(WiMax/)WiFi Link 53x0AGN
The first reported success and how to do it is in this thread message.
A more recent success story is in this thread including detailed steps.
This one summarizes the the steps for Ubuntu 8.04. Another one.
Detailed HowTo
This is how you can get the Intel WiFi Link 4965AGN/5xxxAGN card to
inject under Linux using the iwlwifi drivers. Please note that the
injection is still under development, but is possible at this point.
Fake auth doesn't work but there's a workaround: using wpa_supplicant.
Deauth seems to be buggy.
What you need :
*
a kernel of 2.6.25 or higher,
*
the kernel sources,
*
the compat-wireless-2.6 package (for 2.6.27 and up) or the
compat-wireless-old package (for 2.6.25/2.6.26),
*
aircrack-ng => RC1 (=> SVN rev. 1531 if you want to use fakeauth),
*
basic development tools (make, gcc, ...),
*
injection patches for mac80211 (all kernels) and the drivers (only
for 2.6.25/.2.6.26).
Please note that the instructions provided here are suited for generic
Linux. Your distribution, especially if it uses some kind of advanced
package managing (Debian, Ubuntu, etc.), may have the needed packages in
its repositories (so that you don't need to compile them manually from
source).
Preparing the kernel
You need to make sure that your kernel configuration includes these
options. Pay attention which are to be build as modules and which can be
built-in.
Networking -> Wireless :
[M] Improved wireless configuration API
[*] nl80211 new netlink interface support
[*] Wireless extensions
[M] Generic IEEE 802.11 Networking Stack (mac80211)
If they exist, these should be either unchecked or modularized:
[M] Generic IEEE 802.11 Networking Stack (DEPRECATED)
[M] IEEE 802.11 WEP encryption (802.1x)
[M] IEEE 802.11i CCMP support
[M] IEEE 802.11i TKIP encryption
[M] Software MAC add-on to the IEEE 802.11 networking stack
You must also enable "Automatic kernel module loading" under "Loadable
module support", otherwise you will have module dependency errors.
If you are running a distro-supplied kernel, and find that these options
are not configured as described here, then you will need to recompile
your kernel with these options corrected. It is not enough to just
change these options in the kernel configuration, as you need these
options to be true for the running kernel.
At this point, it is assumed that you've got your kernel properly
configured, up and running right now.
Compiling the drivers
The development versions of the drivers are a part of the
compat-wireless project. We will need the latest version of the package,
which can be obtained here:
http://wireless.kernel.org/en/users/Download
Select compat-wireless-2.6 if you are using 2.6.27 or newer, or
compat-wireless-old if you are using 2.6.25 or 2.6.26. Download the
tarball to your home directory. Having downloaded it, we need to
download the patches for the iwlwifi drivers (only for 2.6.25/.26) and
the frag+ack patch for mac80211. The frag+ack patch is available on
http://patches.aircrack-ng.org (get the 2.6.28-rc4-wl version for
2.6.27+ and the 2.6.26-wl version for 2.6.25/.26). The driver patch (not
needed for 2.6.27 and up) is available here :
http://pastebin.com/f7bc96631.
Then, execute these commands:
2.6.25/.26 (not sure if this is still correct):
cd ~
tar xjf compat-wireless-old.tar.bz2
cd compat-wireless-old-2009-*
wget http://pastebin.com/pastebin.php?dl=f7bc96631 -O
iwlagn-injection.patch
wget http://patches.aircrack-ng.org/mac80211_2.6.26-wl_frag.patch
patch -p1 < iwlagn-injection.patch
patch -p1 < mac80211_2.6.26-wl_frag.patch
make -j4
make unload; rmmod ssb mac80211 cfg80211 [as root!]
make install [as root!]
echo options iwlagn swcrypto=1 >> /etc/modprobe.d/options [as root!]
make load [as root!]
2.6.27 and up:
cd ~
tar xjf compat-wireless-2.6.tar.bz2
cd compat-wireless-2009-*
wget
http://patches.aircrack-ng.org/mac80211_2.6.28-rc4-wl_frag+ack_v3.patch
patch -p1 < mac80211_2.6.28-rc4-wl_frag+ack_v3.patch
wget
http://patches.aircrack-ng.org/mac80211-2.6.29-fix-tx-ctl-no-ack-retry-c
ount.patch
patch -p1 < mac80211-2.6.29-fix-tx-ctl-no-ack-retry-count.patch
make -j4
make unload [as root!]
make install [as root!]
echo options iwlagn swcrypto=1 >> /etc/modprobe.d/options [as root!]
make load [as root!]
NOTE: mac80211-2.6.29-fix-tx-ctl-no-ack-retry-count.patch is not needed
in the bleeding-edge compat-wireless-2.6, only in
2.6.29/2.6.30/compat-wireless-2.6.30.
That should get you the patched driver module up and running, you should
also see "wlan0" and "wmaster0" as your interfaces, the first one should
also be available by using iwconfig.
Injecting
Due to the way how mac80211 works, you cannot inject on the card's
"stock" interface - wlan0. This is where the airmon-ng tool comes in
handy. It will create a mon0 interface suited for injecting after
running it this way :
airmon-ng start wlan0
It may complain about the "iw" program missing. If it does, the link is
provided, so just download and compile it. The "iw" program, however,
requires the "libnl" libraries, available here :
http://people.suug.ch/~tgr/libnl/. If you have it all, run the program
again, and it should give you output somewhat similar to this:
# airmon-ng start wlan0
Interface Chipset Driver
wlan0 Intel 4965/5xxx iwlagn - [phy0]
(monitor mode enabled on mon0)
If that's how it looks, you're good to go. The mon0 interface can be
used for both listening with airodump-ng and injecting with aireplay-ng.
No comments:
Post a Comment