Kismet Wireless

Kismet Forums

 

Posted by:gat3way
Subject:rtl8192cu support hacked in androidpcap
Date:06:51:02 16/07/2013

Hello all,

My name is Milen Rangelov, I am the author of hashkill (a GPU cracking software, it can also attack WPA handshakes). I am interested in wireless security as a whole, but Java and Android are not my strongest sides unfortunately.

I've been working the past several days on porting the realtek rtl8192cu driver to Java using the usb host api. I managed to hack it into androidpcap and it kind of works (still some more work needed though). The idea is to support more recent hardware (as it turned out it was impossible to find anything with rtl8187 on the local market :( ) but also less power consuming and smaller in size as compared to the Alfa AWUS (my tests are using the Netgear WN1000M which is a tiny but fully functional wifi dongle).

Right now I have the hardware initialization done properly (it unfortunately involves uploading a firmware blob, rtl8192cufw.bin, to the device). I can put the adapter in monitor mode and capture traffic. The pcap part needs some more work though (I remove the trailing FCS but it looks like the data from bulk transfer has a variable sized driver info header, e.g beacon and probe frames have 56 bytes offset from start of usb bulk transfer data, while data frames have less than that). Also, I still need to write the channel/band switch code properly as it apparently does not work in the moment (it involves reading txpower tables from efuse, then some boring hacks which I mess up at some point). I am not sure how to utilize the N band yet, need more digging in the driver code. Also, at that point, no packet injection is possible, that would be harder to do, but I still think it's quite possible.

There are also some problems on the Android side, e.g when my Nexus 7 goes to sleep with the rtl8192cu dongle attached to the OTG cable, the tablet occasionally hangs, it needs to be powered on manually with the OTG cable disconnected. I don't know if that can be fixed though. Also my code is an ugly mess right now, so apart from the unfinished features, I need to clean it up from wtf crap.

Are you interested in having rtl8192cu support in your project? I can send you the class file once ready.

BTW I intend to start my own wifi frame capture / frame injection project for android that is able to collect handshakes, save them to hccap format, eventually "try" some small dictionary files locally, etc. May I borrow some ideas from your project? I like the libpcap JNI calls idea (though the pcap format is not that complex, I think that even this can relatively easy be done in pure java code).

Regards,
Milen


Reply to this message