My: IPRAW Module for Injection with IPW3945

[Genius]

I thought I would share the IPWRAW module I made and use for packet injection with my Intel IPW3945 Chip.
(Works perfectly with Aireplay, Airodump, Aircrack and all other populair apps)

The module will put 2 .sh script files on your desktop so you can easily switch between the injection and the normal driver.

This module wil modify your "/etc/rc.d/rc.local" file !
this will not be a problem except if you have allready modified this yourself !
(If anyone knows a better way of doing this, let me know)



Download link:
hxxp://rapidshare.com/files/43091378/install_ipwraw.lzm.html

Installation:
Just put the install_ipwraw.lzm file in the "module" folder of your backtrack CD/USB-Stick and it will load at bootup.
(search forum if you don't know how)



Creditz:
This module is based on the IPWRAW package made by: -~operator~-
(hxxp://forums.remote-exploit.org/showthread.php?t=7260)

[JMagick]

Firstly i'd like to thank you for making this module being new to backtrack and ive never used linux before. i would of had problems installing the IPW3945 drivers if it wasnt for this easy install module . it has made it possible for me to get quite far on my mission to crack my wep box i seem to be on the the right track (excuse the pun) however i am stuck with aireplay-ng attack commands. Firstly let me explain how im set up:


Backtrack 2 Final Installed on bootable USB drive
Dell D620 Intel(R) PRO/Wireless 3945ABG
IPRAW Module for Injection with IPW3945 installed in modules folder of drive
Kismet.conf edited to
userid root
source=ipw3945,wifi0,Intel
Ok now to my problem.

this is how im using it please feel free to let me know if im doing anything wrong or point me in the right direction.

1. Im loading kismet

then running this command

2. airodump-ng --ivs --write file_name --channel 11 wifi0 (to check on channel 11 everything shows up fine i see all the networks bssid's etc)

then this command

3.aireplay-ng -3 -b <mac address of ap> -h <mac of my interface> wifi0

(all appears to be going well apart from i dont get any arp replys just packets quite slowly and 0 packets sent so run these commands in a hope to get some arp replys and packets. but then i have a problem. when i run any of these aireplay commands below (my comp either crashes or wifi disconnects.)

4. aireplay-ng -0 1 wifi0 -a <mac address of ap> wifi0

or

5. aireplay-ng -e <name of network> -a <mac address of ap> -c <station id> --deauth 10 wifi0

or

6. aireplay-ng --arpreplay -b <mac address of ap> -h <mac address of my interface> wifi0

Whenever i run any of these aireplay commands even separately i my comp either freezes up and requires a reboot or the wifi card dissconnects (light goes off) apps stop working.

Do you have any idea what im doing wrong? Any help would be greatly appreciated. i got this far i really want to succeed in my quest

Again thanks for the module its got me this far you rock

[Guanji]

Depending on if you are doing this on your network or not.. but if you are targeting your own AP then obviously its going to lag like shit because your send way too much traffic to it.. i guess it can be called a DoS attack.. but it is best to try these attacks on two different cards.. use one to run airodump and then use the other to do aireplay.. this way you have two extra computers requesting ARPs so your chances of getting ARP replays increases..make sure to associate both computers with the AP..

Remember if others are not using the computer on the network much then you are going to have problems getting ARP replies as this is what speeds up ur IV count.. i guess u can use aircrackPTW because it cracks WEP using ARP replies rather than IVS and it seems a lot faster considering you get a lot of ARP replies..

hope this helps..

[JMagick]

Quote:

Originally Posted by Guanji

hope this helps..

Hey thanks for the pointer. so i would get more arp replys if there were other computers (network traffic) connecting to the ap at the same time? or do i need two computers and two backtracks running? i have two computers but the other only has a usb wifi card and im not sure its supported its a usb ZyAIR B220?

[Genius]

Jmagick thanks for your kind words.
I wish more people would make these easy to use modules for Back-Track it sure comes in handy when booting from (compressed installation) usb stick,

Quote:

Originally Posted by JMagick

Hey thanks for the pointer. so i would get more arp replys if there were other computers (network traffic) connecting to the ap at the same time? or do i need two computers and two backtracks running? i have two computers but the other only has a usb wifi card and im not sure its supported its a usb ZyAIR B220?

Yes, in order to receive ARP requests there has to be at least one other computer connected to the ap (wired or wireless).

You do not need 2 cards/computers to use this attack but it would improve speed if you did !

[shamanvirtuel]

"Yes, in order to receive ARP requests there has to be at least one other computer connected to the ap (wired or wireless).
You do not need 2 cards/computers to use this attack but it would improve speed if you did."


no..........without a client.......you can fakeauth and be the client .....

2 cards don't increase speed but precision......

if you have 2 dedicated cards, one for sniff, one for inj you will have no pb to capture fulls handshakes(or wpa)

you can sniff with 2 cards too : airodump-ng rausb0,rausb1
but in the case of wep....we use uniques ivs .......so it's useless

i used to configure a trio attack like this
1 card sniffing
1 card injecting via the client
1card injecting via fakeauth

but if you want speed, you will need to use other techniques than just 2 cards.....

have a look at my airodump output and the packet /seconds, numbers of ivs in comparison to running time...that is another tech called arp amplification, i do a little tut for that....search for it

[JMagick]

Quote:

Originally Posted by Genius

Jmagick thanks for your kind words.
I wish more people would make these easy to use modules for Back-Track it sure comes in handy when booting from (compressed installation) usb stick,

Hey Genius thanks for the reply. i agree this module is a godsend for peeps like me. again thank you for making it you rock. i was having problems injecting at first with the ipwraw module so i tried installing the ipwraw manually via the other link but after installing "cd /tmp/ipwraw make make install" and then loading the driver "/tmp/ipwraw/load" i got an error "line 93 cannot set_channel 11" didnt seem to load right so i decided to go back to your easy module after some headscratching i realised it was not the module (it works great) in actual fact i needed to set the card to the channel in the command window eg: iwconfig wifi0 channel 11 did a fakeauth and then run aireplay-ng. managed to collect 250.000 ivs in about an hour last night and actually i actually cracked my first wep key ! YAY i realise this isnt fast but im not that close to the box and it had no other clients connected to the ap so im rather happy. i tried aircrack-ng and aircrack-ptw to get my key aircrack-ptw gave me a key that didnt work but the key that aircrack-ng gave me worked however when i tried connecting to it i got local only access but im gonna try again in a little while as ive had that problem before in windows vista so it may not be key related i only connected quickly to check the key would let me in and it did.

Quote:

Originally Posted by shamanvirtuel

but if you want speed, you will need to use other techniques than just 2 cards.....

have a look at my airodump output and the packet /seconds, numbers of ivs in comparison to running time...that is another tech called arp amplification, i do a little tut for that....search for it

Hey shamanvirtuel thanks for the reply 33212 ivs in 32 seconds damn thats fast i wish i was running at that speed as i say it took me about an hour to get 250.000 ivs so thats all the convincing i need lol im gonna get on ebay and get myself a decent card and antennna . any ideas?

[JMagick]

After doing some research i decided to buy the usb Alfa AWUS036H

[Nightvision]

Hi Guys,

As the author has made a nice tut i just can't seem to get it work. Cause i'm not that kind of a noob with linux, the more frustrating it gets

Anyway, back to my problem, i followed the tut as stated.

1) If i load the IPWRAW via the shell manually i get this message, displayed between quotations:
[output]
Unloading 'ipwraw'...done.
Waiting for /sys/class/net/wifi0/device/rtap_iface to appear...done.
/tmp/ipwraw/load: line 93: ./set_channel: No such file or directory
Could not tune to channel 1.
[/output]

Okee good, i try the program made by him to load drivers, so i choose to unload the standard driver and choose to load the ipwraw driver, i get this in the dmesg. Note! i only display the last 3 lines:

[output]
ipwraw: U is_temp_calib_needed Timed thermal calib not needed
ipwraw: U ipw_prom_open prom dev->open
ADDRCONF(NETDEV_UP): rtap0: link is not ready
[/output]

So after this i try to scan, i try to do some stunts in the shell but nothing, nothing seems to get the job done to get this working. Any help would be greatly appreciated!


-----------------------------------
Update 01 @ 11:48 PM:

As it seems, maybe that is correct don't know am new to this, i can't scan while in the injecting mode, BUT i can do anything else like 'Detect SSID's', 'Inject', 'Replay' and so on.

Keep you guys posted!

[R3VO-INC]

Could you tell me where the files load to at startup so I can manually install it for hdd install?

*Edit* No worries solved it myself =]