# aircrack-ng with ral0 driver



## Seeker (Oct 1, 2009)

After I execute:

```
# aireplay-ng -9 -e the_sid -a 00:CF:C6:8C:BB:F0 ral0
```
I get:

```
01:44:49  Waiting for beacon frame (BSSID: 00:CF:C6:8C:BB:F0) on channel 1
01:44:49  Trying broadcast probe requests...
01:44:49  Injection is working!
01:44:50  Found 1 AP

01:44:50  Trying directed probe requests...
01:44:50  00:CF:C6:8C:BB:F0 - channel: 1 - 'the_sid'
01:44:54  Ping (min/avg/max): 9.993ms/103.175ms/179.995ms Power: 31.67
```

Here I get 30 times this line:

```
wi_write(): Input/output error
```
And it ends with this:

```
01:44:54  30/30: 100%
```

Finally, when I proceed..., IVs never gets stored to file with further commands. Everything else works.


Now back to testing from start.
Is 
	
	



```
wi_write(): Input/output error
```
 result from interaction with ral0 driver?

This is my WiFi card:

```
ral0: <Ralink Technology RT2561S> mem 0xfebf0000-0xfebf7fff irq 17 at device 9.0 on pci0
ral0: MAC/BBP RT2561C, RF RT2527
```


----------



## richardpl (Oct 1, 2009)

http://trac.aircrack-ng.org/ticket/666


----------



## Seeker (Oct 1, 2009)

Thank you.
Now after I've downloaded it...
Against which file should I patch it?

freebsd.c file is mentioned in diff as target, BUT *locate freebsd.c* hasn't yielded exact match


----------



## DutchDaemon (Oct 1, 2009)

Run 'make' in the port directory and search in the work/ directory.


```
./aircrack-ng-1.0/src/osdep/freebsd.c
```


----------



## SirDice (Oct 2, 2009)

DutchDaemon said:
			
		

> Run 'make' in the port directory and search in the work/ directory.


It's probably better to run *make extract* then apply the patch. If you do a make the binaries will get build.

IIRC the order is something like:

```
make extract
make configure
make patch
make
```

Make extract will untar the source. Make configure will run a ./configure script. Make patch executes the patches in */files (at this point you can run your custom patches).


----------



## Seeker (Oct 2, 2009)

```
make extract
make patch
```
...was correct order.
I had to manually apply patch, as most probably second make changed target file.
Installed and ready for testing... 
Thanks guys!


----------



## Seeker (Oct 2, 2009)

After testing..., unfortunately..., everything remains same!

```
wi_write(): Input/output error
```


----------



## richardpl (Oct 2, 2009)

Dont use ports(you obviously made it completly wrong). Use the latest aircrack-ng version, and patch manualy.

To debug more, explore raw_xmit code for that chip (rt2560.c ?)

Set ral sysctl debug to 10 and you should see similar oputput like this on console:

```
"sending raw frame len=%u idx=%u rate=%u\n"
```


----------



## Seeker (Oct 2, 2009)

Duh!
MD5 of theirs version at official site is same as one in port tree.

Only SVN was left...
So I did:

```
svn co http://trac.aircrack-ng.org/svn/trunk aircrack-ng
```

And error occured:

```
# make
"Makefile", line 5: Need an operator
"Makefile", line 6: Missing dependency operator
"Makefile", line 7: Need an operator
"./common.mak", line 1: Need an operator
"./common.mak", line 3: Need an operator
"./common.mak", line 4: Need an operator
"./common.mak", line 6: Need an operator
"./common.mak", line 7: Need an operator
"./common.mak", line 9: Need an operator
"./common.mak", line 11: Need an operator
"./common.mak", line 13: Need an operator
"./common.mak", line 15: Missing dependency operator
"./common.mak", line 19: Need an operator
"./common.mak", line 22: Need an operator
"./common.mak", line 24: Need an operator
"./common.mak", line 25: Need an operator
"./common.mak", line 29: Missing dependency operator
"./common.mak", line 31: Need an operator
"./common.mak", line 33: Missing dependency operator
"./common.mak", line 35: Need an operator
"./common.mak", line 36: Missing dependency operator
"./common.mak", line 38: Need an operator
"./common.mak", line 39: Missing dependency operator
"./common.mak", line 41: Need an operator
"./common.mak", line 42: Missing dependency operator
"./common.mak", line 44: Need an operator
"./common.mak", line 45: Need an operator
"./common.mak", line 46: Need an operator
"./common.mak", line 47: Need an operator
"./common.mak", line 49: Missing dependency operator
"./common.mak", line 51: Need an operator
"./common.mak", line 53: Missing dependency operator
"./common.mak", line 55: Need an operator
"./common.mak", line 57: Missing dependency operator
"./common.mak", line 59: Need an operator
"./common.mak", line 61: Need an operator
make: fatal errors encountered -- cannot continue
```

This is now really to much hassle!
If I would succeed in this, then I would easily port it to freebsd too.

