|< Day Day Up >|
The Engine: Chipsets, Drivers, and Commands
A good thing about Linux drivers is their universal separation by the client card chipset: linux-wlan-ng, HostAP, and AirJack for Prism cards; Orinoco and HermesAP for Hermes cards; airo-linux for Cisco Aironet; Orinoco/Symbol24 for Symbol cards; vt_ar5k for Atheros 802.11a; and initial ADM8211 drivers and Madwifi for ADM8211 and Atheros 5212 in many 802.11a/b/g combo cards. However, all these drivers use the same /etc/pcmcia/wireless.opts configuration file, supplemented by more specific configurations such as wlan-ng.conf, hermes.conf, hostap_cs.conf, or vt_ar5k.conf. These additional files contain the description of 802.11 cards known to be supported by a particular driver they come with. As to the configuration utilities and scripts, the majority of listed card types use Jean's Tourrilhes Linux Wireless Extensions, apart from linux-wlan-ng (which has its own wlancfg and wlanctl-ng configuration utilities) and Cisco Aironet (configured by editing a text file in /proc/driver/aironet created when the card is initialized, usually /proc/driver/aironet/eth1/Config). Being rather flexible, Cisco Aironet cards can also be configured using Linux Wireless Extensions or through an ACU GUI utility. Due to this difference there are different initialization scripts for linux-wlan-ng (/etc/pcmcia/wlan-ng) and cards configured using Linux Wireless Extensions (/etc/pcmcia/wireless).
Under BSD, wireless drivers for Prism and Hermes chipset cards are grouped into the wi interface driver, whereas Cisco Aironet cards are supported by the an device. Other (Free) BSD wireless device drivers you might encounter are ray for Raylink-based and awi for old Prism I cards.
The configuration of wireless client cards on BSD is done via the wicontrol utility for Prism and Hermes chipset cards (listed later in the chapter) or ancontrol for Cisco cards. On FreeBSD versions above 4.5, the functionality of both wicontrol and ancontrol is merged into ifconfig, but both wicontrol and ancontrol are still there. The startup configuration scripts for FreeBSD have to be written by the user, but this is easy. A good example of such a script placed into /usr/local/etc/rc.d is given in Bruce Potter's and Bob Fleck's "802.11 Security." On OpenBSD, necessary parameters for wireless card initialization can be added to the <hostname.interface> file, such as hostname.an0 or hostname.wi0.
Whereas the Linux and BSD configuration files and utilities are pretty much unified by the chipset type, under Windows these utilities and files are specific for a particular card brand. Thus, a comprehensive review is outside the scope of this book, considering the amount of 802.11 client cards available on the market. We suggest you read the instructions provided by the card manufacturer.
Making Your Client Card Work with Linux and BSD
The first step in installing your 802.11 client card under Linux or BSD is choosing the correct options in the kernel and compiling pcmcia-cs Card Services. If you use a vanilla kernel or a kernel that comes with your default distribution installation, chances are that the modules for your wireless card are already compiled and included and the Set Version Information On All Module Symbols option is enabled. This is fine as long as you use the Prism chipset cards only, which support RFMON sniffing mode by default using the majority of linux-wlan-ng driver versions. You can even compile Prism support into the kernel. Otherwise you should use patched (Orinoco/Hermes) or third-party (Sourceforge airo-linux) modules when setting up a system for security audits (Aironet drivers that come with the latest linux kernels are actually fine). Specific drivers such as HostAP do not come with the kernel and have to be compiled separately. In such cases you should disable Set Version Information On All Module Symbols and should not try to compile your card support into the kernel, instead compile it as modules (see Figure 4-1).
Figure 4.1. Kernel loadable modules support.
You can either skip selecting the modules coming with your kernel or overwrite them later with the patched modules when installing pcmcia-cs or card-specific drivers.
