search

kimocoder / realtek_rtwifi

Realtek RTL8xxxU
https://www.aircrack-ng.org
68 stars 14 forks source link

TP-Link TL-WN8200ND v3 #41

Open ZerBea opened 8 months ago

ZerBea commented 8 months ago

I started to add support of TP-Link TL-WN8200ND V3

https://www.tp-link.com/en/home-networking/high-gain-adapter/tl-wn8200nd/

$ lsusb
ID 2357:0126 TP-Link 802.11n NIC

added device to rtl8xxxu_core.c

{USB_DEVICE_AND_INTERFACE_INFO(0x2357, 0x0126, 0xff, 0xff, 0xff),
    .driver_info = (unsigned long)&rtl8192eu_fops},

$ sudo dmesg

$ sudo dmesg
[118089.218716] usb 5-2.3: new high-speed USB device number 13 using xhci_hcd
[118089.311953] usb 5-2.3: New USB device found, idVendor=2357, idProduct=0126, bcdDevice= 2.00
[118089.311957] usb 5-2.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[118089.311960] usb 5-2.3: Product: 802.11n NIC
[118089.311962] usb 5-2.3: Manufacturer: Realtek
[118089.311963] usb 5-2.3: SerialNumber: 5091E3C3A656
[118089.923705] usb 5-2.3: RTL8192EU rev B (SMIC) romver 0, 2T2R, TX queues 3, WiFi=1, BT=0, GPS=0, HI PA=0
[118089.923710] usb 5-2.3: RTL8192EU MAC: 50:91:e3:c3:a6:56
[118089.923713] usb 5-2.3: rtl8xxxu: Loading firmware rtlwifi/rtl8192eu_nic.bin
[118089.923908] usb 5-2.3: Firmware revision 35.7 (signature 0x92e1)
[118091.679945] rtl8xxxu 5-2.3:1.0 wlp48s0f4u2u3: renamed from wlan0
$ iw dev
phy#7
    Interface wlp48s0f4u2u3
        ifindex 10
        wdev 0x700000001
        addr 50:91:e3:c3:a6:56
        type managed
        txpower 0.00 dBm
        multicast TXQ:
            qsz-byt qsz-pkt flows   drops   marks   overlmt hashcol tx-bytes    tx-packets
            0   0   0   0   0   0   0   0       0
$ iw list
Wiphy phy7
    wiphy index: 7
    max # scan SSIDs: 4
    max scan IEs length: 2257 bytes
    max # sched scan SSIDs: 0
    max # match sets: 0
    RTS threshold: 2347
    Retry short limit: 7
    Retry long limit: 4
    Coverage class: 0 (up to 0m)
    Supported Ciphers:
        * WEP40 (00-0f-ac:1)
        * WEP104 (00-0f-ac:5)
        * TKIP (00-0f-ac:2)
        * CCMP-128 (00-0f-ac:4)
        * CCMP-256 (00-0f-ac:10)
        * GCMP-128 (00-0f-ac:8)
        * GCMP-256 (00-0f-ac:9)
    Available Antennas: TX 0x3 RX 0x3
    Configured Antennas: TX 0x3 RX 0x3
    Supported interface modes:
         * managed
         * monitor
    Band 1:
        Capabilities: 0x6c
            HT20
            SM Power Save disabled
            RX HT20 SGI
            RX HT40 SGI
            No RX STBC
            Max AMSDU length: 3839 bytes
            No DSSS/CCK HT40
        Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
        Minimum RX AMPDU time spacing: 16 usec (0x07)
        HT TX/RX MCS rate indexes supported: 0-15, 32
        Bitrates (non-HT):
            * 1.0 Mbps
            * 2.0 Mbps
            * 5.5 Mbps
            * 11.0 Mbps
            * 6.0 Mbps
            * 9.0 Mbps
            * 12.0 Mbps
            * 18.0 Mbps
            * 24.0 Mbps
            * 36.0 Mbps
            * 48.0 Mbps
            * 54.0 Mbps
        Frequencies:
            * 2412.0 MHz [1] (20.0 dBm)
            * 2417.0 MHz [2] (20.0 dBm)
            * 2422.0 MHz [3] (20.0 dBm)
            * 2427.0 MHz [4] (20.0 dBm)
            * 2432.0 MHz [5] (20.0 dBm)
            * 2437.0 MHz [6] (20.0 dBm)
            * 2442.0 MHz [7] (20.0 dBm)
            * 2447.0 MHz [8] (20.0 dBm)
            * 2452.0 MHz [9] (20.0 dBm)
            * 2457.0 MHz [10] (20.0 dBm)
            * 2462.0 MHz [11] (20.0 dBm)
            * 2467.0 MHz [12] (20.0 dBm)
            * 2472.0 MHz [13] (20.0 dBm)
            * 2484.0 MHz [14] (disabled)
    Supported commands:
         * new_interface
         * set_interface
         * new_key
         * start_ap
         * new_station
         * new_mpath
         * set_mesh_config
         * set_bss
         * authenticate
         * associate
         * deauthenticate
         * disassociate
         * join_ibss
         * join_mesh
         * remain_on_channel
         * set_tx_bitrate_mask
         * frame
         * frame_wait_cancel
         * set_wiphy_netns
         * set_channel
         * probe_client
         * set_noack_map
         * register_beacons
         * start_p2p_device
         * set_mcast_rate
         * connect
         * disconnect
         * set_qos_map
         * set_multicast_to_unicast
    software interface modes (can always be added):
         * monitor
    interface combinations are not supported
    HT Capability overrides:
         * MCS: ff ff ff ff ff ff ff ff ff ff
         * maximum A-MSDU length
         * supported channel width
         * short GI for 40 MHz
         * max A-MPDU length exponent
         * min MPDU start spacing
    Device supports TX status socket option.
    Device supports HT-IBSS.
    Device supports SAE with AUTHENTICATE command
    Device supports low priority scan.
    Device supports scan flush.
    Device supports AP scan.
    Device supports per-vif TX power setting
    Driver supports full state transitions for AP/GO clients
    Driver supports a userspace MPM
    Device supports configuring vdev MAC-addr on create.
    max # scan plans: 1
    max scan plan interval: -1
    max scan plan iterations: 0
    Supported TX frame types:
         * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
    Supported RX frame types:
         * IBSS: 0x40 0xb0 0xc0 0xd0
         * managed: 0x40 0xb0 0xd0
         * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
         * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
         * mesh point: 0xb0 0xc0 0xd0
         * P2P-client: 0x40 0xd0
         * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
         * P2P-device: 0x40 0xd0
    Supported extended features:
        * [ RRM ]: RRM
        * [ FILS_STA ]: STA FILS (Fast Initial Link Setup)
        * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
        * [ CONTROL_PORT_OVER_NL80211 ]: control port over nl80211
        * [ TXQS ]: FQ-CoDel-enabled intermediate TXQs
        * [ SCAN_RANDOM_SN ]: use random sequence numbers in scans
        * [ SCAN_MIN_PREQ_CONTENT ]: use probe request with only rate IEs in scans
        * [ CONTROL_PORT_NO_PREAUTH ]: disable pre-auth over nl80211 control port support
        * [ SCAN_FREQ_KHZ ]: scan on kHz frequency support
        * [ CONTROL_PORT_OVER_NL80211_TX_STATUS ]: tx status for nl80211 control port support
        * [ POWERED_ADDR_CHANGE ]: can change MAC address while up

