A ton of crashes, what am I doing wrong?

[ananas]

Hi,

I am experiencing a ton of crashes with my newly bought Mark 4. I am wondering wether I am doing something really wrong, or if something is up with my device.

I have bought the pro edition, so it comes with the extra antenna (someone on IRC referred to it as the "alpha antenna", not sure if thats what it's called).

I have updated my device to the latest available release, 2.8.1.

I have disabled all running services such as the Karma service.

Crashes I experience:

on this command sequence, at the very moment I bring the interface back up, the entire device crashes and goes into a reboot:

ifconfig wlan0 down

iwconfig wlan0 mode monitor

ifconfig wlan0 up

*crash*

I can use airmon-ng -i wlan0, then this interface works, it creates a mon0 interface, however, it can then just scan on whatever channel I have previousely put it on.

A second issue I experience is with the external antenna. Here I can do the above sequence just fine. I can also use airodump to scan for channels, but as soon as I try to run "wash" or "reaver" on that antenna, the antenna crashes and I observe the following log in "dmesg":

[ 1699.820000] device wlan1 entered promiscuous mode
[ 1738.810000] usb 1-1: USB disconnect, device number 4
[ 1738.880000] usb 1-1: ath9k_htc: USB layer deinitialized
[ 1739.380000] usb 1-1: new high-speed USB device number 5 using ehci-platform
[ 1744.560000] usb 1-1: ath9k_htc: Firmware htc_9271.fw requested
[ 1744.950000] usb 1-1: ath9k_htc: Transferred FW: htc_9271.fw, size: 51272
[ 1745.190000] ath9k_htc 1-1:1.0: ath9k_htc: HTC initialized with 33 credits
[ 1745.390000] ath9k_htc 1-1:1.0: ath9k_htc: FW Version: 1.3
[ 1745.390000] ath: EEPROM regdomain: 0x833a
[ 1745.390000] ath: EEPROM indicates we should expect a country code
[ 1745.390000] ath: doing EEPROM country->regdmn map search
[ 1745.390000] ath: country maps to regdmn code: 0x37
[ 1745.390000] ath: Country alpha2 being used: GB
[ 1745.390000] ath: Regpair used: 0x37
[ 1745.390000] ieee80211 phy4: Atheros AR9271 Rev:1
[ 1745.570000] Registered led device: ath9k_htc-phy4

Am I doing something wrong, using unsupported methods or tools? I am kind of in the dark here to what the issue might be. I've already tried to replace the cables and made sure its powersource is externally fed (as I thought it might have been a powerconsumption issue).

Cheers,

Saint K.

[ananas]

Can anyone confim the above is also happening on their devices?

Trying to determen if my device is faulty or not.

Cheers,

[thesugarat]

Have you tried any of this using the Network Manager infusion and the reaver infusion? What I find interesting is that you are issuing commands regarding wlan0 yet your log states device wlan1 is entering promiscuous mode...

[ananas]

Have you tried any of this using the Network Manager infusion and the reaver infusion? What I find interesting is that you are issuing commands regarding wlan0 yet your log states device wlan1 is entering promiscuous mode...

I tend to try and avoid using GUI's. Haven't seen a reaver infusion listed either.

The logs are regarding the second issue with the Alfa antenna.

I can't seem to capture any logging on the hard crash from problem 1.

[thesugarat]

All infusions are listed in the Pinapple Bar tab. Your pineapple will need to have an internet connection though. I can understand if you don't want to use the Network Manager on a regular basis but if it works and accomplishes what you cannot manually, you could at least look at the PHP code it is using to find out what commands are working. Also, how are you trying to use Reaver if you havn't installed it? Or did you did you "apt-get install reaver"?

[ananas]

All infusions are listed in the Pinapple Bar tab. Your pineapple will need to have an internet connection though. I can understand if you don't want to use the Network Manager on a regular basis but if it works and accomplishes what you cannot manually, you could at least look at the PHP code it is using to find out what commands are working. Also, how are you trying to use Reaver if you havn't installed it? Or did you did you "apt-get install reaver"?

Sort of yea, using OpenWRT's package manager, opkg.

I have installed a couple of infusions through the webpage already, just to explore the device. However, I don't see any reaver alike infusions nor any reaver options in the network manager. Most infusions seem to be about when you already have clients connected to your network. I am first attempting to attack networks, not too interested (yet) in the MITM attacks.

What I try to attempt is running wash to scan for WDS enabled devices, and use reaver to try and bruteforce the key.

[airman_dopey]

This should help you with the reaver attack: http://forums.hak5.org/index.php?/topic/29610-launch-reaver-from-wps-button/

(The script does not need to be run from the button. You can use it like a normal script)

There are issues with reaver and the internal network card. You have to enable and disable pieces in the correct order or it errors out.

[ananas]

This should help you with the reaver attack: http://forums.hak5.org/index.php?/topic/29610-launch-reaver-from-wps-button/

(The script does not need to be run from the button. You can use it like a normal script)

There are issues with reaver and the internal network card. You have to enable and disable pieces in the correct order or it errors out.

Thanks, i'll give that a try and will report back how it went!

[ananas]

This should help you with the reaver attack: http://forums.hak5.org/index.php?/topic/29610-launch-reaver-from-wps-button/

(The script does not need to be run from the button. You can use it like a normal script)

There are issues with reaver and the internal network card. You have to enable and disable pieces in the correct order or it errors out.

This device is so incredible random....

I got the WPS attack working on my internal wlan0 interface. If I use the same method now on the wlan1 interface then I can't get it to associate with the network I want to attack.

command sequence:

airmon-ng start wlan0

aireplay-ng mon0 -1 120 -a 98:FC:11:A8:75:F7 -e test-ap --ignore-negative-one

reaver -i mon0 -b 98:FC:11:A8:75:F7 -a -S -v

That works.

command sequence:

airmon-ng start wlan1

aireplay-ng mon0 -1 120 -a 98:FC:11:A8:75:F7 -e test-ap --ignore-negative-one (fails to associate)

10:02:01 Waiting for beacon frame (BSSID: 98:FC:11:A8:75:F7) on channel -1

10:02:11 No such BSSID available.

when I try this:

airmon-ng start wlan1 11

aireplay-ng still reports channel "-1", but my understanding is that the above command forces it to channel 11.

I just can't wrap my head around why the internal and external antenna behave so differently (and why the device can hard crash in some cases when some commands are used that apparently shouldn't be used in that specific way - rather than throwing an error)

[ananas]

To add to the incredible randomness of this device, it was doing the WPS attack, then it started to timeout (kept failing), then I stopped the attack, rebooted the device, and now with airmon I can't even see any AP's anymore with wash (there are some 30 AP's up here).

[ananas]

So, I've hooked up the Alfa antenna to a Kali install and tried things on there.

I can put it in monitoring mode, associate with an AP, and as soon as a reaverattack the Alfa antenna goes down (same as on the Pineapple).

command sequence:

airmon-ng start wlan0 1

aireplay-ng mon0 -1 120 -a 98:FC:11:A8:75:F7 -e test_ap

(so far so good)

reaver -i mon0 -b 98:FC:11:A8:75:F7 -v -a -S

[ 955.645814] device mon0 entered promiscuous mode
[ 985.586455] usb 1-2.1: USB disconnect, device number 8
[ 985.812141] ath: phy3: Failed to wakeup in 500us
[ 985.823394] ath: phy3: Failed to wakeup in 500us
[ 985.968616] usb 1-2.1: ath9k_htc: USB layer deinitialized
[ 986.166890] usb 1-2.1: new high-speed USB device number 9 using xhci_hcd
[ 986.184779] usb 1-2.1: New USB device found, idVendor=0cf3, idProduct=9271
[ 986.184781] usb 1-2.1: New USB device strings: Mfr=16, Product=32, SerialNumber=48
[ 986.184782] usb 1-2.1: Product: UB91C
[ 986.184783] usb 1-2.1: Manufacturer: ATHEROS
[ 986.184784] usb 1-2.1: SerialNumber: 12345

Would this suggest I have a faulty antenna?

Edited July 16, 2013 by saintk