Zylla Posted August 21, 2018 Posted August 21, 2018 PMKID Attack WPA/WPA2 on WiFi Pineapples!Pineapple NANO + TETRA WARNING! This attack is EXTREMELY effective on the Pineapples! And is capable of capturing an entire neighborhood of PMKID's in a minute or less, even without access-points!ONLY use hcxdumptool on networks and devices you have expressive permission to, because of this: hcxdumptool is able to prevent complete wlan traffic! hcxdumptool is able to capture PMKID's from access points (only one single PMKID from an access point is required!) hcxdumptool is able to capture handshakes from not connected clients (only one single M2 from the client is required!) hcxdumptool is able to capture handshakes from 5GHz clients on 2.4GHz (only one single M2 from the client is required!) hcxdumptool is able to capture extended EAPOL (RADIUS, GSM-SIM, WPS) hcxdumptool is able to capture passwords from the wlan traffic hcxdumptool is able to capture plain master-keys from the wlan traffic hcxdumptool is able to capture usernames and identities from the wlan traffic This attack was discovered accidentally while looking for new ways to attack the new WPA3 security standard. The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame. At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers)! The main advantages of this attack are as follow: No more regular users required - because the attacker directly communicates with the AP (aka "client-less" attack) No more waiting for a complete 4-way handshake between the regular user and the AP No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results) No more eventual invalid passwords sent by the regular user No more lost EAPOL frames when the regular user or the AP is too far away from the attacker No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds) No more special output format (pcap, hccapx, etc.) - final data will appear as regular hex encoded string The RSN IE is an optional field that can be found in 802.11 management frames. One of the RSN capabilities is the PMKID. This attack is quite new, and gets updated regularly. I've compiled it for the Pineapples and uploaded it to GitHub. As the tools gets updated often, i will have to update the packages often. So please check back for updates! Download: hcxtools (v6.1.2-1) Download: hcxdumptool (v6.1.2-1)Download and install both tools automatically by using this command on your Pineapple: wget -qO- https://raw.githubusercontent.com/adde88/hcxtools-hcxdumptool-openwrt/openwrt-19.07/INSTALL.sh | bash -s -- -v -v Last update: 18.09.2020Changelog: Updated both tools to follow changes from upstream (@ZerBea) Install procedure: Download the IPK's to your Pineapple and install them using opkg. (If you're using the Nano remember to install them to your SD-card) How do i use this? Chose an interface, and make sure it's NOT being used on anything else! Let's use wlan1 in this example. (This will set the interface to monitor mode while working) hcxdumptool -o test.pcapng -i wlan1 --enable_status 3 This will use wlan1 to perform the attack and create a file named test.pcapng containing the PMKID. (You can try other options for --enable_status (1, 2, 4, 16 ?. Use --help for more info) Filters can also be applied with --filterlist and --filtermode (Again, read --help for details) You can then use hcxpcaptool to convert the PMKID to a hash readable by hashcat. hcxpcaptool -z test.16800 test.pcapng The next step would be to transfer test.16800 to a desktop, capable of running the latest version of hashcat. (Version 4.2.0 or higher) And then run the attack, for example like this: (This cracking process shoult NOT be done on the Pineapple!!!) hashcat -m 16800 test.16800 -a 3 -w 3 '?l?l?l?l?l?lt!' Github repo. + source-codes:https://github.com/adde88/hcxtools-hcxdumptool-openwrthttps://github.com/adde88/openwrt-useful-tools The first repo. contains the IPK files, and the SDK Makefiles needed to compile the project yourelf. The second repo contains alot of other useful tools i've compiled over time for the Pineapple, if you're interested in taking a peek. Donations are very helpful, and very much appreciated! And would help me contribute towards keeping all of these custom tools ported, alive, and up-to-date! ❤
Zylla Posted August 21, 2018 Author Posted August 21, 2018 1 hour ago, b0N3z said: As always, Awesome work dude!!!! Thanks! This attack is really something special, compared to a simple de-auth attack. As no clients needs to be connected to the AP for the attack to work. And our small "fits in the pocket" devices have proved their strength before! I'll bee looking into making a module out of this as well. Gonna try my best to get something done the next days, but i have a lot on my hands at the moment, so i hope you guys can be patient for that. Though feel free provide feedback, and tips for improvements etc. at any time ?