After the kernel compiles (read Kernel-How-To if you never compiled one), you should build the pcmcia-cs package. We do not recommend using the precompiled pcmcia-cs distribution packages due to the patching and the future need for pcmcia-cs sources if you want to build other tools. Before building pcmcia-cs, you might need to apply the Shmoo patch, which can be obtained from http://airsnort.shmoo.com/orinocoinfo.html. Pick a patch appropriate for your particular pcmcia-cs version and execute:
arhontus:~# patch -p0 < pcmcia-cs-"your-pcmcia-cs-version"-orinoco-patch.diff
Alternatively, you can download the orinoco-cs driver, patch it, and replace the unpatched sources in /usr/src/pcmcia-cs-"current-version"-patched/wireless by the patched one. Also, you can compile the patched modules separately and copy them into /lib/modules/"yourkernelversion"/pcmcia, perhaps over the unpatched ones that come with a distribution kernel. If you intend to do this, you need to disable the "Set version information on all module symbols" option. If you use Cisco Aironet, don't use the default drivers that come with the card or the Cisco Web site because they don't support RFMON mode. Instead download airo-linux drivers from Sourceforge (http://sourceforge.net/projects/airo-linux/). The easiest way of installing them is copying the airo.c and airo_cs.c sources from airo-linux into the wireless subdirectory of the pcmcia-cs. If you use the modules that come with the kernel, you'll have to apply the patch packaged with the airo-linux software. Because this patch is only applicable to kernel 2.4.3, this is not recommended. However, all the latest kernels provide RFMON-enabled Aironet drivers. Therefore, if you keep your kernel up to date, you can safely use the modules that came with the kernel.
If you want to overwrite the original kernel modules, use ./configure --force flag when compiling pcmcia-cs. Otherwise simply execute:
arhontus:~# make config -------- Linux PCMCIA Configuration Script -------- The default responses for each question are correct for most users. Consult the PCMCIA-HOWTO for additional info about each option. Linux kernel source directory [/usr/src/linux]: The kernel source tree is version 2.4.20. The current kernel build date is Thu Mar 6 22:53:57 2003. Build 'trusting' versions of card utilities (y/n) [y]: Include 32-bit (CardBus) card support (y/n) [y]: Include PnP BIOS resource checking (y/n) [n]: Module install directory [/lib/modules/2.4.20]: Kernel configuration options: Kernel-tree PCMCIA support is enabled. Symmetric multiprocessing support is disabled. PCI BIOS support is enabled. Power management (APM) support is enabled. SCSI support is enabled. IEEE 1394 (FireWire) support is disabled. Networking support is enabled. Radio network interface support is enabled. Token Ring device support is disabled. Fast switching is disabled. Frame Diverter is disabled. Module version checking is disabled. Kernel debugging support is enabled. Memory leak detection support is disabled. Spinlock debugging is disabled. Preemptive kernel patch is disabled. /proc filesystem support is enabled. It looks like you have a System V init file setup. X Window System include files found. Forms library not installed. If you wish to build the 'cardinfo' control panel, you need the forms library and the X Window System include files. See the HOWTO for details. Configuration successful. Your kernel is configured with PCMCIA driver support. Therefore, 'make all' will compile the PCMCIA utilities but not the drivers. arhontus:~# make all && make install && make clean
This will finish the job. You need to build trusting versions of the card utilities if you want non-root users to be able to suspend and resume pcmcia cards, reset cards, and change the current configuration scheme. The 32-bit CardBus support is only necessary for using 32-bit CardBus cards, such as the current combo a/b/g cards, as well as many recent 802.11a and 802.11b cards that support proprietary 22 Mbps or 108 Mbps speed enhancements. It is not needed for older 16-bit PC cards. Prism chipset card drivers such as prism2_cs and p80211 are not included within the wireless subdirectory of PCMCIA-cs: They have to come with the kernel, or be built and installed when compiling linux-wlan-ng. Installing PCMCIA-cs creates the /etc/pcmcia directory, which can be modified later when you compile other wireless card drivers like linux-wlan-ng or HostAP. If you use multiple wireless cards with different chipsets on the same laptop, we recommend keeping /etc/pcmcia configs for each chipset card separately. Then you will be able to switch between different chipset cards easily. For example, if your current card is Orinoco and you want to change it to Prism, a good option is this:
arhontus:/#rm -rf /etc/pcmcia && cp -r /usr/local/wireless/pcmcia-wlan-ng /etc/pcmcia && /etc/init.d/pcmcia restart
Make sure you have a backup for all of the configuration files. For your convenience we have included samples of PCMCIA configuration files for Wlan-ng, Hermes, HostAP, and Ark chipset cards on the http://www.wi-foo.com Web site. The given PCMCIA Ark configuration files also support Wlan-ng. As long as airo_cs and airo modules are correctly installed, the Cisco Aironet cards are unaffected by the peculiarities of /etc/pcmcia config files and will work with all config files without any need to restart PCMCIA services. You can always check the status of the card by using the cardctl:
arhontus:~# cardctl config && cardctl info && cardctl status
or even using the graphical cardinfo (Figure 4-2) utility, which lets you control the card in the same way /etc/init.d/pcmcia script does.
