wi-fi promiscuous mode - Windows Mobile Development and Hacking General

Hi,
i'm trying to get airscanner app to work on my trinity, but it seems it don't supports promiscuous mode (like most wm5 devices). In fact, it seems that most wi-fi hardware enabled device actually supports promiscuous but manifacturer disables it in low level part of OS, rom or device driver. Could anyone capable of that, enable it? It would be an huge gain for the community. In addition, once unlocked for a specific device, i think it would be quite easy to port the "mod" to any recent WM5/6 device.
Thanks!

Related

Adding WiFi to the Gizmondo...

hi all,
i'd be interested in adding WiFi capabilities to the Gizmondo game console.
while adding the hardware (using an SD Wifi Card) would be trivial, i assume that there is not WiFi support in the ROM at all. so just installing the drivers will not be enough, won't it?
can anybody of the ROM hacking gurus around here give me an educated guess how difficult it would be to add the missing WiFi capabilities?
the Gizmondo uses Window CE 4.2, so i assume most of the missing stuff should be available in the Window CE Platform Builder, right?
thanks a lot,
Daniel
drgoldie: you might want to check out dedicated gizmondo forums for this kind of hacking.
Platform Builder is good for reference, but not very useful for implementing things on a real device, without a full BSP for the device in question.
In this instance, what you're lacking presumably is the wifi card drivers (by the wifi card's manufacturer), irrespective of whether the device can support the external expansion (which it probably can).
V
hi V,
i am in contact with the Giz hacker guys, but is seems nobody is working on this yet.
the wifi card drivers would probably come with the wifi card, wouldn't they?
my question is more about if there is something missing the OS besides the card drivers. shouldn't there be a WiFi stack in order to do WiFi...?
Daniel
If they're using a standard CE build, you might just be lucky and wifi is built in - subject to the driver. However, given how modular CE is, you might be unlucky!
The driver - well, presuming it's a mainstream wifi card, you've probably got WinMobile drivers, but I'm not sure about cross-compatibility with CE. So, obviously you're in luck if your OEM provides CE drivers, but if they don't - writing your own wifi drivers for the card might be ugly.
However, my advice would be - just stick the card in and see what happens! The OS could lack wifi support, a compatible driver, or both! But before re-implementing wifi in the OS, consider availability of your card's drivers first.
V
well, i don't have any sd wifi card yet.
i was planning to buy this one
http://www.socketcom.com/product/WL6207-600.asp
because it comes with a lot of software...
any recommendations for specific WiFi cards?
Daniel

