Date: Mon, 6 Feb 2012 18:53:11 +0000 From: Merlin Corey <merlin@merlinsbox.net> To: freebsd-wireless@freebsd.org Subject: Re: FreeBSD 9.0 ath driver injection with aireplay_ng returns input/output error in AHDemo and Monitor mode Message-ID: <CACcnmU0MDZ8ZGSKZCKc7jD1PgA5hG_2KCDRbXfeE=G7AWekfgA@mail.gmail.com> In-Reply-To: <CACcnmU0cfuNNwbL1AAdtZ05ijszH1nSNkhqNmDdRtaiqaqqCzw@mail.gmail.com> References: <CACcnmU3NtUYiNqcU4L75DW6GS5gzGu-CAywJJFSRSm%2BRdMomDQ@mail.gmail.com> <201202061835.43116.bschmidt@freebsd.org> <CACcnmU0cfuNNwbL1AAdtZ05ijszH1nSNkhqNmDdRtaiqaqqCzw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On Mon, Feb 6, 2012 at 5:35 PM, Bernhard Schmidt <bschmidt@freebsd.org> wro= te: > On Monday 06 February 2012 15:32:42 Merlin Corey wrote: >> Hello, >> >> Like some a year before me, from a thread two years before me ( >> http://forums.freebsd.org/showthread.php?t=3D10042 ), I am interested in >> making my (pun intended) penultimate pen-testing netbook on my >> favorite operating system, FreeBSD; alas, I am not able to make use of >> the atheros card in said netbook for the purposes of injection. >> >> It is perhaps worth nothing that I started this project on FreeBSD >> 8.x, but my card (AR9285 card=3D0x10891a3b chip=3D0x002b168c rev=3D0x01 = hdr=3D >> 0x00) was only working at what seemed half power and would constantly >> take itself up/down. =A0I have since updated the system to 9.0-RELEASE >> and experienced what appeared to be fully functioning wireless until >> now. >> >> In the thread linked above, there is a mention of a kernel patch which >> allows writing in monitor mode - I desperately applied this patch >> after finding that the instructions to patch aircrack itself seem to >> have already been applied either in ports or upstream. >> >> Now, I can run airodump just fine, but when I try to do injection test >> with aireplay in either ahdemo or monitor mode, I simply end up with a >> bunch of "wi_write(): Input/output error" messages. >> >> I am not really sure how to proceed in further debugging this issue; >> should I turn wlandebug on, and if so, which bit is best, or should I >> just throw them all? =A0Perhaps something else entirely? >> >> Is this maybe a problem with my card itself? >> >> Any push in the right direction would be greatly appreciated. > > Can you set a channel and ssid before starting any kind of injection? Som= ething like > ifconfig wlan0 create wlandev ath0 wlanmode ahdemo > ifconfig wlan0 channel 1 ssid foobar up > Yes, apologies for not being clear about my methods. =A0I have tested both with setting the initial channel and ssid before attempting to inject as well as not. > If I remember correctly, the interface will otherwise scan indefinitely t= rying to find an open network to connect to. Setting a channel/ssid will en= sure that the interface moves into RUN state (you can verify that with wlan= debug +state) which should allow injection. Trying to do so while in eg. SC= AN state is really too racy due to all the channel changes going on. You might be surprised to learn that in the case of NOT setting the channel it successfully finds APs on each channel and attempts injection, but fails with a write error every time. Thank you for wladebug +state, I will test this in a little bit to see if it is indeed stuck in the SCAN state instead of the RUN state. > > Basically, injection is a real mess currently and neither monitor nor ahd= emo mode are really that well suited for that purpose. Monitor mode is desi= gned to be totally mute while ahdemo is adhoc mode without mgmt frames but = a lot of unnecessary logic behind it. Guess we should really think about a = new mode specially designed to handle those needs, or re-enable injection i= n monitor mode which would break it's initial purpose.. thoughts? > > -- > Bernhard Regarding re-enabling write in monitor mode, I have lready done this, but it does not seem to have solved the problem, as I still receive an input/output error (as opposed to permission denied, which the thread indicates I will receive in monitor mode if I do not have the ability to write). I am all for a new mode and willing to test it from CURRENT or whatever I may do to help it along. Thanks, Merlin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACcnmU0MDZ8ZGSKZCKc7jD1PgA5hG_2KCDRbXfeE=G7AWekfgA>