Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,779,227 Members 46,916 Now Online
XDA Developers Android and Mobile Development Forum

Working aircrack-ng with monitor mode and packet injection !

Tip us?
 
zewelor
Old
(Last edited by zewelor; 10th February 2012 at 09:05 PM.)
#1  
Member - OP
Thanks Meter 23
Posts: 55
Join Date: Apr 2010
Default Working aircrack-ng with monitor mode and packet injection !

Hi,

so after few days of playing with drivers patches kernel sources i finally got aircrack-ng working on g1 ! ( If you dont know whats aircrack-ng http://www.aircrack-ng.org/) I tested airodump for 1h, had it dumping packets to the sdcard to a cap file with channel switching and aireplay with deauth attack. I monitored this from my laptop to see if the packets are being sent ok and the client was disconnected from the network as expected.

I used patches for the n900 form the "download here" link at the bottom of this page http://david.gnedt.eu/blog/wl1251/. I also followed this tutorial http://bobcopeland.com/android_wifi.html and used his excellent kernel patch to get the msm_wifi.ko module. I then used the kernel and the zip file herehttp://forum.xda-developers.com/show...postcount=2427


You will want to make a backup of your system before you do anything. With that kernel you won't be able to use wifi in the Android UI.


Requirements to use attached files:
  1. 2.2 Rom
  2. Debian installed in chroot on g1 with aircrack-ng installed ( you can use this img http://www.mediafire.com/?0ab95ia8xbale0i , just extract in on /sdcard/ so debian.img path is /sdcard/debian/debian.img )

How to make it work ?
steps 1-5 are one time only
  1. First boot your android ROM and type
  2. Quote:
    adb shell
    $ su
    # mount -o remount,rw /
    # cd /system/etc/firmware
    # ln -s ../wifi/Fw1251r1c.bin wl1251-fw.bin
    # cat /proc/calibration > wl1251-nvs.bin
    # mount -o remount,ro /
  3. Extract attached files ( g1_wl1251.zip ) to sdcard
  4. Apply ez_1.5.1_wl1251.signed.zip from recovery ( it got 2708 and ebi0 kernel for now will add ebi1 later)
  5. Boot the phone
  6. Quote:
    adb shell
    su
    cd /sdcard/wl1251_modules
    sh ../insmod.sh
  7. Now chroot into you debian installation ( if you used mine debian.tar.bz2 there is script startdeb just write: sh /sdcard/debian/startdeb and you should be chrooted correctly )
  8. screen ( dont know why airodump doesnt give any output without screen on adb shell ?! )
  9. bash
  10. airmon-ng start wlan0
  11. airodump-ng -i mon0

and DONE

How com compile it

First you need to get sources:
  1. kernel sources i used https://github.com/ezterry/kernel-biff-testing tag ezgb-2636-v1.5.1-20110820
  2. prepatched compat-wireless-2010-12-22 ( attached in sources.zip. I did some small build fixes and applied every patch from wl1251-maemo/patches/wireless-testing/ EXCEPT 0003-wl1251-fix-scan-behaviour-while-not-associated.patch as i got build errors with it )
  3. rest of the files in patches.zip

Kernel:

You can just apply all patches in the kernel dir
If you want to make your config by yourself you have to compile as module cfg80211 and mac80211, compile in CONFIG_RFKILL_PM, CONFIG_CRC7 and UNSET CONFIG_TIWLAN1251. Its important as there as some ifdefs for CONFIG_TIWLAN1251 in drivers/mmc/core/core.c which is compiled in and with CONFIG_TIWLAN1251 WL1251 drivers doesnt work !

Compat wireless:
there is make.sh script edit it and change the patchs for your crosscompile toolchain and kernel location
./make.sh
and copy all *.ko modules


I hope everything is clear and more ppl can use it in custom roms If something is unclear plz write about it
Attached Files
File Type: zip g1_wl1251.zip - [Click for QR Code] (7.33 MB, 2251 views)
File Type: zip patches.zip - [Click for QR Code] (6.09 MB, 1505 views)
The Following 13 Users Say Thank You to zewelor For This Useful Post: [ Click to Expand ]
 
pandaweb
Old
#2  
Member
Thanks Meter 21
Posts: 63
Join Date: Jan 2009
too bad i sold my g1!
aka pandroid
aka bbbenji

The Germ Series, DroidMod & HelloDroid bootanimations
benji.so
 
nvhush
Old
#3  
Junior Member
Thanks Meter 0
Posts: 28
Join Date: Mar 2011
Thank you for the great tutorial! I think many people are using Gingerbread right now with several different incompatible ROMs. I think it would be useful if you list your ROM version as well as SPL & Radio info. Also if you could PLEASE make an image of your G1 with the debian install, it would help a lot. If you don't want your personal data in the image then I can remove it for you and will host the image. At the very least people need to know how exactly you installed debian before attempting this.

