To use 802.11a PCMCIA cards with an Atheros chipset, select the kernel PCMCIA support, compile the vt_ark5k driver (edit the Makefile if your Linux kernel source is not in /usr/src/linux), and insert "options vt_ar5k
reg_domain=???" into /etc/modules.conf. There is a variance according to the country you are in and its power output regulations; the available options are fcc (U.S.), etsi (E.U.), and de (Germany and Japan). Alternatively, you can specify these options when the module is inserted (e.g., insmod vt_ar5k.o
reg_domain=fcc). When the card services are restarted, you should see the module with lsmod and the card should be recognized.
Alternatively, you can use the Madwifi project drivers, in particular when trying to set up and configure a combo 802.11a/b/g Atheros chipset card. As of the time of writing, the latest version of the driver was madwifi-20030802, but as we have found out, the CVS version is more stable, provides support for more Wi-Fi cards and has faster network performance.
To obtain the latest CVS driver use the following command:
arhontus:$ cvs -z3 -d: \
pserver:anonymous@cvs.sourceforge.net:/cvsroot/madwifi co madwifi
To compile these modules for 2.6.x Linux kernels, you should consider
downloading relevant patches from the project page. For illustration purposes, this section describes madwifi installation under 2.4.x based kernels. To compile Wi-Fi modules, change the current working directory to madwifi CVS and issue:
arhontus:$ make all && make install
To load the modules, make sure the wifi card is inserted and type modprobe
ath_pci. If all goes well, you should have similar output to lsmod and iwconfig commands:
arhontus:~#lsmod
Module Size Used by Tainted: P ath_pci 31952 1
wlan 45512 1 [ath_pci]
ath_hal 101152 1 [ath_pci]
arhontus:~#iwconfig ath0
ath0 IEEE 802.11 ESSID:"ComboNet"
Mode:Managed Frequency:2.412GHz Access Point: 00:30:BD:9E:50:7C
Bit Rate:54Mb/s Tx-Power:off Sensitivity=0/242700000 Retry:off RTS thr:off Fragment thr:off
Encryption key:4330-4445-3145-4537-4330-4747-45 Security mode:open
Power Management:off
Link Quality:0/1 Signal level:-216 dBm Noise level:-256 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
For the card interface configuration use Linux Wireless Extensions, as described in the next chapter. If you require further information about the madwifi driver,
consult the README file in the madwifi directory.
Tip
There are many wireless card chipsets and corresponding Linux drivers that are different from the mainstream Prism, Hermes, Aironet, and Atheros. Some of these chipsets and drivers, such as Symbol24t, have been mentioned earlier.
Unfortunately, we cannot cover them all, as it would require a book on its own. We also do not review the drivers' internals for the same reason, even though we consider this area to be of great interest for people interested in hacking. If you are interested in knowing more about this area, we suggest studying Jean's Tourrilhes Linux wireless drivers page, in particular
http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Linux.Wireless.drivers.html#Prism2-hostAP, and follow the links it provides. This provides a good insight for anyone interested in modification and development of wireless client card drivers, or people who want to know why Hermes chipset cards have three different drivers or what the difference is between the function and structure of prism2_cs and p80211 linux-wlan-ng modules for the Prism cards. Please note that we do not discuss the installation of HostAP and AirJack drivers in this chapter, as they are described in the review of man-in-the-middle attacks.
On BSD systems the installation of wireless drivers is more straightforward: You use the wi or an device drivers that come with the system. Ensure that your
kernel configuration file in /usr/src/sys/i386/conf has PCMCIA support.
An example of FreeBSD configuration is as follows:
device card
device pcic0 at isa? irq 0 port 0x3e0 iomem 0xd0000
device pcic1 at isa? irq 0 port 0x3e2 iomem 0xd4000 disable options WLCACHE
options WLDEBUG
options PCIC_RESUME_RESET
Do not forget to add pccard_enable="YES" to /etc/rc.conf. You might also need to add pccard_mem="DEFAULT" to the rc.conf configuration file and specify an unused IRQ and any additional options you like in /etc/pccard.conf. For
example:
# Lucent WaveLAN/IEEE PCMCIA card
card "Lucent Technologies" "WaveLAN/IEEE"
config 0x1 "wi0" 10
insert echo Lucent card inserted insert /etc/pccard_ether wi0
remove echo Lucent card removed remove /sbin/ifconfig wi0 delete
In this example, "10" in the "config 0x1 "wi0" 10" string is the IRQ.
