Handy Sniffer discussion - Networking

Moved discussion from "Controller for TNETWLN" thread.
Handy Sniffer is next step of TNETWLN controller. As yet this sniffer can enable unofficial promiscuous mode only for TNETWLN WiFi adapters ("TNETWLN1", TNETW1250 chip with SDIO interface). For other adapters sniffer supports only standard system query for On/Off promiscuous mode (most adapters does not support this request). As I know standard driver for TIACXWLN also does not support promiscuous mode... If TIACXWLN from Athena supports promiscuous mode... congratulations.

Anyone had any look with HTC Wizard? Installed OK and dnt get any errors however doesnt seem to sniff anything apart from the AP im connected to.
Cheers

How do you test it?
1. Prepare WiFi adapter (disable Power Save mode!)
2. Swith on and connect adapter to network
3. Select adapter in Sniffer ("TNETWLN1")
4. Check menu "Extended TNETWLN"
5. Check menu "Promiscuous Mode"
6. Start of packet capture

What is the best PDA that works for this Handy Sniffer? Can you recommend one?

FujitsuSiemens LOOX C550 and N560 have TNETWLN built-in WiFI adapter. They are supported by HSniffer and they have powerful processors (Intel 500/600 MHz). You can use sniffer with any adapter that supports promiscuous mode.

Second test on HTC Kaiser - working. I must retst it on HotSPot place.

AlexB said:
4. Check menu "Extended TNETWLN"
Click to expand...
Click to collapse
Hi Alex, great work!
i'm trying handy sniffer with my Trinity, but i can't see "Extended TNETWLN" menu option, but only "promiscuous mode". What's wrong?
Anyone got successful with Trinity?
Thanks!

after following alex suggestion with a key into registry, i think i'm actually sniffing my network with my trinity. Anyway, i still don't see the extended TNETLWN menu (is it that important? ). I'm using a Trinity with Lasagna rom.
Thanks Alex!

Hi everybody,
I know about normal working of sniffer (promiscuous mode) on next devices:
1. FujitsuSiemens LOOX N520, C550, N560
2. Qtek 9100
Has anybody success with other devices or problems on these?

Hi everybody
ItalianTytan mentiond a RegistryKey for the trinty. Could you please post this hack?
i'm using as well a trinty and i'm only able to sniff my own networktraffic although im in the promiscuous mode.... btw i don't see the extendet menu either...
thx for you suggestion and the answer :-D
so long
konto

hi !!
i'm using a qtek9100.
when i select extended mode, a message tell me "disable the power save mode before adaptater ON"
what's that mine?
thanks!!

How can I convert the HEX packets to Text? Any apps available?
Thanks in advance for your help!

so it works on the tmobile mda? can you capture ivs? where is the developers webpage?

http://winm-soft.atspace.com/

Related

Debuging via LAN

Hi
It seems that CF 2.0 misses the ability to debug software via a LAN connection. Anybody found a Hack how to get it working again?
I have a LAN Dependend Application in the works and this drives me crazy - with old evc4 it is no problem at all.
Must be some security tweak??
BR
Daniel

Ethernet adapter in monitor mode ?

Hi all!
Does anybody managed it by editing the .dll (or some other way) to set the tiacxwln ethernet adapter (HTC Universal running Windows Mobile 5.0) to monitor mode?
Regards, tom.
Hi spratelboing,
Did you ever figure out how to put tiacxwln.dll into monitor mode?
Unfortunately not. That's what I'm looking for in many forums without getting any answers.
Seems like nobody wants (or can) to help.
If you will figure it out PLEASE let me know:
[email protected]@arcor.de
Thanx and good luck.

