Active Topics

 



Notices


Reply
Thread Tools
Posts: 50 | Thanked: 444 times | Joined on Apr 2010 @ Austria
#1
Hi,

Many of you may already have noticed that I have ported Kismet to the N900 with support for internal GPS through liblocation.
Now also a fully functional WLAN monitor mode is available for the N900! You might know the channel 6 problem, it's gone now!

Installation instructions can be found here.

More infos on my blog http://david.gnedt.eu/.

Monitor mode patch changelog:
Version 2 (included in titan's kernel-power 2.6.28-maemo35 and later)
* FIX: capture encrypted packets (thanks to hardkorek for reporting the bug)
* FIX: reported data rate and channel type

Version 1 (included in titan's kernel-power 2.6.28-maemo26 and later)
* Initial version



Best regards,
David

Last edited by lxp; 2010-05-25 at 12:00. Reason: Update for monitor mode patch version 2
 

The Following 65 Users Say Thank You to lxp For This Useful Post:
hawaii's Avatar
Posts: 1,030 | Thanked: 792 times | Joined on Jun 2009
#2
Well, I would just like to personally thank you for the WL1251 patch.
 
Posts: 266 | Thanked: 83 times | Joined on Oct 2009
#3
This is insane!
Cool man!

Could i use your chan 6 problem patch with aircrack since i know aircrack way better than kismet?

Eikido
 
OptX's Avatar
Posts: 293 | Thanked: 206 times | Joined on Oct 2009 @ Germnay
#4
Thanks a lot for this patch N900 getting more and more a greyhat

@eikido , aircrack works too. (kinda, since injection is not working)


Last edited by OptX; 2010-05-11 at 15:29.
 
Posts: 50 | Thanked: 444 times | Joined on Apr 2010 @ Austria
#5
Originally Posted by eikido View Post
Could i use your chan 6 problem patch with aircrack since i know aircrack way better than kismet?
It should work with any tool which uses the monitor mode. Nevertheless packet injection will currently not work.

I don't think that aircrack-ng suite is better for wardriving because it isn't directly designed for it. However the aircrack-ng suite is better in other fields but as I already noted packet injection doesn't work, so I think aircrack is currently a little bit useless on the N900 (like kismet before) or did I miss something?
 
Posts: 5 | Thanked: 0 times | Joined on May 2010
#6
This is cool! Thanks for the effort.

One question: using your patched driver, can tcpdump or wireshark output the signal strength of received wireless frames?
 
hawaii's Avatar
Posts: 1,030 | Thanked: 792 times | Joined on Jun 2009
#7
@lxp;

Would you agree it's a tertiary firmware issue that's stopping live packet injection without being associated to an AP?
 
Posts: 50 | Thanked: 444 times | Joined on Apr 2010 @ Austria
#8
Originally Posted by davidxfoo View Post
One question: using your patched driver, can tcpdump or wireshark output the signal strength of received wireless frames?
I think it should work (if you put the card in monitor mode), but I haven't tested it yet.

Originally Posted by hawaii View Post
Would you agree it's a tertiary firmware issue that's stopping live packet injection without being associated to an AP?
Yes, I am quite sure as some testing showed the same during development of my monitor mode patch. The firmware is a bit crappy at all. It wasn't too easy to get the monitor mode working like it is now. Nevertheless there may be some tricks to also overcome the firmware issues for packet injection, but I can't tell for sure.
 
Posts: 5 | Thanked: 0 times | Joined on May 2010
#9
Originally Posted by lxp View Post
I think it should work (if you put the card in monitor mode), but I haven't tested it yet.
lxp, could you do a quick test and let us know if you can see the signal strength? I remember on my n810 without patch, we can use monitor mode with tcpdump, but without signal strength information.

Thanks a lot.
 
Posts: 50 | Thanked: 444 times | Joined on Apr 2010 @ Austria
#10
Originally Posted by davidxfoo View Post
lxp, could you do a quick test and let us know if you can see the signal strength? I remember on my n810 without patch, we can use monitor mode with tcpdump, but without signal strength information.

Thanks a lot.
I have tested it and it works. The capture contains normal radiotap headers with MAC timestamp, Flags, Data Rate, Channel frequency, Channel type, DBM Antenna Signal, DBM Antenna Noise, Antenna.

Here is what I have done:
Code:
stop wlancond
ifconfig wlan0 down
iwconfig wlan0 mode monitor channel 6
ifconfig wlan0 up
tcpdump -i wlan0 -w test.cap
start wlancond
 

The Following 2 Users Say Thank You to lxp For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 05:12.