Controller for TIACXWLN

Hello all.
Experimental version of custom mode controller for TIACXWLN built-in adapters
is located at http://winm-soft.atspace.com
Who is interested may test it...
Hello AlexB.
I was trying to run your program on hermes with WM6 which according to wiki is equipped with TI chipset, I found references in registry to TIACXWLN drivers but unfortunately your custom mode controller don't want to work all I've got is "Cannot process memory block!........" after choosing yes "Cannot read configuration! It is possible device is off." but the wlan device is actually on. I'll send you my *.dmp files maybe you can manage to make it work on hermes.
I had been toying around with the custom mode driver and have had little success thus far. Another thread was started and I have since taken great interest in trying to achieve promiscuous packet sniffing on my Tytn. I believe the problem may lie within either the custom driver, tiacxwln.dll or the hardware itself.
A little more information...
Mode controller works (attempt) directly with adapter (ACX100, PCMCIA!!!), not with the driver (standard, not patched). Program extracts an address of adapter registers window from TIACXWLN driver (TIACXWLN1 device object) and next it enables some packet filters, executes commands and etc...
I have no new ideas now why it works badly on such built-in adapter (device process commands with success status)...
On Dell I receive all packets but sometimes only...
Alex is it possible for you to patch internal driver to use promiscuous mode and don't bother with custom controller?
The custom mode controller is probably the best way to go about activating promiscuous scanning, since it's affect can be made temporary. If this mode of packet scanning were always enabled, I believe it would not allow one to associate with an access point.
I've attached the dump files that were generated after the unsuccessful execution of tiacxwln_ctrl.. perhaps the author or someone else can derive a solution .
Hi, Alex.
I was looking for your tiacxwln_ctrl custom controller on your web site, http://winm-soft.atspace.com/ but I could only find TNETWLN and WCF-11 files. Has it been moved, or deleted? I'd like to try it on my HTC 8525 with WM6.
Walt
I've received a private request for the file that AlexB developed and had posted on his site winm-soft (it's no longer available) which is mentioned above.. it will not enable promiscuous scanning on the Hermes. I repeat, it is broken, it does not work. AlexB did a great job creating this hack, however I don't believe that it was ever intended to work with the 8525. If AlexB would be so kind as to provide his source then perhaps we would have a decent starting point to enable this feature, however anyone who would be interested in doing this would find 3 perhaps not so obvious hurdles.
1: The TIACXWLN.DLL driver needs to be hacked to enable monitor mode.
2: A program capable of capturing and storing .pcap files would be necessary at this point as the only program that I'm aware of capable of sniffing out weak keys is airsnort which only accepts pcap dumps.
3: The pcap file would be huge. ie - could quite possibly take up 1gb or more of a micro sd card.
Just my $.02. Comments are welcome. Now onto the file. Enjoy!
Hi everybody,
The TIACXWLN controller was developed (beta/gamma...) for Dell X51 PDA and program worked bad and it is discarded! That program got some pointers (parameters) from context parameters of standard tiacxwln driver... Standard driver in Dell and driver in HTCs are different... Some experience of controller development was used to make TNETWLN controller (also TexasInstr adapter)... All controllers try to enable only promiscuous mode (not monitor mode).
As yet there are no TIACXWLN promiscuous mode ideas and devices...
Now some ideas for TNETW1251 (with SDIO) exist.
Thanks for the clarification.
Alex, I don't understand your reluctance to release source code, unless you based it upon "inside knowledge" of someone's copyrighted code, in which case I understand completely. If (and I fit into this category myself from time to time) you are simply embarrassed by code that "worked bad and it is discarded!" then maybe you could release it to a small group of coders who would be able to make it work without a lot of public exposure.
My personal interest is simple. I have a Zaurus C3200 that I use to sniff out rogue access points on the networks I am responsible for. It's big and clunky, and only works on 802.11b networks, so I don't carry it all the time, whereas I *always* have my 8525 with me, and it will work on b/g.
As far as WEP cracking goes, with ARP injection you can get aircrack to find a key with files of around 1-2MB in size, so the pcap files would not be too big. Of course, as I understand it, you *would* need monitor mode for packet injection to work.
IMHO this is a valuable development work that should continue. I just wish I had the skills and time to do more myself!
Walt
About sources
Main idea of contollers is working in special modes in parallel with vendor driver/software (without patching and etc.). All information, command structures and register constants was extracted from: http://acx100.sourceforge.net/
Who is intersted in building of new TIACXWLN driver should analize these sources. There are many commands and constants in these sources but controller used only Packet Filter command. All that the controller needed was address of mapped window of registers (it was stored in vendor driver context)... TIACXWLN adapter on Dell X51v processed these asynchronous commands with success (by response) but vendor driver was as post-processor any commands...
Commands are used by controller (details see in Linux driver (acx_struct.h)):
1) ACX1xx_CMD_INTERROGATE (IE_RXCONFIG)
2) ACX1xx_CMD_CONFIGURE (IE_RXCONFIG, RX_CFG1_RCV_PROMISCUOUS)
...
Hi, thanks to Lancealot for upload this file.
I install this controll driver in my HTC Universal (Universal have Wi-Fi chip from same corporation as TyTN: tiacxwln).
But this controll utility is not work on my UNiversal :-(
That setings promiscous mode, so Universal is freezed :-(
Anybody have any ideas ?
* Please excusive my for my bad english, thanks.
Hi Alex
I hv Sedna and have the discvussed Wi Fi driver..My problem is that it connects to wi fi router (g) but I cannot surf..most of the times I have to on/off and it works, but after long periods it disconnects.I hope this will solve the problem, also if u can suggest any guidance,I will b greatful
AlexB does your sniffer allow you to capture wifi traffic in all channels?
Hi,
Sniffer captures "adapter driver <-> protocols stack" packets...
Standard driver of WiFi adapter returns packets only after connecting to some network therefore sniffer gets traffic from one network on some channel... In promiscuous mode adapter gives user packets with foreign destination address.

Monitor Mode on integrated WIFI (running linux)

Hi out there, am I able to get monitor mode to work on HTC Universal? I still have no device but i'm thinking about to buy one Universal or Zaurus C1000. What I need is monitor mode for penetration testing. If injection is available, it's nice but not a "must have". I will use Linux on the Universal, to make it paly together with the rest of my annoying grey boxes. If the integrated WIFI does not, does anyone know if monitor mode works with one of these sdio wifi cards? Or is there another way, to stick external wifi devices to the Universal (maybe usb or cf)?
On wiki there is written, that the Universal uses the tnetw1100bg wifi chipset.
I found this one on net:
http://www.rootr.net/man/man/acx/4
Do I understand this right, that, if i'm using Linux with acx-driver, monitor mode will be available to the Universal?
very very interesting can someone test it?
Linux on the uni doesnt have SDIO and unlikely to have it for a while due to driver implimentation legal issues. hope this helps.
why do we need sdio wifi card,cant we use universal onboard wifi?
Well SDIO cards were mentioned, just ruling them out at this stage.
SDIO was just an idea if Universals onboard wifi doesn't work. but due to the link i've been posting, i still hope, it will work (not for injection, but monitor mode will). I hope someone will test it.
You Can Monitor And Inject With Linux On Universal Using ACX Kernel Module And AIRCRACK-NG Toolset.
great, this is all i was wanted to read. Now I'm going to buy me one universal. I hope I can come back to you with questions if i have problems to set up the device.
OllieD said:
You Can Monitor And Inject With Linux On Universal Using ACX Kernel Module And AIRCRACK-NG Toolset.
Click to expand...
Click to collapse
How does one do this?
seattleweb said:
How does one do this?
Click to expand...
Click to collapse
Disregard this... I was running an older kernel and have since upgraded my install to one with a 2.6.21 kernel
OllieD said:
You Can Monitor And Inject With Linux On Universal Using ACX Kernel Module And AIRCRACK-NG Toolset.
Click to expand...
Click to collapse
Exactly!
Very interesting: exactly for the same target I will buy an HTC UNi too.
So, that can be our topic: two penetration tester, one topic, and HTC Universal
DOMy

[Q] Direct communication with other Android device?

I'm working to develop an application to use a rooted Nook STR as a handheld data input platform, which then sends the data to another Android device (tablet or phone; TBD) acting as a hub. From what I've been able to determine, the options for communications between the devices are:
Bluetooth
-Possibly available using a dongle, USB OTG cable, and enabling USB host mode as described here. This doesn't seem practical within the time/budget/scale of our application.
Wi-Fi
-Wi-Fi Direct would be ideal, but requires either Android 4.x or a patch/hack to enable it, which I haven't seen anyone working on (correct me if I'm wrong about this)
-Separate Wi-Fi hub to manage communications between the devices
Is there an alternative, implementable within reasonable time and cost, to facilitate device-to-device communications wirelessly and without additional separate hardware? My research hasn't turned up any solutions that aren't extremely awkward, but I'm relatively new to this, so hopefully someone has a better idea or knows of an obvious possibility that I'm missing.

List of phones supporting monitor mode and injection with internal wireless

Hi,
I'm planning to buy a phone to install Kali Nethunter.
I'd like to use Nethunter for wardriveng , so I know I'll need a wireless adapter supporting promiscuous / monitor mode, and possibly packet injection.
Is there a list of phones that support this operations with internal wireless?
Till now I understood Nexus5 can be configured to works in promiscuous mode, but I'm not so sure about other Netrunner compatible phone. Can you hel me?
Thanks
bye

Categories

Resources