Working aircrack-ng with monitor mode and packet injection !
so after few days of playing with drivers patches kernel sources i finally got aircrack-ng working on g1 !
( If you dont know whats aircrack-ng http://www.aircrack-ng.org/
) I tested airodump for 1h, had it dumping packets to the sdcard to a cap file with channel switching and aireplay with deauth attack. I monitored this from my laptop to see if the packets are being sent ok and the client was disconnected from the network as expected.
I used patches for the n900 form the "download here" link at the bottom of this page http://david.gnedt.eu/blog/wl1251/
. I also followed this tutorial http://bobcopeland.com/android_wifi.html
and used his excellent kernel patch to get the msm_wifi.ko module. I then used the kernel and the zip file herehttp://forum.xda-developers.com/show...postcount=2427
You will want to make a backup of your system before you do anything. With that kernel you won't be able to use wifi in the Android UI.
Requirements to use attached files:
How to make it work ?
- 2.2 Rom
- Debian installed in chroot on g1 with aircrack-ng installed ( you can use this img http://www.mediafire.com/?0ab95ia8xbale0i , just extract in on /sdcard/ so debian.img path is /sdcard/debian/debian.img )
steps 1-5 are one time only
- First boot your android ROM and type
# mount -o remount,rw /
# cd /system/etc/firmware
# ln -s ../wifi/Fw1251r1c.bin wl1251-fw.bin
# cat /proc/calibration > wl1251-nvs.bin
# mount -o remount,ro /
- Extract attached files ( g1_wl1251.zip ) to sdcard
- Apply ez_1.5.1_wl1251.signed.zip from recovery ( it got 2708 and ebi0 kernel for now will add ebi1 later)
- Boot the phone
- Now chroot into you debian installation ( if you used mine debian.tar.bz2 there is script startdeb just write: sh /sdcard/debian/startdeb and you should be chrooted correctly )
- screen ( dont know why airodump doesnt give any output without screen on adb shell ?! )
- airmon-ng start wlan0
- airodump-ng -i mon0
How com compile it
First you need to get sources:
- kernel sources i used https://github.com/ezterry/kernel-biff-testing tag ezgb-2636-v1.5.1-20110820
- prepatched compat-wireless-2010-12-22 ( attached in sources.zip. I did some small build fixes and applied every patch from wl1251-maemo/patches/wireless-testing/ EXCEPT 0003-wl1251-fix-scan-behaviour-while-not-associated.patch as i got build errors with it )
- rest of the files in patches.zip
You can just apply all patches in the kernel dir
If you want to make your config by yourself you have to compile as module cfg80211 and mac80211, compile in CONFIG_RFKILL_PM, CONFIG_CRC7 and UNSET CONFIG_TIWLAN1251. Its important as there as some ifdefs for CONFIG_TIWLAN1251 in drivers/mmc/core/core.c which is compiled in and with CONFIG_TIWLAN1251 WL1251 drivers doesnt work !
there is make.sh script edit it and change the patchs for your crosscompile toolchain and kernel location
and copy all *.ko modules
I hope everything is clear and more ppl can use it in custom roms
If something is unclear plz write about it