Packet Injection wifi Intel 4965 AGN

Finally there exists a way how to solve packet injection with driver for wifi card Intel WiFi Link 4965AGN – operating system Linux. The one modified is the original driver iwlwifi (included for example in distribution Backtrack Linux). Be aware that the packet injection is functional but still it is an experimental thing (develop version). Besides the complicated compilation and occasional unstability so far (September 2008) the aireplay-ng attack -9 (t.j test injection) does not work on 100%.

Tutorial for packet injection Intel Pro Wireless 4965AGN (iwl4965)
What do you need:
- kernel 2.6.25 or higher*,
- kernel sources,
- compat-wireless-2.6 packet,
- aircrack-ng (=””> RC1),
- basic development tools (make, gcc, …),
- injection patche for driver.
Be aware that the instruction is for generic Linux. Your distribution, mainly in case of advanced packet administration (Debian, Ubuntu, etc.), can include required packets in source (then you don’t have to compile it manually from source code).

Preparation of kernel
Make sure that your kernel configuration includes mentioned configuration. Especially watch out for those that are as modules built-in and those that can be added.

Networking -> Wireless :
[M] Improved wireless configuration API
[*] nl80211 new netlink interface support
[*] Wireless extensions
[M] Generic IEEE 802.11 Networking Stack (mac80211)
[M] Generic IEEE 802.11 Networking Stack (DEPRECATED)
[M] IEEE 802.11 WEP encryption (802.1x)
[M] IEEE 802.11i CCMP support
[M] IEEE 802.11i TKIP encryption
[M] Software MAC add-on to the IEEE 802.11 networking stack

It is also necessary to turn on “Automatic kernel module loading” under “Loadable module support”, otherwise you will end if “module dependency errors”. At this moment you can suppose that your kernel is prepared and is running.

Driver compilation
Development version of drivers exists as a part of compat-wireless project. We will need the up-to-date packet. You can get it here.
Download to your home folder (or where ever you want),then download patches for iwlwifi drivers, including fragmentation patch for mac80211. Last mentioned is available here (download 2.6.26-wl version). The first available is hang up at paste.bin.

cd ~
tar xjf compat-wireless-2.6.tar.bz2
cd compat-wireless-2008-*
wget http://pastebin.com/pastebin.php?dl=f7bc96631 -O iwl4965-injection.patch
wget http://patches.aircrack-ng.org/mac80211_2.6.26-wl_frag.patch
patch -p1 < iwl4965-injection.patch
patch -p1 < mac80211_2.6.26-wl_frag.patch
make
make install [jako root!]
make unload; rmmod ssb mac80211 cfg80211 [all as root!]
make load [as root!]
echo options iwl4965 swcrypto=1 >> /etc/modprobe.d/options [all as root!]

This will allow to start it and to use the treated driver module. In case of success in the system there is registered interface “wlan0″ and “wmaster0″, the first can be seen by iwconfig.


Injecting
From the way how mac80211 works it is obvious that you can’t inject at the original interface wlan0. This is the moment when you can use the tool airmon-ng. By this tool you will create the interface mon0 that is able to do packet injection. Command:

# airmon-ng start wlan0

If the word error appears “iw”, program not found, download and compile. Program “iw” is pendent to “libnl” pack (downloadable here). If it is successful you can try again to run airmon-ng. The output should look like this:

# airmon-ng start wlan0
Interface Chipset Driver
wlan0 Intel 4965 a/b/g/n iwl4965 - [phy0] (monitor mode enabled on mon0)

If you made it up to here your wireless card is probably ready for packet injection. Interface mon0 can be used for airodump-ng scan and aireplay-ng packet injection.

First reference and tutorial was published (in English) at tinyshell forum. The text is a translation from the record at aircrack-ng wiki. Detailed description can be found in the discussion here. The summary of steps for Ubuntu 8.04 (or here). The card ipw4965 is not at this moment available, so do the testing and your comments are welcomed at the discussion forum.
via airdump.net