(info) RTL8811AU device fixed to channel 1 (cannot set band or channel) #19
Comments
|
Hi @drws Recommend you read the file This driver and the 8812au are pretty good drivers for monitor mode ... for Realtek drivers. The thing we have to be aware of is that these Realtek out-of-kernel drivers are not Linux Wireless Standards compliant. What that means is that you will run into that things that don't seem to work by the instructions you are looking at. Most of the guides and app instructions are written for drivers that are Linux Wireless Standards compliant. Before you ask why Realtek does what it does, let me say that I have no idea. It is what it is. For standards compliant adapters, you can stop by the following site for information, discussions (see issues and discussions) and links to many adapters: https://github.com/morrownr/USB-WiFi If you have any questions regarding the document and script that I suggested above, let me know. Regards |
|
Thank you for the thorough intro. I know Realtek is mildly put not the best option, but I would like to make use of an adapter I have at least for surveying purposes. I was using commands from Even though the error is not displayed anymore, the channel doesn't change nor with Currently it seems that channel can be set somehow since |
|
Did you run? $ airmon-ng check kill What are you seeing when you run? $ sudo ./test-mon.sh |
|
I did ran To reproduce one can run The current workaround is to run To recap, I see these main issues:
|
Okay. That looks normal to me. Where is the problem?
Yes,
I will take a look as I have time. Keep in mind that I maintain this driver, not Aircrack-ng. This driver is very heavily used and you are the only one reporting this so I am skeptical that it is a problem with the driver. Would you check this by using another app that does the same thing... maybe Wireshark?
You have not run my
I am curious about what has caused you to think that this command would work without monitor mode being set? I realize I am sounding somewhat short at this point but I need to get your attention so please listen:
|
I see my error in wrongly predicting channel setting should also work in STA mode. But the error type returned (resource busy) is still not the most descriptive when the interface is not in the right mode to be able to change the channel and not claimed otherwise. Is it a Realtek thing?
I am aware of that and will be submitting issue report there if we find it necessary.
I feel the same way during all of this and only posted issue report here in good faith.
Even though I prefer to go step by step to learn more about these tools myself, I have ran your script before even though I did not explicitly state so. I thought copy of the main commands used would suffice and I see now that a complete terminal log would be more useful. I have also compared the used The
I understand that and please tell me where I'm chasing ghosts, but for example I would sincerely expect even a non-compliant driver to be able to display set channel. It is one of the most basic radio parameters afterall, it's not some exotic proprietary protocol extension. Even if not, I know you're not the one to blame.
As explained above I'm taking this one back.
I believe Also,
I have to stress that nothing in this issue report is security-related in any way. I'm talking about low-level radio network analysis that the driver can provide and need no pentesting tips.
Of course, just please say so if you do.
I can test the improved script even though I am not even a bit convinced
Will do further testing about the issue sooner or later, let's just clear things up a bit more first. |
|
Good morning @drws
I guess we can call it a Realtek thing because there is a lot of standardization in how the in-kernel drivers, whether usb or internal wifi cards, handle things like this. I understand the frustration that non-specific error codes can cause.
Let me throw this out: There was a gentleman in one of these Realtek driver repos I maintain here that stopped by last year raising hell about not being able to change the mac address of his adapter. He explained that it always worked with his old Ralink chipset based adapter that uses an in-kernel driver. I fiddled around for a little while and discovered that with these Realtek drivers you have to change the mac address before you enter monitor mode (or you get that wonderful resource busy nonsense). I explained this, the gentleman tried it and off he went. Repeat this with various other issues and you see why I try to post a guide and script to help.
