Notice: This tutorial is not only intended for AWUS036H or rtl8187 users, as the mac80211 stack in 2.6.28 is very nice, this tutorial should be helpful/useful for anyone with a wireless card supported by the mac80211 stack.
Updates:
09/01/09 17:24CET: fixed a bug in "mac80211_2.6.28-rc8-wl_frag+ack_radiotap_2.6.28_mod.patch" please redownload (h t t p : / / astray.fragstore.net/apps/mac80211_2.6.28-rc8-wl_frag+ack_radiotap_2.6.28_mod.patch)
Hey,
it seems like the documentation about the Realtek 8187 chipset and aircrack-ng, as well as some of the
forum posts are a bit outdated - they usually cover the r8187 driver, old mac80211 and ndiswrapper things for WPA authentication.
I've been searching for a complete solution, which allows me to use the ALFA AWUS036H in monitor mode, packet injection, fragmentation
attacks, aswell as authenticating with my AP using WPA or WPA2 without driver switching and other hassles, without much success. (e.g. h t t p : / / forums.remote-exploit.org/showthread.php?t=15497)
So I asked in the aircrack-ng IRC chan about the problem and got an answer by hdm, who told me that the mac80211 implementation in the current 2.6.28 linux kernel is very good.
The outcome of compiling a new 2.6.28 kernel with the current aircrack-ng SVN patches and the aircrack-ng trunk was everything I wanted:
full compatibility to aircrack-ng
wpa_supplicant wpa/wpa2 authentication (without a hassle)
support of all aireplay-ng attack modes
about 500 packets per second injection rate
full iwconfig support including setting TX-Power
All this without driver switching, ndiswrapper scripts or anything.
To perhaps save you guys some time, here are the necessary steps to take after you've compiled/got the new 2.6.28 kernel
(h t t p : / / forums.remote-exploit.org/showpost.php?p=113187&postcount=1):
- have a 2.6.28 final kernel ready (h t t p : / / w w w . kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.tar.bz2), I won't cover how to compile the kernel, as there are several tutorials available (google for "slackware kernel compile"), basically you need to find the .config file of your current kernel, unzip the contents of the new kernel to /usr/src/linux-something/, copy the .config there, then "make oldconfig && make bzImage && make modules && make modules_install && cp arch/x86/bzImage /boot/vmlinuz", and editing your grub/LILO config should do the trick basically
- be sure the mac80211 module is activated in your kernel config
download the following patches:
h t t p : / / trac.aircrack-ng.org/export/1330/trunk/patches/rtl8187-mac80211-injection-speed-2.6.28-rc6.patch
h t t p : / / astray.fragstore.net/apps/mac80211_2.6.28-rc8-wl_frag+ack_radiotap_2.6.28_mod.patch
h t t p : / / astray.fragstore.net/apps/rtl8187-mac80211-pwr.patch
- copy the just downloaded patches to your kernel source folder (will be "/usr/src/linux/" from now on)
- cd /usr/src/linux/
- copy the following files to a safe place:
drivers/net/wireless/rtl818x/rtl8187_dev.c
include/net/ieee80211_radiotap.h
net/mac80211/tx.c
drivers/net/wireless/rtl8187_dev.c (not sure about this one)
Make a dry-run of all patches over your kernel sources:
patch -Np1 --dry-run -i mac80211_2.6.28-rc8-wl_frag+ack_radiotap_2.6.28_mod.patch
patch -Np1 --dry-run -i rtl8187-mac80211-injection-speed-2.6.28-rc6.patch
patch -Np1 --dry-run -i rtl8187-mac80211-pwr.patch
If everything goes without errors, remove "--dry-run" from the commands issued above to finally patch the sources.
Note:
"mac80211_2.6.28-rc8-wl_frag+ack_radiotap_2.6.28_mod.patch" is a modified version of the original 2.6.28-rc8 wl_frag+ack radiotap patch from aircrack SVN (h t t p : / / trac.aircrack-ng.org/browser/trunk/patches/mac80211_2.6.28-rc8-wl_frag%2Back_radiotap.patch), which results in a compiling error because of a duplicate line, in 2.6.28 final.
After patching the sources redo "make modules && make modules_install" and reboot the system.