In OpenBSD, the kernel configuration options to recognize PCMCIA 802.11 cards would look like this:
#PCMCIA controllers
pcic* at pci? dev? function?
# PCMCIA bus support
pcmcia* at pcic? controller? socket?
pcmcia* at tcic? controller? socket?
wi* at pcmcia? dev? function?
an* at pcmcia? function?
The list of cards supported by wi in accordance with the OpenBSD manuals is given in Table 4-1.
Table 4.1. Supported Wireless Cards in BSD
Card Chip Bus
3Com AirConnect 3CRWE737A Spectrum24 PCMCIA
3Com AirConnect 3CRWE777A Prism-2 PCI
ACTIONTEC HWC01170 Prism-2.5 PCMCIA
Addtron AWP-100 Prism-2 PCMCIA
Agere Orinoco Hermes PCMCIA
Apple Airport Hermes macobio
Buffalo AirStation Prism-2 PCMCIA
Buffalo AirStation Prism-2 CF
Cabletron RoamAbout Hermes PCMCIA
Compaq Agency NC5004 Prism-2 PCMCIA
Contec FLEXLAN/FX-DS110-PCC Prism-2 PCMCIA
Corega PCC-11 Prism-2 PCMCIA
Corega PCCA-11 Prism-2 PCMCIA
Corega PCCB-11 Prism-2 PCMCIA
Corega CGWLPCIA11 Prism-2 PCI
Dlink DWL520 Prism-2.5 PCI
Dlink DWL650 Prism-2.5 PCMCIA
ELSA XI300 Prism-2 PCMCIA
ELSA XI325 Prism-2.5 PCMCIA
ELSA XI325H Prism-2.5 PCMCIA
ELSA XI800 Prism-2 CF
EMTAC A2424i Prism-2 PCMCIA
Ericsson Wireless LAN CARD C11 Spectrum24 PCMCIA
Gemtek WL-311 Prism-2.5 PCMCIA
Hawking Technology WE110P Prism-2.5 PCMCIA
I-O DATA WN-B11/PCM Prism-2 PCMCIA
Intel PRO/Wireless 2011 Spectrum24 PCMCIA
Intersil Prism II Prism-2 PCMCIA
Intersil Mini-PCI Prism-2.5 PCI
Linksys Instant Wireless WPC11 Prism-2 PCMCIA
Linksys Instant Wireless WPC11 2.5 Prism-2.5 PCMCIA
Linksys Instant Wireless WPC11 3.0 Prism-3 PCMCIA
Lucent WaveLAN Hermes PCMCIA
NANOSPEED ROOT-RZ2000 Prism-2 PCMCIA
NDC/Sohoware NCP130 Prism-2 PCI
NEC CMZ-RT-WP Prism-2 PCMCIA
Netgear MA401 Prism-2 PCMCIA
Netgear MA401RA Prism-2.5 PCMCIA
Nokia C020 Wireless LAN Prism-I PCMCIA
Nokia C110/C111 Wireless LAN Prism-2 PCMCIA
Nortel E-mobility 211818-A Spectrum24 PCI
NTT-ME 11Mbps Wireless LAN Prism-2 PCMCIA
Proxim Harmony Prism-2 PCMCIA
Proxim RangeLAN-DS Prism-2 PCMCIA
Samsung MagicLAN SWL-2000N Prism-2 PCMCIA
Symbol Spectrum24 Spectrum24 PCMCIA
Symbol LA4123 Spectrum24 PCI
SMC 2632 EZ Connect Prism-2 PCMCIA
TDK LAK-CD011WL Prism-2 PCMCIA
US Robotics 2410 Prism-2 PCMCIA
US Robotics 2445 Prism-2 PCMCIA
You can also check the lists of networking equipment in Appendix B for more
compatibility information. If your card is in the list of supported hardware and you have modified the BSD kernel config file as shown earlier and recompiled the
kernel, everything should work. We'll emphasize this point one more time: If you want to use BSD as the primary platform for proper wireless penetration testing, you'll need a Prism chipset card, and 802.11a will remain out of reach until the appropriate drivers are developed (if ever, considering the current 802.11g spread and popularity).