 |
 |
 |
|
 |
You are not logged in.
Hello.
In order to use the full potential of Atheros chipset, new drivers are necessary to run wireless card in monitor and packet injection modes. I built the drivers and they appear to work correctly, so here is a simple instruction how to use and test them. If people will report that it works, then I will provide more detailed instructions how to build the drivers by yourself (maybe on wiki) and install Kismet. So far this technique is for more advanced users to verify if what works on my Eee will also work on other Eee's.
All you have to do now is to download my new drivers for Atheros and use them.
You can get them from here: http://obfusc.at/ed/eeepc/modules.tar.gz
I tarred my whole /lib/modules/2.6.21.4-eeepc directory, but you probably only need drivers in atheros/ and /net directory. Anyways, here is the recommended way to do it if you didn't install any additional modules since you bought your Eee:
1. Go to /lib/modules and backup your existing directory:
$ sudo cp -ar 2.6.21.4-eeepc backup
2. Unload your current drivers from the kernel:
$ sudo modprobe -r ath_pci
$ sudo modprobe -r wlan_scan_sta
$ sudo modprobe -r wlan_wep
3. Download the above file from my site, and overwrite your 2.6.21.4-eeepc with its content.
$ wget http://obfusc.at/ed/eeepc/modules.tar.gz
$ sudo tar xfvz modules.tar.gz
... whatever additional steps are needed.
4. Load new drivers:
$ sudo modprobe -i ath_pci
5. Start your interface:
$ sudo ifconfig ath0 up
After that you should see your wifi0 interface if you do:
$ sudo iwconfig
If you want to use Kismet, in /etc/kismet/kismet.conf edit the following line:
source=madwifi_g,wifi0,MyAtheros
And that's it. Everything should work as before, but you have now new drivers with monitoring and packet injection support. Have fun 
Offline
Which version of the madwifi-ng driver are you running?
I copied your atheros and net directories and followed your instructions. My wifi still works fine, but I wasn't able to go into monitor mode.
I'm using the latest stable version of aircrack-ng.
I take down ath0 with airmon-ng stop ath0, which is fine, but when I try to start it with airmon-ng start wifi0, I get:
Interface Chipset Driver
What I should see according to the aircrack-ng documentation is:
Interface Chipset Driver
wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled)
I'm not going to try anymore tonight - it's 12:30am here.
Interested to know if this works for anyone else...
Offline
You don't need to rebuild the kernel or anything? I was trying to install madwifi drivers a while ago and I stopped when I found out I needed to rebuild the kernel.
I suppose to reverse this all is needed is putting your original driver files in the 2.6.21.4-eeepc folder and then running
$ sudo modprobe -i ath_pci
$ sudo modprobe -i wlan_scan_sta
$ sudo modprobe -i wlan_wep
and
$ sudo ifconfig ath0 up
Is this correct? I just wanna make sure before I dive into this later tonight.
Offline
d3th wrote:
Which version of the madwifi-ng driver are you running?
This one: http://snapshots.madwifi.org/special/ma … 007.tar.gz
d3th wrote:
I copied your atheros and net directories and followed your instructions. My wifi still works fine, but I wasn't able to go into monitor mode.
I'm using the latest stable version of aircrack-ng.
First, it's very good to know that your wifi still works 
I haven't yet checked it with aircrack. I only tested with Kismet. Before, Kismet couldn't initiate my atheros card and was throwing some ioctl errors ("call not supported" or something like that). Now, Kismet works fine and in one minute detected 16 networks in my apartment (the regular way of detecting networks yields only 9 networks).
I will try to install aircrack today and see if I can get it work. For now, you can try to use Kismet to make sure it works for you. It's very easy as you just need to 'apt-get install kismet' and edit that one "source=" line in kismet.conf I mentioned in my original post to make it work.
Offline
y4m4 wrote:
You don't need to rebuild the kernel or anything? I was trying to install madwifi drivers a while ago and I stopped when I found out I needed to rebuild the kernel.
True, one has to rebuild the kernel first in order to build madwifi drivers. But the drivers in my package are already built, so you just have to install them (therefore, you don't need kernel source). I rebuilt the kernel exactly the same way as original eeepc kernel was build, so I could build madwifi modules for everybody. This way you don't have to waste approx. 0.5 GB of your disk space and one or two hours to download, configure and build everything.
