c0rnholio

what you need:

- configured pcmcia_cs-3.1.31 source tree
- already running pcmcia card services (kernel or package, doesn't matter; mine is subversion 33)
- prism2 based card
- hermes based card

steps to compile and implement the drivers for the prism card:
- untar the airjack package
- go to the airjack-v0.6.2-alpha dir and type make
- copy the driver (airjack_cs.o) to your modules path
- run depmod
- plugin your prism card and have look in your /var/log/messages file
- find the corrosponding entry for your card type (mine is Intersil PRISM2 Reference Design 11Mb/s WLAN Card)
- edit your config (or wlan-ng.conf) file in /etc/pcmcia
- look for the string you found in messages for your card
- change the "bind" entry from "prism2_cs" or "orinoco_cs" to "airjack_cs"
- restart pcmcia card services
- plugin your card and type lsmod in your console (there should now be an entry airjack_cs)
- type ifconfig -a ; there should now be an interface called aj0
- if so, your done with the first part, if not have a look on your logfile for info

steps to compile and implement the patched drivers for the orinoco card:
- copy the /airjack-v0.6.2-alpha/patches/orinoco.c.patch to /usr/src/pcmcia-cs-3.1.31/wireless/
- patch the driver using: patch -p0 < orinoco.c.patch
- in the /usr/src/pcmcia-cs-3.1.31/wireless/ directory type "make"
- if something goes wrong, make sure that you have previously configured your pcmcia source tree by doing a "make config" in the pcmcia-source dir
- after the drivers are compiled, copy them to your modules dir (be sure to make a backup of your working drivers)
- run depmod again
- restart your pcmcia card services and plugin your orinoco card
- check with lsmod and in /var/log/messages that the correct drivers have been loaded
- if so, your done, if not check everything again

compiling the airjack tools:
- change to /airjack-v0.6.2-alpha/tools/ and type "make"
- after compilation type "make monkey-jack" (you can also edit the makefile to make the last two steps one)
- when all tools are compiled, try to use ./setmac <interface name> <mac address> and look if the mac address of your orinoco card has changed, if so, everything is fine now

using the airjack tools:
- plugin both cards (prism2 and orinoco)
- go to your airjack/tools dir (or whereever you cp'd the binarys) and play around with the tools
- bring up the interface aj0
example: ./wlan_jack -b xx:xx:xx:xx:xx:xx -c 11 -i aj0
the xx is for the mac of your access-point
if you type ./wlan-jack (or the other ones) you get the usage hints

recommendation: read the powerpoint presentation of abaddon; it contains useful hints
if you got still problems, just ask, i'll see if i can help you

cheers

c0rnholio

abaddon

yeah, well the code is quite clearly thrown together in a hurry (but i did disclaim that in the docs for it)...

that functionality will be added to the linux kernel if you have the patience to wait on my new driver (give me a couple months), but when im finished it will work on aironet lucent and prism2 cards (thats pretty much any 802.11b card you could have)...

around the same time i should be able to have something going to break leap, pptp, and ipsec with shared secret...

--Abaddon

abaddon

any version should really do, you'll just have to change it in the make file...

abaddon

mind if i snag that and put it in the docs dir (with your name still on it of course)?

--Abaddon

c0rnholio

very nice piece of code
thx for this. also the ppt is great, the arguments are the same i use in my presentations, but the tools are realy cool...some kinda funny to watch the clients disconnect, and doing the "man in the air" stuff

cheers

PS: i hope i didn't miss something on my step-by-step guide

abaddon

i wouldnt count on the package working well with cygwin, primarily because the drivers will not work under windows, the author (im sorta close to him) has no plans on such a port (though others are welcome if that sort of things apeals to them)...

*shrug* sorry guys, but i simply do not have enough time to do this for windows...

maybe something like a bootable linux iso with a frontend is in order...have your cake and eat it too so to speak...

anyways back to work...

--Abaddon

c0rnholio

thx man, feel free to use it
keep on that good work

abaddon

im glad its working for you, to be honest its not really tested much outside of my lab, and then only on my dell laptop, so im glad the code is functional for other people...

there is an arm port that ive been meaning to put up there and ive heard that someone has made a qt front end that fits perfectly into the new ipaq familiar graphics frontend...

