Page 1 of 2 12 LastLast
Results 1 to 20 of 35
  1.    #1  
    I'm surprised, unless I'm missing it, that nobody has been working on wardriving. We have a phone with wifi and gps running linux! Anyone tried anything yet? I'm about to attempt installing kismet in my debian image just for kicks...
  2. monogoat's Avatar
    Posts
    2 Posts
    Global Posts
    3 Global Posts
    #2  
    I believe there is an optware pkg for kismet, isn't there?

    If i ever have some free time the first app I wanted to write was a wardriving app, using the gps, or the network location service if gps couldn't get a fix, to document networks located by kismet.
  3.    #3  
    There is! Trying it now.

    ipkg-opt install kismet

    Results so far, after configuring it for eth0 instead of eth1, which was the default. I wonder if this is really workable? Anyone privy to the config I should use?

    Server options: none
    Client options: none
    Starting server...
    Waiting for server to start before starting UI...
    Suid priv-dropping disabled. This may not be secure.
    No specific sources given to be enabled, all will be enabled.
    Enabling channel hopping.
    Enabling channel splitting.
    Source 0 (wireless): Enabling monitor mode for wrt54g source interface eth0 channel 0...
    sh: /usr/sbin/iwpriv: not found
    Source 0 (wireless): Opening wrt54g source interface eth0...
    FATAL: SIOCGIFHWADDR: No such device
    [1] + Done(1) ${BIN}/kismet_server --silent ${server}
    root@castle:/var/home/george#
  4. #4  
    I think that utilizing the builtin wifi could be more difficult than on a regular desktop because the wireless-tools don't seem to be present. Dunno how the Kismet (and other wireless utilities) depend on that package, but I guess I should give it a shot ;-)

    Hint: /usr/sbin/wlanconfig, /usr/sbin/wifidriver
  5.    #5  
    Also need to get gpsd working, I guess. There's an ipk for it, but I have to try to configure it now...
  6. #6  
    Sorry for sounding dumb but what is wardriving?

    Thanks ahead of time.
  7. #7  
  8.    #8  
    One of the geekiest of all pastimes, my friend

    Wardriving - Wikipedia, the free encyclopedia

    "Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer or PDA." Usually aided by a GPS, so you end up with a map of wifi hotspots with details about their openness, number of people connected, strengths, etc. Very fun.
  9. #9  
    Quote Originally Posted by oil View Post
    man. That was classic...
    "When there is no more room in hell, the dead will walk the earth"


    PM me your questions, If I cant find an answer, I'll show you who can.
  10. #10  
    It doesn't mean a thing unless the wifi chipset can go into monitor mode. Not all wifi cards can do it, so I doubt the chip in the pre can.

    It would be sweet to have a mobile wep cracking phone lol. It's not going to replace my eee for wardriving/wep cracking though.
  11.    #11  
    Yeah, there are plenty of reasons why this won't work, but it would be so disappointing if it can't.
  12. #12  
    ifconfig isnt even present so how are we supposed to manage any of the networking interfaces?

    It'd be nice to have a wardriving app, rather than hauling my laptop with Backtrack for it.
  13.    #13  
    ifconfig is in /sbin, or at least it is after you get opt and everything installed. Might have been before that, not sure, but it's there on mine.
  14. #14  
    this would be bad-***, does anyone have any specifics on our wifi chip???? (Hoping for an atheros chip

    If we could get an app made for war-driving this truley would be the best phone ever and kick an iphones *** any day.

    Speaking of iPhone they have a broadcom chip which doesnt support monitor mode that's why im wondering.
  15. ws6kid's Avatar
    Posts
    23 Posts
    Global Posts
    44 Global Posts
    #15  
    Quote Originally Posted by czechdev View Post
    I think that utilizing the builtin wifi could be more difficult than on a regular desktop because the wireless-tools don't seem to be present. Dunno how the Kismet (and other wireless utilities) depend on that package, but I guess I should give it a shot ;-)

    Hint: /usr/sbin/wlanconfig, /usr/sbin/wifidriver
    I got wireless-tools (htttp://downloads.openwrt.org/kamikaze/7.09/ixp4xx-2.6/packages/wireless-tools_29-1_armeb.ipk) working and now iwpriv works. Iwpriv can be used to set your interface to monitor mode.
    here is the output of iwpriv:
    root@castle:/opt/etc/kismet# iwpriv
    lo no private ioctls.

    ppp0 no private ioctls.

    bsl0 no private ioctls.

    eth0 Available private ioctls :
    extscan (8BFA) : set 0 int & get 2 char
    cachescanssid (8BF0) : set 0 int & get 2 char
    hostcmd (8BE4) : set 2047 byte & get 2047 byte
    arpfilter (8BE6) : set 2047 byte & get 2047 byte
    regrdwr (8BE3) : set 256 char & get 256 char
    sdcmd52rw (8BFE) : set 7 byte & get 7 byte
    sdcmd53rw (8BFF) : set 32 char & get 32 char
    setgetconf (8BEA) : set 2000 byte & get 2000 byte
    getcis (8BE1) : set 0 & get 512 byte
    scantype (8BEB) : set 8 char & get 8 char
    getNF (0001) : set 1 int & get 1 int
    getRSSI (0002) : set 1 int & get 1 int
    bgscan (0004) : set 1 int & get 1 int
    enable11d (0005) : set 1 int & get 1 int
    adhocgrate (0006) : set 1 int & get 1 int
    sdioclock (0007) : set 1 int & get 1 int
    wmm (0008) : set 1 int & get 1 int
    uapsdnullgen (000A) : set 1 int & get 1 int
    setcoalescing (000B) : set 1 int & get 1 int
    adhocgprot (000C) : set 1 int & get 1 int
    enableroaming (000D) : set 1 int & get 1 int
    enablepwrmgmt (000E) : set 1 int & get 1 int
    chipenable (000F) : set 1 int & get 1 int
    wmm_qosinfo (0002) : set 1 int & get 1 int
    lolisteninter (0003) : set 1 int & get 1 int
    fwwakeupmethod (0004) : set 1 int & get 1 int
    psnullinterval (0005) : set 1 int & get 1 int
    bcnmisto (0006) : set 1 int & get 1 int
    adhocawakepd (0007) : set 1 int & get 1 int
    ldocfg (0008) : set 1 int & get 1 int
    sdiomode (0009) : set 1 int & get 1 int
    rtsctsctrl (000E) : set 1 int & get 1 int
    autodeepsleep (000C) : set 1 int & get 1 int
    wakeupmt (000D) : set 1 int & get 1 int
    setrxant (0001) : set 1 int & get 0
    settxant (0002) : set 1 int & get 0
    authalgs (0004) : set 1 int & get 0
    encryptionmode (0005) : set 1 int & get 0
    setregioncode (0006) : set 1 int & get 0
    setlisteninter (0007) : set 1 int & get 0
    setmultipledtim (0008) : set 1 int & get 0
    setbcnavg (0009) : set 1 int & get 0
    setdataavg (000A) : set 1 int & get 0
    associate (000B) : set 1 int & get 0
    getregioncode (0001) : set 0 & get 1 int
    getlisteninter (0002) : set 0 & get 1 int
    getmultipledtim (0003) : set 0 & get 1 int
    gettxrate (0004) : set 0 & get 1 int
    getbcnavg (0005) : set 0 & get 1 int
    getdataavg (0006) : set 0 & get 1 int
    getdtim (0007) : set 0 & get 1 int
    getrxant (0001) : set 0 & get 12 char
    gettxant (0002) : set 0 & get 12 char
    gettsf (0003) : set 0 & get 12 char
    wpssession (0004) : set 0 & get 12 char
    deepsleep (8BFB) : set 1 char & get 6 char
    hostsleepcfg (8BE5) : set 31 char & get 0
    deauth (0001) : set 0 & get 0
    adhocstop (0005) : set 0 & get 0
    radioon (0002) : set 0 & get 0
    radiooff (0003) : set 0 & get 0
    rmaeskey (0004) : set 0 & get 0
    wlanidle-on (000A) : set 0 & get 0
    wlanidle-off (000B) : set 0 & get 0
    sleepparams (0002) : set 64 char & get 64 char
    bca-ts (0003) : set 64 char & get 64 char
    scanmode (0006) : set 64 char & get 64 char
    getadhocstatus (0009) : set 64 char & get 64 char
    setgenie (000A) : set 64 char & get 64 char
    getgenie (000B) : set 64 char & get 64 char
    qstatus (000D) : set 64 char & get 64 char
    setaeskey (0001) : set 32 char & get 0
    getaeskey (0001) : set 1 int & get 128 char
    version (0002) : set 1 int & get 128 char
    verext (0003) : set 1 int & get 128 char
    setwpaie (8BE0) : set 24 char & get 0
    getlog (8BE9) : set 0 & get 512 char
    tpccfg (0001) : set 16 int & get 16 int
    scanprobes (0006) : set 16 int & get 16 int
    ledgpio (0005) : set 16 int & get 16 int
    sleeppd (0007) : set 16 int & get 16 int
    rateadapt (0008) : set 16 int & get 16 int
    inactivityto (0009) : set 16 int & get 16 int
    getSNR (000A) : set 16 int & get 16 int
    getrate (000B) : set 16 int & get 16 int
    getrxinfo (000C) : set 16 int & get 16 int
    atimwindow (000D) : set 16 int & get 16 int
    bcninterval (000E) : set 16 int & get 16 int
    sdiopullctrl (000F) : set 16 int & get 16 int
    scantime (0010) : set 16 int & get 16 int
    sysclock (0011) : set 16 int & get 16 int
    dataevtcfg (0012) : set 16 int & get 16 int
    txcontrol (0013) : set 16 int & get 16 int
    hscfg (0015) : set 16 int & get 16 int
    hssetpara (0016) : set 16 int & get 16 int
    drvdbg (0019) : set 16 int & get 16 int
    setuserscan (0001) : set 2000 byte & get 2000 byte
    getscantable (0002) : set 2000 byte & get 2000 byte
    setmrvltlv (0003) : set 2000 byte & get 2000 byte
    getassocrsp (0004) : set 2000 byte & get 2000 byte
    addts (0005) : set 2000 byte & get 2000 byte
    delts (0006) : set 2000 byte & get 2000 byte
    qconfig (0007) : set 2000 byte & get 2000 byte
    qstats (0008) : set 2000 byte & get 2000 byte
    txpktstats (000C) : set 2000 byte & get 2000 byte
    getcfptable (0009) : set 2000 byte & get 2000 byte


    Now if you notice there is no monitor private ioctl listed here therefore this command wont work.

    Syntax for iwpriv is:
    iwpriv eth0 monitor <m> <c>
    m - one of the following
    0 - disable monitor mode
    1 - enable monitor mode with Prism2 header info prepended
    to packet (ARPHRD_IEEE80211_PRISM)
    2 - enable monitor mode with no Prism2 info (ARPHRD_IEEE80211)
    c - channel to monitor


    Also you need to change the kismet config file located at /opt/etc/kismet/kismet.conf

    edit his file however you like sftp, vi , nano and look for "#source=wrt54g,eth1,wireless" change this to "source=acx100,eth0,wireless"

    now kismet errors out with this:
    root@castle:/opt/etc/kismet# kismet
    Server options: none
    Client options: none
    Starting server...
    Suid priv-dropping disabled. This may not be secure.
    No specific sources given to be enabled, all will be enabled.
    Enabling channel hopping.
    Enabling channel splitting.
    Source 0 (wireless): Enabling monitor mode for acx100 source interface eth0 channel 6...
    FATAL: Could not find 'monitor' private ioctl Make sure you have the latest ACX100 development release.
    Waiting for server to start before starting UI...
    [1] + Done(1) ${BIN}/kismet_server --silent ${server}



    So it seems we need a monitor private ioctl for the wireless chipset. Which i am assuming has to be modified somewhere in the driver.

    Wireless chipset is Marvell branded and the driver it uses is SD8686...

    Also make sure when you are making all these changes you are root, hint: use sudo -i while logged in..

    Oh hey has anyone gotten Metasploit working yet???
  16. ws6kid's Avatar
    Posts
    23 Posts
    Global Posts
    44 Global Posts
    #16  
    So the wireless card model is Marvell Libertas 8686. Now i just gotta figure how how to make this work with kismet ultimately getting the wireless card to go into monitor mode most likely manually.

    found this out from the dmesg output:

    WLAN Driver cleanup complete!!
    Unloading WiFi Driver and Keeping WiFi Chip in reset
    mmc1: card 0001 removed
    wlan-sbi_register: will use SDIO bus_width = 0 (0=negotiated), interrupt mode = INTMODE_GPIO
    Taking WiFi Chip out of reset, rescaning sd slot and loading WiFi Driver
    mmc1: new SDIO card at address 0001: Marvell 802.11 SDIO ID: 0B
    WLAN is using negotiated SDIO bus-width.
    WLAN SDIO bus-width is 4-bit.
    FW-DOWNLOAD-TIME= 160 milliseconds
    SETTING ANTENNA CONFIGURATION
    PA Enabled: 0x01
    PA Group 0 = 10dBm
    PA Group 1 = 11dBm
    PA Group 2 = 12dBm
    WLAN: Fw Downloaded, Interface ready and Driver ready to use!!
    Last edited by ws6kid; 09/11/2009 at 08:21 PM. Reason: doesnt have an sd slot afterall
  17. ws6kid's Avatar
    Posts
    23 Posts
    Global Posts
    44 Global Posts
    #17  
    official driver name it uses is "libertas_sdio"
  18. ws6kid's Avatar
    Posts
    23 Posts
    Global Posts
    44 Global Posts
    #18  
    found a patch for the driver haven't tried it yet..

    htttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=965f8bbc6c92233600b176f4c80299f6766df9bd

    take the extra t outta of the link, man i really need to hit 10 posts!!
  19. #19  
    Aparently the Pre has the same WiFi card as the iPod touch?!?!

    Linkage:
    WEP Cracking AND Monitor Mode update. - iPod touch Fans forum
    <I accidentally the whole pre>

    <Palm Pre Speed Test>

  20. #20  
    Here you go ws6kid
    Libertas Monitor Mode Support

    That looks promising, won't exactly cause kismet to work right away, but it's a step in the right direction.
Page 1 of 2 12 LastLast

Posting Permissions