I am aware of how the script is written. The reason I point you to the script is that a lot of testing has gone into the script so a lot can be learned from the order and exact commands that are used. The script may be printing $chan to the screen but the lesson is in why I did that. What I discovered is that the channel is changed when the command to set the channel is run but
It may not be. The improved version of the script i am working will tell you if there are problem processes as it STOPS them. I am not using KILL. I am using STOP and CONT. I am out of time for now but will send a working copy of the new script as I have time later today or tomorrow. Regards |
|
Here is test-mon.sh in its current state. The main new thing in this edition is that it handles problematic processes on its own instead of relying on airmon-ng. The approach that airmon-ng takes is that it simply kills the processes it thinks may interfere. That may be fine for those only have one adapter running in monitor mode but I always have multiple adapters connected to my dev system and I don't need everything wireless to die when I am testing monitor mode. There may be multiple ways to accomplish what I want, but the idea in use in test-mon.sh currently is simply to identify the processes that could cause problems and STOP (basically halt) them. This approach is less drastic and allows the system to be returned to its original state via CONT without a reboot. Of interest to you is that I am having the script stop and post the processes that it is stopping so that you can see them. That way we can see if you were on the right track when you said you did not think your setup would have any problematic processes. Post the results so we can discuss it if you don't mind. Another thing is that this script is a work in progress so if you have some great ideas, bring them on. So far development has centered around my plan to have a script to speed up checking the results of my work on drivers but I see that this could spawn a more operational companion script. Regards |
morrownr
changed the title
|
I had the device-in-question caught up in some project so it took some time, but I've tested your improved script now. The output is as expected: When trying to set fixed channel with the script, the However now I cannot find a way to make 5GHz work. Using In any case I've accepted the fact that:
And I guess Realtek can make you think I should've gotten an Alfa... |
|
Hi, drws! |
|
First of all it now appears that @ivanovborislav Your fork does indeed work the best, |
|
I tried to find a driver for my old phone (Samsung Galaxy S5 plus Kali NetHunter, rtl8821au) without success. If you read #ifdef CONFIG_REGD_SRC_FROM_OS
static uint rtw_regd_src = CONFIG_RTW_REGD_SRC;
module_param(rtw_regd_src, uint, 0644);
MODULE_PARM_DESC(rtw_regd_src, "The default regd source selection, 0:Realtek defined, 1: OS");
#endifRegulatory Domain selection, is a just one single line Let's see...
static int cfg80211_rtw_set_channel(struct wiphy *wiphy
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35))
, struct net_device *ndev
#endif
, struct ieee80211_channel *chan, enum nl80211_channel_type channel_type)
{
int chan_target = (u8) ieee80211_frequency_to_channel(chan->center_freq);
int chan_offset = HAL_PRIME_CHNL_OFFSET_DONT_CARE;
int chan_width = CHANNEL_WIDTH_20;
_adapter *padapter = wiphy_to_adapter(wiphy);Can put the card into monitor mode(use patch) and can start airodump-ng, older kernel.
static int cfg80211_rtw_set_channel(struct wiphy *wiphy
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 35))
, struct net_device *ndev
#endif
, struct ieee80211_channel *chan, enum nl80211_channel_type channel_type)
{
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 35))
_adapter *padapter = (_adapter *)rtw_netdev_priv(ndev);
#else
_adapter *padapter = wiphy_to_adapter(wiphy);
#endifCan put the card into monitor mode but can't start airodump-ng, older kernel. etc. |
|
Hi Nick, nice driver and nice test-mon.sh script ! I encountered the same issue with Kali+8811AU on Raspberry 3B+ , when I use airodump-ng to capture WPA handshake , it has "fixed channel wlan0mon:1" error on the right corner of screen and can not send deauth packet successfully . Use you test-mon.sh I can set txpower,change channels sucessfully. here is the debug information: └─$ uname -a; mokutil --sb-state; lsusb; rfkill list all; dkms status; iw dev Any idea? can I use other tools instead of aircrack-ng to do the test ? Which one do you suggest to choose? |
|
Hi @oneshotbin
I actually retired that script a while back. My work along these lines can be found at item 10 of the Main Menu: https://github.com/morrownr/USB-WiFi There will be test document and a
sudo apt install wireshark Use the script to get into monitor mode and then call up wireshark: sudo wireshark Nick |
|
Hi Nick , Thanks for your quick response and your suggestions , I will study on the links you provide and have a nice day :) |
I'm trying to use an Edimax EW-7811UAC (containing RTL8811AU) in monitor mode on a Raspberry Pi and it appears it is staying fixed to channel 1 in the 2.4GHz band.
airodump -c 11orairodump -b aare always returning channel 1 data for example.iw listlists all the expected channels in the 2.4 and 5 GHz bands, butiw wlan0 set channel 11produces command failed: Device or resource busy (-16) while the interface is not in use, not even by network managers. I have enabled ARM support during the build process and the interface appears to be working, except channel switching.The text was updated successfully, but these errors were encountered: