Date: Tue, 7 Feb 2012 09:17:08 +0100 From: Lars Engels <lars.engels@0x20.net> To: Bernhard Schmidt <bschmidt@freebsd.org> Cc: freebsd-wireless@freebsd.org Subject: Re: FreeBSD 9.0 ath driver injection with aireplay_ng returns input/output error in AHDemo and Monitor mode Message-ID: <20120207081707.GK4776@e-new.0x20.net> In-Reply-To: <201202062105.33007.bschmidt@freebsd.org> References: <CACcnmU3NtUYiNqcU4L75DW6GS5gzGu-CAywJJFSRSm%2BRdMomDQ@mail.gmail.com> <201202061835.43116.bschmidt@freebsd.org> <CACcnmU3VYjEEjSdLT1DotAjUHcEujz8%2BLN31Xroqy19F8DqTig@mail.gmail.com> <201202062105.33007.bschmidt@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Ucgz5Oc/kKURWzXs Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 06, 2012 at 09:05:32PM +0100, Bernhard Schmidt wrote: > On Monday 06 February 2012 20:57:35 Merlin Corey wrote: > > Hello, > >=20 > > On Mon, Feb 6, 2012 at 5:35 PM, Bernhard Schmidt <bschmidt@freebsd.org>= wrote: > > > On Monday 06 February 2012 15:32:42 Merlin Corey wrote: > > >> Hello, > > >> > > >> Like some a year before me, from a thread two years before me ( > > >> http://forums.freebsd.org/showthread.php?t=3D10042 ), I am intereste= d in > > >> making my (pun intended) penultimate pen-testing netbook on my > > >> favorite operating system, FreeBSD; alas, I am not able to make use = of > > >> the atheros card in said netbook for the purposes of injection. > > >> > > >> It is perhaps worth nothing that I started this project on FreeBSD > > >> 8.x, but my card (AR9285 card=3D0x10891a3b chip=3D0x002b168c rev=3D0= x01 hdr=3D > > >> 0x00) was only working at what seemed half power and would constantly > > >> take itself up/down. I have since updated the system to 9.0-RELEASE > > >> and experienced what appeared to be fully functioning wireless until > > >> now. > > >> > > >> In the thread linked above, there is a mention of a kernel patch whi= ch > > >> allows writing in monitor mode - I desperately applied this patch > > >> after finding that the instructions to patch aircrack itself seem to > > >> have already been applied either in ports or upstream. > > >> > > >> Now, I can run airodump just fine, but when I try to do injection te= st > > >> with aireplay in either ahdemo or monitor mode, I simply end up with= a > > >> bunch of "wi_write(): Input/output error" messages. > > >> > > >> I am not really sure how to proceed in further debugging this issue; > > >> should I turn wlandebug on, and if so, which bit is best, or should I > > >> just throw them all? Perhaps something else entirely? > > >> > > >> Is this maybe a problem with my card itself? > > >> > > >> Any push in the right direction would be greatly appreciated. > > > > > > Can you set a channel and ssid before starting any kind of injection?= Something like > > > ifconfig wlan0 create wlandev ath0 wlanmode ahdemo > > > ifconfig wlan0 channel 1 ssid foobar up > > > > > > If I remember correctly, the interface will otherwise scan > > > indefinitely trying to find an open network to connect to. Setting > > > a channel/ssid will ensure that the interface moves into RUN state > > > (you can verify that with wlandebug +state) which should allow > > > injection. Trying to do so while in eg. SCAN state is really too > > > racy due to all the channel changes going on. > > > > > > Basically, injection is a real mess currently and neither monitor > > > nor ahdemo mode are really that well suited for that purpose. > > > Monitor mode is designed to be totally mute while ahdemo is adhoc > > > mode without mgmt frames but a lot of unnecessary logic behind it. > > > Guess we should really think about a new mode specially designed > > > to handle those needs, or re-enable injection in monitor mode > > > which would break it's initial purpose.. thoughts? > > > > > > -- > > > Bernhard > >=20 > > As per the directions given to me by Bernhard, I have tested ahdemo > > and monitor mode injection with wlandebug +states. In short, it seems > > that indeed ahdemo mode complains about moving from INIT to RUN state > > unexpectedly, and monitor mode goes back to SCAN state making it not > > very useful for this purpose given the stated issues with SCAN state. > >=20 > > First, the general output of aireplay-ng -9: > > wi_write(): Input/output error > > ... repeat last message 28 times ... > > wi_write(): Input/output error > > wi_write(): Input/output error > > 19:34:43 0/30: 0% > >=20 > > Finally, below my signature, I have included the /var/log/messages > > output annotated with comments indicating which shell commands were > > being run before the messages were output in the form of comments with > > three hashmarks. >=20 > Yeah.. air* does a lot of stuff, not all of it being that useful. It > might simple be that it resets the device and therefore the > configuration. I'll have a look tomorrow. Yup, maybe we can improve aircrack-ng and get some patches upstream? >=20 > I the mean time, can you give /usr/src/tools/tools/net80211/wlaninect > a shot? --Ucgz5Oc/kKURWzXs Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk8w3gMACgkQKc512sD3afhO0wCfeh5Vw3AoNHet++z4BlJxgdmT IhsAnA5z29bPepg3967BY8xX6rMZzqHo =e1tk -----END PGP SIGNATURE----- --Ucgz5Oc/kKURWzXs--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120207081707.GK4776>