Technical information about hacked drivers.

17hz · 03-31-2005

I have low level driver question. I was reading through RM0251.pdf (google it), PRISM Driver Programmers Manual; I noticed that there are two modes that can be used to retrieve unencrypted packets. Promiscuous mode and Monitor mode. The difference is that Promiscuous mode passes all RAW information (no matter who the sender or recipient) on a specific BSS; where Monitor mode does the same but for ALL BSS’s… (atleast that’s how I’m reading it.

In the definitions of both of these; there is no mention that the device cannot transmit while operating in these modes, however there is a type of error that would indicate that in Monitor mode you cannot transmit, the error is: ErrQual.NoTx 0x09 Attempt to transmit in Monitor only Mode. Does this mean that while in monitor mode you cannot transfer packets? Does this also mean that in Promiscuous mode you CAN transfer packets? Is this how the hacked drivers that are available are able to both receive unencrypted RAW packets AND use an injector application to send forged packets at the same time (by using promiscuous mode instead of monitor mode).

If you’ve been reading the Pocket PC forum you’d know that I’m asking this because I have plans to generate drivers for the pocket PC that would support a RAW 802.11 packet capture application. (Something that to this date has not been done for Pocket PC 2003). Does anybody here have experience modifying drivers to support receiving RAW packets and transmitting data at the same time? Any advice I could get would be greatly appreciated!

I’m posting this in the Linux forum because the only hacked drivers that are out there seem to be for Linux. (But not for long! If I can help it

)

-17Hz

KoreK · 03-31-2005

You could also try port 5 (undocumented afaik, BSS is port 1 - cnfPortType). In port 5 you see almost frames (control frames such as ack's are intercepted by the firmware). If I remember correctly, you don't see your own frames in promiscuous BSS, when they are retransmitted by the AP. That's what chopchop uses. No monitor/promiscuous mode. I just enabled "tx exception suppression" test mode, I thought it might help, but I am not sure it has any influence.
You can send frames in monitor mode. But I never got any good result. The firmware just keeps on stalling.
As for the windows drivers, I can't help you much.

03-31-2005	#1 (permalink)
17hz Registered Member Join Date: Mar 2005 Posts: 13	Technical information about hacked drivers. I have low level driver question. I was reading through RM0251.pdf (google it), PRISM Driver Programmers Manual; I noticed that there are two modes that can be used to retrieve unencrypted packets. Promiscuous mode and Monitor mode. The difference is that Promiscuous mode passes all RAW information (no matter who the sender or recipient) on a specific BSS; where Monitor mode does the same but for ALL BSS’s… (atleast that’s how I’m reading it. In the definitions of both of these; there is no mention that the device cannot transmit while operating in these modes, however there is a type of error that would indicate that in Monitor mode you cannot transmit, the error is: ErrQual.NoTx 0x09 Attempt to transmit in Monitor only Mode. Does this mean that while in monitor mode you cannot transfer packets? Does this also mean that in Promiscuous mode you CAN transfer packets? Is this how the hacked drivers that are available are able to both receive unencrypted RAW packets AND use an injector application to send forged packets at the same time (by using promiscuous mode instead of monitor mode). If you’ve been reading the Pocket PC forum you’d know that I’m asking this because I have plans to generate drivers for the pocket PC that would support a RAW 802.11 packet capture application. (Something that to this date has not been done for Pocket PC 2003). Does anybody here have experience modifying drivers to support receiving RAW packets and transmitting data at the same time? Any advice I could get would be greatly appreciated! I’m posting this in the Linux forum because the only hacked drivers that are out there seem to be for Linux. (But not for long! If I can help it ) -17Hz

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

03-31-2005	#2 (permalink)
KoreK Banned in DC Join Date: Jul 2004 Posts: 102	You could also try port 5 (undocumented afaik, BSS is port 1 - cnfPortType). In port 5 you see almost frames (control frames such as ack's are intercepted by the firmware). If I remember correctly, you don't see your own frames in promiscuous BSS, when they are retransmitted by the AP. That's what chopchop uses. No monitor/promiscuous mode. I just enabled "tx exception suppression" test mode, I thought it might help, but I am not sure it has any influence. You can send frames in monitor mode. But I never got any good result. The firmware just keeps on stalling. As for the windows drivers, I can't help you much.