search

aircrack-ng / aircrack-ng

WiFi security auditing tools suite
https://aircrack-ng.org
GNU General Public License v2.0
5.54k stars 957 forks source link

5ghz network injection failure in channels greater than 100 #2141

Open sagaardu opened 4 years ago

sagaardu commented 4 years ago

Hello,

I am doing injection tests on my AP over a 5ghz network with an RT3572 adapter and I see that the injection test works correctly if the AP channel remains below channel 100

pi@pi:~$ sudo aireplay-ng --test wlan0mon
10:10:05  Trying broadcast probe requests...
10:10:05  Injection is working!
10:10:06  Found 4 APs

10:10:08  XX:XX:XX:XX:XX:XX - channel: 60 - 'NOMBRE_RED'
10:10:09  Ping (min/avg/max): 0.541ms/4.301ms/15.030ms Power: -56.00
10:10:09  29/30:  96%

with airodump launched I observe how many clients appear

CH 60 ][ Elapsed: 2 mins ][ 2020-04-25 10:12

 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

 XX:XX:XX:XX:XX:XX  -57 100     1592        0    0  60  54e  WPA2 CCMP   PSK  NOMBRE_RED

 BSSID              STATION            PWR   Rate    Lost    Frames  Probe

 XX:XX:XX:XX:XX:XX  00:D1:82:BE:21:F6    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:21:C0:9A:A5:24    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:9C:40:EC:24:25    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:B4:AB:D6:60:5F    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:22:2A:C7:D8:61    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:E4:66:57:9A:EF    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:DC:9A:4F:74:D1    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:9B:75:84:64:37    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:E0:8C:88:E5:35    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:D2:75:AB:B4:C6    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:90:D7:B6:36:ED    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:F2:86:B5:89:CB    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:36:18:97:37:95    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:90:4E:C8:C2:58    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:D8:C2:04:A9:13    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:3E:BE:E2:51:35    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:4E:EA:A6:16:1C    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:4F:20:96:45:DB    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:56:3F:01:7C:5B    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:A5:B5:32:0A:6D    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:71:CF:D1:50:8B    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:A8:C5:12:77:F6    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:A5:CB:C7:32:98    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:A4:3B:F6:BA:B8    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:35:93:26:1C:4E    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:65:A6:64:B8:24    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:58:DB:DF:BC:D4    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:93:7A:CF:30:5F    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:10:0F:8D:CD:E0    0    0 - 6      0        4
 XX:XX:XX:XX:XX:XX  00:1F:A8:16:7C:AE    0    0 - 6      0        4

However if I put the AP in a channel above 100 the injection stops working

pi@pi:~$ sudo aireplay-ng --test wlan1mon
17:34:31  Trying broadcast probe requests...
17:34:33  No Answer..
17:34:33  Found 1 APs

17:34:51  XX:XX:XX:XX:XX:XX - channel: 112 - 'NOMBRE_RED'
17:34:57   0/30:   0%

A pesar de que en AP continuan apareciendo los clientes:

CH 112 ][ Elapsed: 6 mins ][ 2020-04-27 17:40

 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESS

 XX:XX:XX:XX:XX:XX  -51 100     3693      385    1 112  54e  WPA2 CCMP   PSK  NOMBRE_RED

 BSSID              STATION            PWR   Rate    Lost    Frames  Probe

 XX:XX:XX:XX:XX:XX  00:D3:89:7C:3D:EF    0    0 - 6    310        4
 XX:XX:XX:XX:XX:XX  00:DB:CC:B0:79:76    0    0 - 6    302        4
 XX:XX:XX:XX:XX:XX  00:FD:F3:86:32:37    0    0 - 6    147        4
 XX:XX:XX:XX:XX:XX  00:61:85:C9:AB:A5    0    0 - 6    286        4
 XX:XX:XX:XX:XX:XX  00:B4:E0:83:48:DE    0    0 - 6    278        4
 XX:XX:XX:XX:XX:XX  00:55:56:FE:CA:64    0    0 - 6    270        4
 XX:XX:XX:XX:XX:XX  00:10:05:69:66:AA    0    0 - 6    262        4
 XX:XX:XX:XX:XX:XX  00:99:79:9D:AA:23    0    0 - 6    254        4
 XX:XX:XX:XX:XX:XX  00:47:E0:35:44:55    0    0 - 6    246        4
 XX:XX:XX:XX:XX:XX  00:3C:EA:4A:20:34    0    0 - 6    238        4
 XX:XX:XX:XX:XX:XX  00:16:1F:94:FE:DD    0    0 - 6    230        4
 XX:XX:XX:XX:XX:XX  00:F0:53:75:0E:B6    0    0 - 6    222        4
 XX:XX:XX:XX:XX:XX  00:5B:46:55:A5:EC    0    0 - 6    214        4
 XX:XX:XX:XX:XX:XX  00:35:48:11:A9:73    0    0 - 6    206        4
 XX:XX:XX:XX:XX:XX  00:C0:01:FC:75:64    0    0 - 6    198        4
 XX:XX:XX:XX:XX:XX  00:EC:6D:E4:49:FD    0    0 - 6    190        4
 XX:XX:XX:XX:XX:XX  00:11:DD:E8:BE:A8    0    0 - 6    182        4
 XX:XX:XX:XX:XX:XX  00:AE:89:1E:63:A1    0    0 - 6    174        4
 XX:XX:XX:XX:XX:XX  00:9D:E2:4A:A5:9A    0    0 - 6    166        4
 XX:XX:XX:XX:XX:XX  00:D3:AD:74:2B:4A    0    0 - 6    158        4
 XX:XX:XX:XX:XX:XX  00:B8:FF:B5:62:39    0    0 - 6    150        4
 XX:XX:XX:XX:XX:XX  00:AF:3B:5D:90:DC    0    0 - 6    142        4
 XX:XX:XX:XX:XX:XX  00:7A:47:AC:CB:04    0    0 - 6    134        4
 XX:XX:XX:XX:XX:XX  00:E3:83:B4:18:F3    0    0 - 6    126        4
 XX:XX:XX:XX:XX:XX  00:B7:00:08:B8:64    0    0 - 6    118        4
 XX:XX:XX:XX:XX:XX  00:4A:3B:58:9D:29    0    0 - 6    110        4
 XX:XX:XX:XX:XX:XX  00:6F:D9:AA:39:1E    0    0 - 6    102        4
 XX:XX:XX:XX:XX:XX  00:70:58:E1:A0:5B    0    0 - 6     94        4
 XX:XX:XX:XX:XX:XX  00:2F:B9:50:BD:02    0    0 - 6     86        4
 XX:XX:XX:XX:XX:XX  00:CB:50:34:70:C6    0    0 - 6     78        4
 XX:XX:XX:XX:XX:XX  EA:4F:3D:75:2D:D1  -76    0 - 6      0       34

I have tried two versions of aircrack but the result is the same:

Aircrack-ng 1.2 rc4 - (C) 2006-2015 Thomas d'Otreppe Aircrack-ng 1.6 - (C) 2006-2020 Thomas d'Otreppe

Is there a problem with injection into channels greater than 100? Is there any solution in this regard that can be applied?

Cheers

sagaardu commented 4 years ago

I have already solved this problem, the case can be closed, thank you.

matssoderhall commented 4 years ago

This could be solved in https://github.com/matssoderhall/aircrack-ng (pull-request #2196)

sagaardu commented 4 years ago

This could be solved in https://github.com/matssoderhall/aircrack-ng (pull-request #2196)

Hi,

Thanks for commenting, how should I proceed to apply this new improvement?

Should I download the latest release again and compile it again?

If so, is it necessary to uninstall the current version beforehand?

Cheers

matssoderhall commented 4 years ago

You could download the latest source and build it according to the instructions or wait for a formal release. I recommend building it from source as it is quite straight-forward on most machines.