Furrtek.org : Aircrack sur Zaurus

Cette page a au moins 16 ans !
This page is at least 16 years old !

Aircrack on Zaurus
Step-by-step guide to getting Aircrack-ng on your Zaurus "Collie" SL5500.

What you must have:
*A SL5500x or SL5000D Zaurus, with any firmware.
*A CompactFlash memory card, at least 64Mb.
*An SD card, at least 256Mb, and not necessarily fast.
*An universal memory card reader, or anything that can read and write to CF and SD cards.
*A compatible CompactFlash 802.11b wireless card (see here for a list of working cards, you need one with the Prism2 or Prism2.5 chipset, ask the manufacturer).
*The DC Adapter for the Zaurus.

1) Getting rid of the proprietary firmware
First, if you have a brand new Zaurus, or in any case the original Sharp firmware, you need to change it to OpenZaurus (OZ).
Before flashing your Zaurus, be sure to backup all your RAM data on a memory card. Flashing will reset all the internal memories.
Get the zImage file by searching for zImage-collie-32-32.bin here, get the latest version, then "images" directory, and "collie" directory.
Rename this file to "zimage" (no extension) and put it in the root of a freshly formated CF card.
Get the Initrd file in the same directory, it will be called something like opie-image-x.x.x-collie.initrd.bin (OPIE is much better than GPE)
Rename this file to "initrd.bin" and put it on the CF card, like the zimage file.

Properly eject your CF card.
Plug your Zaurus to the DC Adapter (powering from the battery while flashing is risky).
Place the back switch of your Zaurus to "Replace battery", and open the battery compartment.
Insert the CF card and remove the SD card if there is any.
Press simultaneously "C" and "D" on the Zaurus keyboard, and while holding them, press the reset button next to the battery.
Release all the buttons, and the two LEDs (green and orange) should light up.
Don't do anything while they are on, they will go off when flashing is done (shouldn't take more than 5 minutes).
When they're off, remove the CF card and push the reset button again.
You can replace the battery cover, and switch back to "Normal operation". Push the "On/Off (Cancel)" button for a few seconds.
OpenZaurus will normaly boot, you'll be prompted for a password two times, and for personnal informations to setup OPIE.

2) Getting all the necessary packages
OpenZaurus works with ipkg, so ipk packages.
You will need the patched "HostAP" drivers and aircrack-ng for ARM.
Download HostAP utilities package here.
Download HostAP Rawtx driver package here.
Download HostAP CS driver here.
Download the Aircrack-ng 0.9 for Zaurus package here.

Copy all these packages in the SD card, insert it in your Zaurus.
Under the "Settings" tab, start the package manager, select "Actions" then "Install local package".
In the lower left corner, choose "Files", go into "media", then "card", and choose the HostAP utilities package. Press start and wait for the installation to complete, press close.
Repear this for the HostAP Rawtx driver package, then the HostAP CS driver package.
When the three driver packages are installed, you can install the Aircrack-ng package, then exit the package manager.

Here, Aircrack-ng won't work because of the Zauri default "legal" configuration: your prism2/2.5 wireless card will be automaticaly handled by the Orinoco/Hermes driver (which can't do injection).
Test your wireless card. Insert it in the CF slot and wait for the notification, ignore it.
Start a terminal and type "iwconfig", you'll notice that there is no wireless interfaces running.
Type "ifconfig" and you'll see that your wireless card is taken for an ethernet card named "eth0".

3) Bypassing the drivers
You need to tell the pcmcia manager to hook-up the HostAP driver instead of Orinoco.
To do this, keep your wireless card inserted and open a new terminal.
Type "cardctl ident 0", you'll get the manfid of your card. It looks like 0x0000, 0x0000. (I have 0x0156,0x0002). Note those numbers.
White the text editor, open the configuration file /etc/pcmcia/hermes.conf
Search for the first number of your wireless card's manfid, if you find a paragraph specifying it, erase it.
You'll have to remove all paragraph that specify your card's manfid, otherwise, the Orinoco driver will grab it.
Once this done, make a new text file and write this:

device "hostap_cs"
class "network" module "hostap", "hostap_cs"

card "Prism2 HostAPed card"
manfid (your manfid numbers here, separated with a comma)
bind "hostap_cs"

Save this file to /etc/pcmcia/hostap_cs.conf, overwrite it if you have to.
Remove your wireless card.
In a terminal, type "depmod" and then "modprobe hostap". If you have an error here, you'll have to do this all over...
If all went well with modprobe, type "/etc/init.d/pcmcia restart" and wait for the service to restart.
Plug in your wireless card and pray ;)
You should be noticed, and should see that by taping on the CF icon in the taskbar, that your card is now called "Prism2 HostAPed card".

4) Trying out Aircrack-ng
Now, to see if your card is really able to do what you want...
In a terminal, type "iwconfig wlan0", you should have a bunch of infos on your card, it should be in "managed" mode.
Now, type "iwconfig mode monitor wlan0", if there is no response, you win !
Try "iwconfig wlan0" again, and check that it's in "monitor" mode.
If it is, go ahead and play with "airodump-ng wlan0" and see if there's some fun nearby ;)

If your card is a little bitchy, you can put my airinit script in "/usr/sbin" and "chmod 577" it. You'll then have to launch "airinit" whenever you'll need the scanning capacities of your card.
Airinit script follows:

#!/bin/sh
cardctl suspend
cardctl eject
/etc/init.d/pcmcia stop
modprobe -r hostap
modprobe hostap
/etc/init.d/pcmcia start
sleep 3
cardctl insert
sleep 3
cardctl reset
iwconfig mode monitor wlan0
iwpriv monitor_type 1 wlan0
ifconfig wlan0 up

For detailed information on using the Aircrack-ng suite, please refer to their official site.