Is You Geeked Up? | Technology Blog for the Computer Geek | isyougeekedup.com

The DD-WRT firmware for the Fonera does not support packet injection as it does not have the proper patched Mad-wifi driver. I’ve tried to make injection work with the DD-WRT firmware, but to no avail. As soon as injection begins, the router immediately freezes up. I am not going to go into the process of flashing open source firmware. You can find that guides for that at FoneraHacks.com

A quick rundown of what was done:

* Mount network share for capture files (Fonera does not have enough memory to store capture files)
* Create wireless interface “ath1? in monitor mode
* Start airodump to get quick snapshot
* Restart airodump with “–bssid” option to cut down on file size and “-w” to specify write location
* Start aireplay in fake authentication mode
* Once attack has completed, start aireplay in replay mode
* Collect 35,000 - 60,000 packets (for 128-bit WEP)
* Use aircrack-ptw to decrypt the key

More:

Some of you may be familiar with Fon and the Fon movement. Fon is a company that sells (used to give em out for free) wireless routers for a pretty cheap price. Catch is, you have to agree to share you internet via the wireless network made by the Fon router. Thanks to the Open Source community, alternative firmware is available. Among the choices are DD-WRT, OpenWrt, and Legend which are all Linux based. Although the flashing process is not easy, the payoff is worth it.

DD-WRT has a great interface which lets you control almost every setting. Unlike the default firmware that doesn’t even include static DHCP entries, DD-WRT unlocks a full suite of network tools and functionality. It also comes with ipkg, a package installer which makes installing additional software a breeze. Speaking of additional software, aircrack-ng immediately came to mind. Good thing these new routers have an Atheros chipset or else packet injection would be useless. I installed and gave the aircrack-ng suite a whirl. Sniffing worked fine, but injection was a different story. As soon as I started sending packets, the console froze and the router rebooted. Unfortunately, DD-WRT didn’t have the patched Mad-Wifi drivers required by aircrack-ng

After some searching, I ran across Legend. This is a different firmware based on the OpenWrt platform, but it claimed to support aircrack-ng and included patched Mad-Wifi drivers. I decided to give it a try and I’m glad I did. Aircrack was already installed and good to go after the flash. After running a few tests, I was able to fake associate and replay packets through my home AP! Instead of using the adapter that came with the Fonera, I modified it to recieve power from a USB port. It would then be possible to connect to the Fonera through the onboard ethernet port. I tried injection while being wirelessly connected simultaneously, but as soon as I started the injection process, the router immediately locked up. Oh well, I can still use the Fonera like an external wireless card to perform my pentesting, not to mention it’s essentially a very basic, but portable Linux box!