Jump to content

custom karma build with only the probe requests


TheB
 Share

Recommended Posts

Hi All,

I'm working on a project in witch i'm using some old Linksys WRT54GL routers that i've flashed with OpenWRT (Backfire 10.03.1).

Now i'm running into some problems with the storage on the device, the device has around 1mb of flash storage that i can use.

The thing i want to do is configure the router to send probe request information with UDP to my computer where i'm running a app to visualize this data, i already have an prototype working on the Pineapple. On the pineapple i'm simply watching for changes in the KarmaLog with the following script:

KARMALOG="/var/karma-phy0.log"
IP="172.16.42.42"
PORT="11999"
LASTLINE="last"

while true; do
  
  # compare the lastline with the new line
  if [[ $LASTLINE != $(tail -n 1 $KARMALOG) ]] ; then
    LASTLINE=`tail -n 1 $KARMALOG`
    echo $LASTLINE >/dev/udp/$IP/$PORT
  fi 

  sleep 1
done

This works great, sends the data i need, perfect. The only problem i have now is that i want to use a different router than the pineapple but on the Linksys routers i don't have enough space to install karma, and i actually don't think i need karma to do the job.

I know i can set the radio on the Linksys in monitor mode, but i don't know how i can get the probe requests out without installing an extra framework. So i'm looking for a framework or a simple script that can filter out the probe requests, in the ideal situation i would get the SSID, Timestamp, Device Hostname or Mac Address and Signal strength (to calculate a distance from the router).

Do you think this is possible and if so where should i start looking? Or should i consider getting other routers with more storage capacity?

Many thanks!

TheB

Link to comment
Share on other sites

Wouldn't tcpdump be able to provide you with what you need? Maybe that comes pre-installed with OpenWRT.

My main advice to you would be to see if you can rip out stuff from the OpenWRT distro that you're not using, thus freeing up space to put in the stuff you can't fit right now.

Alternatively, if you don't mind potentially breaking it, mod it to expose the chip's built-in USB hub giving you all the storage space you want.

Link to comment
Share on other sites

Hi Cooper,

Thanks for answering! I should be able to fit tcpdump in there.

So with the right filter i can get those probe request out with just tcpdump? Do you know a good resource on filtering with tcpdump?

Indeed i've seen a mod on the OpenWRT wiki that enable sd/usb storage on the router, that would be awesome but my experience soldering has only come as far as using phenolic board to prototype something together. So i'm sure to break it! Nevertheless, i think i will try just for the fun of it! For this project i don't think i can risk breaking one.

Thanks!

Link to comment
Share on other sites

Facing a new problem now,

I have made a test on my Pineapple that only uses tcpdump for filtering probe request using the filters stated above. But it is using filters that are only compatible with IEEE802_11 Link Layer Header. My Linksys only seems to support the DOCSIS and EN10MB Link Layer Headers.. So when i run the command i get the error:

802.11 link-layer types supported only on 802.11

is it possible to filter out probe requests with the EN10MB Link Layer Header?

Or have i misconfigured my wireless interfaces?

config 'wifi-device' 'wl0'
        option 'type' 'broadcom'

config 'wifi-iface'
        option 'device' 'wl0'
        option 'mode' 'monitor'

Many thanks!

Link to comment
Share on other sites

I think broadcom is has ieee80211 drivers installed by default, not mac80211 so your drivers are probably the issue and you may not be able to fix that depending on what is available for the devive.

I would Google to see if there are enhanced drivers for your device or a patch but broadcom devices tend to either support a wide range of wireless functions or next to none and why people use other USB WiFi adapters. it may be that you can't do full monitor mode or injection with the buikt in nic or need drivers that enable thr full functionality you look for. check the openwrt site too for your model, see if they offer updated firmware and maybe driver downloads for what you need

wiki.openwrt.org/doc/howto/wireless.overview

Edited by digip
Link to comment
Share on other sites

Follow up on the findings i've made, seems i already had the right drivers (broadcom-wl) installed on my device but that OpenWRT cant handle them on the device i have (Linksys WRT54GL). Here is a ticket to the issue, seems they wanted this fixed in version 14.07 (Barrier Breaker) unfortunately that version of OpenWRT uses to much memory to run properly on the WRT54GL..

Link to comment
Share on other sites

I'm reading that ticket rather differently. They tagged it as a dupe for 4182 which got marked as obsolete, presumably because they suspect they fixed it while working on some other issue. Nobody reopened it which usually means it was indeed fixed by then. The 4523 issue you linked got marked as a dupe and was effectively closed since then. No patches were produced to fix the issue described.

If you did find the issue that fixes your problem you could try to apply it (possibly doing a bit of back-porting work on the patch) to a version of OpenWRT that does work on your device...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...