Open xcodian opened 5 years ago
I also can't find any apple devices
There could be several causes here. Maybe this helps the debug process:
opendrop receive
work on your setup? If yes, goto 3. If no, goto 2.owl
repository has more info.thanks so much for the debugging script. Here is what it looks like on a Purism Librem13v4 (Qualcomm Atheros AR9462
wifi chipset) trying to pair with an iPad 4:
opendrop receive
(and opendrop find
) do not find the iPadreceive
doesn't work either.For what it's worth, the Atheros device I have is slightly different from your lab device. Here's the output of the info
command (as per https://github.com/seemoo-lab/owl/issues/9)
anarcat@angela:~(master)$ iw phy phy0 info
Wiphy phy0
max # scan SSIDs: 4
max scan IEs length: 2257 bytes
max # sched scan SSIDs: 0
max # match sets: 0
max # scan plans: 1
max scan plan interval: -1
max scan plan iterations: 0
Retry short limit: 7
Retry long limit: 4
Coverage class: 0 (up to 0m)
Device supports RSN-IBSS.
Device supports AP-side u-APSD.
Device supports T-DLS.
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP-128 (00-0f-ac:4)
* CCMP-256 (00-0f-ac:10)
* GCMP-128 (00-0f-ac:8)
* GCMP-256 (00-0f-ac:9)
* CMAC (00-0f-ac:6)
* CMAC-256 (00-0f-ac:13)
* GMAC-128 (00-0f-ac:11)
* GMAC-256 (00-0f-ac:12)
Available Antennas: TX 0x3 RX 0x3
Configured Antennas: TX 0x3 RX 0x3
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor
* mesh point
* P2P-client
* P2P-GO
* outside context of a BSS
Band 1:
Capabilities: 0x11ef
RX LDPC
HT20/HT40
SM Power Save disabled
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 8 usec (0x06)
HT TX/RX MCS rate indexes supported: 0-15
Bitrates (non-HT):
* 1.0 Mbps
* 2.0 Mbps (short preamble supported)
* 5.5 Mbps (short preamble supported)
* 11.0 Mbps (short preamble supported)
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 2412 MHz [1] (30.0 dBm)
* 2417 MHz [2] (30.0 dBm)
* 2422 MHz [3] (30.0 dBm)
* 2427 MHz [4] (30.0 dBm)
* 2432 MHz [5] (30.0 dBm)
* 2437 MHz [6] (30.0 dBm)
* 2442 MHz [7] (30.0 dBm)
* 2447 MHz [8] (30.0 dBm)
* 2452 MHz [9] (30.0 dBm)
* 2457 MHz [10] (30.0 dBm)
* 2462 MHz [11] (30.0 dBm)
* 2467 MHz [12] (disabled)
* 2472 MHz [13] (disabled)
* 2484 MHz [14] (disabled)
Band 2:
Capabilities: 0x11ef
RX LDPC
HT20/HT40
SM Power Save disabled
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 8 usec (0x06)
HT TX/RX MCS rate indexes supported: 0-15
Bitrates (non-HT):
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 5180 MHz [36] (23.0 dBm) (no IR)
* 5200 MHz [40] (23.0 dBm) (no IR)
* 5220 MHz [44] (23.0 dBm) (no IR)
* 5240 MHz [48] (23.0 dBm) (no IR)
* 5260 MHz [52] (23.0 dBm) (no IR, radar detection)
* 5280 MHz [56] (23.0 dBm) (no IR, radar detection)
* 5300 MHz [60] (23.0 dBm) (no IR, radar detection)
* 5320 MHz [64] (23.0 dBm) (no IR, radar detection)
* 5500 MHz [100] (23.0 dBm) (no IR, radar detection)
* 5520 MHz [104] (23.0 dBm) (no IR, radar detection)
* 5540 MHz [108] (23.0 dBm) (no IR, radar detection)
* 5560 MHz [112] (23.0 dBm) (no IR, radar detection)
* 5580 MHz [116] (23.0 dBm) (no IR, radar detection)
* 5600 MHz [120] (23.0 dBm) (no IR, radar detection)
* 5620 MHz [124] (23.0 dBm) (no IR, radar detection)
* 5640 MHz [128] (23.0 dBm) (no IR, radar detection)
* 5660 MHz [132] (23.0 dBm) (no IR, radar detection)
* 5680 MHz [136] (23.0 dBm) (no IR, radar detection)
* 5700 MHz [140] (23.0 dBm) (no IR, radar detection)
* 5745 MHz [149] (30.0 dBm) (no IR)
* 5765 MHz [153] (30.0 dBm) (no IR)
* 5785 MHz [157] (30.0 dBm) (no IR)
* 5805 MHz [161] (30.0 dBm) (no IR)
* 5825 MHz [165] (30.0 dBm) (no IR)
Supported commands:
* new_interface
* set_interface
* new_key
* start_ap
* new_station
* new_mpath
* set_mesh_config
* set_bss
* authenticate
* associate
* deauthenticate
* disassociate
* join_ibss
* join_mesh
* remain_on_channel
* set_tx_bitrate_mask
* frame
* frame_wait_cancel
* set_wiphy_netns
* set_channel
* set_wds_peer
* tdls_mgmt
* tdls_oper
* probe_client
* set_noack_map
* register_beacons
* start_p2p_device
* set_mcast_rate
* connect
* disconnect
* channel_switch
* set_qos_map
* set_multicast_to_unicast
Supported TX frame types:
* IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
Supported RX frame types:
* IBSS: 0x40 0xb0 0xc0 0xd0
* managed: 0x40 0xd0
* AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* mesh point: 0xb0 0xc0 0xd0
* P2P-client: 0x40 0xd0
* P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* P2P-device: 0x40 0xd0
software interface modes (can always be added):
* AP/VLAN
* monitor
valid interface combinations:
* #{ managed } <= 2048, #{ AP, mesh point } <= 8, #{ P2P-client, P2P-GO } <= 1,
total <= 2048, #channels <= 1, STA/AP BI must match
HT Capability overrides:
* MCS: ff ff ff ff ff ff ff ff ff ff
* maximum A-MSDU length
* supported channel width
* short GI for 40 MHz
* max A-MPDU length exponent
* min MPDU start spacing
Device supports TX status socket option.
Device supports HT-IBSS.
Device supports SAE with AUTHENTICATE command
Device supports low priority scan.
Device supports scan flush.
Device supports AP scan.
Device supports per-vif TX power setting
P2P GO supports CT window setting
Driver supports full state transitions for AP/GO clients
Driver supports a userspace MPM
Device supports active monitor (which will ACK incoming frames)
Driver/device bandwidth changes during BSS lifetime (AP/GO mode)
Device supports configuring vdev MAC-addr on create.
Supported extended features:
* [ RRM ]: RRM
* [ FILS_STA ]: STA FILS (Fast Initial Link Setup)
* [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
* [ CONTROL_PORT_OVER_NL80211 ]: control port over nl80211
* [ TXQS ]: FQ-CoDel-enabled intermediate TXQs
So this might just be the iPad not waking up, but then again I don't understand why it wouldn't show up when trying to send a file from the iPad.
By the way, thank you so much for your work on this project. I've been wondering for a long time if someone would manage to reverse engineer this protocol, and you made it! I can only hope this can be standardized a bit more in Linux so that more users can use this thing to talk to Apple devices. Congratulations!
This is how I setup everything:
install opendrop:
virtualenv --python=python3 ~/.virtualenvs/opendrop/
. ~/.virtualenvs/opendrop/bin/activate
pip3 install opendrop
install owl
sudo apt install libpcap-dev libev-dev libnl-3-dev libnl-genl-3-dev libnl-route-3-dev cmake
git clone https://github.com/seemoo-lab/owl.git
git submodule update --init
mkdir build
cd build
cmake ..
make
sudo make install
create a monitoring interface:
sudo iw phy `iw dev wlp1s0 info | gawk '/wiphy/ {printf "phy" $2}'` interface add mon0 type monitor
sudo ifconfig mon0 up
start owl and opendrop:
sudo owl -i mon0 -v -N
opendrop -i awdl0 -d find
This is what the latter two look like:
$ opendrop -i awdl0 -d find
2019-09-15 14:46:43,358 INFO opendrop.cli: Looking for receivers. Press enter to stop ...
$ sudo owl -i mon0 -v -N
.oOXWMMMMWXOx:
.oOOOx:'''''''''''':OOOx:
oXOo' ........ ':OXx.
.oOOO''''''''''OOOo.
oXOo' 'oOO:
:oOOOOXXXXOOOOo:.
oXO:' ':OXo
.:xOXXXXXXOx:.
.xXMMMMMMMMMMMMMMMMXx.
'XWWWWWWMMMMMMMMMMMMMMMMMMMMMMWWWWWWX'
oWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWo
OMMMMMMWWMMMMMMMMMMMMMMWWWMMMMMO
OMMWx' 'xWMMMMWx' 'oXMMO
:MW: oMMx 'WM:
XM' .xOOo. :o .xOOo. WX
WX :MMMMMX :MMMMMX xW
XW 'WMMMMX .xx. 'WMMMWX XX
'Wx 'xWMx' OMMO 'xWMx' xM'
'XX: 'XX' :XX'
'xXOx:..................:xXWx'
'xXMMMMMMMMMMMMMMMMMMWO'
Open Wireless Link
https://owlink.org
14:46:40 INFO : WLAN device: mon0 (addr 18:cf:5e:c5:3d:d0)
14:46:40 INFO : Host device: awdl0
14:46:40 DEBUG: switch channel to 6 (slot 0)
Note that if I start opendrop receive
in another window, the two
processes do see each other, for what it's worth:
2019-09-15 14:46:52,475 DEBUG opendrop.client: Add service b33d39275490._airdrop._tcp.local.
2019-09-15 14:46:52,477 DEBUG opendrop.cli: AirDrop service found: angela.local., fe80::1acf:5eff:fec5:3dd0:8771, ID b33d39275490
2019-09-15 14:46:52,478 DEBUG opendrop.client: Send /Discover request
2019-09-15 14:46:52,982 DEBUG opendrop.client: /Discover request successful
2019-09-15 14:46:52,983 INFO opendrop.cli: Found index 0 ID b33d39275490 name angela
2019-09-15 14:46:52,923 INFO opendrop.server: Starting HTTPS server
2019-09-15 14:46:52,939 DEBUG opendrop.server: POST request at /Discover
2019-09-15 14:46:52,944 DEBUG opendrop.server: Headers
Host: [fe80::1acf:5eff:fec5:3dd0%awdl0]:8771
Content-Length: 42
Content-Type: application/octet-stream
Connection: keep-alive
Accept: */*
User-Agent: AirDrop/1.0
Accept-Language: en-us
Accept-Encoding: br, gzip, deflate
2019-09-15 14:46:52,946 DEBUG opendrop.server: fe80::1acf:5eff:fec5:3dd0 - - [15/Sep/2019 14:46:52] "POST /Discover HTTP/1.1" 200 -
I can even transfer files (locally) this way, and I suspect this might work between two Linux laptops (but I haven't tried).
So, any idea on how I can debug this?
- create a monitoring interface:
sudo iw phy `iw dev wlp1s0 info | gawk '/wiphy/ {printf "phy" $2}'` interface add mon0 type monitor sudo ifconfig mon0 up
- start owl and opendrop:
sudo owl -i mon0 -v -N opendrop -i awdl0 -d find
This is not the way to start
owl
with a Wi-Fi driver that properly supportsnl80211
. The-N
flag effectively disables allnl80211
functionality which means that neither active monitor mode is enabled nor the Wi-Fi channel is set correctly (which is the problem that you are facing here; you still get the console output put that's a no-op). You should not use-N
as it is just a dirty hack to support devices that use Nexmon for monitor mode and require you to manually set the channel, which is why I did not document this in the README. To make life easier, simply run:sudo owl -i wlp1s0 -v
Depending on your regdom, you might want to set channel 44 or 149 via the
-c
flag for better performance.
On 2019-09-16 04:11:36, Milan Stute wrote:
- create a monitoring interface:
sudo iw phy `iw dev wlp1s0 info | gawk '/wiphy/ {printf "phy" $2}'` interface add mon0 type monitor sudo ifconfig mon0 up
- start owl and opendrop:
sudo owl -i mon0 -v -N opendrop -i awdl0 -d find
This is not the way to start
owl
with a Wi-Fi driver that properly supportsnl80211
. The-N
flag effectively disables allnl80211
functionality which means that neither active monitor mode is enabled nor the Wi-Fi channel is set correctly (which is the problem that you are facing here; you still get the console output put that's a no-op). You should not use-N
as it is just a dirty hack to support devices that use Nexmon for monitor mode and require you to manually set the channel, which is why I did not document this in the README. To make life easier, simply run:sudo owl -i wlp1s0 -v
Depending on your regdom, you might want to set channel 44 or 149 via the
-c
flag for better performance.
Ah well, I used the -N flag because otherwise I get this error:
10:00:15 ERROR: Error while receiving via netlink: Object busy 10:00:15 ERROR: Could not put device in monitor mode: wlp1s0 10:00:15 ERROR: could not initialize core
same if using the mon0
interface.
Is there something special that should be done with Network Manager if it's running? I tried to have it off and on, it doesn't seem to change anything...
You might have to kill wpa_supplicant
, dhclient
, and NetworkManager
(and possibly others). Also make sure that they do not restart automatically.
@anarcat any luck?
haven't found the time to retry, sorry :/
I met the same problem after the macbook system update. Everything worked well before the update. I suspect that this update may make up for some security issues of airdrop.
Excuse me, sir. Have you solved the problem yet?
I have the same issue and the same testing results as @anarcat with ralink rt5372 even after killing all processes from airmon-ng check wlp0s20u2
output.
$ sudo owl -i wlp0s20u2 -v
00:30:45 ERROR: Error while receiving via netlink: Operation not supported
00:30:45 ERROR: Could not put device in monitor mode: wlp0s20u2
00:30:45 ERROR: could not initialize core
The Wifi adapter rt5372 looks fine from aireplay-ng
output. Thoughts?
I'm experiencing the same problem
$ sudo owl -i wlan0 -vv
11:23:14 TRACE: pcap: unable to open savefile (wlan0: No such file or directory)
11:23:14 ERROR: Error while receiving via netlink: Operation not supported
11:23:14 ERROR: Could not put device in monitor mode: wlan0
11:23:14 ERROR: could not initialize core
I tried with strace
to look for something.
... <crop>
bind(4, {sa_family=AF_NETLINK, nl_pid=750819289, nl_groups=00000000}, 12) = 0
getsockname(4, {sa_family=AF_NETLINK, nl_pid=750819289, nl_groups=00000000}, [12]) = 0
sendmsg(4, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=32, type=nlctrl, flags=NLM_F_REQUEST|NLM_F_ACK, seq=16
17009821, pid=750819289}, "\x03\x01\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"}, iov_len=32}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 32
recvmsg(4, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=2336, type=nlctrl, flags=0, seq=1617009821, pid=750819
289}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00"...}, iov_len=16384}], msg_iovlen=
1, msg_controllen=0, msg_flags=0}, MSG_PEEK|MSG_TRUNC) = 2336
recvmsg(4, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=2336, type=nlctrl, flags=0, seq=1617009821, pid=750819
289}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00"...}, iov_len=16384}], msg_iovlen=
1, msg_controllen=0, msg_flags=0}, 0) = 2336
recvmsg(4, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=36, type=NLMSG_ERROR, flags=NLM_F_CAPPED, seq=16170098
21, pid=750819289}, {error=0, msg={len=32, type=nlctrl, flags=NLM_F_REQUEST|NLM_F_ACK, seq=1617009821, pid=750819289}}}, iov_len=16384}], msg_iovlen=1, msg_controllen=0,
msg_flags=0}, MSG_PEEK|MSG_TRUNC) = 36
recvmsg(4, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=36, type=NLMSG_ERROR, flags=NLM_F_CAPPED, seq=16170098
21, pid=750819289}, {error=0, msg={len=32, type=nlctrl, flags=NLM_F_REQUEST|NLM_F_ACK, seq=1617009821, pid=750819289}}}, iov_len=16384}], msg_iovlen=1, msg_controllen=0,
msg_flags=0}, 0) = 36
openat(AT_FDCWD, "wlan0", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=2326, ...}) = 0
fstat(5, {st_mode=S_IFREG|0644, st_size=2326, ...}) = 0
read(5, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\t\0\0\0\t\0\0\0\0"..., 4096) = 2326
lseek(5, -1467, SEEK_CUR) = 859
read(5, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\t\0\0\0\t\0\0\0\0"..., 4096) = 1467
close(5) = 0
write(2, "11:23:41 TRACE: ", 1611:23:41 TRACE: ) = 16
write(2, "pcap: unable to open savefile (w"..., 64pcap: unable to open savefile (wlan0: No such file or directory)) = 64
write(2, "\n", 1
) = 1
access("/proc/net", R_OK) = 0
access("/proc/net/unix", R_OK) = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wlan0", }) = 0
close(5) = 0
sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=40, type=RTM_GETLINK, flags=NLM_F_REQUEST|NLM_F_ACK, s
eq=1617009821, pid=167811033}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wlan0"), ifi_flags=0, ifi_change=0}, {{nla_len=8, nla_type=IFLA_EX
T_MASK}, 1}}, iov_len=40}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 40
... <crop>
I suppose the resource issue arises here: openat(AT_FDCWD, "wlan0", O_RDONLY) = -1 ENOENT (No such file or directory)
.
Is it possible, that wlan0
(in my case) should be a file path? I try looking it up in the source code myself later on, but maybe someone just knows this and could save some time :)
Or am I on the wrong track and this pcap
issue is not the root cause of this issue?
Edit: This was not the issue for me :blush:
Remarks:
I've stopped wpa_supplicant
and NetworkManager
and aligned with the steps described here.
Side note:
Using strace
I've stumbled upon another issue, where openat(AT_FDCWD, "/etc/libnl/classid", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
fails, because on Kali Linux, this file is located under: /etc/libnl-3/classid
. Maybe this is helpful for someone?
However, fixing this file link issue does not resolve the previous issue.
Update:
so I was able to make it work for me.
I've commented out the relevant two if
clauses in OWLs daemon/io.c
:
if (!state->wlan_no_monitor_mode) /* if device is already in monitor mode */
err = set_monitor_mode(state->wlan_ifindex);
if (err < 0) {
log_error("Could not put device in monitor mode: %s", state->wlan_ifname);
return err;
}
I'm making sure myself, to put the interface card in monitor mode.
After recompiling and installing, it works.
I can't discover any devices via the
opendrop find
command. It successfully starts looking for receivers but then just sits there and can't discover any devices. OWL seems to be working fine, and with wireshark (notwireshark-awdl
) I can see packets being sent between other devices.Is this a problem on my end or a bug/limitation of OpenDrop? Cheers.