Supported High Throughput Client Mode Radios

[Darren Kitchen]

Below is a list of supported and unsupported WiFi hardware for use with the WiFi Pineapple Mark V client mode (firmware 1.4.0+).

Background:

If you've been following this thread you may know that the Realtek wireless interface (wlan1) on the MK5 has a throughput limitation of 11 Mbps. This is due to the reference designs implementation.

Our development focus has been on stability, with the wlan0 interface intended to act as an access point while the wlan1 interface plays a supporting role as both monitor mode and frame injection. The later will come into play more with the coming Karma-NG update (code name Karmadactyl) set to address the ever changing wireless landscape. Edit: Now known as PineAP.

wlan1 is still capable of acting as a relay from a nearby AP (client mode) however the throughput is limited to 11 Mbps. This does not affect the MK5 when using Ethernet, Tethered Android or USB 3/4G Modem as the Internet gateway.

High throughput client mode can be achieved by using one of the approved external radios below. This list is not complete and will be updated as new hardware is tested. It is likely that if you come across similar hardware using a supported chipset, that hardware should work as well.

Manufacturer	Radio		Chipset			Status		Power Consumption

ALFA		AWUS036NHA	Atheros AR9271		Supported	100mA Average
ALFA		AWUS036H	Realtek RTL8187		Supported	?
TP-LINK		TL-WN722N	Atheros AR9271		Supported	170mA Average
TP-LINK         TL-WN721N       Atheros AR9271          Supported       ?
ALFA		AWUS036NEH	Ralink RT3070		Supported	160mA Average
ALFA		AWUS036NH	Ralink RT3070		Supported	?
Generic		Generic		Realtek RTL8188CUS	Unsupported	?
TP-LINK		TL-WN823N	Realtek RTL8192CU	Unsupported	?
TP-LINK		TL-WN725N	Realtek RTL8188EUS	Unsupported	?
ALFA		AWUS036NHR	Realtek RTL8188RU	Unsupported	?

Hak5 will soon offer a branded AWUS036NHA in the HakShop at cost for MK5 customers. In the future we hope to produce an integrated solution with a WiFi Pineapple sporting additional interfaces using the latest chipsets. Given the time and cost of development we do not expect this to be ready in 2014. As this project evolves we listed to your feedback closely and will make changes to the WiFi Pineapple product / ecosystem accordingly. Thank you so much for making this community what it is - we couldn't do this without you.

Video: https://youtube.com/watch?v=L3D84g0ZYrE

[choppin32]

Darren,

Thank you For the UPDATE!

[Xcellerator]

Really appreciate the honesty and quick response!

Is the wireless solution that'll come in the form of an expansion bus still an option you're heading towards?

[Trolljegeren]

Cool thanks Darren, I was going to buy a new 036 anyway so I'll wait and get the Hak5 branded one. :)

[Darren Kitchen]

Updated with a link to a video I made demonstrating full saturation at low power consumption. Check it out https://www.youtube.com/watch?v=L3D84g0ZYrE&

Xcellerator, we plan to expand on the pineapple ecosystem including higher power radios. Our hope is to have an HDK available by defcon.

[Foxtrot]

This would be great if stickied. Just an idea :)

[Dixter]

Hey Darren, I was actually just looking to purchase an AWUS036NHA to use in conjunction with my Mark 5, and was disappointed to see you no longer had them in your Hakshop. Any idea when the new branded version will arrive? I've seen them elsewhere but would rather support my favorite security innovators.

[cooper]

Hooray for small blessings!

When I bought my very first wifi card for personal use, I picked the only one that was both readily available AND had a replacable antenna. As luck would have it, that's the TL-WN722N.

I've been eyeing the Alfa cards for obvious reasons for some time now and the prospect of getting a Hak5-branded one is absolutely delicious. Once it's in the store I'll also get a ducky for good measure.

One thing, though. I'm currently the proud owner of the Pineapple previously purchased by JesseIz. Since the announcement suggests that the availability at cost of the Alfa card will be restricted to Pineapple Mk5 purchasers, can I expect to be included in this offering or not?

Edited May 21, 2014 by Cooper

[Sabri]

Anyone has REALLY tested this thing?

I have just tried and with the Pineapple connected via ethernet to my PC, a client who is connecting to the Pineapple sees a dramatic decadence on the download speed (from 28.13 Mbps to 3.59 Mbps). Ping and upload are instead almost the same.

When I disconnect my Pineapple from the ethernet and set the Pineapple in client mode using an ALFA AWUS036H connected to the Pineapple via USB, when a client connects to the Pineapple I see an additional decadence to 0,68 Mbps on download speed. The same also happened without the Alfa and using only wlan1.

So...what am I doing wrong?

Not only in client mode (wlan1 and wlan2 with an Alfa give the same results), but also via Ethernet, a client sees a dramatic decadence on download speed (tested on speedtest.net). Upload and ping seem to be coherent with the normal status.

Thanks in advance to all.

Edited May 21, 2014 by Cotica

[Darren Kitchen]

Anyone has REALLY tested this thing?

Yes. Ad nauseam. I've exhausted every aspect of the radios on that list and have even come back around to gather power consumption data as well.

Supported == Initializes, Scans, Associates, Transfers data at rate above that of wlan1.

Unsupported == Fails to initialize, Initializes but fails to scan, scans but fails to associate, associates but fails connection drops (usually resulting in wlan2 becoming wlan3, wlan3 becoming wlan4, etc...)

So...what am I doing wrong?

Channel conflicts, polarization mismatch, antenna closer than half a wavelength to radiator of similar frequency, overhead (don't expect 50 Mbit with, say, SSLStrip running - that's just not going to happen on 400 MHz MIPS), bad cable, general protocol unhappiness (AP configured for N only?), alignment of Jupiter...

Are you getting better speeds from the AWUS036H connected to a different machine? Tried a different cable, card, location, orientation, access point?

Let us know what you've tried and we'll be as helpful as possible figuring it out.

[DrDinosaur]

Any solutions to fix the AWUS036NHR? I think my AWUS036H died somehow.

[lunokhod]

Just out of interest and because I haven't done it before, I checked my WiFi Access Point (old Minitar UltraWAP) "associated clients" and found that my WiFi Pineapple wlan1 radio is connected at 54 Mbps.

Is it just the throughput that get limited to 11 Mbps? My access point certainly thinks that an 802.11g radio is on the other end.

Lunokhod

[pats]

Guys,

So you know; i had some problems with the AWUS036H. I solved it by first booting the pineapple. And then connecting the AWUS036H. Connecting it at startup gives (sometimes, not always) funny behaviour. What i encountered was:

- Wlan2 not detected.

- AWUS036H got mapped to wlan3 and wlan1 got mapped to wlan2 (no wlan1)

- AWUS036H got mapped to wlan1 and wlan1(the real one in the pineapple) got mapped to wlan2 or wlan3

[Darren Kitchen]

Guys,

So you know; i had some problems with the AWUS036H. I solved it by first booting the pineapple. And then connecting the AWUS036H. Connecting it at startup gives (sometimes, not always) funny behaviour. What i encountered was:

- Wlan2 not detected.

- AWUS036H got mapped to wlan3 and wlan1 got mapped to wlan2 (no wlan1)

- AWUS036H got mapped to wlan1 and wlan1(the real one in the pineapple) got mapped to wlan2 or wlan3

Thanks for the details - we may be able to sort this out in firmware.

[0jf5]

I have just tried and with the Pineapple connected via ethernet to my PC, a client who is connecting to the Pineapple sees a dramatic decadence on the download speed (from 28.13 Mbps to 3.59 Mbps). Ping and upload are instead almost the same.

I've never gotten more than 5.06Mbps with this exact same configuration regardless of wireless device and location. I thought it was just me.

[foxdirect]

Hey guys,

I can confirm that the "baby brother" to the 722N - the 721N (without the detachable antennae works as well. Here are the details:

TP-LINK TL-WN721N Atheros AR9271 Supported Power usage ?

[Sebkinne]

Hey guys,

I can confirm that the "baby brother" to the 722N - the 721N (without the detachable antennae works as well. Here are the details:

TP-LINK TL-WN721N Atheros AR9271 Supported Power usage ?

Awesome, I have added it to the above list. The list can also be found on our wiki.

[cooper]

I'm happy to report that my cheap ass hunk of plastic also known as the Ralink RT5370 is running smoothly on the pineapple.

[tabbek]

ALFA		AWUS036NEH	Ralink RT3070		Unsupported	?

Interesting. My RT3070 appears to be seen... not much actual testing of function yet though.

ALFA AWUS036NH Ralink RT3070

though, airmon-ng on the pineapple itself lists it as an unknown chipset using rt2800usb

Edited May 25, 2014 by tabbek

[Sebkinne]

Interesting. My RT3070 appears to be seen... not much actual testing of function yet though.

ALFA AWUS036NH Ralink RT3070

though, airmon-ng on the pineapple itself lists it as an unknown chipset using rt2800usb

Seen yes, but if it fails to associate with another network, we mark it as unsupported.

Best regards,

Sebkinne

[tabbek]

Seen yes, but if it fails to associate with another network, we mark it as unsupported.

Best regards,

Sebkinne

On that note, I was able to test a bit more. It does appear to be able to function in client mode, connecting to another AP.

Running aireplay-ng -9 wlan2 does also report that injection is working.

Alfa networks - AWUS036NH (shown as unknown chipset using rt2800usb driver in airmon-ng)

[ 6324.600000] wlan2: authenticate with 06:27:22:xx:xx:xx

[ 6324.690000] wlan2: send auth to 06:27:22:xx:xx:xx (try 1/3)

[ 6324.700000] wlan2: authenticated

[ 6324.710000] wlan2: AP has invalid WMM params (AIFSN=1 for ACI 2), disabling WMM

[ 6324.720000] wlan2: associate with 06:27:22:xx:xx:xx (try 1/3)

[ 6324.730000] wlan2: RX AssocResp from 06:27:22:xx:xx:xx (capab=0x431 status=0 aid=4)

[ 6324.740000] wlan2: associated

# ifconfig wlan2

wlan2 Link encap:Ethernet HWaddr 00:C0:CA:xx:xx:xx

inet addr:192.168.247.198 Bcast:192.168.247.255 Mask:255.255.248.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:6622 errors:0 dropped:488 overruns:0 frame:0

TX packets:126 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:611654 (597.3 KiB) TX bytes:14068 (13.7 KiB)

# iwconfig wlan2

wlan2 IEEE 802.11bgn ESSID:"xxxxxxxxxx"

Mode:Managed Frequency:2.437 GHz Access Point: 06:27:22:xx:xx:xx

Bit Rate=1 Mb/s Tx-Power=27 dBm

RTS thr:off Fragment thr:off

Encryption key:off

Power Management:off

Link Quality=43/70 Signal level=-67 dBm

Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0

Tx excessive retries:2 Invalid misc:10 Missed beacon:0

# ping -c2 www.hak5.org

PING www.hak5.org (50.116.7.229): 56 data bytes

64 bytes from 50.116.7.229: seq=0 ttl=51 time=49.499 ms

64 bytes from 50.116.7.229: seq=1 ttl=51 time=48.858 ms

My pineapple is starting to look like an antenna porcupine! more radios!

[potato]

Darren, can I ask that your re-test the AWUS036NEH , I have had success with another dongle with the same chipset.

[Darren Kitchen]

Darren, can I ask that your re-test the AWUS036NEH , I have had success with another dongle with the same chipset.

I stand corrected. On re-examination the AWUS036NEH works. I'm not sure why I had poor results on the first attempt.

[rpimonitrbtch]

Having success with the Hawking HWUG1, which uses a Ralink...RT2571W (according to the below link), and is identical (internally) to the Edimax EW-7318USg. Of course, they're both old and obsolete (.11g), but it's what I had handy.

https://wikidevi.com/wiki/Hawking_HWUG1

Edited June 4, 2014 by rpimonitrbtch

[Darren Kitchen]

Having success with the Hawking HWUG1, which uses a Ralink...RT2571W (according to the below link), and is identical (internally) to the Edimax EW-7318USg. Of course, they're both old and obsolete (.11g), but it's what I had handy.

https://wikidevi.com/wiki/Hawking_HWUG1

Spiffy, however I should point out that G is far from obsolete. Roughly 85% of the ~2 billion APs on Wiggle fall under 11g compatible 2.4 channels.

https://wigle.net/gps/gps/main/ssidstats?octet=1