aircrack-ng not working on macbook air early 2015 using live kali linux usb with presistence












0















airmon-ng start wlan0



Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!



PID Name
1412 NetworkManager
1527 wpa_supplicant
1690 dhclient
1850 avahi-daemon
1851 avahi-daemon



PHY Interface Driver Chipset



phy0 wlan0 wl Broadcom Corporation BCM4360 802.11ac Wireless Network Adapter (rev 03)
Failed to set wlan0mon up using ip
command failed: No such device (-19)



    (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)


command failed: Operation not supported (-95)
(mac80211 station mode vif disabled for [phy0]wlan0)



====
i am using kali linux 2.0
4.0.0-kali1-686-pae










share|improve this question



























    0















    airmon-ng start wlan0



    Found 5 processes that could cause trouble.
    If airodump-ng, aireplay-ng or airtun-ng stops working after
    a short period of time, you may want to kill (some of) them!



    PID Name
    1412 NetworkManager
    1527 wpa_supplicant
    1690 dhclient
    1850 avahi-daemon
    1851 avahi-daemon



    PHY Interface Driver Chipset



    phy0 wlan0 wl Broadcom Corporation BCM4360 802.11ac Wireless Network Adapter (rev 03)
    Failed to set wlan0mon up using ip
    command failed: No such device (-19)



        (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)


    command failed: Operation not supported (-95)
    (mac80211 station mode vif disabled for [phy0]wlan0)



    ====
    i am using kali linux 2.0
    4.0.0-kali1-686-pae










    share|improve this question

























      0












      0








      0








      airmon-ng start wlan0



      Found 5 processes that could cause trouble.
      If airodump-ng, aireplay-ng or airtun-ng stops working after
      a short period of time, you may want to kill (some of) them!



      PID Name
      1412 NetworkManager
      1527 wpa_supplicant
      1690 dhclient
      1850 avahi-daemon
      1851 avahi-daemon



      PHY Interface Driver Chipset



      phy0 wlan0 wl Broadcom Corporation BCM4360 802.11ac Wireless Network Adapter (rev 03)
      Failed to set wlan0mon up using ip
      command failed: No such device (-19)



          (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)


      command failed: Operation not supported (-95)
      (mac80211 station mode vif disabled for [phy0]wlan0)



      ====
      i am using kali linux 2.0
      4.0.0-kali1-686-pae










      share|improve this question














      airmon-ng start wlan0



      Found 5 processes that could cause trouble.
      If airodump-ng, aireplay-ng or airtun-ng stops working after
      a short period of time, you may want to kill (some of) them!



      PID Name
      1412 NetworkManager
      1527 wpa_supplicant
      1690 dhclient
      1850 avahi-daemon
      1851 avahi-daemon



      PHY Interface Driver Chipset



      phy0 wlan0 wl Broadcom Corporation BCM4360 802.11ac Wireless Network Adapter (rev 03)
      Failed to set wlan0mon up using ip
      command failed: No such device (-19)



          (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)


      command failed: Operation not supported (-95)
      (mac80211 station mode vif disabled for [phy0]wlan0)



      ====
      i am using kali linux 2.0
      4.0.0-kali1-686-pae







      wireless-networking usb drivers kali-linux macbook-air






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 9 '16 at 8:28









      Hayet MahmudHayet Mahmud

      112




      112






















          2 Answers
          2






          active

          oldest

          votes


















          0














          Well so after searching, i finally found out that the Network card in my Macbook air is not supported.



          BCM4360 802.11ac Wireless Network Adapter
          and device id is "14e4:43a0"
          and according to aircrack-ng website https://wireless.wiki.kernel.org/en/users/Drivers/b43#Known_PCI_devices



          my card is not supported. I am posting this here so that other who is in the same position as me, can be helped. :)
          Well now i see the only oftion is to get an USB wifi network adapter.






          share|improve this answer































            0














            It's true that the b43 driver does not support the BCM4360 (14e4:43a0).



            However, Broadcom's proprietary driver does support this chipset. It's in the driver package broadcom-sta-dkms available from the Debian Wheezy non-free repo.



            One Kali user had success with this package for another BCM chipset. If it works for you, you could modify your Kali live image to include it.