Controller for TIACXWLN

Hello all.
Experimental version of custom mode controller for TIACXWLN built-in adapters
is located at http://winm-soft.atspace.com
Who is interested may test it...
Hello AlexB.
I was trying to run your program on hermes with WM6 which according to wiki is equipped with TI chipset, I found references in registry to TIACXWLN drivers but unfortunately your custom mode controller don't want to work all I've got is "Cannot process memory block!........" after choosing yes "Cannot read configuration! It is possible device is off." but the wlan device is actually on. I'll send you my *.dmp files maybe you can manage to make it work on hermes.
I had been toying around with the custom mode driver and have had little success thus far. Another thread was started and I have since taken great interest in trying to achieve promiscuous packet sniffing on my Tytn. I believe the problem may lie within either the custom driver, tiacxwln.dll or the hardware itself.
A little more information...
Mode controller works (attempt) directly with adapter (ACX100, PCMCIA!!!), not with the driver (standard, not patched). Program extracts an address of adapter registers window from TIACXWLN driver (TIACXWLN1 device object) and next it enables some packet filters, executes commands and etc...
I have no new ideas now why it works badly on such built-in adapter (device process commands with success status)...
On Dell I receive all packets but sometimes only...
Alex is it possible for you to patch internal driver to use promiscuous mode and don't bother with custom controller?
The custom mode controller is probably the best way to go about activating promiscuous scanning, since it's affect can be made temporary. If this mode of packet scanning were always enabled, I believe it would not allow one to associate with an access point.
I've attached the dump files that were generated after the unsuccessful execution of tiacxwln_ctrl.. perhaps the author or someone else can derive a solution .
Hi, Alex.
I was looking for your tiacxwln_ctrl custom controller on your web site, http://winm-soft.atspace.com/ but I could only find TNETWLN and WCF-11 files. Has it been moved, or deleted? I'd like to try it on my HTC 8525 with WM6.
Walt
I've received a private request for the file that AlexB developed and had posted on his site winm-soft (it's no longer available) which is mentioned above.. it will not enable promiscuous scanning on the Hermes. I repeat, it is broken, it does not work. AlexB did a great job creating this hack, however I don't believe that it was ever intended to work with the 8525. If AlexB would be so kind as to provide his source then perhaps we would have a decent starting point to enable this feature, however anyone who would be interested in doing this would find 3 perhaps not so obvious hurdles.
1: The TIACXWLN.DLL driver needs to be hacked to enable monitor mode.
2: A program capable of capturing and storing .pcap files would be necessary at this point as the only program that I'm aware of capable of sniffing out weak keys is airsnort which only accepts pcap dumps.
3: The pcap file would be huge. ie - could quite possibly take up 1gb or more of a micro sd card.
Just my $.02. Comments are welcome. Now onto the file. Enjoy!
Hi everybody,
The TIACXWLN controller was developed (beta/gamma...) for Dell X51 PDA and program worked bad and it is discarded! That program got some pointers (parameters) from context parameters of standard tiacxwln driver... Standard driver in Dell and driver in HTCs are different... Some experience of controller development was used to make TNETWLN controller (also TexasInstr adapter)... All controllers try to enable only promiscuous mode (not monitor mode).
As yet there are no TIACXWLN promiscuous mode ideas and devices...
Now some ideas for TNETW1251 (with SDIO) exist.
Thanks for the clarification.
Alex, I don't understand your reluctance to release source code, unless you based it upon "inside knowledge" of someone's copyrighted code, in which case I understand completely. If (and I fit into this category myself from time to time) you are simply embarrassed by code that "worked bad and it is discarded!" then maybe you could release it to a small group of coders who would be able to make it work without a lot of public exposure.
My personal interest is simple. I have a Zaurus C3200 that I use to sniff out rogue access points on the networks I am responsible for. It's big and clunky, and only works on 802.11b networks, so I don't carry it all the time, whereas I *always* have my 8525 with me, and it will work on b/g.
As far as WEP cracking goes, with ARP injection you can get aircrack to find a key with files of around 1-2MB in size, so the pcap files would not be too big. Of course, as I understand it, you *would* need monitor mode for packet injection to work.
IMHO this is a valuable development work that should continue. I just wish I had the skills and time to do more myself!
Walt
About sources
Main idea of contollers is working in special modes in parallel with vendor driver/software (without patching and etc.). All information, command structures and register constants was extracted from: http://acx100.sourceforge.net/
Who is intersted in building of new TIACXWLN driver should analize these sources. There are many commands and constants in these sources but controller used only Packet Filter command. All that the controller needed was address of mapped window of registers (it was stored in vendor driver context)... TIACXWLN adapter on Dell X51v processed these asynchronous commands with success (by response) but vendor driver was as post-processor any commands...
Commands are used by controller (details see in Linux driver (acx_struct.h)):
1) ACX1xx_CMD_INTERROGATE (IE_RXCONFIG)
2) ACX1xx_CMD_CONFIGURE (IE_RXCONFIG, RX_CFG1_RCV_PROMISCUOUS)
...
Hi, thanks to Lancealot for upload this file.
I install this controll driver in my HTC Universal (Universal have Wi-Fi chip from same corporation as TyTN: tiacxwln).
But this controll utility is not work on my UNiversal :-(
That setings promiscous mode, so Universal is freezed :-(
Anybody have any ideas ?
* Please excusive my for my bad english, thanks.
Hi Alex
I hv Sedna and have the discvussed Wi Fi driver..My problem is that it connects to wi fi router (g) but I cannot surf..most of the times I have to on/off and it works, but after long periods it disconnects.I hope this will solve the problem, also if u can suggest any guidance,I will b greatful
AlexB does your sniffer allow you to capture wifi traffic in all channels?
Hi,
Sniffer captures "adapter driver <-> protocols stack" packets...
Standard driver of WiFi adapter returns packets only after connecting to some network therefore sniffer gets traffic from one network on some channel... In promiscuous mode adapter gives user packets with foreign destination address.

Bluetooth networking on Windows Mobile 5

Hi
I have been searching for a way to get Bluetooth Networking up between my Laptop(WIDCOMM STACK) and rw6828(WM5). But couldnt get it done.
I have Paried both Laptop and 6828. ActiveSync is up and working fine.
I want to have a bluetooth networking enabled between the laptop and 6828 so that I can use VNC client to control the PC through bluetooth network without having Activesync. But when I read the PC i could see only Serial Port, ActiveSync and Dialup Networking. I couldnt see Network Access.
I could get few links on the net but all of them are representing WM2003.
Does WM5 support this kind of configuration?
Can any one direct me to a step-by-step guide?
Thanks in advance
Can anyone let me know how to enable the networking on Bluetooth+WinXP+WM5?
hi parakash , i think i know you , do you work in garment sector.
anyway after pairing the device with the laptop, you have to connections
and you will find your laptop name there, just follow the line.
Hi Solo
Thanks for the reply. I could Pair with my laptop successfully. But couldnt find Network Connections there after. So wondering if this feature is support on WM5?
BTW I m not in Garment sector.
Portable 3G/HSDPA WiFi Router
Is anyone aware of such an item?
Ideally incl a car charger?
Or is it is possible to turn a WM5/WM6 phone into a portable WiFI AP ?

To AlexB: Promiscuous mode on TNETW1251 possible?

Hi AlexB,
I've seen on your site your great work for the TNETWLN built-in adapters.
I've read in one of your posts that it's for TNETW1250 chipset
I was wondering if could it be possible for you to implement a custom controller for TNETW1251 also that will support promiscuous (and possibly monitor) mode...
Hope this request does not broke this forum rules (I'm new here)
many thanks in advance

Categories

Resources