Related
Hi all!
Does anybody managed it by editing the .dll (or some other way) to set the tiacxwln ethernet adapter (HTC Universal running Windows Mobile 5.0) to monitor mode?
Regards, tom.
Hi spratelboing,
Did you ever figure out how to put tiacxwln.dll into monitor mode?
Unfortunately not. That's what I'm looking for in many forums without getting any answers.
Seems like nobody wants (or can) to help.
If you will figure it out PLEASE let me know:
[email protected]@arcor.de
Thanx and good luck.
Hello all.
Experimental version of custom mode controller for TIACXWLN built-in adapters
is located at http://winm-soft.atspace.com
Who is interested may test it...
Hello AlexB.
I was trying to run your program on hermes with WM6 which according to wiki is equipped with TI chipset, I found references in registry to TIACXWLN drivers but unfortunately your custom mode controller don't want to work all I've got is "Cannot process memory block!........" after choosing yes "Cannot read configuration! It is possible device is off." but the wlan device is actually on. I'll send you my *.dmp files maybe you can manage to make it work on hermes.
I had been toying around with the custom mode driver and have had little success thus far. Another thread was started and I have since taken great interest in trying to achieve promiscuous packet sniffing on my Tytn. I believe the problem may lie within either the custom driver, tiacxwln.dll or the hardware itself.
A little more information...
Mode controller works (attempt) directly with adapter (ACX100, PCMCIA!!!), not with the driver (standard, not patched). Program extracts an address of adapter registers window from TIACXWLN driver (TIACXWLN1 device object) and next it enables some packet filters, executes commands and etc...
I have no new ideas now why it works badly on such built-in adapter (device process commands with success status)...
On Dell I receive all packets but sometimes only...
Alex is it possible for you to patch internal driver to use promiscuous mode and don't bother with custom controller?
The custom mode controller is probably the best way to go about activating promiscuous scanning, since it's affect can be made temporary. If this mode of packet scanning were always enabled, I believe it would not allow one to associate with an access point.
I've attached the dump files that were generated after the unsuccessful execution of tiacxwln_ctrl.. perhaps the author or someone else can derive a solution .
Hi, Alex.
I was looking for your tiacxwln_ctrl custom controller on your web site, http://winm-soft.atspace.com/ but I could only find TNETWLN and WCF-11 files. Has it been moved, or deleted? I'd like to try it on my HTC 8525 with WM6.
Walt
I've received a private request for the file that AlexB developed and had posted on his site winm-soft (it's no longer available) which is mentioned above.. it will not enable promiscuous scanning on the Hermes. I repeat, it is broken, it does not work. AlexB did a great job creating this hack, however I don't believe that it was ever intended to work with the 8525. If AlexB would be so kind as to provide his source then perhaps we would have a decent starting point to enable this feature, however anyone who would be interested in doing this would find 3 perhaps not so obvious hurdles.
1: The TIACXWLN.DLL driver needs to be hacked to enable monitor mode.
2: A program capable of capturing and storing .pcap files would be necessary at this point as the only program that I'm aware of capable of sniffing out weak keys is airsnort which only accepts pcap dumps.
3: The pcap file would be huge. ie - could quite possibly take up 1gb or more of a micro sd card.
Just my $.02. Comments are welcome. Now onto the file. Enjoy!
Hi everybody,
The TIACXWLN controller was developed (beta/gamma...) for Dell X51 PDA and program worked bad and it is discarded! That program got some pointers (parameters) from context parameters of standard tiacxwln driver... Standard driver in Dell and driver in HTCs are different... Some experience of controller development was used to make TNETWLN controller (also TexasInstr adapter)... All controllers try to enable only promiscuous mode (not monitor mode).
As yet there are no TIACXWLN promiscuous mode ideas and devices...
Now some ideas for TNETW1251 (with SDIO) exist.
Thanks for the clarification.
