This is an old revision of the document!
Starting with kernel 2.6.25, zd1211rw is a mac80211 driver. As a result, the installation/patching procedure is now slightly different from what it was before. This tutorial works with kernel 2.6.27 and up. Injection on 2.6.25 and 2.6.26 requires a slightly different procedure (using compat-wireless-old).
The usual mac80211 rules apply.
Tutorial taken from http://forum.aircrack-ng.org/index.php?topic=5334.0
This tutorial will explain how to achieve injection under linux with the Zydas 1211 and 1211b chip (also known as AR5007UG) seen nowadays on many USB Wireless devices. It's currently only being tested under Ubuntu 9.04, but it should work with the majority of the latest kernels and various distributions.
We will not be compiling our kernel in order to gain injection, instead we'll opt for compat-wireless. Let's begin with the steps.
1. Go to http://wireless.kernel.org/download/compat-wireless-2.6/ and download the latest version of compat-wireless and untar the package: tar xfj compat-wireless-2.6.tar.bz2 2. Next up, cd to your /path/to/compat-wireless directory and download the patch required for injection: http://patches.aircrack-ng.org/zd1211rw_inject_2.6.26.patch and the mac80211 patch for higher injection speed here: http://patches.aircrack-ng.org/mac80211_2.6.28-rc4-wl_frag+ack_v3.patch . Visit the mac80211 wiki page for details.http://www.aircrack-ng.org/doku.php?id=mac80211 3. Apply the patch by patch -Np0 -i zd1211rw_inject_2.6.26.patch. If successful, the screen will return:
patching file drivers/net/wireless/zd1211rw/zd_mac.c Hunk #1 succeeded at 191 (offset 32 lines). Hunk #2 succeeded at 666 (offset -18 lines).
4. Apply the mac80211 patch by: patch -Np1 -i mac80211_2.6.28-rc4-wl_frag+ack_v3.patch. A successful patching will yield similar output.
Note: the zd1211rw_inject_2.6.26.patch and mac80211_2.6.28-rc4-wl_frag+ack_v3.patch files must be in your compat-wireles-xxxx-xx-xx directory while patching, otherwise you will be asked to provide the full path of the file which needs to be patched, example: /home/user/compat-wireless-xxxx-xx-xx/drivers/net/wireless/zd1211rw/zd_mac.c
5. The injection patch now is applied and we are ready to compile our driver, type make for the process to begin and wait for few minutes to complete. 6. Barring any errors, next up is installing, make install 7. Now that the newly compiled driver is installed, we are ready to use it but before that we have to unload the old driver by typing make unload 8. To load the new driver, you could either issue make load, or modprobe zd1211rw 9. That's it! This concludes the zd1211 injection tutorial. You should now be able to inject. Test your USB device, by setting it to monitor mode (airmon-ng)
# aireplay-ng -9 mon0 14:39:59 Trying broadcast probe requests... 14:39:59 Injection is working! 14:40:01 Found 1 AP 14:40:01 Trying directed probe requests... 14:40:01 00:00:00:00:00:00 - channel: 11 - 'LINKSYS' 14:40:01 Ping (min/avg/max): 0.687ms/17.616ms/33.327ms Power: 0.00 14:40:01 30/30: 100%
Known issues at this point: -Unsupported fragmentation attack. -Inactive singal power levels.
Feedback and notes welcome.