Known issues:
PWR-tab in airodump-ng shows negative values for me (without the PWR patch it doesn't show any values in PWR-tab)
"airmon-ng start wlan0" and "ifconfig wlan0 up" take about 5 seconds to bring the interface up
Updates:
09/01/09 17:24CET: fixed a bug in "mac80211_2.6.28-rc8-wl_frag+ack_radiotap_2.6.28_mod.patch" please redownload (h t t p : / / astray.fragstore.net/apps/mac80211_2.6.28-rc8-wl_frag+ack_radiotap_2.6.28_mod.patch)
Hey,
it seems like the documentation about the Realtek 8187 chipset and aircrack-ng, as well as some of the
forum posts are a bit outdated - they usually cover the r8187 driver, old mac80211 and ndiswrapper things for WPA authentication.
I've been searching for a complete solution, which allows me to use the ALFA AWUS036H in monitor mode, packet injection, fragmentation
attacks, aswell as authenticating with my AP using WPA or WPA2 without driver switching and other hassles, without much success. (e.g. h t t p : / / forums.remote-exploit.org/showthread.php?t=15497)
So I asked in the aircrack-ng IRC chan about the problem and got an answer by hdm, who told me that the mac80211 implementation in the current 2.6.28 linux kernel is very good.
The outcome of compiling a new 2.6.28 kernel with the current aircrack-ng SVN patches and the aircrack-ng trunk was everything I wanted:
full compatibility to aircrack-ng
wpa_supplicant wpa/wpa2 authentication (without a hassle)
support of all aireplay-ng attack modes
about 500 packets per second injection rate
full iwconfig support including setting TX-Power
All this without driver switching, ndiswrapper scripts or anything.
To perhaps save you guys some time, here are the necessary steps to take after you've compiled/got the new 2.6.28 kernel
(h t t p : / / forums.remote-exploit.org/showpost.php?p=113187&postcount=1):
- have a 2.6.28 final kernel ready (h t t p : / / w w w . kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.tar.bz2), I won't cover how to compile the kernel, as there are several tutorials available (google for "slackware kernel compile"), basically you need to find the .config file of your current kernel, unzip the contents of the new kernel to /usr/src/linux-something/, copy the .config there, then "make oldconfig && make bzImage && make modules && make modules_install && cp arch/x86/bzImage /boot/vmlinuz", and editing your grub/LILO config should do the trick basically
- be sure the mac80211 module is activated in your kernel config
download the following patches:
h t t p : / / trac.aircrack-ng.org/export/1330/trunk/patches/rtl8187-mac80211-injection-speed-2.6.28-rc6.patch
h t t p : / / astray.fragstore.net/apps/mac80211_2.6.28-rc8-wl_frag+ack_radiotap_2.6.28_mod.patch
h t t p : / / astray.fragstore.net/apps/rtl8187-mac80211-pwr.patch
- copy the just downloaded patches to your kernel source folder (will be "/usr/src/linux/" from now on)
- cd /usr/src/linux/
- copy the following files to a safe place:
drivers/net/wireless/rtl818x/rtl8187_dev.c
include/net/ieee80211_radiotap.h
net/mac80211/tx.c
drivers/net/wireless/rtl8187_dev.c (not sure about this one)
Make a dry-run of all patches over your kernel sources:
patch -Np1 --dry-run -i mac80211_2.6.28-rc8-wl_frag+ack_radiotap_2.6.28_mod.patch
patch -Np1 --dry-run -i rtl8187-mac80211-injection-speed-2.6.28-rc6.patch
patch -Np1 --dry-run -i rtl8187-mac80211-pwr.patch
If everything goes without errors, remove "--dry-run" from the commands issued above to finally patch the sources.
Note:
"mac80211_2.6.28-rc8-wl_frag+ack_radiotap_2.6.28_mod.patch" is a modified version of the original 2.6.28-rc8 wl_frag+ack radiotap patch from aircrack SVN (h t t p : / / trac.aircrack-ng.org/browser/trunk/patches/mac80211_2.6.28-rc8-wl_frag%2Back_radiotap.patch), which results in a compiling error because of a duplicate line, in 2.6.28 final.
After patching the sources redo "make modules && make modules_install" and reboot the system.
Known issues:
PWR-tab in airodump-ng shows negative values for me (without the PWR patch it doesn't show any values in PWR-tab)
"airmon-ng start wlan0" and "ifconfig wlan0 up" take about 5 seconds to bring the interface up
Comments