Please PM me if you can supply the image, thanks again!
 
zewelor
Old
#4  
Member - OP
Thanks Meter 23
Posts: 55
Join Date: Apr 2010
Debian location can by anywhere, nothing depends on it and i got it on sdcard so g1 dump wont do anything. But i can send u ready debian.img to mount it with wireless tools installed just want to add new kismet and as i cant find ready deb for debian i would need to compile it probably. As for the radio u can use that new 2708 radio and old one for kernel i provided. I used cm6 for it but i think you can use any 2.2 rom as its froyo kernel. I need to clean up everything and redo it to write good tutorial how to compile it for any kernel and how to patch drivers.
 
nvhush
Old
(Last edited by nvhush; 22nd September 2011 at 02:21 PM.)
#5  
Junior Member
Thanks Meter 0
Posts: 28
Join Date: Mar 2011
Quote:
Originally Posted by zewelor View Post
Debian location can by anywhere, nothing depends on it and i got it on sdcard so g1 dump wont do anything. But i can send u ready debian.img to mount it with wireless tools installed just want to add new kismet and as i cant find ready deb for debian i would need to compile it probably. As for the radio u can use that new 2708 radio and old one for kernel i provided. I used cm6 for it but i think you can use any 2.2 rom as its froyo kernel. I need to clean up everything and redo it to write good tutorial how to compile it for any kernel and how to patch drivers.
Thanks for the response. I just upgraded my hboot to a version that CM6 doesn't support, but I can use a different Froyo ROM that is still working.

On Gingerbread I am having a very hard time getting ext2.ko loaded. I already have an EXT(4) partition mounted, but since I am not on Froyo none of the kernel modules can be loaded correctly. I also think that ext2 support is already there but I don't know how to make use of it. There are filesystem modules under /system/lib/modules/2.6.36.4-s3-cos/.

My goal is to create a clockwork image of a Froyo/Debian install (with working injection driver) and use it as needed while keeping a 2.3.4/2.3.5 Android image for testing newer Apps that don't work on 2.2.

For anyone that just needs the Debian image, you can download it from the original G1 Debian tut site here: http://www.saurik.com/id/10

Please PM me if you are willing to upload a copy of your .img container file & I will host it for everyone to use. Thanks!
 
zewelor
Old
#6  
Member - OP
Thanks Meter 23
Posts: 55
Join Date: Apr 2010
If u want u can still flash cm6 and after flashing it, flash kernel.zip from attached zip in 1st post ( it got also kernel for newer radio, but i havent tested it as i got older radio). As i saw in ezterry's kernel config ext2 partitions are mounted using ext4 so u dont have to load ext2 ( it works at least in froyo version of ezterry's kernel ). I can send now debian.img without working kismet but i think its better to get also kismet running so ppl wont have to redownload it. My debian.img its normal debian only with aircrack-ng installed nothing special in it. Only magic is kernel config and modules with patches compiled for that kernel thats it nothing more.
 
nvhush
Old
#7  
Junior Member
Thanks Meter 0
Posts: 28
Join Date: Mar 2011
Quote:
Originally Posted by zewelor View Post
If u want u can still flash cm6 and after flashing it, flash kernel.zip from attached zip in 1st post ( it got also kernel for newer radio, but i havent tested it as i got older radio). As i saw in ezterry's kernel config ext2 partitions are mounted using ext4 so u dont have to load ext2 ( it works at least in froyo version of ezterry's kernel ). I can send now debian.img without working kismet but i think its better to get also kismet running so ppl wont have to redownload it. My debian.img its normal debian only with aircrack-ng installed nothing special in it. Only magic is kernel config and modules with patches compiled for that kernel thats it nothing more.
Yes, let's wait until Kismet is working and then you can upload the image. I will try your suggestion and use EXT4. If I still have trouble I will create a flashable ZIP that has Froyo optimized for Debian with your Kernel patch included and a startup app to launch Debian via UI. Thanks again for your great contribution!
 
zewelor
Old
#8  
Member - OP
Thanks Meter 23
Posts: 55
Join Date: Apr 2010
But when you mount debian img just write mount -o loop -t ext2 not ext4 it should work
 
zewelor
Old
#9  
Member - OP
Thanks Meter 23
Posts: 55
Join Date: Apr 2010
Updated first post with some instructions how to compile drivers and kernel
 
nvhush
Old
#10  
Junior Member
Thanks Meter 0
Posts: 28
Join Date: Mar 2011
Constantly getting "mount: can't setup loop device: No such file or directory"

I tried "mknod /dev/loop0 b 7 0" but neither "mount -o loop,noatime /mnt/sdcard/debian.img /data/local/mnt" nor other variations using ext2 work. I did mount / as rw and created the /data/local/mnt directory. I also tried 2 versions of busybox and so far no luck; I guess you are using the version that comes with CM6? Thanks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes