_probe_interface
[  572.085937] usbtest 1-1.1:1.0: usb_probe_interface - got id
[  572.085937] drivers/usb/core/inode.c: creating file '003'
[  574.085937] usb 1-1.1: usb auto-suspend
[  576.109375] hub 1-1:1.0: hub_suspend
[  576.109375] usb 1-1: usb auto-suspend
[  578.132812] hub 1-0:1.0: hub_suspend
[  578.132812] usb usb1: usb auto-suspend
[  586.843750] EAC mode: play enabled, rec enabled
[  591.054687] EAC mode: play disabled, rec disabled
[  703.140625] rtusb init ====>
[  703.140625] rt73 1-1.1:1.0: usb_probe_interface
[  703.140625] rt73 1-1.1:1.0: usb_probe_interface - got id
[  703.140625] usb usb1: usb auto-resume
[  703.140625] usb usb1: finish resume
[  703.140625] hub 1-0:1.0: hub_resume
[  703.164062] usb 1-1: usb auto-resume
[  703.164062] hub 1-0:1.0: state 7 ports 1 chg 0000 evt 0000
[  703.265625] hub 1-0:1.0: state 7 ports 1 chg 0000 evt 0002
[  703.304687] usb 1-1: finish resume
[  703.304687] hub 1-1:1.0: hub_resume
[  703.304687] hub 1-1:1.0: state 7 ports 4 chg 0000 evt 0000
[  703.304687] usb 1-1.1: usb auto-resume
[  703.367187] usb 1-1.1: finish resume
[  703.367187] idVendor = 0x50d, idProduct = 0x7050
[  703.445312] rt73: Firmware loading error
[  703.445312] rt73: probe of 1-1.1:1.0 failed with error -32
[  703.445312] usbcore: registered new interface driver rt73
[  705.445312] usb 1-1.1: usb auto-suspend
Nokia-N800-23-14:~#

Anyone else have this issue? I am using a powered usbhub.

Any ideas? Should I try to compile it myself?

Quote & Reply |

	jaeezzy	2008-10-08 , 03:52
	Posts: 664 \| Thanked: 160 times \| Joined on Jul 2008 @ Australia	#47

Originally Posted by mutex

Edimax 7318USg, really cheap and has an external rp-sma antenna connector.
http://www.edimax.com/en/produce_det...id=1&pl2_id=44

Hi, I've just bought the same adapter and I tried the steps in the beginning of the page but when i hit iwconfig i get this:

/home/user/MyDocs/.documents/test # iwconfig
lo no wireless extensions.

wlan0 NOT READY ESSID

ff/any
Mode:Auto Channel:0 Access Point: Not-Associated
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 invalid crypt:0 invalid misc:0

/home/user/MyDocs/.documents/test #

What do I have to do? thanks....

Quote & Reply |

kyokorn	2008-10-17 , 20:25
Posts: 4 \| Thanked: 0 times \| Joined on Sep 2008	#48

Great work

I have a question for you

What firmware have in your n800 ?

BR

Quote & Reply |

	solca	2008-10-17 , 22:29
	Posts: 109 \| Thanked: 196 times \| Joined on Sep 2008 @ Guatemala	#49

Originally Posted by Benson

No, because that's not what happened. It's a new driver and it's still alpha. (Even if it was the existing driver open-sourced, someone would still need to write an injection patch...)

Wrong; software MAC radios with drivers written for mac80211 supports injection. It just seems that nobody has tested the new driver.

If someone could just pack a kernel with mac80211 and the new driver for us...

Quote & Reply |

The Following User Says Thank You to solca For This Useful Post:
qole

	jaeezzy	2008-10-27 , 07:29
	Posts: 664 \| Thanked: 160 times \| Joined on Jul 2008 @ Australia	#50

hi, I'm newbie and luckily I could successfully do 'iwpriv wlan1 rfmontx 1' and then test with 'iwpriv wlan1 get_rfmontx' after doing 'ifconfig wlan1 up' but no matter how many times I try and despite moving around I keep getting this when checking injection with aireplay-ng './aireplay-ng wlan1 --test':

/home/user/MyDocs/.documents/test # ./aireplay-ng wlan1 --test
18:07:25 Trying broadcast probe requests...
18:07:26 No Answer...
18:07:26 Found 0 APs
/home/user/MyDocs/.documents/test #

Though there are lot of access points visible in my laptop in wireless connections.
I tried /sbin/ifconfig wlan1 and got the following:

/home/user/MyDocs/.documents/test # /sbin/ifconfig wlan1wlan1
Link encap:UNSPEC HWaddr 00-1F-1F-12-01-4A-44-EC-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:276 errors:0 dropped:0 overruns:0 frame:0 TX packets:1 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000
RX bytes:27008 (26.3 KiB) TX bytes:66 (66.0 B)

I don't know if its necessary to provide this detail or not, but still hoping it will give more details on what problem I'm facing. So, is there anything wrong or is it that I have to (as mentioned in the step by step guide by mutex) keep trying moving around (which in fact I did).
By the way I'm using edimax ew-7318usg and I'ven't done any extra thing other than the ones mentioned by mutex (Thanks mutex for your effort and the guide, I'm so impatience to see it do what its supposed to do..).
Thanks..

*EDITED:

Oh!! due to my nube in this thing its kinda irritating, my apology!! I resolved it as I had to change it to monitor mode with : "iwconfig wlan1 mode monitor".

I QUESTION THOUGH: when I tried to run the "./aircrack-ng -b <mac addr> dumpfile*.cap" it says: Please specify a dictionary (option -w). So, when I went to the manpage it was written: specify "-" to use stdin. So, should I type: "./aircrack-ng - -b <mac addr> dumpfile*.cap" ??? Thank you.

Last edited by jaeezzy; 2008-10-28 at 08:24. Reason: RESOLVED: