Dell Mini 10v Forum for all discussions and support on the Dell Mini 1011, also known as the Mini 10v. If your question is regarding Mac OS X, please use the Mini 10v Mac OS X forum.

Reply
 
Thread Tools Display Modes
  (#21) Old
fishywishy fishywishy is offline
Junior Member
 
Posts: 26
Join Date: Mar 2009
Default 05-15-2009, 09:51 PM

Quote:
Originally Posted by palawan View Post
uh oh... i'm starting to get worried if my the gigabyte GN-WI01GT card that i bought will actually work now. your card seems to be listed on the supported hardware that the "hacking wifi wep video" on the ebay post. here's the complete list that the ebay post has (not a recommendation from me for any of these hardware, but just putting it out there for your information):
never mind, i didnt do "ifconfig ath0 up". now this card works perfectly. the speed increased A LOT!

i had trouble configuring kismet in ubuntu, i ended up having to use older drivers. bt3 is so much easier to setup then ubuntu, i dont know why others say differently
Reply With Quote
  (#22) Old
palawan palawan is offline
Senior Member
 
palawan's Avatar
 
Posts: 110
Join Date: Oct 2008
Default 05-16-2009, 12:12 AM

got my gigabyte gn-wi07ht card today and replaced the one in the mini-9 right away. oob, it works fine in os x 10.57. it's faster in connecting, and things seem faster (maybe placebo effect, but it's noticeable).

in windows xp, the driver from the cd has to be installed. easy enough. it connects using wep/no security (with webportal), and wpa-tkip. it seems standard, but we had an asus 1000(?) that couldn't connect using the wpa-tkip security setting on our aruba ap's, and searched on the net and it seems that asus built-in card has problems with wpa, so... not so standard for all the cards out there.

i then booted with a backtrack 4 usb flash (with "changes" pointed to a second partition on the same usb flash) and i issued your command there ifconfig ath0 up. it seems to work.

now, to read up on the many tools included with backtrack 4. mainly interested in the aircrack for now.


my notebook: dell inspiron 11z - 11.6" display | intel core i3 330um | 6gb ddr3 ram | 80gb Intel ssd | Linux Mint 12 OS - Cinnamon 1.4 [Virtual Machine - WinXP SP3]
Reply With Quote
  (#23) Old
weber72 weber72 is offline
Member
 
weber72's Avatar
 
Posts: 38
Join Date: Apr 2009
Location: Oregon, USA
Default 05-16-2009, 06:04 AM

Just curious:
I'm assuming that since the stock Mini 9 wireless adapter is 'low-power', that any other adapters use more power and would degrade battery life, at least a little bit.

Have you guys seen this to be the case with any of the adapters you've tested, or is my assumption totally wrong? If there is a dip in the battery life, how much?

Thanks for the help...I've just recently started toying with Backtrack, and I'm very curious to learn more. This Mini 9 seems to be a fantastic little platform for trying new things...


Dell Mini 9 (Alpine White) -- 16GB SuperTalent SSD -- 2GB Kingston RAM -- 8GB Sandisk Ultra II SDHC -- 1.3MP webcam -- Windows 7 RC / Linux Mint 7 RC
Reply With Quote
  (#24) Old
somms somms is offline
Super Moderator
 
somms's Avatar
 
Posts: 883
Join Date: Oct 2008
Location: FAA
Default 05-16-2009, 07:28 AM

Quote:
Originally Posted by weber72 View Post
Just curious:
I'm assuming that since the stock Mini 9 wireless adapter is 'low-power', that any other adapters use more power and would degrade battery life, at least a little bit.

Have you guys seen this to be the case with any of the adapters you've tested, or is my assumption totally wrong? If there is a dip in the battery life, how much?

Thanks for the help...I've just recently started toying with Backtrack, and I'm very curious to learn more. This Mini 9 seems to be a fantastic little platform for trying new things...
Documentation

Current draw power specification link above for all Broadcom-chipset Dell Wireless 13xx(802.11b/g), 14xx(802.11a/b/g) and 15xx(802.11a/b/g/n) WLAN!


