Jump to content

[HOW TO] [SCRIPT] Increase TX Power Of A WiFi Card Beyond 30dBm (Kali Linux)


Recommended Posts

Hi all,

I'm a newbie to Hak5 Forums, so if this thread is in the wrong category, it would be great if the admins could move it to the correct category. :unsure:

Most of you are probably using 'BO' as the region for 'iw' on Linux. This allows the WiFi interface to operate at 30dBm (1 Watt) at max. However, if you're like me and have a device that is capable of transmitting over 1W (I have Alpha Network AWUS036NH - 2W), you might be interested in increasing the TX power beyond 30dBm. 

By default, selecting 'BO' as the region only allows the device to operate at a maximum of 30dBm. 

I tested this on my Raspberry Pi 3, Model B running Kali Linux (with the kali-linux-full metapackage). 

*** If you are lazy and don't want to follow these manual steps below, I made two bash scripts that will work on Kali Linux and Ubuntu :grin: : https://github.com/hiruna/wifi-txpower-unlocker


Working directory:



1. Update and upgrade

apt-get update
apt-get upgrade

2. Install dependencies to compile

apt-get install pkg-config libnl-3-dev libgcrypt11-dev libnl-genl-3-dev build-essential

3. Download the latest Central Regulatory Domain Agent (CRDA) and Wireless Regulatory Database

I downloaded crda-3.18.tar.xz and wireless-regdb-2017.03.07.tar.xz

wget https://www.kernel.org/pub/software/network/crda/crda-3.18.tar.xz
wget https://www.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2017.03.07.tar.xz

4. Unzip the downloaded files

tar xvJf crda-3.18.tar.xz
tar xvJf wireless-regdb-2017.03.07.tar.xz

5. Navigate into wireless-regdb-2017.03.07

cd wireless-regdb-2017.03.07

6. Open db.txt and locate the region BO section

nano db.txt

You will see something like this:

country BO: DFS-JP
	(2402 - 2482 @ 40), (30)
	(5250 - 5330 @ 80), (30), DFS
	(5735 - 5835 @ 80), (30)

The number in the second set of brackets (for each frequency) is the txpower. Since I'm using the 2.4Ghz and want a txpower of 2W (~33dBm), I changed the 20 to 33, and saved the file:

country BO: DFS-JP
	(2402 - 2482 @ 40), (33)
	(5250 - 5330 @ 80), (30), DFS
	(5735 - 5835 @ 80), (30)

I also noticed that region AU allows 36dBm for 2.4Ghz, so you could just continue without modifying the region BO:

country AU: DFS-ETSI
	(2400 - 2483.5 @ 40), (36)
	(5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW
	(5250 - 5350 @ 80), (20), NO-OUTDOOR, AUTO-BW, DFS
	(5470 - 5600 @ 80), (27), DFS
	(5650 - 5730 @ 80), (27), DFS
	(5730 - 5850 @ 80), (36)
	(57000 - 66000 @ 2160), (43), NO-OUTDOOR

However, I checked with Kali Linux (without compiling and changing the regulatory.bin) and it showed that max txpower was only 20dBm:

country AU: DFS-ETSI
	(2402 - 2482 @ 40), (N/A, 20), (N/A)
	(5170 - 5250 @ 80), (N/A, 17), (N/A), AUTO-BW
	(5250 - 5330 @ 80), (N/A, 24), (0 ms), DFS, AUTO-BW
	(5490 - 5710 @ 160), (N/A, 24), (0 ms), DFS
	(5735 - 5835 @ 80), (N/A, 30), (N/A)

So I'm assuming Kali Linux is using an old regulatory.bin and legislation in AU has changed.

7. Compile


8. Backup up your old regulatory.bin file and move the new file into /lib/crda

mv /lib/crda/regulatory.bin /lib/crda/regulatory.bin.old
mv regulatory.bin /lib/crda

As mentioned in https://wireless.wiki.kernel.org/en/developers/regulatory/crda and https://wireless.wiki.kernel.org/en/developers/regulatory/wireless-regdb, we need to include RSA public keys in crda-3.18/pubkeys. I noticed that there are already 2 .pem files in crda-3.18/pubkeys:


9. Copy root.key.pub.pem into crda-3.18/pubkeys. I also copied sforshee.key.pub.pem from wireless-regdb-2017.03.07 as it was newer:

cp root.key.pub.pem ../crda-3.18/pubkeys/
cp sforshee.key.pub.pem ../crda-3.18/pubkeys/

I found that there are two other pubkeys located at /lib/crda :

-rw-r--r-- 1 root root 451 Jan 18 12:58 benh@debian.org.key.pub.pem
-rw-r--r-- 1 root root 451 Jan 18 12:58 linville.key.pub.pem
-rw-r--r-- 1 root root 451 Jan 18 12:58 sforshee.key.pub.pem

So I copied them too (wasn't too sure whether I needed to copy them):

cp /lib/crda/pubkeys/benh\@debian.org.key.pub.pem ../crda-3.18/pubkeys/
cp /lib/crda/pubkeys/linville.key.pub.pem ../crda-3.18/pubkeys/

10. Navigate into crda-3.18 and open the Makefile

cd ../crda-3.18
nano Makefile

In Kali Linux, crda is located at /lib/crda instead of /usr/bin/crda, so in the file change the 3rd line REG_BIN?=/usr/lib/crda/regulatory.bin to REG_BIN?=/lib/crda/regulatory.bin :


11. In the Makefile, find the line CFLAGS += -std=gnu99 -Wall -Werror -pedantic and remove the -Werror option (I couldn't compile without changing it as it treats warnings as errors):

CFLAGS += -std=gnu99 -Wall -pedantic

12. Compile

make clean
make install

That's it! I rebooted my Raspberry Pi after compiling.


13. Now let's change the region and set the txpower to 33dBm:

ifconfig wlan1 down
iw reg set BO
iwconfig wlan1 txpower 33
ifconfig wlan1 up



Edited by hiruna
Fixed typos, removed a step, added bash script for ease
Link to comment
Share on other sites

  • 8 months later...

Hey man, thanks for the help. I had been following instructions like a monkey, and had some errors pop up. They included LINE values but I was too lazy to search for it myself. Eventually got to this thread with a slightly different google search and it worked. You seem to know a bit more about linux than me in general so you knew what to do to fix those errors :-)


My 036NH works at 33dBm now.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...