I will try ral0 debug with sysctl x(


----------



## richardpl (Oct 3, 2009)

gmake, not make


----------



## Seeker (Oct 4, 2009)

richardpl said:
			
		

> gmake, not make


That worked.
And seems that all functionality is working now.

However...
Installation passed and I get this:
Aireplay-ng *1.0* rc4 r1623

This bugs me a little bit.
rc4 stands for release candidate.
And as I know 1.0 has it's full and stable version already.
Release candidate means JUST before full and stable version will be released.
So...
Logically this would be ok if it would be:
Aireplay-ng 1.1 rc4 r1623
OR
Aireplay-ng 1.0.1 rc4 r1623

Am I missing something here?


----------



## richardpl (Oct 7, 2009)

You can use aircrack-ng from ports, just you will need to make new patch manually or edit manually after make extract and make patch but before make install clean.

What FreeBSD version are you using?

Recent 8.0 and CURRENT have disabled injection completly.


----------



## Seeker (Oct 7, 2009)

richardpl said:
			
		

> ...What FreeBSD version are you using?


FreeBSD 7.2-RELEASE-p4


> Recent 8.0 and CURRENT have disabled injection completly.


Reason? :stud


----------



## blah2 (Feb 21, 2010)

*Error: packet length < 30 bytes*

Thanks for help on building the working aireplay-ng version.. 

It is better but still it does not work for me on my rum0:


```
15:36:36  Waiting for beacon frame (BSSID: xx:xx:xx:xx:xx:xx) on channel Z
15:36:36  Sending Authentication Request (Open System)
15:36:36  Error: packet length < 30 bytes
```

Aircrack-ng docs give this hint: " It was due to the use of madwifi-ng with aircrack and aircrack-ng up to 0.2.1".

So... what is the problem about FreeBSD? (I use 7.2-RELEASE)


----------



## richardpl (Feb 21, 2010)

Seeker said:
			
		

> FreeBSD 7.2-RELEASE-p4
> 
> Reason? :stud



I completly forgot about this, injection is not disabled, it just needs AHDEMO instead of MONITOR mode, and driver patch is trivial, but nobody care ...


----------



## richardpl (Feb 21, 2010)

blah2 said:
			
		

> Thanks for help on building the working aireplay-ng version..
> 
> It is better but still it does not work for me on my rum0:
> 
> ...



It is more likely rum(4) issue. It is picky with TX.


----------



## dextro_ (Apr 4, 2010)

FreeBSD 8.0-RELEASE


```
# aireplay-ng -9 -e rebin -a 00:26:91:5B:7D:C1 wlan1
08:03:22  Waiting for beacon frame (BSSID: 00:26:91:5B:7D:C1) on channel 11
08:03:23  Trying broadcast probe requests...
08:03:24  No Answer...
08:03:24  Found 1 AP

08:03:24  Trying directed probe requests...
08:03:24  00:26:91:5B:7D:C1 - channel: 11 - 'rebin'
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
wi_write(): Input/output error
08:03:34   0/30:   0%

#
```


----------



## richardpl (Apr 4, 2010)

Did you asked something?


----------



## dextro_ (Apr 5, 2010)

Do I really need to spell it out for you? The command is issuing errors, lets focus on those.


----------



## richardpl (Apr 6, 2010)

Have you ever read this thread from start?


----------



## dextro_ (Apr 6, 2010)

About patching aircrack-ng and drivers? Yeah did that still get the errors.


----------



## richardpl (Apr 6, 2010)

How you did that?


----------



## Hategrin (Nov 21, 2011)

I'm going to be working on this tonight. My USB nic is the one below.....
RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter

I would like some more info on how to properly apply patches using the ports system as described earlier in this thread. I'll be googling around and looking at freebsd.org for an answer, but verification here would be of much help.


----------



## Hategrin (Nov 21, 2011)

The first step I'm taking is

`# portmaster net-mgmt/aircrack-ng`

Hopefully it just works. If not I'll be using portmaster to uninstall the port and then figure out how the hell I'm supposed to apply the patch, if it's even the right one. Heh.


----------



## Hategrin (Nov 21, 2011)

Would really like to see better aircrack support in BSD, JS.


----------



## adrian@ (Nov 29, 2011)

Hi,

If someone wants to see fixed aircrack-ng support in FreeBSD (and they know exactly what's broken in net80211 and the drivers in question) then please keep repeatedly poking me on the freebsd-wireless@freebsd.org mailing list.

I've not looked at raw injection at all; I've seen some posts which show that ahdemo is broken until you program in a (mostly ignored) SSID, or it somehow keeps scanning. If people give me patches to the documentation and code, I'll gladly review them and commit them to FreeBSD-HEAD.

I just unfortunately haven't the time to fix it myself. I'm knee (waist, head) deep in 802.11n work at the moment. That'll eventually involve raw injection of 11n frames (aggregate and otherwise) but I likely won't be there for quite a while.

Thanks!


Adrian


----------



## Seeker (Nov 29, 2011)

Just you stick to the *802.11n*.
It is definitely a higher priority.


----------