            Otherwise, it's still possible to use aircrack-ng within Kali, if the handshake packets are first captured within Mac OS X using tcpdump. Here's a shell script that will capture a WPA handshake on a MacBook Air, tested on OS X 10.11 (El Capitan):



            #!/bin/sh

            function usage() {
            echo "usage: $(basename $0) <essid>"; exit
            }
            if [[ ! $(id -u) -eq 0 ]]; then echo "Must be run as root."; exit; fi
            if [[ -z "$1" ]]; then usage; fi

            echo "Scanning for access point..."
            apbin=/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport
            aplist=$($apbin -s)
            matchct=$(echo "$aplist" | grep "$1" | wc -l)

            if [[ ! "$matchct" -eq 1 ]]; then echo "Bad essid"; usage; fi
            echo "Found $bssid."

            essid=$(echo "$aplist" | grep "$1" | awk '{print $1;}')
            bssid=$(echo "$aplist" | grep "$1" | awk '{print $2;}')
            chan=$(echo "$aplist" | grep "$1" | awk '{print $4;}' | cut -d, -f 1)
            capfl="$essid.cap"
            if [[ -f "$capfl" ]]; then
            read -p "'$capfl' exists. Overwrite? [y/N] " ow
            case $ow in
            [nN][oO]|'')
            echo "Canceled"
            exit
            ;;
            *)
            rm -f "$capfl"
            ;;
            esac
            fi

            echo "Dissociating airport and tuning to channel $chan..."
            $apbin -z -c $chan &>/dev/null
            echo "Waiting for handshake packets..."
            tcpdump "(type mgt subtype assocreq or ether proto 0x888e) and ether host $bssid" -U -i en0 -I -c 5 -w $capfl &>/dev/null

            echo "Exiting."
            echo "You may try running:"
            echo "aircrack-ng -w $capfl"


            (If you want to run aircrack-ng on Mac OS X, you can install it via Homebrew using brew install aircrack-ng.)




            If it's not already supported, I think it should possible to patch this driver (on Linux and Mac) to send arbitrary deauth frames and support general packet injection.

            Apple's driver binary is based on the proprietary Broadcom driver used in Linux; i.e. they share the same core routines, including this one, in simplified pseudocode:



            wlc_senddeauth(ctx, arg2, arg3, arg4, arg5, arg6) {
            int err, len, mi;
            int temp_out;
            len = wlc_iem_calc_len(*(ctx+0x858), arg2, 0xc0, 0, 0);
            mi = wlc_frame_get_mgmt_int(ctx, 0xc0, arg4, arg6, 0, len+2, &temp_out, 0);
            if (mi) {
            err = wlc_iem_build_frame(*(ctx+0x858, arg2, 0xc0, 0, 0, 2, len);
            assert(err == 0);
            temp = arg3 ? *(arg3+0x20) : 0;
            err = wlc_queue_80211_frag(ctx, mi, *(*(arg2+0x10)+0x18), arg3, temp, 0, 0, 0)
            assert(err == 0);
            }
            }


            I think you could reverse-engineer wlc_queue_80211_frag's parameters using the C++ class AirPort_Brcm4360's call tree within Apple's driver binary, located at:



            /System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4360.kext/Contents/MacOS/AirPortBrcm4360





            share|improve this answer


























            • The last line of the shell script should read echo "aircrack-ng -w <dictionary> $capfl"

              – user453074
              Jul 27 '16 at 20:25











            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1023847%2faircrack-ng-not-working-on-macbook-air-early-2015-using-live-kali-linux-usb-with%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Well so after searching, i finally found out that the Network card in my Macbook air is not supported.



            BCM4360 802.11ac Wireless Network Adapter
            and device id is "14e4:43a0"
            and according to aircrack-ng website https://wireless.wiki.kernel.org/en/users/Drivers/b43#Known_PCI_devices



            my card is not supported. I am posting this here so that other who is in the same position as me, can be helped. :)
            Well now i see the only oftion is to get an USB wifi network adapter.






            share|improve this answer




























              0














              Well so after searching, i finally found out that the Network card in my Macbook air is not supported.



              BCM4360 802.11ac Wireless Network Adapter
              and device id is "14e4:43a0"
              and according to aircrack-ng website https://wireless.wiki.kernel.org/en/users/Drivers/b43#Known_PCI_devices



              my card is not supported. I am posting this here so that other who is in the same position as me, can be helped. :)
              Well now i see the only oftion is to get an USB wifi network adapter.






              share|improve this answer


























                0












                0








                0







                Well so after searching, i finally found out that the Network card in my Macbook air is not supported.



                BCM4360 802.11ac Wireless Network Adapter
                and device id is "14e4:43a0"
                and according to aircrack-ng website https://wireless.wiki.kernel.org/en/users/Drivers/b43#Known_PCI_devices



                my card is not supported. I am posting this here so that other who is in the same position as me, can be helped. :)
                Well now i see the only oftion is to get an USB wifi network adapter.






                share|improve this answer













                Well so after searching, i finally found out that the Network card in my Macbook air is not supported.



                BCM4360 802.11ac Wireless Network Adapter
                and device id is "14e4:43a0"
                and according to aircrack-ng website https://wireless.wiki.kernel.org/en/users/Drivers/b43#Known_PCI_devices



                my card is not supported. I am posting this here so that other who is in the same position as me, can be helped. :)
                Well now i see the only oftion is to get an USB wifi network adapter.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jan 10 '16 at 5:06









                Hayet MahmudHayet Mahmud

                112




                112

























                    0














                    It's true that the b43 driver does not support the BCM4360 (14e4:43a0).



                    However, Broadcom's proprietary driver does support this chipset. It's in the driver package broadcom-sta-dkms available from the Debian Wheezy non-free repo.



                    One Kali user had success with this package for another BCM chipset. If it works for you, you could modify your Kali live image to include it.



                    Otherwise, it's still possible to use aircrack-ng within Kali, if the handshake packets are first captured within Mac OS X using tcpdump. Here's a shell script that will capture a WPA handshake on a MacBook Air, tested on OS X 10.11 (El Capitan):



                    #!/bin/sh

                    function usage() {
                    echo "usage: $(basename $0) <essid>"; exit
                    }
                    if [[ ! $(id -u) -eq 0 ]]; then echo "Must be run as root."; exit; fi
                    if [[ -z "$1" ]]; then usage; fi

                    echo "Scanning for access point..."
                    apbin=/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport
                    aplist=$($apbin -s)
                    matchct=$(echo "$aplist" | grep "$1" | wc -l)

                    if [[ ! "$matchct" -eq 1 ]]; then echo "Bad essid"; usage; fi
                    echo "Found $bssid."

                    essid=$(echo "$aplist" | grep "$1" | awk '{print $1;}')
                    bssid=$(echo "$aplist" | grep "$1" | awk '{print $2;}')
                    chan=$(echo "$aplist" | grep "$1" | awk '{print $4;}' | cut -d, -f 1)
                    capfl="$essid.cap"
                    if [[ -f "$capfl" ]]; then
                    read -p "'$capfl' exists. Overwrite? [y/N] " ow
                    case $ow in
                    [nN][oO]|'')
                    echo "Canceled"
                    exit
                    ;;
                    *)
                    rm -f "$capfl"
                    ;;
                    esac
                    fi

                    echo "Dissociating airport and tuning to channel $chan..."
                    $apbin -z -c $chan &>/dev/null
                    echo "Waiting for handshake packets..."
                    tcpdump "(type mgt subtype assocreq or ether proto 0x888e) and ether host $bssid" -U -i en0 -I -c 5 -w $capfl &>/dev/null

                    echo "Exiting."
                    echo "You may try running:"
                    echo "aircrack-ng -w $capfl"


                    (If you want to run aircrack-ng on Mac OS X, you can install it via Homebrew using brew install aircrack-ng.)




                    If it's not already supported, I think it should possible to patch this driver (on Linux and Mac) to send arbitrary deauth frames and support general packet injection.

                    Apple's driver binary is based on the proprietary Broadcom driver used in Linux; i.e. they share the same core routines, including this one, in simplified pseudocode:



                    wlc_senddeauth(ctx, arg2, arg3, arg4, arg5, arg6) {
                    int err, len, mi;
                    int temp_out;
                    len = wlc_iem_calc_len(*(ctx+0x858), arg2, 0xc0, 0, 0);
                    mi = wlc_frame_get_mgmt_int(ctx, 0xc0, arg4, arg6, 0, len+2, &temp_out, 0);
                    if (mi) {
                    err = wlc_iem_build_frame(*(ctx+0x858, arg2, 0xc0, 0, 0, 2, len);
                    assert(err == 0);
                    temp = arg3 ? *(arg3+0x20) : 0;
                    err = wlc_queue_80211_frag(ctx, mi, *(*(arg2+0x10)+0x18), arg3, temp, 0, 0, 0)
                    assert(err == 0);
                    }
                    }


                    I think you could reverse-engineer wlc_queue_80211_frag's parameters using the C++ class AirPort_Brcm4360's call tree within Apple's driver binary, located at:



                    /System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4360.kext/Contents/MacOS/AirPortBrcm4360





                    share|improve this answer


























                    • The last line of the shell script should read echo "aircrack-ng -w <dictionary> $capfl"

                      – user453074
                      Jul 27 '16 at 20:25
















                    0














                    It's true that the b43 driver does not support the BCM4360 (14e4:43a0).



                    However, Broadcom's proprietary driver does support this chipset. It's in the driver package broadcom-sta-dkms available from the Debian Wheezy non-free repo.



                    One Kali user had success with this package for another BCM chipset. If it works for you, you could modify your Kali live image to include it.



                    Otherwise, it's still possible to use aircrack-ng within Kali, if the handshake packets are first captured within Mac OS X using tcpdump. Here's a shell script that will capture a WPA handshake on a MacBook Air, tested on OS X 10.11 (El Capitan):



                    #!/bin/sh

                    function usage() {
                    echo "usage: $(basename $0) <essid>"; exit
                    }
                    if [[ ! $(id -u) -eq 0 ]]; then echo "Must be run as root."; exit; fi
                    if [[ -z "$1" ]]; then usage; fi

                    echo "Scanning for access point..."
                    apbin=/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport
                    aplist=$($apbin -s)
                    matchct=$(echo "$aplist" | grep "$1" | wc -l)

                    if [[ ! "$matchct" -eq 1 ]]; then echo "Bad essid"; usage; fi
                    echo "Found $bssid."

                    essid=$(echo "$aplist" | grep "$1" | awk '{print $1;}')
                    bssid=$(echo "$aplist" | grep "$1" | awk '{print $2;}')
                    chan=$(echo "$aplist" | grep "$1" | awk '{print $4;}' | cut -d, -f 1)
                    capfl="$essid.cap"
                    if [[ -f "$capfl" ]]; then
                    read -p "'$capfl' exists. Overwrite? [y/N] " ow
                    case $ow in
                    [nN][oO]|'')
                    echo "Canceled"
                    exit
                    ;;
                    *)
                    rm -f "$capfl"
                    ;;
                    esac
                    fi

                    echo "Dissociating airport and tuning to channel $chan..."
                    $apbin -z -c $chan &>/dev/null
                    echo "Waiting for handshake packets..."
                    tcpdump "(type mgt subtype assocreq or ether proto 0x888e) and ether host $bssid" -U -i en0 -I -c 5 -w $capfl &>/dev/null

                    echo "Exiting."
                    echo "You may try running:"
                    echo "aircrack-ng -w $capfl"


                    (If you want to run aircrack-ng on Mac OS X, you can install it via Homebrew using brew install aircrack-ng.)




                    If it's not already supported, I think it should possible to patch this driver (on Linux and Mac) to send arbitrary deauth frames and support general packet injection.

                    Apple's driver binary is based on the proprietary Broadcom driver used in Linux; i.e. they share the same core routines, including this one, in simplified pseudocode:



                    wlc_senddeauth(ctx, arg2, arg3, arg4, arg5, arg6) {
                    int err, len, mi;
                    int temp_out;
                    len = wlc_iem_calc_len(*(ctx+0x858), arg2, 0xc0, 0, 0);
                    mi = wlc_frame_get_mgmt_int(ctx, 0xc0, arg4, arg6, 0, len+2, &temp_out, 0);
                    if (mi) {
                    err = wlc_iem_build_frame(*(ctx+0x858, arg2, 0xc0, 0, 0, 2, len);
                    assert(err == 0);
                    temp = arg3 ? *(arg3+0x20) : 0;
                    err = wlc_queue_80211_frag(ctx, mi, *(*(arg2+0x10)+0x18), arg3, temp, 0, 0, 0)
                    assert(err == 0);
                    }
                    }


                    I think you could reverse-engineer wlc_queue_80211_frag's parameters using the C++ class AirPort_Brcm4360's call tree within Apple's driver binary, located at:



                    /System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4360.kext/Contents/MacOS/AirPortBrcm4360





                    share|improve this answer


























                    • The last line of the shell script should read echo "aircrack-ng -w <dictionary> $capfl"

                      – user453074
                      Jul 27 '16 at 20:25














                    0












                    0








                    0







                    It's true that the b43 driver does not support the BCM4360 (14e4:43a0).



                    However, Broadcom's proprietary driver does support this chipset. It's in the driver package broadcom-sta-dkms available from the Debian Wheezy non-free repo.



                    One Kali user had success with this package for another BCM chipset. If it works for you, you could modify your Kali live image to include it.



                    Otherwise, it's still possible to use aircrack-ng within Kali, if the handshake packets are first captured within Mac OS X using tcpdump. Here's a shell script that will capture a WPA handshake on a MacBook Air, tested on OS X 10.11 (El Capitan):



                    #!/bin/sh

                    function usage() {
                    echo "usage: $(basename $0) <essid>"; exit
                    }
                    if [[ ! $(id -u) -eq 0 ]]; then echo "Must be run as root."; exit; fi
                    if [[ -z "$1" ]]; then usage; fi

                    echo "Scanning for access point..."
                    apbin=/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport
                    aplist=$($apbin -s)
                    matchct=$(echo "$aplist" | grep "$1" | wc -l)

                    if [[ ! "$matchct" -eq 1 ]]; then echo "Bad essid"; usage; fi
                    echo "Found $bssid."

                    essid=$(echo "$aplist" | grep "$1" | awk '{print $1;}')
                    bssid=$(echo "$aplist" | grep "$1" | awk '{print $2;}')
                    chan=$(echo "$aplist" | grep "$1" | awk '{print $4;}' | cut -d, -f 1)
                    capfl="$essid.cap"
                    if [[ -f "$capfl" ]]; then
                    read -p "'$capfl' exists. Overwrite? [y/N] " ow
                    case $ow in
                    [nN][oO]|'')
                    echo "Canceled"
                    exit
                    ;;
                    *)
                    rm -f "$capfl"
                    ;;
                    esac
                    fi

                    echo "Dissociating airport and tuning to channel $chan..."
                    $apbin -z -c $chan &>/dev/null
                    echo "Waiting for handshake packets..."
                    tcpdump "(type mgt subtype assocreq or ether proto 0x888e) and ether host $bssid" -U -i en0 -I -c 5 -w $capfl &>/dev/null

                    echo "Exiting."
                    echo "You may try running:"
                    echo "aircrack-ng -w $capfl"


                    (If you want to run aircrack-ng on Mac OS X, you can install it via Homebrew using brew install aircrack-ng.)




                    If it's not already supported, I think it should possible to patch this driver (on Linux and Mac) to send arbitrary deauth frames and support general packet injection.

                    Apple's driver binary is based on the proprietary Broadcom driver used in Linux; i.e. they share the same core routines, including this one, in simplified pseudocode:



                    wlc_senddeauth(ctx, arg2, arg3, arg4, arg5, arg6) {
                    int err, len, mi;
                    int temp_out;
                    len = wlc_iem_calc_len(*(ctx+0x858), arg2, 0xc0, 0, 0);
                    mi = wlc_frame_get_mgmt_int(ctx, 0xc0, arg4, arg6, 0, len+2, &temp_out, 0);
                    if (mi) {
                    err = wlc_iem_build_frame(*(ctx+0x858, arg2, 0xc0, 0, 0, 2, len);
                    assert(err == 0);
                    temp = arg3 ? *(arg3+0x20) : 0;
                    err = wlc_queue_80211_frag(ctx, mi, *(*(arg2+0x10)+0x18), arg3, temp, 0, 0, 0)
                    assert(err == 0);
                    }
                    }


                    I think you could reverse-engineer wlc_queue_80211_frag's parameters using the C++ class AirPort_Brcm4360's call tree within Apple's driver binary, located at:



                    /System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4360.kext/Contents/MacOS/AirPortBrcm4360





                    share|improve this answer















                    It's true that the b43 driver does not support the BCM4360 (14e4:43a0).



                    However, Broadcom's proprietary driver does support this chipset. It's in the driver package broadcom-sta-dkms available from the Debian Wheezy non-free repo.



                    One Kali user had success with this package for another BCM chipset. If it works for you, you could modify your Kali live image to include it.



