Scan command not getting any connected drone

[jepunband]

hi, i have 2 issues the first the toggle command not putting interface into monitor mode for example "wlan1mon". Toggle coomand just keeps putting "wlan1 set back to managed mode", this happens every time when i ran this command. I basically had to use airmon-ng to put my card into monitor mode.

Secondly "scan wlan1mon"not showing any connected drones, even tho i have a drone connected to a smartphone.

[dhondta]

Hi @jepunband ! Thank you for mentioning this.

Your first issue pertains to the way interfaces' information is collected, always producing self.console.state['INTERFACES'][i][0] == True in the toggle command. This can be seen in this property. So, I suggest you post the output of iwconfig hereafter so that I can check what is wrong in the parsing of its output.

Your second issue relates to the scan command, relying on ScanMixin's scan method. In order to identify the issue there, I would like you to post the output of shell command sudo airodump-ng wlan1mon in order to check if it's not another parsing problem.

[jepunband]

hello here is the output :

wconfig :

lo        no wireless extensions.

[...]

wlan1mon  IEEE 802.11bgn  Mode:Monitor  Frequency:2.417 GHz  Tx-Power=20 dBm   
          Retry  long limit:7   RTS thr=2347 B   Fragment thr:off
          Power Management:on

[...]

sudo airodump-ng wlan1mon :

 CH 11 ][ Elapsed: 18 s ][ 2020-08-05 08:07                                         

 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                                                            

[dhondta]

Hi @jepunband

It is possible that the issue does not come from DroneSploit but from something else. Could you show the output of sudo lshw -c network and lsusb (do not hesitate to obfuscate useless results, that is the information about other devices than wireless interfaces) ?

[jepunband]

hello @dhondta

So i tried with a different Wifi card that can be put in to monitor mode also same issue but airodump-ng does show results this time.

# airodump-ng wlan1mon: //omitted out other results//

00:1F:2D:35:92:C7  -50        5      474    0   1  54e. OPN              WIFI_FPV_35920E

lshw -C Network:

description: Wireless interface
physical id: 3
bus info: usb@2:1.2
logical name: wlxf4f26d175f9e
serial: 17:12:6e:d2:b7:57
capabilities: ethernet physical wireless
configuration: broadcast=yes driver=ath9k_htc driverversion=5.4.0-4parrot1-amd64 firmware=1.4 link=no multicast=yes
wireless=IEEE 802.11

[dhondta]

OK, my bad ! Wrt to the scan issue, you could not detect your drone as its SSID is not parsed yet in this code. I will fix this part soon.

[dhondta]

Hi @jepunband , can you pip install dronesploit --upgrade, retest and tell me if it solves the scan issue ?

[jepunband]

hello @dhondta

scan wlan0mon still don't produce any results, but airodump-ng does.

  CH  2 ][ Elapsed: 6 s ][ 2020-08-16 00:59 

  BSSID                      PWR  Beacons    #Data, #/s  CH   MB    ENC CIPHER  AUTH   ESSID                                 

  00:1F:2D:35:92:C7    -47       15             354    0     1     54e.   OPN                WIFI_FPV_35920E

[jepunband]

hi @dhondta will there be any updates on this?

[dhondta]

Hi @jepunband

Please use auxiliary/wifi/find_ssids and run it to see if it catches something then try use auxiliary/wifi/find_targets and share the output on the issue. This will allow me to check if it comes from the parsing of Airodump-ng's output.

[jepunband]

hello @dhondta , both commands did not produce any results, again airodump-ng works and still shows like the previous results. Basically just Ctrl+c to stop it as it was taking too long to find anything.

[LabRatsRnD]

Hi! I can relate to this problem. I easily find my drone via wifite (So there is no problem on the hardware side), but DS can't find anything, no matter if drone in WIFI or RC mode

[dhondta]

Hi all, I finally found the problem ; the output of airodump-ng now contains ANSI escape sequences for colouring lines, which was not handled by the regular expression of the ScanMixin used by the scan command and Find* modules.

[dhondta]

Also beware that the scan command uses the drone SSID filter. So don't be scared if it does not detect anything while you can see common SSID's (e.g. your home network) in airodump-ng's output...