Awus 1900 (rtl8814au) injection does not work, usb 3.0 does not work correctly

[nidhoggDrag]

Hi my friend! The problem is the same as it was on the 8812 driver. The injection does not work. But, I want to note that this driver is very unstable, the sending of packets hangs when the command aireplay-ng, after two packets it hangs forever (ctrl + c), .. And also packets [0 | 0 ACKs], that is, the injection does not work the same as on 8812, but this driver still hangs after the second attempt to send a packet ..

USB 3.0 partially works, .. but, in USB 3.0 mode, it only shows the two networks closest to me, .. does not see the rest of the networks (with usb.2.0 it sees 20+ networks ...) ... some problems with signal strength, apparently ..

Note that the 8812au driver is much more stable, .. yes, .. injection does not work there either (the only drawback!), But at least there are no problems with hanging packages and no problems with usb 3.0 ..

I have not yet met a single fully working Linux driver for my device (awus 1900), .. without bugs, .. it seems that the device is not the cheapest, .. but unfortunately there is no driver for Linux yet ..

awus 1900 8814au + kali

tested both on physical and virtual machines, the result is the same.

` git clone -b v5.8.5.1 https://github.com/aircrack-ng/rtl8814au.git

     Клонирование в «rtl8814au»…
     remote: Enumerating objects: 975, done.
     remote: Counting objects: 100% (975/975), done.
     remote: Compressing objects: 100% (613/613), done.
     remote: Total 975 (delta 456), reused 861 (delta 349), pack-reused 0
     Получение объектов: 100% (975/975), 2.94 MiB | 4.89 MiB/s, готово.
     Определение изменений: 100% (456/456), готово.

cd rtl8814au make

/bin/sh: 1: bc: not found make ARCH=x86_64 CROSS_COMPILE= -C /lib/modules/5.8.0-kali2-amd64/build M=/root/rtl8814au modules make[1]: вход в каталог «/usr/src/linux-headers-5.8.0-kali2-amd64» /bin/sh: 1: bc: not found CC [M] /root/rtl8814au/core/rtw_cmd.o CC [M] /root/rtl8814au/core/rtw_security.o CC [M] /root/rtl8814au/core/rtw_debug.o CC [M] /root/rtl8814au/core/rtw_io.o CC [M] /root/rtl8814au/core/rtw_ioctl_query.o CC [M] /root/rtl8814au/core/rtw_ioctl_set.o CC [M] /root/rtl8814au/core/rtw_ieee80211.o CC [M] /root/rtl8814au/core/rtw_mlme.o CC [M] /root/rtl8814au/core/rtw_mlme_ext.o CC [M] /root/rtl8814au/core/rtw_mi.o CC [M] /root/rtl8814au/core/rtw_wlan_util.o CC [M] /root/rtl8814au/core/rtw_vht.o CC [M] /root/rtl8814au/core/rtw_pwrctrl.o CC [M] /root/rtl8814au/core/rtw_rf.o CC [M] /root/rtl8814au/core/rtw_chplan.o CC [M] /root/rtl8814au/core/rtw_recv.o CC [M] /root/rtl8814au/core/rtw_sta_mgt.o CC [M] /root/rtl8814au/core/rtw_ap.o CC [M] /root/rtl8814au/core/mesh/rtw_mesh.o CC [M] /root/rtl8814au/core/mesh/rtw_mesh_pathtbl.o CC [M] /root/rtl8814au/core/mesh/rtw_mesh_hwmp.o CC [M] /root/rtl8814au/core/rtw_xmit.o CC [M] /root/rtl8814au/core/rtw_p2p.o CC [M] /root/rtl8814au/core/rtw_rson.o CC [M] /root/rtl8814au/core/rtw_tdls.o CC [M] /root/rtl8814au/core/rtw_br_ext.o CC [M] /root/rtl8814au/core/rtw_iol.o CC [M] /root/rtl8814au/core/rtw_sreset.o CC [M] /root/rtl8814au/core/rtw_btcoex_wifionly.o CC [M] /root/rtl8814au/core/rtw_btcoex.o CC [M] /root/rtl8814au/core/rtw_beamforming.o CC [M] /root/rtl8814au/core/rtw_odm.o CC [M] /root/rtl8814au/core/rtw_rm.o CC [M] /root/rtl8814au/core/rtw_rm_fsm.o CC [M] /root/rtl8814au/core/rtw_rm_util.o CC [M] /root/rtl8814au/core/efuse/rtw_efuse.o CC [M] /root/rtl8814au/os_dep/osdep_service.o CC [M] /root/rtl8814au/os_dep/linux/os_intfs.o CC [M] /root/rtl8814au/os_dep/linux/usb_intf.o CC [M] /root/rtl8814au/os_dep/linux/usb_ops_linux.o CC [M] /root/rtl8814au/os_dep/linux/ioctl_linux.o /root/rtl8814au/os_dep/linux/ioctl_linux.c:12327:30: warning: ‘rtw_get_wireless_stats’ defined but not used [-Wunused-function] 12327 | static struct iw_statistics rtw_get_wireless_stats(struct net_device dev) | ^~~~~~ CC [M] /root/rtl8814au/os_dep/linux/xmit_linux.o CC [M] /root/rtl8814au/os_dep/linux/mlme_linux.o CC [M] /root/rtl8814au/os_dep/linux/recv_linux.o CC [M] /root/rtl8814au/os_dep/linux/ioctl_cfg80211.o CC [M] /root/rtl8814au/os_dep/linux/rtw_cfgvendor.o CC [M] /root/rtl8814au/os_dep/linux/wifi_regd.o CC [M] /root/rtl8814au/os_dep/linux/rtw_android.o CC [M] /root/rtl8814au/os_dep/linux/rtw_proc.o CC [M] /root/rtl8814au/os_dep/linux/rtw_rhashtable.o CC [M] /root/rtl8814au/os_dep/linux/ioctl_mp.o CC [M] /root/rtl8814au/hal/hal_intf.o CC [M] /root/rtl8814au/hal/hal_com.o CC [M] /root/rtl8814au/hal/hal_com_phycfg.o CC [M] /root/rtl8814au/hal/hal_phy.o CC [M] /root/rtl8814au/hal/hal_dm.o CC [M] /root/rtl8814au/hal/hal_dm_acs.o CC [M] /root/rtl8814au/hal/hal_btcoex_wifionly.o CC [M] /root/rtl8814au/hal/hal_btcoex.o CC [M] /root/rtl8814au/hal/hal_mp.o CC [M] /root/rtl8814au/hal/hal_mcc.o CC [M] /root/rtl8814au/hal/hal_hci/hal_usb.o CC [M] /root/rtl8814au/hal/led/hal_led.o CC [M] /root/rtl8814au/hal/led/hal_usb_led.o CC [M] /root/rtl8814au/hal/HalPwrSeqCmd.o CC [M] /root/rtl8814au/hal/rtl8814a/Hal8814PwrSeq.o CC [M] /root/rtl8814au/hal/rtl8814a/rtl8814a_xmit.o CC [M] /root/rtl8814au/hal/rtl8814a/rtl8814a_sreset.o CC [M] /root/rtl8814au/hal/rtl8814a/rtl8814a_hal_init.o CC [M] /root/rtl8814au/hal/rtl8814a/rtl8814a_phycfg.o CC [M] /root/rtl8814au/hal/rtl8814a/rtl8814a_rf6052.o CC [M] /root/rtl8814au/hal/rtl8814a/rtl8814a_dm.o CC [M] /root/rtl8814au/hal/rtl8814a/rtl8814a_rxdesc.o CC [M] /root/rtl8814au/hal/rtl8814a/rtl8814a_cmd.o CC [M] /root/rtl8814au/hal/rtl8814a/hal8814a_fw.o CC [M] /root/rtl8814au/hal/rtl8814a/usb/usb_halinit.o CC [M] /root/rtl8814au/hal/rtl8814a/usb/rtl8814au_led.o CC [M] /root/rtl8814au/hal/rtl8814a/usb/rtl8814au_xmit.o CC [M] /root/rtl8814au/hal/rtl8814a/usb/rtl8814au_recv.o CC [M] /root/rtl8814au/hal/rtl8814a/usb/usb_ops_linux.o CC [M] /root/rtl8814au/hal/efuse/rtl8814a/HalEfuseMask8814A_USB.o CC [M] /root/rtl8814au/hal/phydm/phydm_debug.o CC [M] /root/rtl8814au/hal/phydm/phydm_antdiv.o CC [M] /root/rtl8814au/hal/phydm/phydm_soml.o CC [M] /root/rtl8814au/hal/phydm/phydm_smt_ant.o CC [M] /root/rtl8814au/hal/phydm/phydm_antdect.o CC [M] /root/rtl8814au/hal/phydm/phydm_interface.o CC [M] /root/rtl8814au/hal/phydm/phydm_phystatus.o CC [M] /root/rtl8814au/hal/phydm/phydm_hwconfig.o CC [M] /root/rtl8814au/hal/phydm/phydm.o CC [M] /root/rtl8814au/hal/phydm/phydm_dig.o CC [M] /root/rtl8814au/hal/phydm/phydm_pathdiv.o CC [M] /root/rtl8814au/hal/phydm/phydm_rainfo.o CC [M] /root/rtl8814au/hal/phydm/phydm_dynamictxpower.o CC [M] /root/rtl8814au/hal/phydm/phydm_adaptivity.o CC [M] /root/rtl8814au/hal/phydm/phydm_cfotracking.o CC [M] /root/rtl8814au/hal/phydm/phydm_noisemonitor.o CC [M] /root/rtl8814au/hal/phydm/phydm_beamforming.o CC [M] /root/rtl8814au/hal/phydm/phydm_direct_bf.o CC [M] /root/rtl8814au/hal/phydm/phydm_dfs.o CC [M] /root/rtl8814au/hal/phydm/txbf/halcomtxbf.o CC [M] /root/rtl8814au/hal/phydm/txbf/haltxbfinterface.o CC [M] /root/rtl8814au/hal/phydm/txbf/phydm_hal_txbf_api.o CC [M] /root/rtl8814au/hal/phydm/phydm_adc_sampling.o CC [M] /root/rtl8814au/hal/phydm/phydm_ccx.o CC [M] /root/rtl8814au/hal/phydm/phydm_psd.o CC [M] /root/rtl8814au/hal/phydm/phydm_primary_cca.o CC [M] /root/rtl8814au/hal/phydm/phydm_cck_pd.o CC [M] /root/rtl8814au/hal/phydm/phydm_rssi_monitor.o CC [M] /root/rtl8814au/hal/phydm/phydm_auto_dbg.o CC [M] /root/rtl8814au/hal/phydm/phydm_math_lib.o CC [M] /root/rtl8814au/hal/phydm/phydm_api.o CC [M] /root/rtl8814au/hal/phydm/phydm_pow_train.o CC [M] /root/rtl8814au/hal/phydm/phydm_lna_sat.o CC [M] /root/rtl8814au/hal/phydm/phydm_pmac_tx_setting.o CC [M] /root/rtl8814au/hal/phydm/phydm_mp.o CC [M] /root/rtl8814au/hal/phydm/phydm_cck_rx_pathdiv.o CC [M] /root/rtl8814au/hal/phydm/halrf/halrf.o CC [M] /root/rtl8814au/hal/phydm/halrf/halrf_debug.o CC [M] /root/rtl8814au/hal/phydm/halrf/halphyrf_ce.o CC [M] /root/rtl8814au/hal/phydm/halrf/halrf_powertracking_ce.o CC [M] /root/rtl8814au/hal/phydm/halrf/halrf_powertracking.o CC [M] /root/rtl8814au/hal/phydm/halrf/halrf_kfree.o CC [M] /root/rtl8814au/hal/phydm/halrf/halrf_psd.o CC [M] /root/rtl8814au/hal/phydm/rtl8814a/halhwimg8814a_bb.o CC [M] /root/rtl8814au/hal/phydm/rtl8814a/halhwimg8814a_mac.o CC [M] /root/rtl8814au/hal/phydm/halrf/rtl8814a/halhwimg8814a_rf.o CC [M] /root/rtl8814au/hal/phydm/halrf/rtl8814a/halrf_iqk_8814a.o CC [M] /root/rtl8814au/hal/phydm/rtl8814a/phydm_regconfig8814a.o CC [M] /root/rtl8814au/hal/phydm/halrf/rtl8814a/halrf_8814a_ce.o CC [M] /root/rtl8814au/hal/phydm/rtl8814a/phydm_rtl8814a.o CC [M] /root/rtl8814au/hal/phydm/txbf/haltxbf8814a.o CC [M] /root/rtl8814au/platform/platform_ops.o CC [M] /root/rtl8814au/core/rtw_mp.o LD [M] /root/rtl8814au/8814au.o /bin/sh: 1: bc: not found MODPOST /root/rtl8814au/Module.symvers CC [M] /root/rtl8814au/8814au.mod.o LD [M] /root/rtl8814au/8814au.ko make[1]: выход из каталога «/usr/src/linux-headers-5.8.0-kali2-amd64»

sudo make install

    /bin/sh: 1: bc: not found
    install -p -m 644 8814au.ko  /lib/modules/5.8.0-kali2-amd64/kernel/drivers/net/wireless/
    /sbin/depmod -a 5.8.0-kali2-amd64

reboot

airmon-ng

airmon-ng check kill

ip link set wlan0 down

iw dev wlan0 set type monitor

ip link set wlan0 up

iw wlan0 set txpower fixed 3000

iw wlan0 info

iwconfig

   lo        no wireless extensions.
   eth0      no wireless extensions.
   eth1      no wireless extensions.
   wlan0     IEEE 802.11  Mode:Monitor  Frequency:2.412 GHz  Tx-Power=20 dBm   
   Retry short limit:7   RTS thr:off   Fragment thr:off
   Power Management:off          

iw wlan0 info

  Interface wlan0                                                                                                                   
  ifindex 4                                                                                                                 
  wdev 0x1
  addr xx:xx:xx:xx:xx:xx
  type monitor
  wiphy 0
  channel 1 (2412 MHz), width: 40 MHz, center1: 2402 MHz
  txpower 20.00 dBm

aireplay-ng --deauth 20 -a xx:xx:xx:xx:xx:xx -c xx:xx:xx:xx:xx:xx wlan0

  00:57:42  Waiting for beacon frame (BSSID: xx:xx:xx:xx:xx:xx) on channel 1
  00:57:42  Sending 64 directed DeAuth (code 7). STMAC: [xx:xx:xx:xx:xx:xx] [ 0| 0 ACKs]
  00:57:43  Sending 64 directed DeAuth (code 7). STMAC: [xx:xx:xx:xx:xx:xx] [ 0| 0 ACKs]
  ^C

aireplay-ng -0 3 -a xx:xx:xx:xx:xx:xx -c xx:xx:xx:xx:xx:xx wlan0

  01:00:56  Waiting for beacon frame (BSSID: xx:xx:xx:xx:xx:xx) on channel 1
  01:00:56  Sending 64 directed DeAuth (code 7). STMAC: [xx:xx:xx:xx:xx:xx] [ 0| 0 ACKs]
  01:00:56  Sending 64 directed DeAuth (code 7). STMAC: [xx:xx:xx:xx:xx:xx] [ 0| 0 ACKs]
  ^C

aireplay-ng -0 0 -a xx:xx:xx:xx:xx:xx wlan0

  01:01:19  Waiting for beacon frame (BSSID: xx:xx:xx:xx:xx:xx) on channel 1
  NB: this attack is more effective when targeting
  a connected wireless client (-c <client's mac>).
  01:01:19  Sending DeAuth (code 7) to broadcast -- BSSID: [xx:xx:xx:xx:xx:xx]
  01:01:20  Sending DeAuth (code 7) to broadcast -- BSSID: [xx:xx:xx:xx:xx:xx]
  01:01:20  Sending DeAuth (code 7) to broadcast -- BSSID: [xx:xx:xx:xx:xx:xx]
  ^C

`

[kimocoder]

I know, just missing a few more hours to get there. :+1:

[hifihedgehog]

Thanks so much, @kimocoder ! I just bought a Netgear Nighthawk that has this chip. I noticed it was stuck running in USB 2.0 mode. I am using this driver for openmediavault for serving across my network so I cannot wait for the USB 3.0 speeds!

[hifihedgehog]

Just as a note to you, @kimocoder , the following needs to be added to CFLAGs in the makefile:

-Wno-error=date-time

From: https://askubuntu.com/a/593684

Otherwise, make fails and presents me the following error in Debian Buster on openmediavault:

error: macro "DATE" might prevent reproducible builds [-Werror=date-time] error: macro "TIME" might prevent reproducible builds [-Werror=date-time]

[raplin]

USB 3.0 works for me with this driver, in the usual way;

/:  Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/4p, 5000M
    |__ Port 2: Dev 2, If 0, Class=Hub, Driver=hub/4p, 5000M
        |__ Port 1: Dev 25, If 0, Class=Hub, Driver=hub/4p, 5000M
            |__ Port 2: Dev 31, If 0, Class=Vendor Specific Class, Driver=8814au, 5000M
            |__ Port 4: Dev 33, If 0, Class=Vendor Specific Class, Driver=8814au, 5000M

Getting SS transfers ok (RPi4)

[  5]  18.01-19.03  sec  57.5 MBytes   470 Mbits/sec    0   1.39 MBytes
[  5]  19.03-20.01  sec  57.5 MBytes   495 Mbits/sec    0   1.41 MBytes
[  5]  20.01-21.03  sec  58.8 MBytes   485 Mbits/sec    0   1.49 MBytes
[  5]  21.03-22.01  sec  58.8 MBytes   503 Mbits/sec    0   1.58 MBytes
[  5]  22.01-23.00  sec  60.0 MBytes   506 Mbits/sec    0   1.70 MBytes
[  5]  23.00-24.00  sec  60.0 MBytes   503 Mbits/sec    0   1.81 MBytes
[  5]  24.00-25.01  sec  52.5 MBytes   437 Mbits/sec    2    997 KBytes

[kimocoder]

USB 3.0 is disabled for now yes, USBModeSwitch needs attention, just like before.. just didn't have time for all.

frame injection capabilities broken when I unlocked all channels and fixing a kernel taint but will be fixed again, when I get more time 👍 well aware

[nidhoggDrag]

USB 3.0 is disabled for now yes, USBModeSwitch needs attention, just like before.. just didn't have time for all.

frame injection capabilities broken when I unlocked all channels and fixing a kernel taint but will be fixed again, when I get more time +1 well aware

my dear friend! I have some news, maybe they will help you in something.

I am not an expert in Kali. But as far as I know, the 88xx drivers are already preinstalled in the Kali kernel. But when installing Kali on a physical machine, my adapter (Awus 1900 rtl8814au) does not work, and I have to manually go to the github and download the drivers and then install them. But why install them if they are already in the kernel ?! But for some reason, those drivers that are embedded in the core of Kali are not active.

Installed Parrot OS recently. And lo and behold! And my adapter immediately worked, and I didn't even have to manually install the driver.

But the most interesting thing is that the drivers that are embedded in the Parrot OS kernel are fully functional! USB 3.0 - it works! The injection works too!

The only cosmetic bug that I found in drivers on Parrot OS is that package information is not displayed:

[0 | 0 ACKs]

BUT! Packages arrive great! Because the device under test disconnects very quickly, if the packets did not reach, the device would not be able to disconnect. (WPA handshake received!)

My guess is that this may be a driver conflict in Kali. You need to somehow activate either the built-in driver in the Kali kernel, or remove it and then install another driver. Two drivers for one device may conflict with each other.

And also I do not quite understand which driver is used in Parrot OS, .. Is it the same driver that is sewn into the Kali kernel, or not?

┌─[root@parrot]─[~] └──╼ #uname -a Linux parrot 5.8.0-2parrot1-amd64 #1 SMP Debian 5.8.10-2parrot1 (2020-10-05) x86_64 GNU/Linux

┌─[root@parrot]─[/home/an/Desktop/wfs] └──╼ #ethtool -i wlan0

driver: rtl88XXau version: 5.8.0-2parrot1-amd64 firmware-version: expansion-rom-version: bus-info: 2-1.1:1.0 supports-statistics: no supports-test: no supports-eeprom-access: no supports-register-dump: no supports-priv-flags: no

┌─[root@parrot]─[/home/an/Desktop/wfs] └──╼ #./Monitor.sh

PHY Interface Driver Chipset

phy0 wlan0 88XXau Realtek Semiconductor Corp. RTL8814AU 802.11a/b/g/n/ac

Killing these processes:

PID Name
710 wpa_supplicant

Interface wlan0 ifindex 4 wdev 0x1 addr xx:xx:xx:xx:xx:xx type monitor wiphy 0 txpower 30.00 dBm

┌─[root@parrot]─[/home/an/Desktop/wfs] └──╼ #iwconfig

lo no wireless extensions.

eth0 no wireless extensions.

eth1 no wireless extensions.

wlan0 unassociated ESSID:"" Nickname:"WIFI@REALTEK" Mode:Monitor Frequency=2.412 GHz Access Point: Not-Associated
Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=0/100 Signal level=0 dBm Noise level=0 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0

vmnet1 no wireless extensions.

vmnet8 no wireless extensions.

└──╼ #aireplay-ng --deauth 5 -a xx:xx:xx:xx:xx:xx -c xx:xx:xx:xx:xx:xx wlan0 10:18:20 Waiting for beacon frame (BSSID: xx:xx:xx:xx:xx:xx) on channel 6 10:18:20 Sending 64 directed DeAuth (code 7). STMAC: [xx:xx:xx:xx:xx:xx] [ 0| 0 ACKs] 10:18:21 Sending 64 directed DeAuth (code 7). STMAC: [xx:xx:xx:xx:xx:xx] [ 0| 0 ACKs] 10:18:21 Sending 64 directed DeAuth (code 7). STMAC: [xx:xx:xx:xx:xx:xx] [ 0| 0 ACKs] 10:18:22 Sending 64 directed DeAuth (code 7). STMAC: [xx:xx:xx:xx:xx:xx] [ 0| 0 ACKs] 10:18:23 Sending 64 directed DeAuth (code 7). STMAC: [xx:xx:xx:xx:xx:xx] [ 0| 0 ACKs]

WPA handshake: xx:xx:xx:xx:xx:xx

[harrysummer]

I am using Netgear A7000 on Raspberry Pi 4b with OpenWRT. And USB 3.0 works for me after setting rtw_switch_usb_mode=1. Not sure about injection. I am just using it as AP. With some code changes for backported mac80211, I was able to compile the code with make variables CONFIG_PLATFORM_I386_PC=n CONFIG_PLATFORM_ARM64=y and CFLAGS -DRTW_P2P_GROUP_INTERFACE=1 -DRTW_DEDICATED_P2P_DEVICE=1.

/etc/modules.d/rtl8814au:

8814au rtw_vht_enable=2 rtw_switch_usb_mode=1 rtw_power_mgnt=0 rtw_led_ctrl=0

Result of lsusb -t:

root@OpenWrt:~# lsusb -t
/:  Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/4p, 5000M
    |__ Port 1: Dev 2, If 0, Class=, Driver=8814au, 5000M
/:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/1p, 480M
    |__ Port 1: Dev 2, If 0, Class=, Driver=hub/4p, 480M
        |__ Port 4: Dev 4, If 0, Class=, Driver=usbhid, 12M
        |__ Port 4: Dev 4, If 1, Class=, Driver=usbhid, 12M
        |__ Port 4: Dev 4, If 2, Class=, Driver=usbhid, 12M

The only problem is that I can only use channel 36 in 802.11ac 5GHz range. And I need to reboot after setting to make it work.

[ipaqmaster]

Extra comment regarding 2.4GHz reception over USB3 mode: https://github.com/aircrack-ng/rtl8812au/issues/1015#issuecomment-1311239102