Hi all,
I've recently bought an N900 (again :D), because I got interested in security related stuff, and a mobile pen testing platform: how cool is that!

Anyway, I've been messing around with the device the last few days, and I've decided that I wanted to keep all my fiddling around in an Easy Debian image, so when I mess something up, I don't have to reflash my whole device every time again. Also, some stuff is just easier to install into easy debian than maemo, because of dependencies/repo's etc.

So I've installed the bleeding edge wifi drivers, and I installed aircrack-ng and some other tools in easy debian. I load the bleeding edge drivers and put the card into monitor mode in maemo, and start aircrack-ng in the debian terminal.
Injection works etc, but when airodumping my home network, I don't get a handshake. I tried manually disconnecting my notebook, and sending deauth packets, but I still don't get a handshake.
When analyzing the file in wireshark, there are also no handshake packets(using the filter eapol.keydes.type == 254).

HOWEVER, if I use aircrack-ng in maemo(decided to install it, because it worked there before), it does work, and I get a handshake as soon as my notebook connects.

How to fix this? :/

Easy Debian is "emulated". It may not have all hardware or all modules.
Just install backtrack as a separate OS... It's in the Alternatives section.

Chroot =/= emulating, afaik?
The weird thing is that I can inject from easy debian lol.

And with backtrack, you mean neopwn? I guess I'll have to try it out then. I've read something about the leak being backdoored or something like that. What's a safe version?

Anyway, my question still stands, it intrigues me:p

chroot is not emulating. Not even close.

I'm curious as to why you need to have this done from within a chroot, when it works fine in a regular Maemo environment.

Well, I wanted to try out the "Wifite" (http://code.google.com/p/wifite/) script, which required aircrack-ng 1.1 or later (and some other tools). I tried it with the standard aircrack from the repo, but somehow it didn't manage to actually get any handshakes/crack wep, where there was no problem when doing it manually.
I tried upgrading to 1.1, but that proved to be harder than I thought it would be (how hard can it be to install a program, lol). After apt-getting it from a debian repo, something else broke, and I figured that it might be easier to install all this stuff in debian.

Also, installing everything in Debian meant I could easily start over when something was wrong, by just copying the most recent, working modified image again, instead of reflashing and/or using some backup program for the phone. And I figured that it would keep the phone more clean, although I'm not sure if that really matters (as much) as it does in Windows.

The install proved to be a lot easier/straight forward, but now ofcourse it doesn't capture any handshakes, not even manually :p

aircrack 1.1 for maemo is available. search the aircrack/faircrack threads. someone (creamy g. i think) posted it there.

well I'd probably manage to get it installed now, but I'd like to use it in easy debian environment, for the other reasons :p

it should work, shouldn't it?

FWIW i'm using wifite.py in normal maemo and it works. ;)

Get aircrack-ng 1.1 from here:
http://talk.maemo.org/showpost.php?p=929683&postcount=56

Thanks for the link, I'll try it out later :)
However, I would still like to know why it is not working in easy debian, and if it's fixable.

N900 users should definitely understand that :D

EDIT: needs IW, which is not in one of my current repo's apparantly, I'll mess with it tomorrow, need some sleep lol.

bump, the original question still stands :p

FWIW i'm using wifite.py in normal maemo and it works. ;)

Get aircrack-ng 1.1 from here:
http://talk.maemo.org/showpost.php?p=929683&postcount=56

How did you install? I used dpkg -i get error: depencies problems, iw is not installed. however aircrack-ng from the repos conflicts with iw.
Currently I have aircrack-ng 1.0 from the repos. Tried to install iw, but ended up removed aircrack-ng and then I installed the deb from creamy.

But then no aircrack-ng application from the suite showed up.
bin/sh/ aircrack not found
bin/sh/ airmon not found,

So that doesn't seem right.

OP: I haven't played around much with easydebian, but it could be the fact that two OS's are trying to manage the wireless card; to capture the WPA handshake I'm pretty sure you have to be locked to the same channel the access point is using (no channel hopping).

If easydebian comes with a network manager, such as wicd or NetworkManager, that could be causing the card to be hopping channels.

Try disabling them in debian:
sudo /etc/init.d/wicd stop

and when putting your card in monitor mode specifiy the channel:
sudo iwconfig wlan0 channel XX (where 'XX' is the channel)

OP: I haven't played around much with easydebian, but it could be the fact that two OS's are trying to manage the wireless card; to capture the WPA handshake I'm pretty sure you have to be locked to the same channel the access point is using (no channel hopping).

If easydebian comes with a network manager, such as wicd or NetworkManager, that could be causing the card to be hopping channels.

Try disabling them in debian:
sudo /etc/init.d/wicd stop

and when putting your card in monitor mode specifiy the channel:
sudo iwconfig wlan0 channel XX (where 'XX' is the channel)

I'll try that asap.
A note: I tried cracking a WEP key with wifite.py in EasyDebian, and that worked perfectly.
IIRC, airodump-ng doesn't switch channels in EasyDebian (or at least it show it like that).
Also, I activate monitormode in maemo, and don't set anything different in EasyDebian(wlan0 already shows up in monitor mode in ED)

EDIT: just tried both things you've mentioned, but without any difference.
The airodump-ng screens in maemo and debian are very alike: same AP's/clients, about the same data captured and lost, same power, same enc/auth/cipher etc etc, just that the airodump-ng in debian doesn't seem to capture the handshake:/

I'll upload a capture from both tomorrow, maybe it's an airodump-ng bug, and it does capture the handshake, but doesn't recognize it, or something like that?

anyone? *bump*

got interested in this too... bump

another bump; anyone?