The point is to make it easy for other people to install new drivers. If my drivers really work for everybody, then we can create .deb file with them and make the process of upgrading to new drivers very simple.
y4m4 wrote:
I suppose to reverse this all is needed is putting your original driver files in the 2.6.21.4-eeepc folder and then running
$ sudo modprobe -i ath_pci
$ sudo modprobe -i wlan_scan_sta
$ sudo modprobe -i wlan_wep
Yes. Actually, the first command should automatically load the wlan* modules. If not, then try to use "sudo depmod" first.
Last edited by Cadence (2008-01-07 3:00:48 pm)
Offline
Besides scanning with kismet (which works) Did you actually test this with an open / unencrypted access point, a wep encrypted one, and wpa/wpa? This basically added kismet support for the interface but broke wpa totally on my eeepc. Ive copied back the original modules...
Offline
I tested only with unencrypted and WEP. I didn't test it with WPA.
Offline
Cadence wrote:
I tested only with unencrypted and WEP. I didn't test it with WPA.
Same here.
Offline
I checked the WPA problem on madwifi website, and here is what I found:
* * *
WPA/802.11i station operation (aka supplicant) is supported using Jouni
Malinen's wpa_supplicant program. This can be obtained from:
http://hostap.epitest.fi/wpa_supplicant/
* * *
So it seems like WPA is not nativelly supported by madwifi... but I'm wondering how come it works just fine with the default Eee drivers. Is it possible that wpa_supplicant is already installed on Eee? (I don't have access to my Eee right now so I can't check).
The easiest way to test it would probably be to install my drivers, and then reboot your Eee to let it start fresh with the new drivers, and check WPA then. It should work if they didn't hack the madwifi drivers somehow.
The problem now is that the http://hostap.epitest.fi website doesn't work. I will try to find the wpa_suppliant code somewhere else later today and compile.
Offline
d3th wrote:
I take down ath0 with airmon-ng stop ath0, which is fine, but when I try to start it with airmon-ng start wifi0, I get:
Interface Chipset Driver
What I should see according to the aircrack-ng documentation is:
Interface Chipset Driver
wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled)
I just gave it a try and it works for me. It says : madwifi-ng VAP (monitor mode enabled).
I installed aircrack-ng-0.9.1.
I see that "airmon-ng" script is using my configuration in /etc/kismet/kismet.conf so maybe that's why it works on my Eee but doesn't work on yours. As I suggested in previous post, install and try Kismet first. If that works for you, then go back to airmon-ng.
I also run this test: http://www.aircrack-ng.org/doku.php?id=injection_test
And it says "Injection is working!" so everything seems to be okay.
So, again, let us know if Kismet works for you.
Last edited by Cadence (2008-01-07 9:16:52 pm)
Offline
What repository are you getting kismet from? apt-get... doesn't find it.
Offline
d3th wrote:
What repository are you getting kismet from? apt-get... doesn't find it.
I think this repository:
deb http://xnv4.xandros.com/xs2.0/upkg-srv2 etch main contrib non-free
Offline
Thanks Cadence. You're a champion.
I installed kismet and made the configuration change, but I had the same result as before.
There must be some modules required besides those in the atheros and net directories because I did a full copy and this time it worked exactly as it should. I'm in monitor mode now.
I'll test out more of the aircrack-ng suite later and let you know how I fare. For now though I have to do some real work
Thanks again for your help.
Offline
I've reverted my modules back to my previous version because I can't use my WPA network at the office with the new setup.
I also notice that with the new drivers, weaker signals are reported, though I'm not sure how this pans out in practice.
For the moment, I'll keep both copies of the modules, because I'm still keen to use the security tools. I checked out Kismet and it's a very nice piece of gear.
Offline
d3th wrote:
There must be some modules required besides those in the atheros and net directories because I did a full copy and this time it worked exactly as it should. I'm in monitor mode now.
