User Tools

Site Tools


zd1211rw

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
zd1211rw [2007/10/23 21:04] – typo: /usr/scr/linux -> /usr/src/linux mister_xzd1211rw [2018/03/11 19:04] (current) – Removed unusable instructions mister_x
Line 1: Line 1:
-====== zd1211rw ======+====== DEPRECATED ======
  
-This driver supports the zd1211 and the newer zd1211b chipsets by Zydas.+**IMPORTANT NOTE**: This page is deprecated, updated documentation can be found [[install_drivers|here]]
  
-The older zd1211 chipset only partially supports injection.  Any injection which requires the device to receive a packet does not work correctly.  So the fake authentication, chopchop, and fragmentation attacks plus injection testing do not work.  Other basic functions such as monitor mode and the remaining attacks work.+====== zd1211rw ====== 
 +authored by sleek
  
-The new zd1211b chipset fully supports all functions.+**Review and injection tutorial**
  
-The zd1211rw driver has been incorporated into the latest kernels So you will have to patch the kernel source to obtain injection support This is described below in detail.+The ZyDAS zd1211 and zd1211b (//also known as AR5007UG//) chips are one of the most distributed wireless b/g chips in the marketThey are also the cheapest, on eBay, you can get one for about 5-6USD shipping included. In the same time, these chips are very stable, with excellent range and sensitivity, both under Linux and Windows and you can purchase one with or without an external antennaThe [[http://linuxwireless.org/en/users/Drivers/zd1211rw|zd1211rw]] driver, which covers the chips under linux is very well built, offering reliable wireless connectivity as well as injection and monitoring support via aircrack-ng's utilities.
  
-The following links may be helpful to you to learn more about the driver and which devices are supported by it:+The zd1211rw was included in mainline kernel 2.6.18 as a softmac driver, known to be notoriously unstable and heavily crippled in terms aircrack-ng support. Things turned for the better when the zd1211rw was ported as mac80211 driver since kernel 2.6.25, a move which led the zd1211rw to gain excellent support for injection and monitoring. 
  
-  * [[http://sourceforge.net/projects/zd1211/|Sourceforge zd1211 project]] +The only unsupported function is the fragmentation "-5" attackA bug in the firmware prevents thatThe frag attack is not mandatory for the zd1211rw driver to inject or capture packets, it's only one of the many attacks designed to penetrate WEP encryption.
-  * [[http://zd1211.wiki.sourceforge.net/|ZyDAS ZD1211 802.11b/g USB WLAN chipset Linux drivers Wiki]] +
-  * [[http://www.linuxwireless.org/en/users/Drivers/zd1211rw/devices|Supported Zydas ZD1211 devices]]+
  
 +Overall, its a great all-purpose chip to have for wireless auditing and general connectivity.
  
 +====== Patching ======
 +To enable injection, we'll have to patch the driver first.
  
 +==== Modern kernels ====
 +For modern kernels, good results can be obtained even when sticking closely to stock kernels.
  
-===== Patching zd1211rw ===== 
  
-This section will describe how to patch your driver for injection There is quite a bit of variation between distributions so this describe the general steps you must take You will have to tweak the instructions for your specific distribution and kernel version It assumes a reasonable level of unix knowledge and experience.  If you don't have this, ask a friend to help you out.   If you can't follow these instructions then you should not be messing with your kernel.  Don't post to the [[http://forum.tinyshell.be/|Forum]] asking for detailed instructions.+=== Kernel 2.6.34 - 2.6.38 ===
  
-You will need to have your kernel headers and full source already installed on your system. See [[zd1211rw#installing_fedora_kernel_headers_and_source|Installing Fedora kernel headers and sources]] below for how to do this on Fedora.+**1.** cd into your kernel sources
  
-Copy contents of **/usr/src/linux/net/ieee80211** to a safe place. This is so you can recover if things go bad or if you want to apply a new version of the patch.+**2.** Apply the patch
 +  wget -O - 'http://patches.aircrack-ng.org/zd1211rw-inject+dbi-fix-2.6.26.patch' | patch -p1
  
-Copy contents of **/usr/src/linux/drivers/net/wireless/zd1211rw** to a safe place. This is so you can recover if things go bad or if you want to apply a new version of the patch.+**3.** Recompile and reload the driver as usual. Refer to your distro's kernel compilation documentation if necessary.
  
