The random values are generated here:
seed = Raspberry Serialnumber + time:
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L8219
MAC AP
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L8234
MAC CLIENT
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L8262
ANONCE
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L8273
SNONCE
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L8274
REPLAY COUNT
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L8276
Yes, the interfaces interfere:
from wifi_laboratory:
https://github.com/ZerBea/wifi_laboratory
About Realtek:
There are too many third party drivers on git, because most of the stock drivers do not support monitor mode or packet injection. Some of them are compiled with full ioctl() support, while other are compiled with NETLINK only.
https://duckduckgo.com/?q=git+Realtek+wl...&t=ffab&ia
My reference drivers are mt76 and rt2x00. They are well maintained and they are working out of the box while other drivers ones do not:
https://github.com/ZerBea/hcxdumptool/issues/230
https://github.com/ZerBea/hcxdumptool/issues/234
NETLINK has a huge overhead and is pretty asynchronous:
https://www.quora.com/What-are-the-diffe...ls?share=1
fast attacks against multiple targets -> ioctl() system calls
stream nice kitten video via WiFi -> NETLINK messages
If the driver is compiled to use NETLINK only, hcxdumptool will not work on it.
seed = Raspberry Serialnumber + time:
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L8219
MAC AP
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L8234
MAC CLIENT
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L8262
ANONCE
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L8273
SNONCE
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L8274
REPLAY COUNT
https://github.com/ZerBea/hcxdumptool/bl...ol.c#L8276
Yes, the interfaces interfere:
from wifi_laboratory:
https://github.com/ZerBea/wifi_laboratory
Code:
Lessons learned (to be continued)
a beautiful status output make the attack tool slow and sluggish.
too many features make the attack tool slow and sluggish.
response time behavior becomes very bad on big ringbuffers.
transmitting too many packets make a channel busy.
a Raspberry Pi is not able to handle more than one interface at the same time.
pselect doesn't like to be interrupted by another timer.
active monitor mode (enabled by radiotap header) is mandatatory on AUTHENTICATION, ASSOCIATION and EAPOL frames!
it is mandatory to ACK NULL and ACTION frames within a 4way handshake!
setting a short preamble in radiotap header is ignored on tx.
entire AUTHENTICATION process should be done running a data rate of 1.0 Mb/s.
there are (much) better ways than injecting stupid DEAUTHENTICATION frames to disconnect a CLIENT.
the most useful frame is an EAPOL M2 frame!About Realtek:
There are too many third party drivers on git, because most of the stock drivers do not support monitor mode or packet injection. Some of them are compiled with full ioctl() support, while other are compiled with NETLINK only.
https://duckduckgo.com/?q=git+Realtek+wl...&t=ffab&ia
My reference drivers are mt76 and rt2x00. They are well maintained and they are working out of the box while other drivers ones do not:
https://github.com/ZerBea/hcxdumptool/issues/230
https://github.com/ZerBea/hcxdumptool/issues/234
NETLINK has a huge overhead and is pretty asynchronous:
https://www.quora.com/What-are-the-diffe...ls?share=1
fast attacks against multiple targets -> ioctl() system calls
stream nice kitten video via WiFi -> NETLINK messages
If the driver is compiled to use NETLINK only, hcxdumptool will not work on it.