By FLX
http://infexion.org
article: http://infexion.org/articles/p2_articleid/10
This tutorial will learn you how to install the HostAP drivers for wifi cards with the Prism chipset. It will also cover patching the drivers for packet injection which will allow you to crack wifi encryption under 5 minutes.
1. Preparation
The Ubuntu repositories contains everything needed including hostap source but we use the last version of hostap 0.4.9 and 0.4.7 packet injection patch. Packet injection allows us to crack simple wifi encryption in under 5 minutes.
1.1
Ubuntu installed from DVD uses kernel by proccesor type (in case AMD it uses kernerl k7, in Intel case it uses kernel i386). Packet injection patch doesn't work under k7 kernel! correctly or at all. So we need to install kernel headers and i386 kernel image and boot it up.
1.2
Prism cards runs under Orinoco module by default. To disable these drivers for your card by doing the following:
modprobe -r orinoco_pci
modprobe hostap_pci
1.3
Add line
blacklist orinoco_pci
into
/etc/modprobe.d/blacklist
2. Driver
2.1 After reboot download the driver and use the patch.
wget http://hostap.epitest.fi/releases/hostap-driver-0.4.9.tar.gz
tar -xvzf hostap-driver-0.4.9.tar.gz
cd hostap-driver-0.4.9
wget http://patches.aircrack-ng.org/hostap-driver-0.4.7.patch
patch -Np1 -i hostap-driver-0.4.7.patch
2.2 In path
/home/user/hostap-driver-0.4.9/driver/modules/
search for files:
hostap.c
hostap_cs.c
hostap_plx.c
hostap_pci.c
2.3 In one of each file find these five rows and remove them.
#if
(LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,14))
#error
Host AP driver was added into Linux 2.6.14.
#error
The version used in the kernel tree should be used instead of this
#error
external release which is only maintained for old kernel versions.
#endif
2.4 Let compilation begins. Run:
make
2.5 After make don't do "make install". First you should store original contents then clean up /hostap folder and copy all *.ko files from
/hostap-driver-0.4.9/driver/modules/
into
/lib/modules/2.6.....-386/kernel/drivers/net/wireless/hostap/
2.6 Find & Copy hostap_en.conf from
/hostap-driver-0.4.9/driver/etc/
into
/etc/pcmcia/
2.7 Reboot. After reboot run these commands:
depmod -a
ifconfig wlan0 down
ifconfig wlan0 up
2.8 Check.
dmesg | grep hostap
3. Firmware
3.1 Prism cards with firmware newer than 1.7.4 is in the system registered as ethX. This version of firmware is recommended. Otherwise try to flash you adapter. Check your version of firmware with
hostap_diag -p wlan0
'll see something like that:
Host AP driver diagnostics information for 'wlan0'
NICID:
id=0x8013 v1.0.0 (PRISM II (2.5) Mini-PCI (SST parallel flash)
PRIID:
id=0x0015 v1.1.1
STAID:
id=0x001f v1.7.4 (station firmware)
4. Channel no. 14
4.1 To get running 14. channel on your Prism card we need edit PDA (Production Data Area). Don't change localization. Just change
1fff to 3fff
on line 0x0104.
5. Testing functionality
Packet injection is nothing more than time reduction. Cracking of WEP is possible without packet injection but it can take tens of hours or few days.
Aircrack pack contains these parts:
aircrack, airodump, airmon, aireplay, airdecap
Aircrack-ng pack contains these parts:
aircrack-ng, airodump-ng, airmon-ng, aireplay-ng, packetforge-ng, airtun-ng, airserv-ng
We uses packet injection in Airplay. Before we start to laborate we should check if packet injection works.
5.1 Option 1: Switch adapter to monitor mode. Iwconfig contains wireless
tools, airmon pack aircrack.
iwconfig wlan0 mode monitor
or
airmon start wlan0
for Aircrack-ng
airmon-ng start wlan0
Now run Ethereal or Wireshark with realtime traffic showing on wlan0 adapter.
For showing only deauth packets use filter
wlan.fc.type_subtype 12
Run in shell
aireplay -0 5 -a 01:02:03:04:05:06 wlan0
for Aircrack-ng:
aireplay-ng -0 5 -a 01:02:03:04:05:06 wlan0
In Ethereal window you see five deauth packets with MAC address 01:02:03:04:05:06
5.2 Option II -> Test with AP with hidden ESSID. When client deauth doesn't work on encrypted network even if you know its MAC you have bad luck.