Reply With Quote
  (#25) Old
palawan palawan is offline
Senior Member
 
palawan's Avatar
 
Posts: 110
Join Date: Oct 2008
Default 05-16-2009, 07:12 PM

this gigabyte gn-wi07ht is pretty awesome. i cracked my wep password on my home-router in less than a few minutes which is not saying much about my password-selection

this card worked oob in bt4/aircrack-ng suite. i didn't have to patch anything. it looks like it's using the madwifi drivers(?). i cracked my router using the simple wep-crack tutuorial from aircrack-ng website, and then i cracked it again using the airoscript. using the script is much easier. i was getting about 506/505 pps

i just gotta watch my battery usage...


my notebook: dell inspiron 11z - 11.6" display | intel core i3 330um | 6gb ddr3 ram | 80gb Intel ssd | Linux Mint 12 OS - Cinnamon 1.4 [Virtual Machine - WinXP SP3]
Reply With Quote
  (#26) Old
tyrone tyrone is offline
Member
 
Posts: 36
Join Date: Apr 2009
Default getting a broadcom to work in jaunty - 05-17-2009, 01:54 AM

elchubi, there are a couple avenues to get broadcoms to work in linux for injection.

now first, i know you didnt ask about it, but backtrack 4 beta has the driver already patched and a newer kernel so apparently theres nothing that needs patching. As a side note, I have a feeling i'm going to install bt4 directly to a 1gb partition on the ssd sometime in the future to make as much room as possible for my inevitably necessary XP, and boot ubuntu from an sd card or usb for when i feel like trying things like wine again.

Now regarding ubuntu, there are a couple ways to get the b43 driver working nicely. One way is to try and compile the latest wl wireless testing kernel, I've done this but it takes an absurdly long time and isn't really worth the hassle.

Now the other way, being what you asked, is to install it to a fresh jaunty install. I've tried several different guides or adapted older guides to try and get this to work, but eventually after reinstalling ubuntu several times to make sure the method works on a fresh install, I think i found the most painless way to do it.

So, you can try this on a modified fresh install or whatnot but ill just say what i did based on a fresh install, take whatever steps out of it as necessary.

1. install ubuntu live usb using the netbook remix img file on the ubuntu website, flashnul'ed onto a 1gb or higher usb drive following these instructions https://wiki.ubuntu.com/UNR#From%20W...ing%20flashnul

2. install ubuntu jaunty however you like

3. boot into the fresh jaunty, dont do software upgrades yet, just run apt-get update to get the b43 drivers to show under restricted drivers manager while plugged into lan, install b43 driver that way. don't reboot yet (maybe not necessary, but this is how i did it)

4. run apt-get install linux-source, then cd to /usr/src/, log in as root by typing sudo su, then run "tar -xjf linux-source-2.6.28"

5. download the mac80211 patch from Index of /, specifically this one: http://patches.aircrack-ng.org/mac80...g+ack_v3.patch

6. either cd to /usr/src/linux-source-2.6.28 and run wget on the patch file to download it directly to linux-source-2.6.28 or instead if downloaded to desktop run "cp /home/YOURNAME/Desktop/mac80211_2.6.28-rc4-wl_frag+ack_v3.patch /usr/src/linux-source-2.6.28/"

7. in the kernel source directory you should be in, run "apt-get install build-essential" if necessary, then run "patch -p1 < mac80211_2.6.28-rc4-wl_frag+ack_v3.patch

8. follow the necessary steps listed below, as I found here: Ubuntu Januty and b43 injection speed

9. PLEASE NOTE that that page has a lot of discussion on it, and all you need to do is run:

cp /lib/modules/$(uname -r)/build/.config .
cp /usr/src/linux-headers-2.6.28-11-generic/Module.symvers .
make modules_prepare
cd /usr/src/linux-source-2.6.28/net/mac80211/
make -C /usr/src/linux-source-2.6.28 M=$(pwd) modules

10. The previous steps will have made a new mac80211 module, specifically mac80211.ko. You need to replace the one at (I THINK THIS IS THE DIRECTORY) /lib/module/kernel/net/mac80211/ with this one. So what you would type is "cp /usr/src/linux-source-2.6.28/net/mac80211/mac80211.ko /lib/module/kernel/net/mac80211/", then you can go to file browser and see that the new file's properties say the time that you compiled the module

11. If you replaced the mac80211 module after installing b43 drivers under restricted drivers manager, then you can reboot and wireless should be working. Obviously, to see if injection is working you can run airmon-ng to start mon0, an airodump-ng in a terminal as su and run an aireplay-ng -3 arp replay attack, or run the aireplay -9 injection test and notice that 20/30 or more packets will succeed showing an improvement over the likely 0/30 b43 would have given you before.

12. just to clarify, even though the injection test might seem bad at 20/30 the wireless-testing kernel will give a solid 30/30 every time it is run, and besides I can achieve 700 pps aireplays and 180 second wep cracks using b43 even with this supposed 20/30 quality so it is more than sufficient for quick cracking and means i dont have to buy a new card.
Reply With Quote
  (#27) Old
tyrone tyrone is offline
Member
 
Posts: 36
Join Date: Apr 2009
Default to palawan - 05-17-2009, 02:07 AM

palawan, congrats on the card that's great that the gigabyte card works so nicely! It appears I was probably just really unlucky with my gigabyte card, it didnt work in osx whatsoever and although the strength in xp was impressive i didnt get similar results in ubuntu using the ath5k module.

I wasnt even given the option for madwifi, maybe because my card was newer but not to mention in the backtrack 4 beta it tried to let me use madwifi but i was unsuccessful in every monitor mode and injection test i threw at it. Not to mention it fried my sd card that ubuntu was installed on which made me think there was some crazy problem with installing ubuntu to an sd card in the sdhc slot, but it looks like it was probably just some sleep complication with the ath5k module which is very disappointing.

Regardless, it all worked out best in the end for me, I am very successfully using my old e1505's 1390 card with injection and OOB support in osx, and I believe this is the case with all broadcom cards except for wireless-n and low power netbook crap card. It takes some extra work to get the injection working but im happy using that $35 on a 16gb class 6 sdhc card than a new wireless card just for injection.

So to everybody else, take note that there are great atheros cards out there that work with everything, but in terms of higher risk id say a broadcom will without a doubt work with all three major OSes while atheros might have a few bad apples like the one I experienced and saw a lot of people on insanelymac fretting about. Although if you get a good atheros that works with madwifi you're probably going to get OOB support with everything meanwhile with broadcom you have to get your hands a little dirty to make everything play nice with injection unless you use backtrack beta 4.
Reply With Quote
  (#28) Old
palawan palawan is offline
Senior Member
 
palawan's Avatar
 
Posts: 110
Join Date: Oct 2008
Default 05-17-2009, 07:46 AM

thanks for all of the the info, tyrone. running into your post is what got me interested in this pentesting exercise/hobby. i do need to update my knowledge in this area as this is my line of work.

i recommend running bt4 in 4gb usb flash. i have it it in a class 4 sdhc ($8+ on ebay) inside an sdhc usb reader ($1.98 on ebay), partitioned as 1gb bootable bt4, and the rest for changes.

the idea is from morpse http://www.mydellmini.com/forum/othe...-wireless.html

it works really well and all my stuff are saved that i work on. actually, if you shutdown the gui while the script is running, the next time you come back to the gui, it'll still be running. the big advantage is that i'm quite paranoid when working with underground hack tools (although bt4 seems to be well put together by the "good" robin hood-type guys) and running it separate from my production environment (ie os x and win xp) will hopefully mean my files are safe. i have thought about removing the ssd everytime i boot the bt4, but it's too much work.

strictly as a proof of concept, i cracked a couple of the wep ap's around me, one using an associated-client attack, and the other (which had no wireless client connected to it) using a fake-authentication attack. both took less than 5 minutes which included the injection process. i rebooted and using bt4 environment, connected to the ap's, used the keys, and connected to the internet. i did not plan nor would i use any of the hack-tools to attack the machines in their networks. i only stayed a few minutes on one, but maybe stayed a little too long on the first one, being somewhat curious if i'd get detected and disconnected.

as a matter of interest in security, i accessed the default-gateway (router) on the network to see if it's a d-link or linksys router still set with the default factory passwords. interestingly, they were both 2701HG-B gateway routers which shows some info without a password. the router shows the machines connected, the speed of the internet connection, etc. my mini 9 running bt4 showed up as BT (hostname)

the password on my router was cracked in the shortest time out of the 3 ap's i used the aircrack-ng on. i pretty much have to assume that my wireless network is virtually open to any hacker, but i am confident that all of our machines are not easily hackable. i hope i don't get proven wrong on that


my notebook: dell inspiron 11z - 11.6" display | intel core i3 330um | 6gb ddr3 ram | 80gb Intel ssd | Linux Mint 12 OS - Cinnamon 1.4 [Virtual Machine - WinXP SP3]
Reply With Quote
  (#29) Old
tyrone tyrone is offline
Member
 
Posts: 36
Join Date: Apr 2009
Default 05-17-2009, 09:28 AM

Quote:
Originally Posted by palawan View Post
etc
Glad that I was a help, it really makes my day. It was also nice to hear about your experiments, sounds similar to mine when I first started out! You don't have to go the extra mile to convince me (or anyone else here for that matter) that what you were doing was all in good fun and just to see if it would work in a real environment though, you sound like a pretty smart guy so I would assume that when doing these pen tests you would understand that actually trying to profit from any of the sensitive information you could find would lead to serious implications, i mean its like finding a credit card on the street or something, it's not like you can use it and expect to somehow get away with stuff like that without taking some serious risks.

But yeah on the subject of what the risk is with these things, backtrack's got to be the most anonymous out of all of the possibilities to use since its a live-cd with preconfigured options that are the same as any other download, and just use macchanger -r mon0 after an airmon-ng command and there's nothing whatsoever going through the airwaves that someone can trace to you. Also, you mentioned considering taking out the SSD, I understand your concern but believe me, linux distributions as they are with being open source, there are people across the world who would take it upon themselves to go over every line of the NECESSARY open source coding to make sure there aren't data miners or the like that could potentially endanger your well-being. Even if a virus were to be targeted towards a more mainstream distro like ubuntu, the built in software updates would take care of any of that nonsense.

Also, there are various reasons to keep your security on your router as WEP, such as maybe allowing a DS to connect since it only supports WEP or just by virtue of essentially blocking access to 99% of the world that doesnt know about the WEP vulnerabilities. But even with such a limitation on devices that do not support WPA, there are plenty of options. First, installing third party firmware such as dd-wrt on supported routers allows multiple virtual interfaces to be broadcast, so you could have WPA encryption on your main wireless signal and then add a WEP virtual signal with extremely limited access just for wireless internet on the DS.

I'll also take the time to mention, if it's at all enlightening, that although WEP is hilariously vulnerable to attacks as you have seen, a randomized password for WPA or WPA2 encryption is just as hilariously SECURE at the moment, there's absolutely no way to crack them besides running a dictionary or brute force attack, so as long as you arent using a one or two dictionary word passphrase you're in the clear.

The REALLY funny thing about that though is that if you go wardriving with kismet or kismac down even a sparsely populated town, youll find that an amazingly low number of the access points you see will be wpa encrypted, while the vast majority are fooling themselves with terribly insecure WEP or none at all.

You even mentioned how you could see some basic router information after cracking the wep key, well do a quick google search and you can see a huge list of all the default user/pass for every router ever made that they probably didn't bother to change and alter their configurations if you so desired. I remember reading one guy saying he used such info to change the wireless channels on his neighbors routers in his apartment complex that all used channel 6 in order to keep the devices from interfering with each other by being on the same channel.

Finally, just to spread some FUD, a scary thing to realize is that aside from leeching someone's bandwidth by cracking the WEP key, there are various tools that allow you to automatically filter out usernames and passwords, images, chat messages, and/or urls in packets collected using airodump or the like. Not to mention you can even go so far as to completely collect every single piece of information a computer wants to send back and forth to a router by poisoning the ARP so that the computer talks to you and you talk to the router, all while being completely undetected unless they are running relatively obscure command-line detectors.

Fun stuff, huh?
Reply With Quote
  (#30) Old
fishywishy fishywishy is offline
Junior Member
 
Posts: 26
Join Date: Mar 2009
Default 05-17-2009, 03:32 PM

Quote:
Originally Posted by palawan View Post
partitioned as 1gb bootable bt4, and the rest for changes.
how can i do this after bt3 has been extracted to the usb? i wrote a big tutorial on the usb and it wasnt there the next day
Reply With Quote
Reply

Tags
10v, bcm4322, inejctions, wifi, wireless

« Previous Thread | Next Thread »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Copyright © 2008-2016 MyDellMini.com.