Can jelly inject 802.11n packets?

[zhitaoh]

I have been able to use Jelly to generate 11b and 11g packets from RPi3, by adjusting the Rate parameter of the RadioTap object, which is really convenient. I wonder if it is possible to adapt jelly to send 11n packets?

It looks that the RadioTap class of Scapy already supports various rates, modulations, and 40 MHz channel bandwidth of 11n. But I have not been successful in generating 11n signals by setting the MCS field in the RT header. Any suggestion? Does the JamLab-NG driver need modification to implement 11n injection?

Thanks.

[schuschu]

Hi,

I have not really checked in depth how the mcs field is used, but maybe the problem is linked to https://github.com/seemoo-lab/nexmon/issues/184 which seems to indicate a problem with 40MHz+n. However, looking at the way the rate is set at the low level, it should be fairly easy to test in confiture or even plain nexutil to see it this is really the case.https://github.com/seemoo-lab/nexmon/blob/d5fd58656942d770e59764d88130b09d0a701c77/patches/include/rates.h shows that the rates after 54MBps are set differently. Currently https://github.com/seemoo-lab/nexmon/blob/master/patches/bcm43430a1/7_45_41_46/nexmon/src/injection.c#L87 is used for sending, so you could try to modify https://github.com/TuGraz-ITI/JamLab-NG/blob/master/src/sendframe.c#L51 directly.

Best, Markus

[zhitaoh]

Very informative tips. Thank you, Markus!

I checked the chip's datasheet and realized that it supports 802.11n modulations for only 20 MHz bands. On the other hand, it is capable of 40 MHz DSSS/CCK modulations. The latter is particularly interesting for economic reasons - that one can jam almost 40 MHz with a Raspberry Pi. However, I think either case requires extra firmware hacking.