Alex, I don't understand your reluctance to release source code, unless you based it upon "inside knowledge" of someone's copyrighted code, in which case I understand completely. If (and I fit into this category myself from time to time) you are simply embarrassed by code that "worked bad and it is discarded!" then maybe you could release it to a small group of coders who would be able to make it work without a lot of public exposure.
My personal interest is simple. I have a Zaurus C3200 that I use to sniff out rogue access points on the networks I am responsible for. It's big and clunky, and only works on 802.11b networks, so I don't carry it all the time, whereas I *always* have my 8525 with me, and it will work on b/g.
As far as WEP cracking goes, with ARP injection you can get aircrack to find a key with files of around 1-2MB in size, so the pcap files would not be too big. Of course, as I understand it, you *would* need monitor mode for packet injection to work.
IMHO this is a valuable development work that should continue. I just wish I had the skills and time to do more myself!
Walt
About sources
Main idea of contollers is working in special modes in parallel with vendor driver/software (without patching and etc.). All information, command structures and register constants was extracted from: http://acx100.sourceforge.net/
Who is intersted in building of new TIACXWLN driver should analize these sources. There are many commands and constants in these sources but controller used only Packet Filter command. All that the controller needed was address of mapped window of registers (it was stored in vendor driver context)... TIACXWLN adapter on Dell X51v processed these asynchronous commands with success (by response) but vendor driver was as post-processor any commands...
Commands are used by controller (details see in Linux driver (acx_struct.h)):
1) ACX1xx_CMD_INTERROGATE (IE_RXCONFIG)
2) ACX1xx_CMD_CONFIGURE (IE_RXCONFIG, RX_CFG1_RCV_PROMISCUOUS)
...
Hi, thanks to Lancealot for upload this file.
I install this controll driver in my HTC Universal (Universal have Wi-Fi chip from same corporation as TyTN: tiacxwln).
But this controll utility is not work on my UNiversal :-(
That setings promiscous mode, so Universal is freezed :-(
Anybody have any ideas ?
* Please excusive my for my bad english, thanks.
Hi Alex
I hv Sedna and have the discvussed Wi Fi driver..My problem is that it connects to wi fi router (g) but I cannot surf..most of the times I have to on/off and it works, but after long periods it disconnects.I hope this will solve the problem, also if u can suggest any guidance,I will b greatful
AlexB does your sniffer allow you to capture wifi traffic in all channels?
Hi,
Sniffer captures "adapter driver <-> protocols stack" packets...
Standard driver of WiFi adapter returns packets only after connecting to some network therefore sniffer gets traffic from one network on some channel... In promiscuous mode adapter gives user packets with foreign destination address.
Hi out there, am I able to get monitor mode to work on HTC Universal? I still have no device but i'm thinking about to buy one Universal or Zaurus C1000. What I need is monitor mode for penetration testing. If injection is available, it's nice but not a "must have". I will use Linux on the Universal, to make it paly together with the rest of my annoying grey boxes. If the integrated WIFI does not, does anyone know if monitor mode works with one of these sdio wifi cards? Or is there another way, to stick external wifi devices to the Universal (maybe usb or cf)?
On wiki there is written, that the Universal uses the tnetw1100bg wifi chipset.
I found this one on net:
http://www.rootr.net/man/man/acx/4
Do I understand this right, that, if i'm using Linux with acx-driver, monitor mode will be available to the Universal?
very very interesting can someone test it?
Linux on the uni doesnt have SDIO and unlikely to have it for a while due to driver implimentation legal issues. hope this helps.
why do we need sdio wifi card,cant we use universal onboard wifi?
Well SDIO cards were mentioned, just ruling them out at this stage.
SDIO was just an idea if Universals onboard wifi doesn't work. but due to the link i've been posting, i still hope, it will work (not for injection, but monitor mode will). I hope someone will test it.
You Can Monitor And Inject With Linux On Universal Using ACX Kernel Module And AIRCRACK-NG Toolset.
great, this is all i was wanted to read. Now I'm going to buy me one universal. I hope I can come back to you with questions if i have problems to set up the device.
OllieD said:
You Can Monitor And Inject With Linux On Universal Using ACX Kernel Module And AIRCRACK-NG Toolset.
Click to expand...
Click to collapse
How does one do this?
seattleweb said:
How does one do this?
Click to expand...
Click to collapse
Disregard this... I was running an older kernel and have since upgraded my install to one with a 2.6.21 kernel
OllieD said:
You Can Monitor And Inject With Linux On Universal Using ACX Kernel Module And AIRCRACK-NG Toolset.
Click to expand...
Click to collapse
Exactly!
Very interesting: exactly for the same target I will buy an HTC UNi too.
So, that can be our topic: two penetration tester, one topic, and HTC Universal
DOMy
Moved discussion from "Controller for TNETWLN" thread.
Handy Sniffer is next step of TNETWLN controller. As yet this sniffer can enable unofficial promiscuous mode only for TNETWLN WiFi adapters ("TNETWLN1", TNETW1250 chip with SDIO interface). For other adapters sniffer supports only standard system query for On/Off promiscuous mode (most adapters does not support this request). As I know standard driver for TIACXWLN also does not support promiscuous mode... If TIACXWLN from Athena supports promiscuous mode... congratulations.
Anyone had any look with HTC Wizard? Installed OK and dnt get any errors however doesnt seem to sniff anything apart from the AP im connected to.
Cheers
How do you test it?
1. Prepare WiFi adapter (disable Power Save mode!)
2. Swith on and connect adapter to network
3. Select adapter in Sniffer ("TNETWLN1")
4. Check menu "Extended TNETWLN"
5. Check menu "Promiscuous Mode"
6. Start of packet capture
What is the best PDA that works for this Handy Sniffer? Can you recommend one?
FujitsuSiemens LOOX C550 and N560 have TNETWLN built-in WiFI adapter. They are supported by HSniffer and they have powerful processors (Intel 500/600 MHz). You can use sniffer with any adapter that supports promiscuous mode.
Second test on HTC Kaiser - working. I must retst it on HotSPot place.
AlexB said:
4. Check menu "Extended TNETWLN"
Click to expand...
Click to collapse
Hi Alex, great work!
i'm trying handy sniffer with my Trinity, but i can't see "Extended TNETWLN" menu option, but only "promiscuous mode". What's wrong?
Anyone got successful with Trinity?
Thanks!
after following alex suggestion with a key into registry, i think i'm actually sniffing my network with my trinity. Anyway, i still don't see the extended TNETLWN menu (is it that important? ). I'm using a Trinity with Lasagna rom.
Thanks Alex!
Hi everybody,
I know about normal working of sniffer (promiscuous mode) on next devices:
1. FujitsuSiemens LOOX N520, C550, N560
2. Qtek 9100
Has anybody success with other devices or problems on these?
Hi everybody
ItalianTytan mentiond a RegistryKey for the trinty. Could you please post this hack?
i'm using as well a trinty and i'm only able to sniff my own networktraffic although im in the promiscuous mode.... btw i don't see the extendet menu either...
thx for you suggestion and the answer :-D
so long
konto
hi !!
i'm using a qtek9100.
when i select extended mode, a message tell me "disable the power save mode before adaptater ON"
what's that mine?
thanks!!
How can I convert the HEX packets to Text? Any apps available?
Thanks in advance for your help!
so it works on the tmobile mda? can you capture ivs? where is the developers webpage?
http://winm-soft.atspace.com/
Hi,
I'm planning to buy a phone to install Kali Nethunter.
I'd like to use Nethunter for wardriveng , so I know I'll need a wireless adapter supporting promiscuous / monitor mode, and possibly packet injection.
Is there a list of phones that support this operations with internal wireless?
Till now I understood Nexus5 can be configured to works in promiscuous mode, but I'm not so sure about other Netrunner compatible phone. Can you hel me?
Thanks
bye