-Download and expand the latest version of the aircrack-ng suite to obtain the patches or download the from [[http://patches.aircrack-ng.org/|here]]. Typically, you will need the svn version to have best patches. Please note that the patch names might change so you may have to adjust the version numbers in the next few steps.+==== Legacy kernels ==== 
 +On old kernels, you need to use the compat-wireless approach. 
 +The most frequent road block you'll stumble upon is compilation errors with compat-wireless. They're not necessarily **//your//** faultEvery now and then compat-wireless tar balls are released with compilation errors which are subsequently fixedIf this happens to you, simply download and install a version from the previous day or two.
  
-Copy zd1211rw_inject_2.6.22.patch to **/usr/src/linux/**+=== Kernel 2.26.24+ ===
  
-  cd /usr/src/linux/+**1.** Go to http://wireless.kernel.org/download/compat-wireless-2.6/, download the latest version of compat-wireless and untar the package: **tar xfj compat-wireless-2.6.tar.bz2**
  
-NOTE: In the following linesverbose and dry-run have a double dash in front of them. +**2.** Next up**cd to your /path/to/compat-wireless** directory and download the patch, required for injection: [[http://www.zlaten.biz/tmp/zd1211rw-inject+dbi-fix-2.6.26.patch|zd1211rw-inject+dbi-fix-2.6.26.patch]], the fixed channel patch, [[http://patches.aircrack-ng.org/channel-negative-one-maxim.patch|channel-negative-one-maxim.patch]] and the [[http://patches.aircrack-ng.org/mac80211.compat08082009.wl_frag+ack_v1.patch|mac80211.compat08082009.wl_frag+ack_v1.patch]] for higher injection speed. Visit the general [[mac80211|mac80211]] wiki page for details.
-  patch -Np1  --verbose --dry-run -i zd1211rw_inject_2.6.22.patch +
  
-If it was OK: +**3.** Apply the patches:
-  patch -Np1  --verbose  -i zd1211rw_inject_2.6.22.patch +
  
-Copy ieee80211_inject.patch to /usr/src/linux +  patch -Np0 -i zd1211rw-inject+dbi-fix-2.6.26.patch. 
-  patch -Np1  --verbose --dry-run -i ieee80211_inject.patch+  patch -Np1 -i mac80211.compat08082009.wl_frag+ack_v1.patch. 
 +  patch -Np1 -i channel-negative-one-maxim.patch. 
 +__Note:__ //the **xxxxx-xxxx-xxxx.patch** files must be in your compat-wireles-xxxx-xx-xx directory while patching, otherwise you will be asked to provide full path of the file which needs to be patched, example: /home/user/compat-wireless-xxxx-xx-xx/drivers/net/wireless/zd1211rw/zd_mac.c//
  
-If it was OK: +**4.** Patching is complete and we are ready to compile our driver, type **make** for the process to begin and wait for few minutes to complete.
-  patch -Np1  --verbose  -i ieee80211_inject.patch+
  
-**NOTE**: In the following lineschange "2.6.20-1.2944.fc6" to match your particular system.+**5.** Barring any errorsnext up is installing, **sudo make install**
  
-  cd /usr/src/linux/drivers/net/wireless/zd1211rw +**6.** Now that the newly compiled driver is installed, we are ready to use it, but before that we have to unload the old driver by typing **sudo make wlunload**
-  make -C /lib/modules/2.6.20-1.2944.fc6/build/ M=`pwd` modules +
-  cd /usr/src/linux/net/ieee80211 +
-  make -C /lib/modules/2.6.20-1.2944.fc6/build/ M=`pwd` modules+
  
-Now copy the new modules to the /lib/modules tree to be used.+**7.** To load the new driver, just type **sudo modprobe zd1211rw** or simply unplug and plug again your USB adapterReboot if you're unsure
  
-  cp /usr/src/linux/drivers/net/wireless/zd1211rw/zd1211rw.ko /lib/modules/2.6.20-1.2944.fc6/kernel/drivers/net/wireless/zd1211rw/zd1211rw.ko +**8.** That's it! This concludes the zd1211 injection tutorialYou should now be able to inject[[injection_test|Test]] your USB device, by setting it to monitor mode (airmon-ng)
-  cp /usr/src/linux/net/ieee80211/*.ko /lib/modules/2.6.20-1.2944.fc6/kernel/net/ieee80211/ +
-  cp /usr/src/linux/net/ieee80211/softmac/*.ko /lib/modules/2.6.20-1.2944.fc6/kernel/net/ieee80211/softmac/+
  
-And finally, rebuild the module dependencies. 
  
-   depmod -ae+  # aireplay-ng -9 mon0 
 +  14:39:59  Trying broadcast probe requests... 
 +  14:39:59  Injection is working! 
 +  14:40:01  Found 1 AP 
 +  14:40:01  Trying directed probe requests... 
 +  14:40:01  00:00:00:00:00:00 - channel: 11 - 'LINKSYS' 
 +  14:40:01  Ping (min/avg/max): 0.881ms/12.418ms/37.725ms Power: -53.83 
 +  14:40:01  30/30: 100% 
 +Voila ;-)
  
-At this point, the simplest method to bring up the new modules live is to reboot your system.+Known issues at this point
 +Fragmentation attack is not yet supported.
  
-If you have problems compiling zd1211rw, you can try: 
  
-   CONFIG_ZD1211RW=m make -C /lib/modules/`uname -r`/build M=`pwd` clean +=== Kernels 2.6.23 and lower ===
-   CONFIG_ZD1211RW=m make -C /lib/modules/`uname -r`/build M=`pwd` modules+
  
-===== Installing Fedora kernel headers and source =====+As mentioned above, kernels prior to 2.6.25 (2.6.2**4** with compat-wireless) are shipped with the softmac version of the driver which in its best day supports only half the functions, half the time. In other words, if you're stuck on an ancient kernel, you're pretty much out of luck. Your best bet is to either install a supported kernel, or utilize one of the many Live CDs with pre-configured settings for aircrack-ng.
  
-These instructions are specific to FedoraChange **2.6.20-1.2944.fc6** to the particular kernel version you have installed**uname -r** can help you   determine what is currently installed.+And if you're absolutely bent on installing the softmac driver on an old kernel, you can try [[http://www.zlaten.biz/tmp/zd1211rw-compat.tar.gz|this]] source codeBe warned, you'll be disappointed with the outcome.
  
-You need these packages already installed: +==== Troubleshooting ====
-  kernel-headers-2.6.20-1.2944.fc6 +
-  kernel-devel-2.6.20-1.2944.fc6+
  
