Thread: Tutorial Compat-wireless Aircrack and Wlan0 fixed permanently on channel -1

this tutorial people have got wireless card chip supported compat-wireless there last few months issue compat-wireless , wlan0 mon0 being fixed on channel -1.

have ubuntu 10.10 , kernel 2.6.35.19 tested on 2.6.34 , 2.6.32

try explain how if u have me zd1211 chip




download latest compat http://wireless.kernel.org/download/...-wireless-2.6/

next u need patch zd1211

--- drivers/net/wireless/zd1211rw/zd_mac.c 2010-01-12 18:24:21.000000000 +0200
+++ drivers/net/wireless/zd1211rw/zd_mac.c 2010-01-12 18:41:21.000000000 +0200
@@ -220,14 +220,19 @@ void zd_mac_clear(struct zd_mac *mac)
static int set_rx_filter(struct zd_mac *mac)
{
unsigned long flags;
- u32 filter = sta_rx_filter;
+ struct zd_ioreq32 ioreqs[] = {
+ {cr_rx_filter, sta_rx_filter},
+ { cr_sniffer_on, 0u },
+ };

spin_lock_irqsave(&mac->lock, flags);
- if (mac->pass_ctrl)
- filter |= rx_filter_ctrl;
+ if (mac->pass_ctrl) {
+ ioreqs[0].value |= 0xffffffff;
+ ioreqs[1].value = 0x1;
+ }
spin_unlock_irqrestore(&mac->lock, flags);

- return zd_iowrite32(&mac->chip, cr_rx_filter, filter);
+ return zd_iowrite32a(&mac->chip, ioreqs, array_size(ioreqs));
}

static int set_mc_hash(struct zd_mac *mac)
@@ -814,7 +819,8 @@ int zd_mac_rx(struct ieee80211_hw *hw, c
/* caller has ensure length >= sizeof(struct rx_status). */
status = (struct rx_status *)
(buffer + (length - sizeof(struct rx_status)));
- if (status->frame_status & zd_rx_error) {
+ if ((status->frame_status & zd_rx_error) ||
+ (status->frame_status & ~0x21)) {
if (mac->pass_failed_fcs &&
(status->frame_status & zd_rx_crc32_error)) {
stats.flag |= rx_flag_failed_fcs_crc;
@@ -827,7 +833,8 @@ int zd_mac_rx(struct ieee80211_hw *hw, c
stats.freq = zd_channels[_zd_chip_get_channel(&mac->chip) - 1].center_freq;
stats.band = ieee80211_band_2ghz;
stats.signal = status->signal_strength;
-
+ stats.signal = stats.signal - 90;
+
rate = zd_rx_rate(buffer, status);

/* todo: return index in big switches in zd_rx_rate instead */
@@ -1154,7 +1161,7 @@ struct ieee80211_hw *zd_mac_alloc_hw(str
hw->wiphy->bands[ieee80211_band_2ghz] = &mac->band;

hw->flags = ieee80211_hw_rx_includes_fcs |
- ieee80211_hw_signal_unspec;
+ ieee80211_hw_signal_dbm;

hw->wiphy->interface_modes =
bit(nl80211_iftype_mesh_point) |


next patch u need mac patch:

diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 0855cac..221bed6 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -677,11 +677,19 @@ int tid;

/*
* packet injection may want control sequence
- * number, if have no matching interface we
- * neither assign 1 ourselves nor ask driver to.
+ * number, if injected packet found, skip
+ * renumbering it. make packet no_ack avoid
+ * excessive retries (acking , retrying should be
+ * handled injecting application).
+ * fixme may break hostapd , other injectors.
+ * should done using radiotap flag.
*/
- if (unlikely(info->control.vif->type == nl80211_iftype_monitor))
+ if (unlikely((info->flags & ieee80211_tx_ctl_injected) &&
+ !(tx->sdata->u.mntr_flags & monitor_flag_cook_frames))) {
+ if (!ieee80211_has_morefrags(hdr->frame_control))
+ info->flags |= ieee80211_tx_ctl_no_ack;
return tx_continue;
+ }

if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
return tx_continue;


next u need patch

commit fffd6e63ea75850dafbf2ccfb38a4189f43c0282
author: maxim levitsky <maximlevitsky@xxxxxxxxx>
date: tue jun 1 15:43:21 2010 +0300

wireless: allow retrieve channel set on monitor interface

allow preserve compatibility userspace

signed-off-by: maxim levitsky <maximlevitsky@xxxxxxxxx>

diff --git a/net/wireless/chan.c b/net/wireless/chan.c
index b01a6f6..09d979b 100644
--- a/net/wireless/chan.c
+++ b/net/wireless/chan.c
@@ -49,9 +49,12 @@ int cfg80211_set_freq(struct cfg80211_registered_device *rdev,
{
struct ieee80211_channel *chan;
int result;
+ struct wireless_dev *mon_dev = null;

- if (wdev && wdev->iftype == nl80211_iftype_monitor)
+ if (wdev && wdev->iftype == nl80211_iftype_monitor) {
+ mon_dev = wdev;
wdev = null;
+ }

if (wdev) {
assert_wdev_lock(wdev);
@@ -76,5 +79,8 @@ int cfg80211_set_freq(struct cfg80211_registered_device *rdev,
if (wdev)
wdev->channel = chan;

+ if (mon_dev)
+ mon_dev->channel = chan;
+
return 0;
}

------------------------------------------------------------------------------------------

copy patches compat directory save text file name whatever u want named first 1 x second 1 c , third 1 d

cd compat directory

, apply first one; patch -np0 -i x
second one; patch -np1 -i c
, third; patch -np1 -i d

should ok nothing fail.

next step make , sudo make install after finished
still compat directory sudo make wlunload , sudo make btunload
modprobe zd1211rw or whatever card u have , test airmon-ng start wlan0(or whatever u got)
aireplay-ng -9 mon0
, airodump-ng mon0 u wont see anymore channel being fixed on -1

tested on 2.6.35 tested ok 2.6.34 on backtrack , lucid 10.04 internet , aircrack work without problem

man author: maxim levitsky

if u have rt73 iwl4965 iwl5100 or other chip supported compat-wireless u dont need apply zd1211 patch

ps , remember have device firmware in firmware directory

your approach didnt work me third patch wasn't applyable, without him card fixed on channel -1.

workaround:

download:

wget http://patches.aircrack-ng.org/mac80...radiotap.patch
wget http://patches.aircrack-ng.org/zd121...x-2.6.26.patch
newest compat wireless

now apply both patches compat-wireless, , continue in tutorial.

edit: narf worked on first when, tried airreplay-ng -9 mon0 (it hopped through channels), cant make fakeauth on specified channel.

Forum The Ubuntu Forum Community Ubuntu Official Flavours Support New to Ubuntu [ubuntu] Tutorial Compat-wireless Aircrack and Wlan0 fixed permanently on channel -1

Ubuntu