Just_a_User Posted August 22, 2018 Posted August 22, 2018 20 hours ago, Zylla said: The repo. contains the IPK files, and alot of other useful tools i've compiled over time for the Pineapples. This is becoming a treasure trove of ipk's some old ones returning, some updated and some new!!! MDK4!!! NGREP!!! Pyrit!!! Wireshark!!!! + more!!! ? ❤️ ❤️ ❤️ 17 hours ago, Zylla said: As no clients needs to be connected to the AP for the attack to work. This is a real nice addition to the pineapple arsenal! As always thank you very much
MarcSThe1st Posted August 22, 2018 Posted August 22, 2018 Thanks a lot. I receive faster a PMKID with enable_status 1 but I was not able to run hcxpcaptool ("Bus error") any suggestions?
Zylla Posted August 22, 2018 Author Posted August 22, 2018 1 minute ago, MarcSThe1st said: Thanks a lot. I receive faster a PMKID with enable_status 1 but I was not able to run hcxpcaptool ("Bus error") any suggestions? Thanks for reporting your problem. What exact arguments are your providing to hcxpcaptool? The same as the one in the example?
MarcSThe1st Posted August 22, 2018 Posted August 22, 2018 Just now, Zylla said: What exact arguments are your providing to hcxpcaptool? The same as the one in the example? hcxpcaptool -z test.16800 test.pcapng start reading from test.pcapng Bus error yes. already tried to figure out if it is connected to dependencies but didn't found a solution ?
Just_a_User Posted August 22, 2018 Posted August 22, 2018 13 minutes ago, MarcSThe1st said: but I was not able to run hcxpcaptool ("Bus error") any suggestions? Same output for me But woah this thing is FAST!
Zylla Posted August 22, 2018 Author Posted August 22, 2018 11 minutes ago, MarcSThe1st said: hcxpcaptool -z test.16800 test.pcapng start reading from test.pcapng Bus error yes. already tried to figure out if it is connected to dependencies but didn't found a solution ? I think i know what it is.... The only "bus" in use here is the one where the file is located. You're using a Nano right? And the test.pcapng file is located on your SD-card? If you answered YES to those two questions, then please copy/paste the output from dmesg after getting the error. I'm pretty certain you're experiencing the dreaded "sd-card bug". Where the Nano are having problems with reading/writing to the SD-card. Under normal Pineapple circumstances we don't notice this bug when it's happening, as the SD-card bus resets so fast. But software that reads and writes alot to the SD-card bus are very sensitive about the bus suddenly going down. I'd rather move to the /tmp folder, to avoid using the SD-card, and to avoid filling internal storage. I'm 200% certain this will fix your issue.
Just_a_User Posted August 22, 2018 Posted August 22, 2018 4 minutes ago, Zylla said: You're using a Nano right? And the test.pcapng file is located on your SD-card? I get it on tetra, with /root/ as file location.
Zylla Posted August 22, 2018 Author Posted August 22, 2018 5 minutes ago, Just_a_User said: Same output for me But woah this thing is FAST! Yeah, this attack is INSANELY efficient! It can easily get the PMKID's from an entire neighbourhood in a minute or less. (I don't approve doing this btw! :P)
Just_a_User Posted August 22, 2018 Posted August 22, 2018 3 minutes ago, Zylla said: It can easily get the PMKID's from an entire neighbourhood in a minute or less. (I don't approve doing this btw! :P) Yeah im going to have to check out the help file for filters ?
Zylla Posted August 22, 2018 Author Posted August 22, 2018 6 minutes ago, Just_a_User said: I get it on tetra, with /root/ as file location. Interesting. Can you still check dmesg just to see if there's any useful information there?
MarcSThe1st Posted August 22, 2018 Posted August 22, 2018 15 minutes ago, Zylla said: You're using a Nano right? And the test.pcapng file is located on your SD-card? If you answered YES to those two questions, then please copy/paste the output from dmesg after getting the error. I'm pretty certain you're experiencing the dreaded "sd-card bug". Where the Nano are having problems with reading/writing to the SD-card YES - for both. I will reboot the nano to give you a fresh dmesg ? (incl. the pmkid attack!) [ 0.000000] Linux version 3.18.84 (@48ce6521e5bc) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 unknown) ) #212 Fri Aug 17 06:47:38 UTC 2018 [ 0.000000] MyLoader: sysp=8a14b024, boardp=44b65156, parts=b69f8d32 [ 0.000000] bootconsole [early0] enabled [ 0.000000] CPU0 revision is: 00019374 (MIPS 24Kc) [ 0.000000] SoC: Atheros AR9330 rev 1 [ 0.000000] Determined physical RAM map: [ 0.000000] memory: 04000000 @ 00000000 (usable) [ 0.000000] Initrd not found or empty - disabling initrd [ 0.000000] Zone ranges: [ 0.000000] Normal [mem 0x00000000-0x03ffffff] [ 0.000000] Movable zone start for each node [ 0.000000] Early memory node ranges [ 0.000000] node 0: [mem 0x00000000-0x03ffffff] [ 0.000000] Initmem setup node 0 [mem 0x00000000-0x03ffffff] [ 0.000000] On node 0 totalpages: 16384 [ 0.000000] free_area_init_node: node 0, pgdat 80365cf0, node_mem_map 81000000 [ 0.000000] Normal zone: 128 pages used for memmap [ 0.000000] Normal zone: 0 pages reserved [ 0.000000] Normal zone: 16384 pages, LIFO batch:3 [ 0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes. [ 0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes [ 0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768 [ 0.000000] pcpu-alloc: [0] 0 [ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 16256 [ 0.000000] Kernel command line: board=PINEAPPLE-NANO console=ttyATH0,115200 rootfstype=squashfs,jffs2 noinitrd [ 0.000000] PID hash table entries: 256 (order: -2, 1024 bytes) [ 0.000000] Dentry cache hash table entries: 8192 (order: 3, 32768 bytes) [ 0.000000] Inode-cache hash table entries: 4096 (order: 2, 16384 bytes) [ 0.000000] Writing ErrCtl register=00000000 [ 0.000000] Readback ErrCtl register=00000000 [ 0.000000] Memory: 60880K/65536K available (2524K kernel code, 143K rwdata, 540K rodata, 240K init, 188K bss, 4656K reserved, 0K cma-reserved) [ 0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1 [ 0.000000] NR_IRQS:51 [ 0.000000] Clocks: CPU:400.000MHz, DDR:400.000MHz, AHB:200.000MHz, Ref:25.000MHz [ 0.000000] Calibrating delay loop... 265.42 BogoMIPS (lpj=1327104) [ 0.080000] pid_max: default: 32768 minimum: 301 [ 0.080000] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes) [ 0.090000] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes) [ 0.100000] NET: Registered protocol family 16 [ 0.100000] MIPS: machine is WiFi Pineapple NANO [ 0.380000] Switched to clocksource MIPS [ 0.380000] NET: Registered protocol family 2 [ 0.390000] TCP established hash table entries: 1024 (order: 0, 4096 bytes) [ 0.390000] TCP bind hash table entries: 1024 (order: 0, 4096 bytes) [ 0.400000] TCP: Hash tables configured (established 1024 bind 1024) [ 0.400000] TCP: reno registered [ 0.410000] UDP hash table entries: 256 (order: 0, 4096 bytes) [ 0.410000] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes) [ 0.420000] NET: Registered protocol family 1 [ 0.420000] PCI: CLS 0 bytes, default 32 [ 0.420000] futex hash table entries: 256 (order: -1, 3072 bytes) [ 0.440000] squashfs: version 4.0 (2009/01/31) Phillip Lougher [ 0.440000] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc. [ 0.450000] msgmni has been set to 118 [ 0.460000] io scheduler noop registered [ 0.460000] io scheduler deadline registered (default) [ 0.470000] Serial: 8250/16550 driver, 1 ports, IRQ sharing disabled [ 0.470000] ar933x-uart: ttyATH0 at MMIO 0x18020000 (irq = 11, base_baud = 1562500) is a AR933X UART [ 0.480000] console [ttyATH0] enabled [ 0.490000] bootconsole [early0] disabled [ 0.500000] m25p80 spi0.0: found mx25l12805d, expected m25p80 [ 0.500000] m25p80 spi0.0: mx25l12805d (16384 Kbytes) [ 0.520000] 5 tp-link partitions found on MTD device spi0.0 [ 0.520000] Creating 5 MTD partitions on "spi0.0": [ 0.520000] 0x000000000000-0x000000020000 : "u-boot" [ 0.530000] 0x000000020000-0x00000013ae74 : "kernel" [ 0.540000] 0x00000013ae74-0x000000ff0000 : "rootfs" [ 0.540000] mtd: device 2 (rootfs) set to be root filesystem [ 0.540000] 1 squashfs-split partitions found on MTD device rootfs [ 0.550000] 0x000000d80000-0x000000ff0000 : "rootfs_data" [ 0.560000] 0x000000ff0000-0x000001000000 : "art" [ 0.560000] 0x000000020000-0x000000ff0000 : "firmware" [ 0.590000] libphy: ag71xx_mdio: probed [ 1.190000] ag71xx ag71xx.0: connected to PHY at ag71xx-mdio.1:04 [uid=004dd041, driver=Generic PHY] [ 1.200000] eth0: Atheros AG71xx at 0xb9000000, irq 4, mode:MII [ 1.200000] TCP: cubic registered [ 1.200000] NET: Registered protocol family 17 [ 1.210000] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this. [ 1.220000] 8021q: 802.1Q VLAN Support v1.8 [ 1.230000] VFS: Mounted root (squashfs filesystem) readonly on device 31:2. [ 1.240000] Freeing unused kernel memory: 240K [ 2.780000] init: Console is alive [ 2.780000] init: - watchdog - [ 5.440000] usbcore: registered new interface driver usbfs [ 5.440000] usbcore: registered new interface driver hub [ 5.450000] usbcore: registered new device driver usb [ 5.500000] SCSI subsystem initialized [ 5.510000] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver [ 5.520000] ehci-platform: EHCI generic platform driver [ 5.520000] ehci-platform ehci-platform: EHCI Host Controller [ 5.530000] ehci-platform ehci-platform: new USB bus registered, assigned bus number 1 [ 5.540000] ehci-platform ehci-platform: irq 3, io mem 0x1b000000 [ 5.560000] ehci-platform ehci-platform: USB 2.0 started, EHCI 1.00 [ 5.560000] hub 1-0:1.0: USB hub found [ 5.560000] hub 1-0:1.0: 1 port detected [ 5.570000] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver [ 5.580000] ohci-platform: OHCI generic platform driver [ 5.580000] uhci_hcd: USB Universal Host Controller Interface driver [ 5.600000] usbcore: registered new interface driver usb-storage [ 5.850000] init: - preinit - [ 5.890000] usb 1-1: new high-speed USB device number 2 using ehci-platform [ 6.400000] hub 1-1:1.0: USB hub found [ 6.420000] hub 1-1:1.0: 4 ports detected [ 6.580000] random: procd urandom read with 11 bits of entropy available [ 6.840000] mount_root: loading kmods from internal overlay [ 6.880000] usb 1-1.1: new high-speed USB device number 3 using ehci-platform [ 7.150000] jffs2: notice: (327) jffs2_build_xattr_subsystem: complete building xattr subsystem, 1 of xdatum (1 unchecked, 0 orphan) and 1 of xref (0 dead, 0 orphan) found. [ 7.170000] block: attempting to load /tmp/jffs_cfg/upper/etc/config/fstab [ 7.180000] block: extroot: not configured [ 7.220000] jffs2: notice: (323) jffs2_build_xattr_subsystem: complete building xattr subsystem, 1 of xdatum (1 unchecked, 0 orphan) and 1 of xref (0 dead, 0 orphan) found. [ 7.250000] usb 1-1.2: new high-speed USB device number 4 using ehci-platform [ 7.350000] block: attempting to load /tmp/jffs_cfg/upper/etc/config/fstab [ 7.360000] block: extroot: not configured [ 7.360000] mount_root: switching to jffs2 overlay [ 7.390000] usb-storage 1-1.2:1.0: USB Mass Storage device detected [ 7.410000] scsi host0: usb-storage 1-1.2:1.0 [ 7.440000] procd: - early - [ 7.440000] procd: - watchdog - [ 8.350000] procd: - ubus - [ 8.580000] scsi 0:0:0:0: Direct-Access Generic STORAGE DEVICE 0933 PQ: 0 ANSI: 6 [ 8.810000] sd 0:0:0:0: [sda] 7744512 512-byte logical blocks: (3.96 GB/3.69 GiB) [ 8.810000] sd 0:0:0:0: [sda] Write Protect is off [ 8.820000] sd 0:0:0:0: [sda] Mode Sense: 21 00 00 00 [ 8.830000] sd 0:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA [ 8.860000] sda: sda1 sda2 [ 8.880000] sd 0:0:0:0: [sda] Attached SCSI removable disk [ 9.370000] procd: - init - [ 11.360000] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: [ 11.660000] EXT4-fs (sda1): couldn't mount as ext3 due to feature incompatibilities [ 11.670000] EXT4-fs (sda1): couldn't mount as ext2 due to feature incompatibilities [ 11.720000] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null) [ 12.910000] Adding 1004024k swap on /dev/sdcard/sd2. Priority:-1 extents:1 across:1004024k [ 14.120000] Loading modules backported from Linux version v4.4-rc5-1913-gc8fdf68 [ 14.130000] Backport generated by backports.git backports-20151218-0-g2f58d9d [ 14.290000] ath: EEPROM regdomain: 0x0 [ 14.290000] ath: EEPROM indicates default country code should be used [ 14.290000] ath: doing EEPROM country->regdmn map search [ 14.290000] ath: country maps to regdmn code: 0x3a [ 14.290000] ath: Country alpha2 being used: US [ 14.290000] ath: Regpair used: 0x3a [ 14.300000] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht' [ 14.300000] ieee80211 phy0: Atheros AR9330 Rev:1 mem=0xb8100000, irq=2 [ 14.320000] usb 1-1.1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 14.330000] usbcore: registered new interface driver ath9k_htc [ 14.470000] RPC: Registered named UNIX socket transport module. [ 14.470000] RPC: Registered udp transport module. [ 14.480000] RPC: Registered tcp transport module. [ 14.480000] RPC: Registered tcp NFSv4.1 backchannel transport module. [ 14.510000] tun: Universal TUN/TAP device driver, 1.6 [ 14.520000] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com> [ 14.550000] usbcore: registered new interface driver rt2800usb [ 14.590000] usbcore: registered new interface driver rtl8187 [ 14.640000] usbcore: registered new interface driver rtl8192cu [ 14.680000] sd 0:0:0:0: Attached scsi generic sg0 type 0 [ 14.700000] usbcore: registered new interface driver cdc_acm [ 14.700000] cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters [ 14.720000] usbcore: registered new interface driver cdc_wdm [ 14.750000] nf_conntrack version 0.5.0 (955 buckets, 3820 max) [ 14.810000] usbcore: registered new interface driver ums-alauda [ 14.820000] usbcore: registered new interface driver ums-cypress [ 14.820000] usbcore: registered new interface driver ums-datafab [ 14.830000] usbcore: registered new interface driver ums-freecom [ 14.840000] usbcore: registered new interface driver ums-isd200 [ 14.850000] usbcore: registered new interface driver ums-jumpshot [ 14.860000] usbcore: registered new interface driver ums-karma [ 14.860000] usbcore: registered new interface driver ums-sddr09 [ 14.870000] usbcore: registered new interface driver ums-sddr55 [ 14.890000] usbcore: registered new interface driver ums-usbat [ 14.910000] usbcore: registered new interface driver usbserial [ 14.920000] usbcore: registered new interface driver usbserial_generic [ 14.920000] usbserial: USB Serial support registered for generic [ 15.000000] xt_time: kernel timezone is -0000 [ 15.000000] usbcore: registered new interface driver asix [ 15.010000] usbcore: registered new interface driver ax88179_178a [ 15.020000] usbcore: registered new interface driver cdc_ether [ 15.030000] ip_tables: (C) 2000-2006 Netfilter Core Team [ 15.060000] usbcore: registered new interface driver pl2303 [ 15.060000] usbserial: USB Serial support registered for pl2303 [ 15.070000] PPP generic driver version 2.4.2 [ 15.080000] NET: Registered protocol family 24 [ 15.080000] usbcore: registered new interface driver qmi_wwan [ 15.090000] usb 1-1.1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 15.100000] usbcore: registered new interface driver rndis_host [ 15.110000] usbcore: registered new interface driver sierra_net [ 15.140000] usbcore: registered new interface driver option [ 15.140000] usbserial: USB Serial support registered for GSM modem (1-port) [ 15.330000] ath9k_htc 1-1.1:1.0: ath9k_htc: HTC initialized with 33 credits [ 15.580000] ath9k_htc 1-1.1:1.0: ath9k_htc: FW Version: 1.4 [ 15.590000] ath9k_htc 1-1.1:1.0: FW RMW support: On [ 15.590000] ath: EEPROM regdomain: 0x0 [ 15.590000] ath: EEPROM indicates default country code should be used [ 15.590000] ath: doing EEPROM country->regdmn map search [ 15.590000] ath: country maps to regdmn code: 0x3a [ 15.590000] ath: Country alpha2 being used: US [ 15.590000] ath: Regpair used: 0x3a [ 15.600000] ieee80211 phy1: Atheros AR9271 Rev:1 [ 20.170000] random: nonblocking pool is initialized [ 25.820000] device eth0 entered promiscuous mode [ 29.080000] eth0: link up (100Mbps/Full duplex) [ 29.200000] br-lan: port 1(eth0) entered forwarding state [ 29.200000] br-lan: port 1(eth0) entered forwarding state [ 31.200000] br-lan: port 1(eth0) entered forwarding state [ 31.920000] device wlan0 entered promiscuous mode [ 32.150000] device wlan0-1 entered promiscuous mode [ 32.150000] br-lan: port 3(wlan0-1) entered forwarding state [ 32.160000] br-lan: port 3(wlan0-1) entered forwarding state [ 32.280000] br-lan: port 2(wlan0) entered forwarding state [ 32.280000] br-lan: port 2(wlan0) entered forwarding state [ 32.760000] br-lan: port 3(wlan0-1) entered disabled state [ 33.290000] eth0: link down [ 33.860000] br-lan: port 1(eth0) entered disabled state [ 34.280000] br-lan: port 2(wlan0) entered forwarding state [ 34.440000] eth0: link up (100Mbps/Full duplex) [ 34.490000] br-lan: port 1(eth0) entered forwarding state [ 34.490000] br-lan: port 1(eth0) entered forwarding state [ 35.740000] usb 1-1.3: new high-speed USB device number 5 using ehci-platform [ 35.790000] br-lan: port 3(wlan0-1) entered forwarding state [ 35.800000] br-lan: port 3(wlan0-1) entered forwarding state [ 36.020000] usb 1-1.3: reset high-speed USB device number 5 using ehci-platform [ 36.160000] ieee80211 phy2: rt2x00_set_rt: Info - RT chipset 5390, rev 0502 detected [ 36.490000] br-lan: port 1(eth0) entered forwarding state [ 36.860000] ieee80211 phy2: rt2x00_set_rf: Info - RF chipset 5370 detected [ 36.870000] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht' [ 37.800000] br-lan: port 3(wlan0-1) entered forwarding state [ 38.010000] wlan1: authenticate with 9c:b2:b2:11:21:ad [ 38.190000] wlan1: send auth to 9c:b2:b2:11:21:ad (try 1/3) [ 38.200000] wlan1: authenticated [ 38.610000] wlan1: associate with 9c:b2:b2:11:21:ad (try 1/3) [ 38.620000] wlan1: RX AssocResp from 9c:b2:b2:11:21:ad (capab=0x411 status=0 aid=2) [ 38.630000] wlan1: associated [ 42.090000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Loading firmware file 'rt2870.bin' [ 42.200000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.29 [ 123.660000] wlan1: deauthenticating from 9c:b2:b2:11:21:ad by local choice (Reason: 3=DEAUTH_LEAVING) btw: changed directory to /tmp
Zylla Posted August 22, 2018 Author Posted August 22, 2018 Just now, MarcSThe1st said: YES - for both. I will reboot the nano to give you a fresh dmesg ? Hmm. I cannot see the SD-card bug happening there actually... Anyways. Both @MarcSThe1st and @Just_a_User: Can you try downloading/upgrading hcxtools? I've updated it. And one of the changed files are the source-files to hcxpcaptool. So maybe this squashes your bug. ?
MarcSThe1st Posted August 22, 2018 Posted August 22, 2018 root@Pineapple:/sd/modules# opkg install hcxtools_4.2.1-2_ar71xx.ipk Upgrading hcxtools on root from 4.2.1-1 to 4.2.1-2... Configuring hcxtools. root@Pineapple:/sd/modules# opkg install hcxdumptool_4.2.1-1_ar71xx.ipk Installing hcxdumptool (4.2.1-1) to root... Configuring hcxdumptool. root@Pineapple:/sd/modules# cd /tmp root@Pineapple:/tmp# hcxdumptool -o /tmp/test.pcapng -i wlan1mon --enable_status 1 start capturing (stop with ctrl+c) INTERFACE:...............: wlan1mon FILTERLIST...............: 0 entries MAC CLIENT...............: fcc233880bc5 (client) MAC ACCESS POINT.........: 68e16698d73b (start NIC) EAPOL TIMEOUT............: 150000 REPLAYCOUNT..............: 65260 ANONCE...................: 82b1b6b70a33be6322e12eb4deae2309c13de84403e7852057d041ef3e9845c0 [19:07:41 - 005] 9cb2b21121ad -> fcc233880bc5 [FOUND PMKID CLIENT-LESS] INFO: cha=7, rx=2057, rx(dropped)=323, tx=148, powned=1, err=0^C terminated... root@Pineapple:/tmp# hcxpcaptool -z test.16800 test.pcapng start reading from test.pcapng Bus error root@Pineapple:/tmp# nope, also nothing happened in the dmesg [ 42.200000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.29 [ 123.660000] wlan1: deauthenticating from 9c:b2:b2:11:21:ad by local choice (Reason: 3=DEAUTH_LEAVING)
Zylla Posted August 22, 2018 Author Posted August 22, 2018 1 minute ago, MarcSThe1st said: root@Pineapple:/sd/modules# opkg install hcxtools_4.2.1-2_ar71xx.ipk Upgrading hcxtools on root from 4.2.1-1 to 4.2.1-2... Configuring hcxtools. root@Pineapple:/sd/modules# opkg install hcxdumptool_4.2.1-1_ar71xx.ipk Installing hcxdumptool (4.2.1-1) to root... Configuring hcxdumptool. root@Pineapple:/sd/modules# cd /tmp root@Pineapple:/tmp# hcxdumptool -o /tmp/test.pcapng -i wlan1mon --enable_status 1 start capturing (stop with ctrl+c) INTERFACE:...............: wlan1mon FILTERLIST...............: 0 entries MAC CLIENT...............: fcc233880bc5 (client) MAC ACCESS POINT.........: 68e16698d73b (start NIC) EAPOL TIMEOUT............: 150000 REPLAYCOUNT..............: 65260 ANONCE...................: 82b1b6b70a33be6322e12eb4deae2309c13de84403e7852057d041ef3e9845c0 [19:07:41 - 005] 9cb2b21121ad -> fcc233880bc5 [FOUND PMKID CLIENT-LESS] INFO: cha=7, rx=2057, rx(dropped)=323, tx=148, powned=1, err=0^C terminated... root@Pineapple:/tmp# hcxpcaptool -z test.16800 test.pcapng start reading from test.pcapng Bus error root@Pineapple:/tmp# nope, also nothing happened in the dmesg [ 42.200000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.29 [ 123.660000] wlan1: deauthenticating from 9c:b2:b2:11:21:ad by local choice (Reason: 3=DEAUTH_LEAVING) Ok. I'll get to the bottom of this asap. Working on it now.
Zylla Posted August 22, 2018 Author Posted August 22, 2018 Just out of curiosity. Can either, or both of you try these commands and report back: opkg info curl opkg info zlib opkg info libpthread opkg info libpcap opkg info libopenssl
MarcSThe1st Posted August 22, 2018 Posted August 22, 2018 sure root@Pineapple:/tmp# opkg info curl Package: curl Version: 7.40.0-3.1 Depends: libc, libcurl Status: install user installed Section: net Architecture: ar71xx Maintainer: Imre Kaloz <kaloz@openwrt.org> MD5Sum: 11a338aaec6c1b1441ecb0bfe1c0f7c4 Size: 38370 Filename: curl_7.40.0-3.1_ar71xx.ipk Source: package/network/utils/curl Description: A client-side URL transfer utility Installed-Time: 1459545776 root@Pineapple:/tmp# opkg info zlib Package: zlib Version: 1.2.8-1 Depends: libc Status: install user installed Section: libs Architecture: ar71xx MD5Sum: ad46d1cab1a4c07e5e55dcb28b79ce61 Size: 37865 Filename: zlib_1.2.8-1_ar71xx.ipk Source: package/libs/zlib Description: Library implementing the deflate compression method Installed-Time: 1534488441 root@Pineapple:/tmp# opkg info libpthread Package: libpthread Version: 0.9.33.2-1 Depends: libgcc Status: install hold installed Section: libs Essential: yes Architecture: ar71xx Maintainer: Felix Fietkau <nbd@openwrt.org> MD5Sum: bfaca8ace2404962d41bef6762f3923b Size: 31257 Filename: libpthread_0.9.33.2-1_ar71xx.ipk Source: package/libs/toolchain Description: POSIX thread library Installed-Time: 1534488441 root@Pineapple:/tmp# opkg info libpcap Package: libpcap Version: 1.5.3-1 Depends: libc Status: unknown ok not-installed Section: libs Architecture: ar71xx Maintainer: Felix Fietkau <nbd@openwrt.org> MD5Sum: d3e3622bd50b7ab8d1c27b1f15a61dd5 Size: 83095 Filename: libpcap_1.5.3-1_ar71xx.ipk Source: package/libs/libpcap Description: This package contains a system-independent library for user-level network packet capture. Package: libpcap Version: 1.9.0-1 Depends: libc Status: install user installed Architecture: ar71xx Installed-Time: 1534488441 root@Pineapple:/tmp# opkg info libopenssl Package: libopenssl Version: 1.0.2g-1 Depends: libc, zlib Status: unknown ok not-installed Section: libs Architecture: ar71xx MD5Sum: d0fc4828f7029e1668dbd66cbb19a7f8 Size: 685049 Filename: libopenssl_1.0.2g-1_ar71xx.ipk Source: package/libs/openssl Description: The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. This package contains the OpenSSL shared libraries, needed by other programs. Package: libopenssl Version: 1.0.2m-1 Depends: libc, zlib Status: install user installed Architecture: ar71xx Installed-Time: 1534488441
Just_a_User Posted August 22, 2018 Posted August 22, 2018 2 minutes ago, Zylla said: Just out of curiosity. Can either, or both of you try these commands and report back: opkg info curl opkg info zlib opkg info libpthread opkg info libpcap opkg info libopenssl root@Pineapple:~# opkg info curl Package: curl Version: 7.40.0-3.1 Depends: libc, libcurl Status: install ok installed Section: net Architecture: ar71xx Maintainer: Imre Kaloz <kaloz@openwrt.org> MD5Sum: 11a338aaec6c1b1441ecb0bfe1c0f7c4 Size: 38370 Filename: curl_7.40.0-3.1_ar71xx.ipk Source: package/network/utils/curl Description: A client-side URL transfer utility Installed-Time: 1534920880 root@Pineapple:~# opkg info zlib Package: zlib Version: 1.2.8-1 Depends: libc Status: install user installed Section: libs Architecture: ar71xx MD5Sum: ad46d1cab1a4c07e5e55dcb28b79ce61 Size: 37865 Filename: zlib_1.2.8-1_ar71xx.ipk Source: package/libs/zlib Description: Library implementing the deflate compression method Installed-Time: 1534818086 root@Pineapple:~# opkg info libpthread Package: libpthread Version: 0.9.33.2-1 Depends: libgcc Status: install hold installed Section: libs Essential: yes Architecture: ar71xx Maintainer: Felix Fietkau <nbd@openwrt.org> MD5Sum: bfaca8ace2404962d41bef6762f3923b Size: 31257 Filename: libpthread_0.9.33.2-1_ar71xx.ipk Source: package/libs/toolchain Description: POSIX thread library Installed-Time: 1534818086 root@Pineapple:~# opkg info libpcap Package: libpcap Version: 1.5.3-1 Depends: libc Status: unknown ok not-installed Section: libs Architecture: ar71xx Maintainer: Felix Fietkau <nbd@openwrt.org> MD5Sum: d3e3622bd50b7ab8d1c27b1f15a61dd5 Size: 83095 Filename: libpcap_1.5.3-1_ar71xx.ipk Source: package/libs/libpcap Description: This package contains a system-independent library for user-level network packet capture. Package: libpcap Version: 1.9.0-1 Depends: libc Status: install user installed Architecture: ar71xx Installed-Time: 1534818086 root@Pineapple:~# opkg info libopenssl Package: libopenssl Version: 1.0.2g-1 Depends: libc, zlib Status: unknown ok not-installed Section: libs Architecture: ar71xx MD5Sum: d0fc4828f7029e1668dbd66cbb19a7f8 Size: 685049 Filename: libopenssl_1.0.2g-1_ar71xx.ipk Source: package/libs/openssl Description: The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. This package contains the OpenSSL shared libraries, needed by other programs. Package: libopenssl Version: 1.0.2m-1 Depends: libc, zlib Status: install user installed Architecture: ar71xx Installed-Time: 1534818086
Zylla Posted August 22, 2018 Author Posted August 22, 2018 Interesting. I also upgraded to the newest version, then i got the same error message as you guys. I then tried downgrading to the exact same version i used before that, and surprise: same error.. WTF. I'm getting a beer. This needs to be squashed asap. Strange af.
MarcSThe1st Posted August 22, 2018 Posted August 22, 2018 5 minutes ago, Zylla said: Interesting. I also upgraded to the newest version, then i got the same error message as you guys. I then tried downgrading to the exact same version i used before that, and surprise: same error.. WTF. I'm getting a beer. This needs to be squashed asap. Strange af. jupp, sounds to me like "have you tried to restart the device already?!" ?
Zylla Posted August 22, 2018 Author Posted August 22, 2018 I've found a "solution", but i'm not sure how to fix it yet properly and get it packaged easily. I need to go over some stuff in the Makefile for the SDK. I've compiled a working version now. I just don't know why it doesn't work with the SDK. But i'm sure i'll get it fixed asap.
Zylla Posted August 22, 2018 Author Posted August 22, 2018 Bug should be fixed now! Uploaded new file, with new version to the repo. v4.2.1-3 Thanks for reporting it! And please, report back any other errors you encounter! I'll do my best to fix them asap. As always ?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.