Figure 4.2. Cardinfo graphical utility.
To use 802.11a PCMCIA cards with an Atheros chipset, select the kernel PCMCIA support, compile the vt_ark5k driver (edit the Makefile if your Linux kernel source is not in /usr/src/linux), and insert "options vt_ar5k reg_domain=???" into /etc/modules.conf. There is a variance according to the country you are in and its power output regulations; the available options are fcc (U.S.), etsi (E.U.), and de (Germany and Japan). Alternatively, you can specify these options when the module is inserted (e.g., insmod vt_ar5k.o reg_domain=fcc). When the card services are restarted, you should see the module with lsmod and the card should be recognized.
Alternatively, you can use the Madwifi project drivers, in particular when trying to set up and configure a combo 802.11a/b/g Atheros chipset card. As of the time of writing, the latest version of the driver was madwifi-20030802, but as we have found out, the CVS version is more stable, provides support for more Wi-Fi cards and has faster network performance.
To obtain the latest CVS driver use the following command:
arhontus:$ cvs -z3 -d: \ pserver:email@example.com:/cvsroot/madwifi co madwifi
To compile these modules for 2.6.x Linux kernels, you should consider downloading relevant patches from the project page. For illustration purposes, this section describes madwifi installation under 2.4.x based kernels. To compile Wi-Fi modules, change the current working directory to madwifi CVS and issue:
arhontus:$ make all && make install
To load the modules, make sure the wifi card is inserted and type modprobe ath_pci. If all goes well, you should have similar output to lsmod and iwconfig commands:
arhontus:~#lsmod Module Size Used by Tainted: P ath_pci 31952 1 wlan 45512 1 [ath_pci] ath_hal 101152 1 [ath_pci] arhontus:~#iwconfig ath0 ath0 IEEE 802.11 ESSID:"ComboNet" Mode:Managed Frequency:2.412GHz Access Point: 00:30:BD:9E:50:7C Bit Rate:54Mb/s Tx-Power:off Sensitivity=0/242700000 Retry:off RTS thr:off Fragment thr:off Encryption key:4330-4445-3145-4537-4330-4747-45 Security mode:open Power Management:off Link Quality:0/1 Signal level:-216 dBm Noise level:-256 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0
For the card interface configuration use Linux Wireless Extensions, as described in the next chapter. If you require further information about the madwifi driver, consult the README file in the madwifi directory.
On BSD systems the installation of wireless drivers is more straightforward: You use the wi or an device drivers that come with the system. Ensure that your kernel configuration file in /usr/src/sys/i386/conf has PCMCIA support.
An example of FreeBSD configuration is as follows:
device card device pcic0 at isa? irq 0 port 0x3e0 iomem 0xd0000 device pcic1 at isa? irq 0 port 0x3e2 iomem 0xd4000 disable options WLCACHE options WLDEBUG options PCIC_RESUME_RESET
Do not forget to add pccard_enable="YES" to /etc/rc.conf. You might also need to add pccard_mem="DEFAULT" to the rc.conf configuration file and specify an unused IRQ and any additional options you like in /etc/pccard.conf. For example:
# Lucent WaveLAN/IEEE PCMCIA card card "Lucent Technologies" "WaveLAN/IEEE" config 0x1 "wi0" 10 insert echo Lucent card inserted insert /etc/pccard_ether wi0 remove echo Lucent card removed remove /sbin/ifconfig wi0 delete
In this example, "10" in the "config 0x1 "wi0" 10" string is the IRQ.
In OpenBSD, the kernel configuration options to recognize PCMCIA 802.11 cards would look like this:
#PCMCIA controllers pcic* at pci? dev? function? # PCMCIA bus support pcmcia* at pcic? controller? socket? pcmcia* at tcic? controller? socket? wi* at pcmcia? dev? function? an* at pcmcia? function?
The list of cards supported by wi in accordance with the OpenBSD manuals is given in Table 4-1.
You can also check the lists of networking equipment in Appendix B for more compatibility information. If your card is in the list of supported hardware and you have modified the BSD kernel config file as shown earlier and recompiled the kernel, everything should work. We'll emphasize this point one more time: If you want to use BSD as the primary platform for proper wireless penetration testing, you'll need a Prism chipset card, and 802.11a will remain out of reach until the appropriate drivers are developed (if ever, considering the current 802.11g spread and popularity).
|< Day Day Up >|