Deauth 5 GHz

[VML]

I have a Mark VII Basic and the supported compatible AWUS036ACM.

The death attack on laptop with Kali and AWUS036ACM (the same physical adapter) is working perfectly fine.

When I attach the same AWUS036ACM to Mark VII Basic, airmon-ng is working, putting the card in monitor mode, airodump-ng is working on 5 GHz, finding APs and customers.

When I start mdk4 with deauthentication options all looks good. MDK4 is sending packages to the AP and customers under attack and so on exactly like my laptop.

Everything looks fine except that there is NO real deauthentication of the customers from the access point. The customers of the AP are getting Internet connection without interuption and there are no disconnects according the logs of the access points (my test access point).

I tried on own 2 APs from Asus and TP-link, the deauthentication  is working from my laptop but it's not working on Mark VII Basic.

Looks like Mark VII Basic is NOT sending real packages in the air but mdk4 is "sending" packages according the screen log.

Is this a driver bug or something else?

[chrizree]

There is probably a difference in version of MDK4 between your Kali box and the one that is installed on your Mk7. Most likely "4.0 v1" on the Mk7 and "4.1" on your Kali machine. I've experienced other types of problems with the 4.0 v1 version on the Mk7 (not with 5GHz specifically though so it might not solve your problems if it's driver related, 5GHz specific or such).

Try installing a newer version of MDK4 on the Mk7 and see if it works better.

opkg remove mdk4

wget https://github.com/adde88/openwrt-useful-tools/raw/packages-19.07_mkvii/mdk4_4.1-9_mipsel_24kc.ipk

opkg install ./mdk4_4.1-9_mipsel_24kc.ipk

This should put version 4.1 on the Mk7. Note though that the above package is not "official" Hak5 for the Mk7 but it's maintained by adde88 that is active on this forum and has made available a lot of newer version/packets for Hak5 devices.

[VML]

Thank you but it's not working again.

The problem is the same - no deauth.

[VML]

I think I found the problem but I don't know how to fix it:

lsusb

Bus 001 Device 004: ID 148f:7601 Ralink Technology, Corp. MT7601U Wireless Adapt

So the chipset is MT7601U but I'm sure that the chipset is MT7612U.

When I use the card on my laptop with Kali the command lsusb shows MT7612U.

So I have to find out how to replace the driver to load and shows MT7612U.

Any help on this would be greatly appreciated?

[chrizree]

ok, that's strange, I have a 7612 based USB NIC and it shows up correctly as a 7612 device on the Mk7

[VML]

Agree. It is strange but:

1. It shows MT7612U on laptop with Kali

2. MT7601U  is working only on 2.4GHz.

I can do airodump-ng on my Mark VII and it scans and shows my access points and customers on 5 GHz.

That means the chipset is NOT MT7601U.

Also iwconfig shows the adapter in monitor mode and 5 GHz.

Only the deaut doesn't work and and lsusb shows MT7601U.

I need to load module MT7612U before to look for other problems but I don't know source of the driver.

[VML]

I have restored the firmware (reset mark) and now:

1. shows the correct MT7612U

2. the deaut still doesn't work... all else is working.

@chrizree could you please try mdk4 deauth on your Mark VII?

[chrizree]

I can try later when I get some time to do it, I know MDK4 is working on 2.4GHz at least since I did a PoC on that some week ago

[chrizree]

Deauth works every single time for me. I grabbed a test/lab home router with a 5 GHz AP and two devices connected to the 5 GHz WiFi network (2 Android phones). Using MDK4 both from CLI and the module web GUI on the Mk7 deauths the devices with 100% success from the 5 GHz AP. I have probably done 20 iterations now while testing.

[VML]

Thank you! That means the problem is on my side. The wifi adapter or Mark VII.

[chrizree]

At first I thought your 5GHz USB NIC was a bit "strange" since it showed up as a 7601 chipset device, but now when reading your old post again I realize that I wasn't paying attention to what you actually had pasted. That 7601 line from lsusb that you showed was one of the internal radios of the Mk7 itself (based on the Bus and ID info). I have the same output on my Mk7 for my internal radios. You had the 7612 there all the time most likely, you just didn't see it. So, your 5 GHz is probably as correct as it can be. And I guess the Mk7 itself is also not the issue here either. Before running MDK4, did you put the 5 GHz USB NIC in monitor mode on the Mk7?

[VML]

On 4/20/2021 at 9:09 AM, chrizree said:

At first I thought your 5GHz USB NIC was a bit "strange" since it showed up as a 7601 chipset device, but now when reading your old post again I realize that I wasn't paying attention to what you actually had pasted. That 7601 line from lsusb that you showed was one of the internal radios of the Mk7 itself (based on the Bus and ID info). I have the same output on my Mk7 for my internal radios. You had the 7612 there all the time most likely, you just didn't see it. So, your 5 GHz is probably as correct as it can be. And I guess the Mk7 itself is also not the issue here either. Before running MDK4, did you put the 5 GHz USB NIC in monitor mode on the Mk7?

Sure.

airmon-ng check kill

airmon-ng start wlan3

iwconfig to confirm it

[VML]

1 minute ago, VML said:

Sure.

airmon-ng check kill

airmon-ng start wlan3

iwconfig to confirm it

wlan3mon  IEEE 802.11  Mode:Monitor  Frequency:5.18 GHz  Tx-Power=20 dBm
          RTS thr:off   Fragment thr:off
          Power Management:off

[chrizree]

OK, that's good since it's needed. How do you start the MDK deauth then (if it's still not working)?