Thanks for letting me know. I will take a closer look at this. It is important to figure out what modules have to be replaced in order to create correct .deb package later.
d3th wrote:
I'll test out more of the aircrack-ng suite later and let you know how I fare. For now though I have to do some real work
Sure thing. I'm playing with aircrack too. So far I was unable to crack my WEP password, even though I followed their tutorial on that. Probably I did something wrong. Anyways, it is so fun to play with it, as one of the main reasons I wanted to have Eee was to learn about WiFi
Let me know if you successfully cracked your WEP.
d3th wrote:
I've reverted my modules back to my previous version because I can't use my WPA network at the office with the new setup.
That's pain. I hope I will be able to do something about it after I'm done playing with aircrack. Fortunately, it seems that my router supports WPA so I will just have to reconfigure it and see what's the problem there.
d3th wrote:
Thanks again for your help.
Thanks for the feedback.
Offline
Just an update on it.
I tested all possible monitoring and packet injections attacks with aircrack-ng-0.9.1. They work just great. I was able to crack my WEP password withing few minutes. There is one glitch, however. It is pretty simple to workaround, but it took me many hours to figure out what's going on. I think it is some kind of a problem with madwifi-ng drivers, as they support Eee's atheros chip only after patching (and that might have damaged something). The problem is that the drivers don't properly initialize after using the wireless card for normal communication, and then trying to switch it to monitor mode. Even though it seems like everything is fine and packets are being captured, you cannot find a key as the IVs are somehow corrupted. There is simple workaround: before playing with monitoring and packet injection, reload your modules (i.e. modprobe -r ath_pci wlan* ... , and then modprobe -i ath_pci). After that, use airmon-ng to set up your card into monitor mode.
So, it seems that we can workaround this and WPA-authentication problems mentioned in previous posts, by keeping two sets of drivers: the native Eee modules, and new madwifi-ng modules. I will try to develop a script that will automate the process of switching them (i.e. unload current modules, switch modules to different version, and load them again) and post it here for you guys to test.
Offline
Cadence wrote:
So, it seems that we can workaround this and WPA-authentication problems mentioned in previous posts, by keeping two sets of drivers: the native Eee modules, and new madwifi-ng modules. I will try to develop a script that will automate the process of switching them (i.e. unload current modules, switch modules to different version, and load them again) and post it here for you guys to test.
I was going to do exactly that. Unfortunately I'm looking for a place to live at the moment so you might well get to it before me
Thanks for the update.
Offline
Hmm, kismet seems to work fine with the default drivers. Also had no problems with airodump, though I haven't tried any packet injection yet. The wifi goes into monitor mode no problem...
Offline
psic wrote:
Hmm, kismet seems to work fine with the default drivers. Also had no problems with airodump, though I haven't tried any packet injection yet. The wifi goes into monitor mode no problem...
What source entry did you put into the Kismet configuration file?
Offline
d3th wrote:
What source entry did you put into the Kismet configuration file?
I'll second that question. Using the stock kernel & modules, and kismet from the xnv4.xandros.com/xs2.0/upkg-srv2 repository I get either "FATAL: 'get_mode' does not return integer parameters." or "FATAL: channel get ioctl failed 22:Invalid argument." depending which of the ath0/wifi0 interfaces I use. I'd assumed that Asus (or Xandros, or whoever) had specifically removed monitor mode support from their shipped drivers.
Offline
psic wrote:
Hmm, kismet seems to work fine with the default drivers. Also had no problems with airodump, though I haven't tried any packet injection yet. The wifi goes into monitor mode no problem...
Wow, I'd love to hear what source you're using in kismet.conf aswell.
Last edited by y4m4 (2008-01-11 12:36:16 am)
Offline
Well, I started off with this how-to on the wiki:
http://wiki.eeeuser.com/howto:networksniffing
And for setting up kismet I just followed the instructions on this thread:
http://forum.eeeuser.com/viewtopic.php?id=1925
I think the most important line in the kismet.conf file is the 'source' line, I have
source=madwifi_g,wifi0,wifi0
Good luck!
Offline
Does the packet injection work? Did you try Aircrack?
Offline
I haven't tried any packet injection. When you say aircrack, do you mean the suit of utilities or the program itself? Because I've used airodump and I plan on using aircrack on a faster box (my gentoo desktop). You just save the dump from airodump on an SD card or whatever, transfer them to another computer and run aircrack there.
Offline
What I mean is this injection test:
http://www.aircrack-ng.org/doku.php?id=injection_test
Offline