So far so good, everything is looking fine and hcxdumptool is able to set monitor mode and channels:

$ hcxdumptool -L

Requesting physical interface capabilities. This may take some time.
Please be patient...

available wlan devices:

phy idx hw-mac       virtual-mac  m ifname           driver (protocol)
---------------------------------------------------------------------------------------------
  7  10 5091e3c3a656 5091e3c3a656 + wlp48s0f4u2u3    rtl8xxxu (NETLINK)

* active monitor mode available (reported by driver - do not trust it)
+ monitor mode available (reported by driver)
- no monitor mode available
$ hcxdumptool -I wlp48s0f4u2u3

Requesting physical interface capabilities. This may take some time.
Please be patient...

interface information:

phy idx hw-mac       virtual-mac  m ifname           driver (protocol)
---------------------------------------------------------------------------------------------
  7  10 5091e3c3a656 5091e3c3a656 + wlp48s0f4u2u3    rtl8xxxu (NETLINK)

available frequencies: frequency [channel] tx-power of Regulatory Domain: DE

  2412 [  1] 20.0 dBm     2417 [  2] 20.0 dBm     2422 [  3] 20.0 dBm     2427 [  4] 20.0 dBm
  2432 [  5] 20.0 dBm     2437 [  6] 20.0 dBm     2442 [  7] 20.0 dBm     2447 [  8] 20.0 dBm
  2452 [  9] 20.0 dBm     2457 [ 10] 20.0 dBm     2462 [ 11] 20.0 dBm     2467 [ 12] 20.0 dBm
  2472 [ 13] 20.0 dBm     2484 [ 14] disabled
$ sudo hcxdumptool -m wlp48s0f4u2u3 -c 6a

Requesting physical interface capabilities. This may take some time.
Please be patient...

interface information:

phy idx hw-mac       virtual-mac  m ifname           driver (protocol)
---------------------------------------------------------------------------------------------
  7  10 5091e3c3a656 5091e3c3a656 + wlp48s0f4u2u3    rtl8xxxu (NETLINK)

available frequencies: frequency [channel] tx-power of Regulatory Domain: DE

  2412 [  1] 20.0 dBm     2417 [  2] 20.0 dBm     2422 [  3] 20.0 dBm     2427 [  4] 20.0 dBm
  2432 [  5] 20.0 dBm     2437 [  6] 20.0 dBm     2442 [  7] 20.0 dBm     2447 [  8] 20.0 dBm
  2452 [  9] 20.0 dBm     2457 [ 10] 20.0 dBm     2462 [ 11] 20.0 dBm     2467 [ 12] 20.0 dBm
  2472 [ 13] 20.0 dBm     2484 [ 14] disabled

monitor mode is active...

Up to here, everything is still fine. We can set monitor mode and we can set a channel.

$ iw dev
phy#7
    Interface wlp48s0f4u2u3
        ifindex 10
        wdev 0x700000001
        addr b0:fe:bd:19:e3:71
        type monitor
        channel 6 (2437 MHz), width: 20 MHz (no HT), center1: 2437 MHz
        txpower 20.00 dBm
        multicast TXQ:
            qsz-byt qsz-pkt flows   drops   marks   overlmt hashcol tx-bytes    tx-packets
            0   0   0   0   0   0   0   0       0

Unfortunately the device doesn't receive packets. Neither in monitor mode, nor by iw scan

$ sudo ip link set wlp48s0f4u2u3 up
$ sudo iw dev wlp48s0f4u2u3 scan
$

The green LED flashes during scan, but that's all.

I'm sure I'm missing something, but I don't know what.

Any ideas to point me to the right direction?

dubhater commented 8 months ago

If you plug it in and scan with iw, is it the same? I mean, without using hcxdumptool first.

ZerBea commented 8 months ago

Yes iw first, hcxdmptool second orhcxdumtool first and iw second, both results in the same problem.

First I thought the problem is related to this: https://bugzilla.kernel.org/show_bug.cgi?id=217205#c77 But that isn't the case.

dubhater commented 8 months ago

That patch will only affect the RTL8188EU.

If the LED blinks, the chip thinks it's transmitting something.

I wonder if this device needs different initialisation tables because it's „high power”.

Can you compile this driver: https://github.com/Mange/rtl8192eu-linux-driver/ with a patch:

diff --git a/Makefile b/Makefile
index 8ecdb72..9548b64 100644
--- a/Makefile
+++ b/Makefile
@@ -92,10 +92,10 @@ CONFIG_ICMP_VOQ = n
 CONFIG_IP_R_MONITOR = n #arp VOQ and high rate
 ########################## Debug ###########################
 # Say "y" here to have the driver output debugging messages. Not intended for normal use.
-CONFIG_RTW_DEBUG = n
+CONFIG_RTW_DEBUG = y
 # Default log level is 2, which only displays errors.
 # Available levels = none(0), always(1), error(2), warning(3), info(4), debug(5), max(6)
-CONFIG_RTW_LOG_LEVEL = 2
+CONFIG_RTW_LOG_LEVEL = 4
 ######################## Wake On Lan ##########################
 CONFIG_WOWLAN = n
 #bit2: deauth, bit1: unicast, bit0: magic pkt.

And show what it prints? Let's say everything up to „RTW: rtw_hal_read_chip_info in 317 ms”.

ZerBea commented 8 months ago

The good old hal driver.

ZerBea commented 8 months ago

Here we go debug level 4:

[127890.483193] RTW: module init start
[127890.483201] RTW: rtl8192eu v5.6.4_35685.20191108_COEX20171113-0047
[127890.483203] RTW: rtl8192eu BT-Coex version = COEX20171113-0047
[127890.483223] RTW: rtw_inetaddr_notifier_register
[127890.483264] usbcore: registered new interface driver rtl8192eu
[127890.483265] RTW: module init ret=0
[127892.933790] usb 5-2.3: new high-speed USB device number 21 using xhci_hcd
[127893.027315] usb 5-2.3: New USB device found, idVendor=2357, idProduct=0126, bcdDevice= 2.00
[127893.027321] usb 5-2.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[127893.027324] usb 5-2.3: Product: 802.11n NIC
[127893.027325] usb 5-2.3: Manufacturer: Realtek
[127893.027327] usb 5-2.3: SerialNumber: 5091E3C3A656
[127893.079359] RTW: 
                usb_endpoint_descriptor(0):
[127893.079362] RTW: bLength=7
[127893.079364] RTW: bDescriptorType=5
[127893.079364] RTW: bEndpointAddress=84
[127893.079365] RTW: wMaxPacketSize=512
[127893.079366] RTW: bInterval=0
[127893.079367] RTW: RT_usb_endpoint_is_bulk_in = 4
[127893.079368] RTW: 
                usb_endpoint_descriptor(1):
[127893.079369] RTW: bLength=7
[127893.079370] RTW: bDescriptorType=5
[127893.079371] RTW: bEndpointAddress=5
[127893.079372] RTW: wMaxPacketSize=512
[127893.079372] RTW: bInterval=0
[127893.079373] RTW: RT_usb_endpoint_is_bulk_out = 5
[127893.079374] RTW: 
                usb_endpoint_descriptor(2):
[127893.079375] RTW: bLength=7
[127893.079375] RTW: bDescriptorType=5
[127893.079376] RTW: bEndpointAddress=6
[127893.079377] RTW: wMaxPacketSize=512
[127893.079378] RTW: bInterval=0
[127893.079378] RTW: RT_usb_endpoint_is_bulk_out = 6
[127893.079379] RTW: 
                usb_endpoint_descriptor(3):
[127893.079380] RTW: bLength=7
[127893.079381] RTW: bDescriptorType=5
[127893.079381] RTW: bEndpointAddress=87
[127893.079382] RTW: wMaxPacketSize=64
[127893.079383] RTW: bInterval=3
[127893.079384] RTW: RT_usb_endpoint_is_int_in = 7, Interval = 3
[127893.079385] RTW: 
                usb_endpoint_descriptor(4):
[127893.079385] RTW: bLength=7
[127893.079386] RTW: bDescriptorType=5
[127893.079387] RTW: bEndpointAddress=8
[127893.079388] RTW: wMaxPacketSize=512
[127893.079389] RTW: bInterval=0
[127893.079389] RTW: RT_usb_endpoint_is_bulk_out = 8
[127893.079390] RTW: nr_endpoint=5, in_num=2, out_num=3

[127893.079391] RTW: USB_SPEED_HIGH
[127893.079392] RTW: CHIP TYPE: RTL8192E
[127893.079700] RTW: read_chip_version_8192e 0xF0 = 0xc441135
[127893.079703] RTW: rtw_hal_config_rftype RF_Type is 2 TotalTxPath is 2
[127893.079706] RTW: Chip Version Info: CHIP_8192E_Normal_Chip_SMIC_B_CUT_2T2R_RomVer(0)
[127893.079707] RTW: _ConfigChipOutEP_8192E OutEpQueueSel(0x07), OutEpNumber(3)
[127893.080073] RTW: Boot from EFUSE, Autoload OK !
[127893.559321] RTW: HW EFUSE
[127893.559328] RTW: 0x000: 29 81 00 7C  01 40 03 00  70 34 04 50  14 00 00 00  
[127893.559341] RTW: 0x010: 21 21 21 22  22 22 28 28  28 29 29 F0  00 EF FF FF  
[127893.559354] RTW: 0x020: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559366] RTW: 0x030: FF FF FF FF  FF FF FF FF  FF FF 2D 2D  2D 2D 2D 2D  
[127893.559378] RTW: 0x040: 2D 2D 2D 2D  2D F0 EF EF  FF FF FF FF  FF FF FF FF  
[127893.559390] RTW: 0x050: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559402] RTW: 0x060: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559415] RTW: 0x070: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559427] RTW: 0x080: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559439] RTW: 0x090: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559451] RTW: 0x0A0: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559463] RTW: 0x0B0: FF FF FF FF  FF FF FF FF  A1 2F 1B 00  00 00 FF FF  
[127893.559475] RTW: 0x0C0: FF 01 00 10  00 00 00 FF  00 00 31 FF  FF FF FF FF  
[127893.559488] RTW: 0x0D0: 57 23 26 01  E6 47 02 50  91 E3 C3 A6  56 09 03 52  
[127893.559500] RTW: 0x0E0: 65 61 6C 74  65 6B 0D 03  38 30 32 2E  31 31 6E 20  
[127893.559512] RTW: 0x0F0: 4E 49 43 00  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559524] RTW: 0x100: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559536] RTW: 0x110: FF FF FF FF  FF FF FF 0D  03 00 05 00  30 00 00 00  
[127893.559549] RTW: 0x120: 00 93 FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559561] RTW: 0x130: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559573] RTW: 0x140: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559585] RTW: 0x150: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559597] RTW: 0x160: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559609] RTW: 0x170: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559622] RTW: 0x180: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559634] RTW: 0x190: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559646] RTW: 0x1A0: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559658] RTW: 0x1B0: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559670] RTW: 0x1C0: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559682] RTW: 0x1D0: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559695] RTW: 0x1E0: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559707] RTW: 0x1F0: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559720] RTW: EEPROM ID=0x8129
[127893.559721] RTW: VID = 0x2357, PID = 0x0126
[127893.559723] RTW: Customer ID: 0x00, SubCustomer ID: 0xCD
[127893.559725] RTW: Hal_ReadPowerSavingMode8192E...bHWPwrPindetect(0)-bHWPowerdown(0) ,bSupportRemoteWakeup(1)
[127893.559727] RTW: ### PS params=>  power_mgnt(2),usbss_enable(0) ###
[127893.559730] RTW: EEPROMRegulatory = 0x1
[127893.559731] RTW: Board Type: Dongle or WIFI only Module
[127893.559732] RTW: Hal_EfuseParseBTCoexistInfo8192E: Disable BT-coex, wifi ant_num=2
[127893.559734] RTW: hal_com_config_channel_plan chplan:0x21
[127893.559735] RTW: crystal_cap: 0x2f
[127893.559737] RTW: ThermalMeter = 0x1b
[127893.559737] RTW: SWAS: bHwAntDiv = 0, TRxAntDivType = 0
[127893.559738] RTW: pHalData->ExternalPA_2G = 1 , pHalData->ExternalLNA_2G = 1
[127893.559739] RTW: pHalData->TypeGLNA is 0xa
[127893.559740] RTW: pHalData->rfe_type is 0x1
[127893.566313] RTW: kfree flag:0
[127893.566316] RTW: rtw_hal_read_chip_info in 487 ms
[127893.566322] RTW: init_channel_set((null)) ChannelPlan ID:0x21, ch num:13
[127893.566355] RTW: init_mlme_default_rate_set: support CCK
[127893.566356] RTW: init_mlme_default_rate_set: support OFDM
[127893.566469] RTW: NR_RECVBUFF: 8
[127893.566470] RTW: MAX_RECVBUF_SZ: 32768
[127893.566472] RTW: NR_PREALLOC_RECV_SKB: 8
[127893.566536] RTW: rtw_alloc_macid((null)) if1, mac_addr:ff:ff:ff:ff:ff:ff macid:1
[127893.566542] RTW: IQK FW offload:disable
[127893.566546] RTW: rtw_regsty_chk_target_tx_power_valid return _FALSE for band:0, path:0, rs:0, t:-1
[127893.566608] RTW: pwrctrlpriv.bSupportRemoteWakeup~~~~~~
[127893.566609] RTW: pwrctrlpriv.bSupportRemoteWakeup~~~[1]~~~
[127893.566611] RTW: can't get autopm:
[127893.566612] RTW: rtw_macaddr_cfg mac addr:50:91:e3:c3:a6:56
[127893.566614] RTW: bDriverStopped:True, bSurpriseRemoved:False, bup:0, hw_init_completed:0
[127893.566631] RTW: rtw_wiphy_alloc(phy10)
[127893.566632] RTW: rtw_wdev_alloc(padapter=000000007915ad04)
[127893.566638] RTW: rtw_wiphy_register(phy10)
[127893.566639] RTW: Register RTW cfg80211 vendor cmd(0x67) interface
[127893.566702] RTW: rtw_reg_notifier: NL80211_REGDOM_SET_BY_USER alpha2:DE
[127893.566704] RTW: rtw_set_country(): not applied
[127893.566751] RTW: rtw_ndev_init(wlan0) if1 mac_addr=50:91:e3:c3:a6:56
[127893.566814] RTW: rtw_ndev_notifier_call(wlan0) state:17
[127893.566996] RTW: cfg80211_rtw_get_txpower
[127893.567000] RTW: rtw_ndev_notifier_call(wlan0) state:5
[127893.567358] RTW: cfg80211_rtw_get_txpower
[127893.575092] rtl8192eu 5-2.3:1.0 wlp48s0f4u2u3: renamed from wlan0
[127893.624355] RTW: rtw_ndev_notifier_call(wlp48s0f4u2u3) state:11
[127896.836864] RTW: cfg80211_rtw_get_txpower
ZerBea commented 8 months ago

The idea to debug the (working) hal driver is great.

dubhater commented 8 months ago

It prints useful information. rtl8xxxu is a bit lacking in that area.

This device definitely needs different initialisation tables:

[127893.559738] RTW: pHalData->ExternalPA_2G = 1 , pHalData->ExternalLNA_2G = 1
[127893.559739] RTW: pHalData->TypeGLNA is 0xa
[127893.559740] RTW: pHalData->rfe_type is 0x1

My cheap, small dongle from Aliexpress:

RTW: pHalData->ExternalPA_2G = 0 , pHalData->ExternalLNA_2G = 0                                                                            
RTW: pHalData->TypeGLNA is 0x0                                                                                                             
RTW: pHalData->rfe_type is 0xff

rtl8xxxu may already have all the code it needs for this device, but it's not enabled. You could try this simple patch:

diff --git a/rtl8xxxu_8192e.c b/rtl8xxxu_8192e.c
index 82c1365..0d5802f 100644
--- a/rtl8xxxu_8192e.c
+++ b/rtl8xxxu_8192e.c
@@ -32,6 +32,8 @@
 #include "rtl8xxxu.h"
 #include "rtl8xxxu_regs.h"

+#define EXT_PA_8192EU
+
 static const struct rtl8xxxu_reg8val rtl8192e_mac_init_table[] = {
    {0x011, 0xeb}, {0x012, 0x07}, {0x014, 0x75}, {0x303, 0xa7},
    {0x428, 0x0a}, {0x429, 0x10}, {0x430, 0x00}, {0x431, 0x00},
@@ -521,6 +523,10 @@ static int rtl8192eu_identify_chip(struct rtl8xxxu_priv *priv)
    if (!priv->ep_tx_count)
        ret = rtl8xxxu_config_endpoints_no_sie(priv);

+#ifdef EXT_PA_8192EU
+   priv->hi_pa = 1;
+#endif
+
 out:
    return ret;
 }

Unfortunately, this patch will break the „normal power” RTL8192EU devices.

ZerBea commented 8 months ago

Working like a charm - good starting point. Thanks

kimocoder commented 8 months ago

I've got a few of those rtl8192eu adapters ⭐ but lack of time atm

ZerBea commented 8 months ago

Good price-performance ratio. Good sensitivity. Working fine in combination with hcxdumptool.

kimocoder commented 8 months ago

All devices collected in rtl8xxxu is cheap, portable sized chips, affordable one..

TL-WN722n v1 was the well-known ath9k_htc. Downgrade

ZerBea commented 8 months ago

And the TP-Link TL-WN722N (v2) is impressive, too: https://github.com/ZerBea/hcxdumptool/discussions/361#discussioncomment-7551692

out of scope: Due to this feature request: https://github.com/ZerBea/hcxdumptool/discussions/382 and you issue report: https://github.com/ZerBea/hcxdumptool/issues/421

I decided to dive into the world of QpenWRT (on Raspberry Pi Zero).

kimocoder commented 8 months ago

So, I've run it down. The adapters must be set enabled in web gui btw, that was the block. I just finished flashing and run down now, great results 👍

So, I put the 1 chip in AP mode and number 2 chip in monitor, in gui. Fetching PMKIDs like a pro

dubhater commented 8 months ago

Working like a charm - good starting point. Thanks

That's great. I will prepare a better patch „soon”. Wanna buy me a present? 😁 https://www.amazon.de/hz/wishlist/ls/1OCIJV31AAT9O/ref=nav_wishlist_lists_1

kimocoder commented 8 months ago

![Uploading 17070855513051806219693627920326.jpg…]()

dubhater commented 7 months ago

@kimocoder What's that? I guess the picture didn't upload.