rtl8852au icon indicating copy to clipboard operation
rtl8852au copied to clipboard

Published 20 hours ago verified publisher icon lwfinger

Injection mode not work

Open dovandung opened this issue 2 years ago • 15 comments

Can not transmit deauther packet

dovandung avatar Nov 15 '22 15:11 dovandung

There are two files need to modify for injection working : rtw_xmit.c and drv_conf.h 1/ In drv_conf.h : uncomment line 148 #ifdef CONFIG_WIFI_MONITOR define CONFIG_MONITOR_MODE_XMIT #endif 2/ in rtw_xmit,c : modify funtion rtw_monitor_xmit_entry from line 5996

if (likely(skb)) rtw_mstat_update(MSTAT_TYPE_SKB, MSTAT_ALLOC_SUCCESS, skb->truesize);

#ifndef CONFIG_CUSTOMER_ALIBABA_GENERAL if (unlikely(skb->len < sizeof(struct ieee80211_radiotap_header))) goto fail;

_rtw_open_pktfile((struct sk_buff *)skb, &pktfile);
_rtw_pktfile_read(&pktfile, (u8 *)(&rtap_hdr), sizeof(struct ieee80211_radiotap_header));
rtap_len = ieee80211_get_radiotap_len((u8 *)(&rtap_hdr));
if (unlikely(rtap_hdr.it_version))
	goto fail;

if (unlikely(skb->len < rtap_len))
	goto fail;

#ifdef CONFIG_MONITOR_MODE_XMIT len -= sizeof(struct ieee80211_radiotap_header); rtap_len -= sizeof(struct ieee80211_radiotap_header);

while(rtap_len) {
	consume = rtap_len > sizeof(dummybuf) ? sizeof(dummybuf) : rtap_len;
	_rtw_pktfile_read(&pktfile, dummybuf, consume);
	rtap_len -= consume;
	len -= consume;
}

#else /* CONFIG_MONITOR_MODE_XMIT */ if (rtap_len != 12) { RTW_INFO("radiotap len (should be 14): %d\n", rtap_len); goto fail; }

_rtw_pktfile_read(&pktfile, dummybuf, rtap_len-sizeof(struct ieee80211_radiotap_header));
len = len - rtap_len;

#endif #endif

dovandung avatar Nov 22 '22 04:11 dovandung

run 'git diff > injection.txt' and attach injection.txt to this issue.

lwfinger avatar Nov 22 '22 16:11 lwfinger

Indeed, @dovandung, could you please create a readable diff so as to apply it correctly?

mitsukuri avatar Apr 27 '23 15:04 mitsukuri

Anyway, not sure if I patched those files right, but I do get injection is working in aireplay-ng -9 <device>.

But immediately after that the device goes into state DOWN mode DORMANT as per ip addr and then upon trying to bring the link up my machine (Ubuntu 20.04) would just hard freeze until I hit reset.

mitsukuri avatar Apr 27 '23 16:04 mitsukuri

Do you have a caps lock light? Is it flashing? If so, you probably did not patch the source correctly.

lwfinger avatar Apr 27 '23 17:04 lwfinger

Yep, I have one, it's not turning on neither flashing when the machine locks up.

Should also note that trying to bring the interface up via ip link set ... doesn't hang it up (but doesn't work either), while turning the interface off and then on via ubuntu network settings gui does.

mitsukuri avatar Apr 27 '23 20:04 mitsukuri

Why not create a patch or merge to the code?

estuaco avatar Jun 11 '23 04:06 estuaco

I have used the attached patch file. I have changed the line

consume = rtap_len > sizeof(dummybuf) ? sizeof(dummybuf) : rtap_len;

for:

int consume = rtap_len > sizeof(dummybuf) ? sizeof(dummybuf) : rtap_len;

because the compiler complains about an undeclared symbol (consume).

I have built the driver on two laptops without problems. It seems that the monitor mode works on both but the injection test and the deauth attack only work on one of them.

injection_patch.txt

JeCuRoz avatar Aug 03 '23 10:08 JeCuRoz

Hi, is this fixed? I still can't get my Archer TX20U Plus working on injection mode. Please help

hyekalhitech avatar Jan 02 '24 09:01 hyekalhitech

I have used the attached patch file. I have changed the line

consume = rtap_len > sizeof(dummybuf) ? sizeof(dummybuf) : rtap_len;

for:

int consume = rtap_len > sizeof(dummybuf) ? sizeof(dummybuf) : rtap_len;

because the compiler complains about an undeclared symbol (consume).

I have built the driver on two laptops without problems. It seems that the monitor mode works on both but the injection test and the deauth attack only work on one of them.

injection_patch.txt

@JeCuRoz can you share your patch file ? Not the .txt one, the one that I can use to copy and paste it inside the folder directly without doing some modification on the file (coding) since my parrot doesn't have coding programs to run and edit plus Im not familiar with this coding.

Thanks! @lwfinger @JeCuRoz @dovandung

hyekalhitech avatar Jan 02 '24 09:01 hyekalhitech

Yep, I have one, it's not turning on neither flashing when the machine locks up.

Should also note that trying to bring the interface up via ip link set ... doesn't hang it up (but doesn't work either), while turning the interface off and then on via ubuntu network settings gui does.

Yep, I have one, it's not turning on neither flashing when the machine locks up.

Should also note that trying to bring the interface up via ip link set ... doesn't hang it up (but doesn't work either), while turning the interface off and then on via ubuntu network settings gui does.

HI @mitsukuri can you share the patch file ?

hyekalhitech avatar Jan 02 '24 09:01 hyekalhitech

For vendor drivers such as this, I do not do feature debugging. It is all I can do to make sure that the driver will compile on modern kernels. Realtek does not support them either, even to fix build errors.

lwfinger avatar Jan 02 '24 16:01 lwfinger

For vendor drivers such as this, I do not do feature debugging. It is all I can do to make sure that the driver will compile on modern kernels. Realtek does not support them either, even to fix build errors.

Hi @lwfinger , I already update the necessary file and make the patch file for it separately, I've tested it on Kali, Parrot & Blackarch and the injection mode is working now. Thank you to you and all for sharing.

https://github.com/hyekalhitech/ArcherRTL8832AU

hyekalhitech avatar Jan 03 '24 15:01 hyekalhitech

If you make the patch file available, I will add it to this repo.

lwfinger avatar Jan 03 '24 15:01 lwfinger

If you make the patch file available, I will add it to this repo.

Yes it is available on my repo. Sure you can add it.

hyekalhitech avatar Jan 03 '24 16:01 hyekalhitech