In order to do packet injection in this kernel, kernel update 2.6.24-21-generic must be installed!!! (new modules in hardy-proposed fixes the b43 problems )
Just run the update manager.



Hi guy's here is the [size=13pt]complete[/size] guide on how to make the b43 (driver for the Broadcom wireless chips) packet injection and aircracking 802.11a/b/g/n work with kernel 2.6.24 (ubuntu 8.04 / ubuntu ultimate edition 1.9 )

*This guide is Ubuntu Hardy specific*

b43 is a mac80211 driver. b43 offers a newer codebase and hardware crypto support than bcm43xx. With patches the injection speed is at least 700pps. Also, all attacks work, including fragmentation. There is no support for any Draft 802.11n features right now.
b43 has now complete support with aircack-ng 1.0-rc1.
For more info go here;
http://www.aircrack-ng.org/doku.php?id=b43

*Most of the work from here on will be done from the command-line, so open up a terminal (Applications > Accessories > Terminal)

*Remember that packet injection would not work with ndiswrapper. it must be removed before you can continue!!!

UNINSTALLING NDISWAPPER (If you have installed it.)

# Remove the lines "blacklist b43" and "blacklist b43legacy"

# Remove the modprobe lines

Remove the driver told ndiswrapper to use:


Remove ndiswrapper:



Before we start compiling make sure you have build-essential installed!!!
you can install this by


Step One

We are going to install the Broadcom wlan card. All Broadcom chips require firmware that is loaded onto the wireless chip before it can operate.

Supported Chips (Broadcom's AirForce™ family)

# bcm4301
# bcm4303
# bcm4306
# bcm4307
# bcm4309
# bcm4311
# bcm4312
# bcm4318
# bcm4319

To check what version you have:
Type



note: cards with a MAC core revision of 4 or less should use b43legacy.
these are cards should be installed with b43legacy
# bcm4301
# bcm4303
# bcm4306
# bcm4309
You can always build both b43 and b43legacy (and get firmware for both too). The kernel autoloader will automatically do the right thing and load the correct driver for your device.

Use version 011 of b43-fwcutter.
Download, extract the b43-fwcutter tarball and build it:



If you are using the b43legacy driver, follow these instructions.

Use version 3.130.20.0 of Broadcom's proprietary driver.
Download and extract the firmware from this driver:



*Restart PC

If you are using the b43 driver from linux-2.6.24, follow these instructions.

Use version 4.80.53.0 of Broadcom's proprietary driver.
Download and extract the firmware from this driver tarball:



*Restart PC

Note: Some distributions have special methods for installing the firmware. In general these consist of a special command entered at a terminal.
Ubuntu uses the following command:


Step Two

Make sure you have linux-headers and linux-source installed. you can install them by going to System > Admin > Synaptic Package Manager

or for the terminal:


Download The patches from: (the patches increase the injection speed and make fragmentation work)
~ http://www.latinsud.com/bcm/b43-injecti ... 24.4.patch
~ http://www.latinsud.com/bcm/mac80211_2. ... frag.patch
or you can use wget when your in /usr/src/linux-source-2.6.24 or use my attachment!

Place them on your Desktop

After that run these codes: (we will patch and compile new modules)
note: you might have different kernel header version, you must edit the codes on your own!



The module should now be ready to use for injection.

Step Three

*Before we install Aircrack-ng make sure you have libsqlite3-0 and libssl-dev installed!

To install from the Ubuntu Repository, you can run:


Install Aircrack-ng 1.0-rc1 for more info go to http://www.aircrack-ng.org/doku.php?id=install_aircrack


Restart the PC.

Step Four
To use your card for aircracking we must put in these commands: (monitor mode)


run this command to test if your packet injection is working:



it should say Injection is working! and then a list of AP

Another way of setting the card in monitor mode: (Recommended)

This way, you can monitor on mon0 while still being associated on wlan0.
- libnl1 and libnl-dev is needed for iw,

To install from the Ubuntu Repository, you can run:


- Install iw, for info go here http://www.aircrack-ng.org/doku.php?id= ... talling_iw

- Instead of setting monitor mode on wlan0, create mon0 using and you can go here for more information http://www.aircrack-ng.org/doku.php?id=airmon-ng
- Test and see if injection works.

Edit /etc/modprobe.d/options, by

and add a new line containing "options b43 nohwcrypt=1" This ensures that the encryption on wlan0 doesn't interfere with monitoring. This should be only enabled when aircracking with mon0, as it increases the softmac overhead. Remove it from your options list when not using aircrack for a longer time.
This is a workaround for a known bug in b43.

After that, use "mon0' for all moninjection tasks.

You can control the injection speed with aireplay-ng -x 'number'
1024 is the max, 500 is the default pps

_____________________________________________________________________________________________________
[size=12pt]Miscellaneous programs and info[/size]

after that refer here on how to WEP crack
http://www.aircrack-ng.org/doku.php?id=simple_wep_crack
and here for WPA/WPA2
http://www.aircrack-ng.org/doku.php?id=cracking_wpa

I am injecting but the IVs don't increase!
go here: http://aircrack-ng.org/doku.php?id=i_am ... t_increase

FAQ
http://www.aircrack-ng.org/doku.php?id=faq


Process wordlists

copy this into the text editor:


Save,
Once those lines are copied and the file is saved, then you need to make it executable:

Now you can you run the script from a terminal session:
myscript < /some/path/wordlist > /some/path/results.lst

results.lst will contain all words that are at least 8 characters in length.


John the Ripper - John the Ripper is a fast password cracker - http://www.openwall.com/john/
To install:


You can generate a list of "words" (actually character strings)

That produces a list of all combinations of the 95 printable ASCII characters of lengths 1 to 8. You can replace "All" with say "Alpha" or "Digits" to get just alpha or numeric passwords. It's also worth having a look at the john.conf file, you can change the min and max length of the generated passwords.
To edit the john.conf file:

There is more info here - http://aircrack-ng.org/doku.php?id=airc ... other_tips

note:
A list of all printable characters from Wikipedia (starting with a space)
!"#$%&'()*+,-./0123456789:;<=>?
@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_
`abcdefghijklmnopqrstuvwxyz{|}~

Macchanger - change the MAC address of a network interface - http://www.alobbs.com/macchanger/
To install


To change the MAC address


Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. For more info - http://www.kismetwireless.net

To install Kismet


For a latest version of Kismet compile from source.



To configure Kismet


change the following line
source=b43,wlan0,broadcom
save

To run Kismet


Wireshark is a network protocol analyzer (or "packet sniffer") - http://www.wireshark.org/

To install Wireshark - http://www.howtoforge.com/wireshark_ubuntu_feisty
To use Wireshark - http://www.aircrack-ng.org/doku.php?id= ... e&DokuWiki
There is more info here - http://www.willhackforsushi.com/books/377_eth_2e_06.pdf on wireless sniffing.


Useful Commands - not relating to aircrack

ifconfig - lists IP address (similar to ipconfig in Windows)
iwlist scan - shows wireless networks that are available in the area along with basic encryption information
lshw -C network - Shows interface and driver associated with each networking device
lspci -nn - Shows hardware connected to the pci bus
lsusb - Shows USB connected hardware
lshw -C usb - Additional info on USB related hardware (good for USB dongles)
cat /etc/modprobe.d/blacklist - List modules that will not be loaded by the Operating System at boot time
lsmod - lists currently loaded kernel modules. (Example usage - lsmod | grep ndiswrapper)
route -n - Lists kernel IP routing table -- Good for troubleshooting problems with the gateway (netstat -rn = equivalent command)
sudo route add default gw 192.168.1.1 - Example of how to set the default gateway to 192.168.1.1
sudo route del default gw 192.168.1.1 - Example of how to delete the default gateway setting
sudo modprobe ***** - Loads the kernel module **** . (Example usage - sudo modprobe ndiswrapper, sudo modprobe r818x, sudo modprobe ath_pci)
sudo modprobe -r **** - Unloades the kernel module ****. (Example usage - sudo modprobe -r ndiswrapper)
sudo ifup/ifdown <interface> - Brings up/down the interface and clears the routing table for the specified interface
sudo ifconfig <interface> up/down - Brings up/down the interface for the specified interface
sudo dhclient <interface> - Request IP address from DNS server for specified interface
sudo dhclient -r <interface> - Release IP address associated with specified interface
sudo iptables -L - Lists firewall rules
dmesg | less - Lists boot log -- good for troubleshooting problems with modules/drivers not being loaded
uname -r - Displays kernel version
/etc/iftab (Feisty and pre-releases (Edgy, etc)) - /etc/udev/rules.d/70-persistent-net.rules (Gutsy) - File which assigns logical names (eth0, wlan0, etc) to MAC addresses
cat /etc/resolv.conf - Lists DNS servers associated with network connections (Network Manager)
/etc/dhcp3/dhclient.conf - File which sets or modifies dns (domain name servers) settings

[glow=red,2,300][size=15pt]Comments, Sugestions or Problems make a post![/size][/glow]

[shadow=red,left]AND THATS IT [/shadow]

it works!

These are some of my results from using your guide
--------------------
*********************************************************
*Address* Took 8mins
KEY FOUND!: 4D:61:47:37:58 SSID: CTI
*********************************************************
*Address* Took 25mins
MAC: 00:12:0E:63:B4:B9 - channel: 6 - SSID '07B402921489'
KEY FOUND! [ 53:54:38:53:44 ] (ASCII: ST8SD )
*********************************************************
*Address* 14mins
MAC 00:12:0E:89:8C:50 SSID '07FX08135721'
KEY FOUND! [ 7C:D9:D2:46:18 ]
*********************************************************

Very well explained

works perfectly ...... thx man

Hello, first of all i want to say that the tutorial was great, every thing worked until I come to the part where I need to do a sudo ifconfig wlan0 down. Then I get an error message which says wlan0: ERROR while getting interface flags: No such device.
I'm new to linux, and I don't know how to change my network intercafe from eth1 to wlan0.
Please help me.
Thank you.

what do you get when you try:



Also, is your wireless enabled and working ?

it appears that wlan0 does not exist.

run ifconfig and see what interfaces it lists

be sure that Broadcom STA wireless driver isn't enable, on system, administration, hardware controls, and sorry for my english.

your english is fine

Is any of this possible in 8.10?

Also, I have Broadcom STA wireless driver enabled and am unable to disable it, why is it bad to have this disabled, and how should I disable it.

I get this when I try to patch.

jordan@jordan-laptop:/usr/src/linux-headers-2.6.27-8$ sudo patch -p1 < b43-injection-2.6.24.4.patch
can't find file to patch at input line 7
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|# Kernel >= 2.6.24.1 highly recommended
|# Fixes injection speed (up to 350 pps)
|# Fixes fragmented injection (requires mac80211 patch too)
|diff -bBur linux-2.6.24.4/drivers/net/wireless/b43/main.c linux-2.6.24.4-sud/drivers/net/wireless/b43/main.c
|--- linux-2.6.24.4/drivers/net/wireless/b43/main.c 2008-04-05 16:25:11.000000000 +0200
|+++ linux-2.6.24.4-sud/drivers/net/wireless/b43/main.c 2008-04-05 16:45:11.000000000 +0200
--------------------------
File to patch: