Closed Flynask closed 2 years ago
Is there a reason why you are using the --inject wlxf469d5800472
parameter? This parameter hasn't been extensively tested. The Atheros dongle can act as AP and simultaneously be used to inject frames. In other words, try:
./fragattack.py wlxf469d5800472 --debug 2 --ap ping
When running the script like this, Linux will automatically retransmit the injected frame if it's not acknowledged.
Thank you for this quick response.
I've been testing using this parameter because the retransmission behavior testing of the WN-H3 Atheros AR9271 wasn't conclusive
./fragattack.py wlxf469d5800472 ping --inject-test monwlan --ap
also, I've had the same issue running without it.
Here's the log trying the command, not so different from the previously linked: fragattacks2.log
This might be because the Wi-Fi chip of the Rapsberry is going into sleep mode. You could try disabling sleep mode on the Raspberry: https://raspberrypi.stackexchange.com/questions/47087/raspberry-pi-3-wifi-goes-to-sleep
If that doesn't help:
I have disabled the sleep mode and I had the same result (Test timed out): fragattacks3.log
With a different client (Samsung Galaxy S6), it actually worked one out of two times:
Test timed out : fragattacks-s6-fail.zip
Successful: fragattacks-s6-ok.zip
Here's the capture with the other dongle in monitor mode: fragattacks-cap.zip
From the capture I can see that the injected ping request is received by the Raspberry (it's acknowledged). The Packet Number of 101 should also be good (no higher PN hasn't been used previously). So that all seems good, I would expect the Raspberry to properly receive and decrypt the ping request.
Next things to check:
--pre-test-delay 2
to wait two seconds after getting the IP address, so it only sends the ping request after that. Maybe initializing the IP address is slow. Also try with the value 5 to wait five seconds.Yay! After updating live USB fragattacks version, test was successful for the Raspberry Pi 3 Model B by adding the 5 seconds delay --pre-test-delay 5
(still had the issue for only 2 seconds delay).
Thank you for your replies and your amazing work on both krack and frag attacks.
Hi, Vanhoefm
I'm having troubles to pass sanity check (--ap mode) to verify my setup: live USB image you provided, WN-H3 Atheros AR9271 in injection mode, RALINK RT5370 for AP hosting and my target is a Raspberry Pi 3 model B.
I went through troubleshooting checklist :
wlx001986719691=RALINK RT5370, wlxf469d5800472=WN-H3 Atheros AR9271
fragattacks.log