-Running the command **rpm -qa | grep kernel** will show which kernel packages are installed.   +=== Couldn't load firmware. Error number -2 ===
- +
-If the headers and development packages are not already installed then obtain them from your favourite repository then: +
- +
-  rpm -ivh kernel-headers-2.6.20-1.2944.fc6.i386.rpm +
-  rpm -ivh kernel-devel-2.6.20-1.2944.fc6.i686.rpm (obtain i586 or i686 depending on your architecture) +
- +
-Alternatively, use **yum -y install kernel-headers"** and **yum -y install kernel-devel**. +
- +
-Now download and install the full kernel sources if they are not already on your system (This assumes you have downloaded this RPM from your favourite repository). +
- +
-  rpm -ivh kernel-2.6.20-1.2944.fc6.src.rpm  +
- +
-Change to the following directory: +
- +
-  cd /usr/src/redhat/SPECS +
- +
-Change "--target=i586" to the architecture of your system in the next line. +
-  rpmbuild -bp --target=i586 kernel-2.6.spec +
- +
-**NOTE**: Change references to versions to your specific version in the next few lines. +
- +
-  /bin/cp -a /usr/src/redhat/BUILD/kernel-2.6.20/linux-2.6.20.i586/ /usr/src/kernels/2.6.20-1.2944.fc6-i586/ +
-  ln -s /usr/src/kernels/2.6.20-1.2944.fc6-i586 /usr/src/linux +
- +
- +
-===== Recompiling Kernel with Loadable Modules ===== +
- +
-Some kernels incorporate the functionality built into the kernel.  If you want to change the zd1211rw and ieee802.11 to loadable modules, the following describes how to do this.  The source of this note is this [[http://tinyshell.be/aircrackng/forum/index.php?topic=1658.msg8736#msg8736|thread]] in the forum. +
- +
-These are the settings for menuconfig using 2.6.20-gentoo-r7, changing from kernel built-in to loadable modules for the purposes of these patches.  This will likely work as well on other distributions. +
- +
-First, change the appropriate items in menuconfig: +
- +
-   cd /usr/src/linux +
-    +
-   make menuconfig +
-    +
-   Networking ----> +
-   then set +
-   <M> Generic IEEE802.11 Networking Stack +
-   <M> Software MAC add-on to the IEEE 802.11 netowrking stack +
-   all other module capable IEEE 80211 items will have automatically set themselves to <M> +
-    +
-   Also check that: +
-   Device Drivers ----> Network device support ----> Wireless LAN (non-hamradio) ----> +
-   <M> ZyDAS ZD1211/ZD1211B USB-wireless support is also set to <M> +
-    +
-   Exit out and save the config +
- +
-Now apply the zd1211 and ieee80211 inject patches and recompile/install the kernel and modules. +
- +
-   Apply the zd1211 inject and ieee80211 inject patches as per patch instructions but only do the 4 patch -Np1  commands, in gentoo doing the make commands and copying all the files is unnecessary!! +
- +
-After the patches are applied, you can now recompile the kernel and modules with the following commands: +
- +
-   cd /usr/src +
-   make && make modules modules_install install +
- +
-Wait for it to finish and then reboot your system. +
- +
-Lastly, test your drivers and the injection patch. +
- +
- +
-===== Troubleshooting ===== +
- +
-===== General ===== +
- +
-Use "lsusb" to ensure your device is recognized.  For example, "ID 157e:300d" below is a Trendnet TEW-429UB zd1211b unit.  Sample lsusb output: +
- +
-   Bus 003 Device 003: ID 157e:300d   +
-   Bus 003 Device 001: ID 0000:0000   +
-   Bus 001 Device 001: ID 0000:0000   +
-   Bus 002 Device 001: ID 0000:0000 +
- +
-If your device is not listed then you first need to determine why and correct it. +
- +
-Use "dmesg" to ensure your device was properly loaded.  You may have do "modprobe zd1211rw" to cause the kernel module to be loaded.  Below is an example of the zd1211rw module being successfully loaded.  Sample dmesg output: +
- +
-   ieee80211_crypt: registered algorithm 'NULL' +
-   ieee80211: 802.11 data/management/control stack, git-1.1.13 +
-   ieee80211: Copyright (C) 2004-2005 Intel Corporation <jketreno@linux.intel.com> +
-   usb 3-1: reset high speed USB device using ehci_hcd and address 3 +
-   usb 3-1: firmware version 0x4810 and device bootcode version 0x4802 differ +
-   zd1211rw 3-1:1.0: firmware version 4725 +
-   zd1211rw 3-1:1.0: zd1211b chip 157e:300d v4802 high 00-14-d1 AL2230_RF pa0 ----- +
-   zd1211rw 3-1:1.0: eth1 +
-   usbcore: registered new interface driver zd1211rw +
- +
-Depending on the error messages in dmesg, take the appropriate action. +
- +
-Use "lsmod" and ensure the zd1211rw module is loaded. Below is a subset of the output from lsmod showing the zd1211rw in memory.  Notice there are other dependencies.  Sample lsmod output: +
- +
-   Module                  Size  Used by +
-   zd1211rw               52740  0  +
-   ieee80211softmac       35265  1 zd1211rw +
-   ieee80211              35784  2 zd1211rw,ieee80211softmac +
-   ieee80211_crypt        10112  1 ieee80211 +
- +
-A common problem on new kernels is that the new mac80211 version of the driver gets loaded instead of the older legacy driver covered on this page.  If that is the case, then you need to blacklist the modules by editing /etc/modprobe.d/blacklist and add the following then reboot: +
- +
-   #zd1211rw wireless drivers +
-   blacklist zd1211rw +
-   blacklist zd1211rw_mac80211 +
- +
-Also ensure that the time stamp on zd1211.ko module matches the date and time you compiled it.  Otherwise this may mean you are running the wrong version of the module. +
- +
- +
-===== Couldn't load firmware. Error number -2 =====+
  
 If dmesg has an error similar to the following: If dmesg has an error similar to the following:
Line 200: Line 96:
  
    - http://sourceforge.net/project/showfiles.php?group_id=129083    - http://sourceforge.net/project/showfiles.php?group_id=129083
-   - RPM for you distribution.  For example under fedora it is similar to  "zd1211-firmware-x.x-x.fcx"+   - RPM for you distribution.  For example under fedora it is similar to  "zd1211-firmware-x.x-x.fcx". On Gentoo, you can emerge net-wireless/zd1211-firmware . 
 + 
 +=== Why do I get ioctl(SIOCGIFINDEX) failed ? === 
 + 
 +If you get error messages similar to: 
 + 
 +  * Error message: "SIOCSIFFLAGS : No such file or directory" 
 +  * Error message: "ioctl(SIOCGIFINDEX) failed: No such device" 
 + 
 +Then [[faq#why_do_i_get_ioctl_siocgifindex_failedno_such_device|See this FAQ entry]]. 
 + 
 +===== Feedback =====
  
 +  * Instructions and discussion about the zd1211rw in the forum [[http://forum.aircrack-ng.org/index.php?topic=5334.0|here]]
 + 
zd1211rw.1193166287.txt.gz · Last modified: 2007/10/23 21:04 by mister_x