Thread: [WIP] Injection on N9
View Single Post
nieldk
2013-10-20 , 16:21
Guest | Posts: n/a | Thanked: 0 times | Joined on
#1
THIS IS NOW COMBINED WITH KERNELPLUS
PLEASE DO NOT USE THIS KERNEL

Kernel-Plus link:
http://talk.maemo.org/showthread.php?t=86543


Ok, in case anyone wants to join the testing:
Tools needed (all on my openrepo)
wireless-tools (iw)
aircrack-ng
macchanger

so, first we try to start aireplay-ng with

Code:
~ # aireplay-ng -9 wlan0
This - abviously - fails

Code:
ioctl(SIOCSIWMODE) failed: Device or resource busy
 
ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211,
ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead.  Make
sure RFMON is enabled: run 'airmon-ng start wlan0 <#>'
Sysfs injection support was not found either.
So, yes, we need airmon-ng to start the monitor device

Code:
~ # airmon-ng start wlan0
This looks good

Interface Chipset Driver

wlan0 Unknown wl1271_sdio - [phy0]ifconfig: SIOCSIFFLAGS: Cannot assign requested address

(monitor mode enabled on mon0)

So, we try again aireplay (on the newly created mon0 device)

Code:
~ # aireplay-ng -9 mon0
but ..... nay

Code:
ioctl(SIOCSIFFLAGS) failed: Cannot assign requested address
Why ?
well, lets see

Code:
~ # ifconfig mon0
We get

Code:
mon0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
Thats not right, MAC adress is 00-00-00-00-00-00-00-00
This is, a problem.
Now, we need to change this. There is (now) a tool which will enable us to do so - macchanger
I tried random MAC adresses for the mon0 device - for some reason it fails. But, look at

Code:
~ # ifconfig wlan0
wlan0     Link encap:Ethernet  HWaddr 04:A8:2A:1F:AC:C7
This is the MAC adress for the physical device 04:A8:2A:1F:AC:C7, so, I change that a bit (add one to the last digit) 04:A8:2A:1F:AC:C8

Now, we change it

Code:
~ # macchanger -m 04:A8:2A:1F:AC:C8 mon0
and we get

Code:
Current MAC:   00:00:00:00:00:00 (Xerox Corporation)
Permanent MAC: 00:00:00:00:00:00 (Xerox Corporation)
New MAC:       04:a8:2a:1f:ac:c8 (Nokia Corporation)
Now, lets try aireplay again

Code:
~ # aireplay-ng -9 mon0
we get

Code:
20:20:23  Trying broadcast probe requests...
20:20:23  Injection is working!
20:20:25  Found 2 APs
 
20:20:25  Trying directed probe requests...
20:20:25  00:16:A6:18:6A:7E - channel: 11 - 'DOVADO-NN'
Hey! there we go

I uploaded my kernell to dropbox (open mode, with NAT, CIFS support and a few other tweaks)
You WILL need open mode, and you MUST use

Code:
devel-su
develsh
elevated priviledges, for this to work,

/Niel

Modules
https://dl.dropboxusercontent.com/u/85377542/modules.tar.gz

Kernel
https://dl.dropboxusercontent.com/u/85377542/zImage.tar.gz

Look at http://213.128.137.28/showthread.php?t=89507 for how to flash the kernel.
1. Flash normal mode (full erase)
2. Flash open mode kernel (NO REBOOT BEWTEEN) from here http://maemo.cloud-7.de/HARM/N9/1.3/openmode-kernel/
3. Copy modules in tar.gz file to /lib/modules (folder 2.6.32.54nn-dfl61)
4. depmod -a 2.6.32.54nn-dfl61
5. Flash my kernel (zImage-2.6.32.54nn-dfl61)
6. Install from my repo wireless-tools, aircrack-ng, macchanger
7. Done
Attached Images
 
Last edited by nieldk; 2013-11-30 at 20:58. Reason: Moved postings around
 

The Following 29 Users Say Thank You to For This Useful Post: