It take me a long long time to learn how to make this one right. First try would be a year ago where I try to use aircrack-ng to crack wireless WEP by using my bcm43xx wifi card. But on that time, broadcom card isnt supported yet for monitoring mode(at least the driver is not supported yet).
But yesterday when I had a chance to chat with one of irc user which his nick I wont published here, we talk several things about wireless security. Meaning, how secure/how fast a secure wireless(WEP/WPA) can be hack and crack. It's all about him on the first place. He manage to find about 60 Access Point at his place and all were encrypted with WEP/WPA.
So, to make it short - Aircrack-ng is the best tools to deal with this situation where you need to a wireless which is forbidden for you to access. Then why not crack it and have your internet connection for free? So we begin discussing on the application, aircrack seem to be the best because it was easy to use. You can learn a little bit about aircrack from here.
So I would like to give my way of configuring my Broadcom(bcm43xx) card to use with aircrack. Now/today bcm43xx is a supported card for injection/monitoring mode/capturing packets but only after you patch the card. Well here is how to setup your bcm43xx:
- #mkdir bcm43xxinject
- #cd bcm43xxinjinect
- #mkdir kernelout
- #cp /boot/config-2.6.22-14-generic ./config-2.6.22-14-generic
- #cd kernelout
- #ln -s ../config-2.6.22-14-generic .config
- #cd ../
You now need a sub directory for our kernel output
Now you need to get the kernel source for Gutsy, go get a snack while it downloads, it is about 60 meg.
- #apt-get source linux-image-2.6.22-14-generic
get the new patch (updated for the new kernel), and patch the kernel:
- #cd linux-source-2.6.22-2.6.22/drivers/net/wireless/bcm43xx ; wget -nc http://www.latinsud.com/bcm/bcm43xx-injection-linux-2.6.20.patch
- #patch -p1 [ exact location of patch file ]
- Now we compile the new bcm kernel module
- #cd ~/bcm43xxinject/linux-source-2.6.22-2.6.22
- #sudo gedit Makefile
We have to manually change the version info (bug) so we don't get a tainted kernel.
- #make O=../kernelout outputmakefile
change extraversion from "= 9" to "= -14-generic" . This should be the default but it has not been updated yet. Save and exit then:
- #make O=../kernelout archprepare
- #make O=../kernelout modules
That last one will take a while. Finish your snack you got before, maybe go watch some tv or something industrious like that.
- Now with all gods willing hope this would compile with no errors.
- #cd ..
- #mkdir kernelbackup
- #cd kernelbackup
- #sudo cp /lib/modules/2.6.22-14-generic/kernel/drivers/net/wireless/bcm43xx/*.ko ./
Remember to always backup...
We are finally ready to install our 'pachinko' new patched drivers:
- #cd ..
- #cd kernelout/drivers/net/wireless/bcm43xx/
- #sudo cp -dpR *.ko /lib/modules/2.6.22-14-generic/kernel/drivers/net/wireless/bcm43xx/
- #sudo modprobe -r bcm43xx
Next we have to load our new drivers:
- #sudo modprobe bcm43xx
But if you would like to use ndiswrapper for surfing and all sort of work(except using aircrack) than you dont have to remove bcm43xx from blacklist. All you need to do is:
- To load bcm43xx :
- sudo modprobe -r ndiswrapper ; sleep 5 ; sudo modprobe bcm43xx
- To load ndiswrapper back:
- sudo modprobe -r bcm43xx ; sleep 5 ; sudo modprobe ndiswrapper