What you must have:
*A SL5500x or SL5000D Zaurus, with any firmware.
*A CompactFlash memory card, at least 64Mb.
*An SD card, at least 256Mb, and not necessarily fast.
*An universal memory card reader, or anything that can read and
write to CF and SD cards.
*A compatible CompactFlash 802.11b wireless card (see here for
a list of working cards, you need one with the Prism2 or Prism2.5 chipset,
ask the manufacturer).
*The DC Adapter for the Zaurus.
1) Getting rid of the proprietary firmware
First, if you have a brand new Zaurus, or in any case the
original Sharp firmware, you need to change it to OpenZaurus (OZ).
Before flashing your Zaurus, be sure to backup all your RAM data on a
memory card. Flashing will reset all the internal memories.
Get the zImage file by searching for zImage-collie-32-32.bin here,
get the latest version, then "images" directory, and "collie"
Rename this file to "zimage" (no extension) and put it in the
root of a freshly formated CF card.
Get the Initrd file in the same directory, it will be called something
like opie-image-x.x.x-collie.initrd.bin (OPIE is much better
Rename this file to "initrd.bin" and put it on the CF card,
like the zimage file.
Properly eject your CF card.
Plug your Zaurus to the DC Adapter (powering from the battery while
flashing is risky).
Place the back switch of your Zaurus to "Replace battery", and
open the battery compartment.
Insert the CF card and remove the SD card if there is any.
Press simultaneously "C" and "D" on the Zaurus keyboard,
and while holding them, press the reset button next to the battery.
Release all the buttons, and the two LEDs (green and orange) should light
Don't do anything while they are on, they will go off when flashing
is done (shouldn't take more than 5 minutes).
When they're off, remove the CF card and push the reset button
You can replace the battery cover, and switch back to "Normal operation".
Push the "On/Off (Cancel)" button for a few seconds.
OpenZaurus will normaly boot, you'll be prompted for a password two times,
and for personnal informations to setup OPIE.
2) Getting all the necessary packages
OpenZaurus works with ipkg, so ipk packages.
You will need the patched "HostAP" drivers and aircrack-ng
Download HostAP utilities package here.
Download HostAP Rawtx driver package
Download HostAP CS driver here.
Download the Aircrack-ng 0.9 for Zaurus package here.
Copy all these packages in the SD card, insert
it in your Zaurus.
Under the "Settings" tab, start the package manager, select
"Actions" then "Install local package".
In the lower left corner, choose "Files", go into "media",
then "card", and choose the HostAP utilities package.
Press start and wait for the installation to complete, press close.
Repear this for the HostAP Rawtx driver package, then the HostAP
CS driver package.
When the three driver packages are installed, you can install the Aircrack-ng
package, then exit the package manager.
Here, Aircrack-ng won't work because of the Zauri default
"legal" configuration: your prism2/2.5 wireless card will be
automaticaly handled by the Orinoco/Hermes driver (which can't do injection).
Test your wireless card. Insert it in the CF slot and wait for the notification,
Start a terminal and type "iwconfig", you'll notice that
there is no wireless interfaces running.
Type "ifconfig" and you'll see that your wireless card
is taken for an ethernet card named "eth0".
3) Bypassing the drivers
You need to tell the pcmcia manager to hook-up the HostAP
driver instead of Orinoco.
To do this, keep your wireless card inserted and open a new terminal.
Type "cardctl ident 0", you'll get the manfid of your
card. It looks like 0x0000, 0x0000. (I have 0x0156,0x0002). Note those
White the text editor, open the configuration file /etc/pcmcia/hermes.conf
Search for the first number
of your wireless card's manfid, if you find a paragraph specifying it,
You'll have to remove all paragraph that specify your card's manfid, otherwise,
the Orinoco driver will grab it.
Once this done, make a new text file and write this:
class "network" module "hostap", "hostap_cs"
card "Prism2 HostAPed card"
manfid (your manfid numbers here, separated with a comma)
Save this file to /etc/pcmcia/hostap_cs.conf, overwrite
it if you have to.
Remove your wireless card.
In a terminal, type "depmod" and then "modprobe
hostap". If you have an error here, you'll have to do this all
If all went well with modprobe, type "/etc/init.d/pcmcia restart"
and wait for the service to restart.
Plug in your wireless card and pray ;)
You should be noticed, and should see that by taping on the CF icon in
the taskbar, that your card is now called "Prism2 HostAPed card".
4) Trying out Aircrack-ng
Now, to see if your card is really able to do what you
In a terminal, type "iwconfig wlan0", you should have
a bunch of infos on your card, it should be in "managed" mode.
Now, type "iwconfig mode monitor wlan0", if there is
no response, you win !
Try "iwconfig wlan0" again, and check that it's in "monitor"
If it is, go ahead and play with "airodump-ng wlan0" and see
if there's some fun nearby ;)
If your card is a little bitchy, you can
put my airinit script in "/usr/sbin" and "chmod
577" it. You'll then have to launch "airinit"
whenever you'll need the scanning capacities of your card.
Airinit script follows:
modprobe -r hostap
iwconfig mode monitor wlan0
iwpriv monitor_type 1 wlan0
ifconfig wlan0 up
For detailed information on using the Aircrack-ng
suite, please refer to their official