--Abaddon

p.s. so does this mean i have your permision to quote you on the howto in the docs?...

abaddon

cool thanks...

--Abaddon

c0rnholio

from the CVS Devel-Changelog:

Added detection of deauthentication packets

means, the airjack tools will be discovered...kismet is now a wireless scanner, sniffer and now becomes portions of a wireless ids

this really rocks....

__________________
You mean...there is life outside my lab?

JimmyPopAli

I'm wondering what's coming next, hopefully it'll be module support.

abaddon

you're really wasting your time if thats all you'
re looking for, problem is that real access points really do send out these frames, they are there for a reason, airjack doesnt do anything out of spec in that attack, its the 802.11 standard thats the problem...if these so called ids abilities are only looking for the existance of the frame, then they are not going to do anything but give false positives till you are blue in the face...

--Abaddon

c0rnholio

well, first of all i think that decoding pakets to see whats going is not waste of time and hey, if things like this is all i were looking for, then i've probably never touched a linux system (i think you know what i mean)
i know that normal 802.11b managment traffic includes deauth and deass paket, but under normal circumstances there wouldn't be a deauth or deass storm...and that's what i think he implemented..just detecting flood's of this type.
but we'll have to wait until he finished work on that to say more about this, since it's still devel-code
btw, mike have never stated it's an ids, that was just my interpretation..because i needed to find a name for what i think it is...

however, i'm curious on the next release of your tools, and also curious of the things mike will implement next...

cheers

__________________
You mean...there is life outside my lab?

abaddon

true a storm of them wouldnt be normal network traffic, but i can do a great deal of damage with just a handfull (7 or less, sometimes as few as one), that would look exactly like an AP (and yes many AP's regularly deauth or disassoc stations for various reasons)...im not saying he's wasting his time, im just saying that you should be careful before you go so far as to consider that an IDS, you need alot more than that if you want a real IDS...

as for the next things i'll be coming out with im working on one driver to work on all three 802.11b card types and will support normal modes of operations (infrastructure, adhoc, and host-AP)...these will be linux drivers, they will run in 802.11b native mode (not imulating ethernet)...the best part is they will offer airjack type abilities and should be much more stable than the first proof of concept code i have up there right now...one last thing to look for is for me to have my cvs servers back online so i can have some real development going on (ive been moving into a new house and all my servers have been offline)...

as for kismet, im interested in what he's working on next as well, its a cool program maybe in the future we could see a joint project of some kind (no sense in everyone working on the same goals in different directions)...

--Abaddon

p.s. if you dont know what we're talking about, check this page out...
http://802.11ninja.net

c0rnholio

true a storm of them wouldnt be normal network traffic, but i can do a great deal of damage with just a handfull (7 or less, sometimes as few as one), that would look exactly like an AP (and yes many AP's regularly deauth or disassoc stations for various reasons)...im not saying he's wasting his time, im just saying that you should be careful before you go so far as to consider that an IDS, you need alot more than that if you want a real IDS...

ack! i totally agree with you in that point...(i've already implemented commercial ids's so i know what it's about ...horrible sometimes, but that's another sad story)

as for the next things i'll be coming out with im working on one driver to work on all three 802.11b card types and will support normal modes of operations (infrastructure, adhoc, and host-AP)...these will be linux drivers, they will run in 802.11b native mode (not imulating ethernet)...the best part is they will offer airjack type abilities and should be much more stable than the first proof of concept code i have up there right now...one last thing to look for is for me to have my cvs servers back online so i can have some real development going on (ive been moving into a new house and all my servers have been offline)...

sounds cool....i wish i could contribute something to those projects, but i'm to lame to do professional coding...maybe when i have more time, i'm gonna read all the books about coding perl, c, c++ i've already bought, and that are currently only wasting space in my bookshelf

as for kismet, im interested in what he's working on next as well, its a cool program maybe in the future we could see a joint project of some kind (no sense in everyone working on the same goals in different directions)...


yeah, sound nice too...could be a great merge

see ya

__________________
You mean...there is life outside my lab?