                    Otherwise, it's still possible to use aircrack-ng within Kali, if the handshake packets are first captured within Mac OS X using tcpdump. Here's a shell script that will capture a WPA handshake on a MacBook Air, tested on OS X 10.11 (El Capitan):



                    #!/bin/sh

                    function usage() {
                    echo "usage: $(basename $0) <essid>"; exit
                    }
                    if [[ ! $(id -u) -eq 0 ]]; then echo "Must be run as root."; exit; fi
                    if [[ -z "$1" ]]; then usage; fi

                    echo "Scanning for access point..."
                    apbin=/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport
                    aplist=$($apbin -s)
                    matchct=$(echo "$aplist" | grep "$1" | wc -l)

                    if [[ ! "$matchct" -eq 1 ]]; then echo "Bad essid"; usage; fi
                    echo "Found $bssid."

                    essid=$(echo "$aplist" | grep "$1" | awk '{print $1;}')
                    bssid=$(echo "$aplist" | grep "$1" | awk '{print $2;}')
                    chan=$(echo "$aplist" | grep "$1" | awk '{print $4;}' | cut -d, -f 1)
                    capfl="$essid.cap"
                    if [[ -f "$capfl" ]]; then
                    read -p "'$capfl' exists. Overwrite? [y/N] " ow
                    case $ow in
                    [nN][oO]|'')
                    echo "Canceled"
                    exit
                    ;;
                    *)
                    rm -f "$capfl"
                    ;;
                    esac
                    fi

                    echo "Dissociating airport and tuning to channel $chan..."
                    $apbin -z -c $chan &>/dev/null
                    echo "Waiting for handshake packets..."
                    tcpdump "(type mgt subtype assocreq or ether proto 0x888e) and ether host $bssid" -U -i en0 -I -c 5 -w $capfl &>/dev/null

                    echo "Exiting."
                    echo "You may try running:"
                    echo "aircrack-ng -w $capfl"


                    (If you want to run aircrack-ng on Mac OS X, you can install it via Homebrew using brew install aircrack-ng.)




                    If it's not already supported, I think it should possible to patch this driver (on Linux and Mac) to send arbitrary deauth frames and support general packet injection.

                    Apple's driver binary is based on the proprietary Broadcom driver used in Linux; i.e. they share the same core routines, including this one, in simplified pseudocode:



                    wlc_senddeauth(ctx, arg2, arg3, arg4, arg5, arg6) {
                    int err, len, mi;
                    int temp_out;
                    len = wlc_iem_calc_len(*(ctx+0x858), arg2, 0xc0, 0, 0);
                    mi = wlc_frame_get_mgmt_int(ctx, 0xc0, arg4, arg6, 0, len+2, &temp_out, 0);
                    if (mi) {
                    err = wlc_iem_build_frame(*(ctx+0x858, arg2, 0xc0, 0, 0, 2, len);
                    assert(err == 0);
                    temp = arg3 ? *(arg3+0x20) : 0;
                    err = wlc_queue_80211_frag(ctx, mi, *(*(arg2+0x10)+0x18), arg3, temp, 0, 0, 0)
                    assert(err == 0);
                    }
                    }


                    I think you could reverse-engineer wlc_queue_80211_frag's parameters using the C++ class AirPort_Brcm4360's call tree within Apple's driver binary, located at:



                    /System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4360.kext/Contents/MacOS/AirPortBrcm4360






                    share|improve this answer














                    share|improve this answer



                    share|improve this answer








                    edited Jul 25 '16 at 3:31

























                    answered Jul 18 '16 at 8:15







                    user453074




















                    • The last line of the shell script should read echo "aircrack-ng -w <dictionary> $capfl"

                      – user453074
                      Jul 27 '16 at 20:25



















                    • The last line of the shell script should read echo "aircrack-ng -w <dictionary> $capfl"

                      – user453074
                      Jul 27 '16 at 20:25

















                    The last line of the shell script should read echo "aircrack-ng -w <dictionary> $capfl"

                    – user453074
                    Jul 27 '16 at 20:25





                    The last line of the shell script should read echo "aircrack-ng -w <dictionary> $capfl"

                    – user453074
                    Jul 27 '16 at 20:25


















                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1023847%2faircrack-ng-not-working-on-macbook-air-early-2015-using-live-kali-linux-usb-with%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Aardman Animations

                    Are they similar matrix

                    “minimization” problem in Euclidean space related to orthonormal basis