aircrack-ng not working on macbook air early 2015 using live kali linux usb with presistence
airmon-ng start wlan0
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
1412 NetworkManager
1527 wpa_supplicant
1690 dhclient
1850 avahi-daemon
1851 avahi-daemon
PHY Interface Driver Chipset
phy0 wlan0 wl Broadcom Corporation BCM4360 802.11ac Wireless Network Adapter (rev 03)
Failed to set wlan0mon up using ip
command failed: No such device (-19)
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
command failed: Operation not supported (-95)
(mac80211 station mode vif disabled for [phy0]wlan0)
====
i am using kali linux 2.0
4.0.0-kali1-686-pae
wireless-networking usb drivers kali-linux macbook-air
asked Jan 9 '16 at 8:28
Hayet MahmudHayet Mahmud
112
add a comment |
airmon-ng start wlan0
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
1412 NetworkManager
1527 wpa_supplicant
1690 dhclient
1850 avahi-daemon
1851 avahi-daemon
PHY Interface Driver Chipset
phy0 wlan0 wl Broadcom Corporation BCM4360 802.11ac Wireless Network Adapter (rev 03)
Failed to set wlan0mon up using ip
command failed: No such device (-19)
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
command failed: Operation not supported (-95)
(mac80211 station mode vif disabled for [phy0]wlan0)
====
i am using kali linux 2.0
4.0.0-kali1-686-pae
wireless-networking usb drivers kali-linux macbook-air
asked Jan 9 '16 at 8:28
Hayet MahmudHayet Mahmud
112
add a comment |
airmon-ng start wlan0
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
1412 NetworkManager
1527 wpa_supplicant
1690 dhclient
1850 avahi-daemon
1851 avahi-daemon
PHY Interface Driver Chipset
phy0 wlan0 wl Broadcom Corporation BCM4360 802.11ac Wireless Network Adapter (rev 03)
Failed to set wlan0mon up using ip
command failed: No such device (-19)
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
command failed: Operation not supported (-95)
(mac80211 station mode vif disabled for [phy0]wlan0)
====
i am using kali linux 2.0
4.0.0-kali1-686-pae
wireless-networking usb drivers kali-linux macbook-air
asked Jan 9 '16 at 8:28
Hayet MahmudHayet Mahmud
112
airmon-ng start wlan0
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
1412 NetworkManager
1527 wpa_supplicant
1690 dhclient
1850 avahi-daemon
1851 avahi-daemon
PHY Interface Driver Chipset
phy0 wlan0 wl Broadcom Corporation BCM4360 802.11ac Wireless Network Adapter (rev 03)
Failed to set wlan0mon up using ip
command failed: No such device (-19)
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
command failed: Operation not supported (-95)
(mac80211 station mode vif disabled for [phy0]wlan0)
====
i am using kali linux 2.0
4.0.0-kali1-686-pae
wireless-networking usb drivers kali-linux macbook-air
wireless-networking usb drivers kali-linux macbook-air
asked Jan 9 '16 at 8:28
Hayet MahmudHayet Mahmud
112
asked Jan 9 '16 at 8:28
Hayet MahmudHayet Mahmud
112
asked Jan 9 '16 at 8:28
Hayet MahmudHayet Mahmud
112
asked Jan 9 '16 at 8:28
Hayet MahmudHayet Mahmud
112
asked Jan 9 '16 at 8:28
Hayet MahmudHayet Mahmud
112
112
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Well so after searching, i finally found out that the Network card in my Macbook air is not supported.
BCM4360 802.11ac Wireless Network Adapter
and device id is "14e4:43a0"
and according to aircrack-ng website https://wireless.wiki.kernel.org/en/users/Drivers/b43#Known_PCI_devices
my card is not supported. I am posting this here so that other who is in the same position as me, can be helped. :)
Well now i see the only oftion is to get an USB wifi network adapter.
answered Jan 10 '16 at 5:06
Hayet MahmudHayet Mahmud
112
add a comment |
It's true that the b43 driver does not support the BCM4360 (14e4:43a0).
However, Broadcom's proprietary driver does support this chipset. It's in the driver package broadcom-sta-dkms available from the Debian Wheezy non-free repo.
One Kali user had success with this package for another BCM chipset. If it works for you, you could modify your Kali live image to include it.
Otherwise, it's still possible to use aircrack-ng within Kali, if the handshake packets are first captured within Mac OS X using tcpdump. Here's a shell script that will capture a WPA handshake on a MacBook Air, tested on OS X 10.11 (El Capitan):
#!/bin/sh
function usage() {
echo "usage: $(basename $0) <essid>"; exit
}
if [[ ! $(id -u) -eq 0 ]]; then echo "Must be run as root."; exit; fi
if [[ -z "$1" ]]; then usage; fi
echo "Scanning for access point..."
apbin=/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport
aplist=$($apbin -s)
matchct=$(echo "$aplist" | grep "$1" | wc -l)
if [[ ! "$matchct" -eq 1 ]]; then echo "Bad essid"; usage; fi
echo "Found $bssid."
essid=$(echo "$aplist" | grep "$1" | awk '{print $1;}')
bssid=$(echo "$aplist" | grep "$1" | awk '{print $2;}')
chan=$(echo "$aplist" | grep "$1" | awk '{print $4;}' | cut -d, -f 1)
capfl="$essid.cap"
if [[ -f "$capfl" ]]; then
read -p "'$capfl' exists. Overwrite? [y/N] " ow
case $ow in
[nN][oO]|'')
echo "Canceled"
exit
;;
*)
rm -f "$capfl"
;;
esac
fi
echo "Dissociating airport and tuning to channel $chan..."
$apbin -z -c $chan &>/dev/null
echo "Waiting for handshake packets..."
tcpdump "(type mgt subtype assocreq or ether proto 0x888e) and ether host $bssid" -U -i en0 -I -c 5 -w $capfl &>/dev/null
echo "Exiting."
echo "You may try running:"
echo "aircrack-ng -w $capfl"
(If you want to run aircrack-ng on Mac OS X, you can install it via Homebrew using brew install aircrack-ng.)
If it's not already supported, I think it should possible to patch this driver (on Linux and Mac) to send arbitrary deauth frames and support general packet injection.
Apple's driver binary is based on the proprietary Broadcom driver used in Linux; i.e. they share the same core routines, including this one, in simplified pseudocode:
wlc_senddeauth(ctx, arg2, arg3, arg4, arg5, arg6) {
int err, len, mi;
int temp_out;
len = wlc_iem_calc_len(*(ctx+0x858), arg2, 0xc0, 0, 0);
mi = wlc_frame_get_mgmt_int(ctx, 0xc0, arg4, arg6, 0, len+2, &temp_out, 0);
if (mi) {
err = wlc_iem_build_frame(*(ctx+0x858, arg2, 0xc0, 0, 0, 2, len);
assert(err == 0);
temp = arg3 ? *(arg3+0x20) : 0;
err = wlc_queue_80211_frag(ctx, mi, *(*(arg2+0x10)+0x18), arg3, temp, 0, 0, 0)
assert(err == 0);
}
}
I think you could reverse-engineer wlc_queue_80211_frag's parameters using the C++ class AirPort_Brcm4360's call tree within Apple's driver binary, located at:
/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4360.kext/Contents/MacOS/AirPortBrcm4360
The last line of the shell script should readecho "aircrack-ng -w <dictionary> $capfl"
– user453074
Jul 27 '16 at 20:25
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1023847%2faircrack-ng-not-working-on-macbook-air-early-2015-using-live-kali-linux-usb-with%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Well so after searching, i finally found out that the Network card in my Macbook air is not supported.
BCM4360 802.11ac Wireless Network Adapter
and device id is "14e4:43a0"
and according to aircrack-ng website https://wireless.wiki.kernel.org/en/users/Drivers/b43#Known_PCI_devices
my card is not supported. I am posting this here so that other who is in the same position as me, can be helped. :)
Well now i see the only oftion is to get an USB wifi network adapter.
answered Jan 10 '16 at 5:06
Hayet MahmudHayet Mahmud
112
add a comment |
Well so after searching, i finally found out that the Network card in my Macbook air is not supported.
BCM4360 802.11ac Wireless Network Adapter
and device id is "14e4:43a0"
and according to aircrack-ng website https://wireless.wiki.kernel.org/en/users/Drivers/b43#Known_PCI_devices
my card is not supported. I am posting this here so that other who is in the same position as me, can be helped. :)
Well now i see the only oftion is to get an USB wifi network adapter.
answered Jan 10 '16 at 5:06
Hayet MahmudHayet Mahmud
112
add a comment |
Well so after searching, i finally found out that the Network card in my Macbook air is not supported.
BCM4360 802.11ac Wireless Network Adapter
and device id is "14e4:43a0"
and according to aircrack-ng website https://wireless.wiki.kernel.org/en/users/Drivers/b43#Known_PCI_devices
my card is not supported. I am posting this here so that other who is in the same position as me, can be helped. :)
Well now i see the only oftion is to get an USB wifi network adapter.
answered Jan 10 '16 at 5:06
Hayet MahmudHayet Mahmud
112
Well so after searching, i finally found out that the Network card in my Macbook air is not supported.
BCM4360 802.11ac Wireless Network Adapter
and device id is "14e4:43a0"
and according to aircrack-ng website https://wireless.wiki.kernel.org/en/users/Drivers/b43#Known_PCI_devices
my card is not supported. I am posting this here so that other who is in the same position as me, can be helped. :)
Well now i see the only oftion is to get an USB wifi network adapter.
answered Jan 10 '16 at 5:06
Hayet MahmudHayet Mahmud
112
answered Jan 10 '16 at 5:06
Hayet MahmudHayet Mahmud
112
answered Jan 10 '16 at 5:06
Hayet MahmudHayet Mahmud
112
answered Jan 10 '16 at 5:06
Hayet MahmudHayet Mahmud
112
112
add a comment |
add a comment |
It's true that the b43 driver does not support the BCM4360 (14e4:43a0).
However, Broadcom's proprietary driver does support this chipset. It's in the driver package broadcom-sta-dkms available from the Debian Wheezy non-free repo.
One Kali user had success with this package for another BCM chipset. If it works for you, you could modify your Kali live image to include it.
Otherwise, it's still possible to use aircrack-ng within Kali, if the handshake packets are first captured within Mac OS X using tcpdump. Here's a shell script that will capture a WPA handshake on a MacBook Air, tested on OS X 10.11 (El Capitan):
#!/bin/sh
function usage() {
echo "usage: $(basename $0) <essid>"; exit
}
if [[ ! $(id -u) -eq 0 ]]; then echo "Must be run as root."; exit; fi
if [[ -z "$1" ]]; then usage; fi
echo "Scanning for access point..."
apbin=/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport
aplist=$($apbin -s)
matchct=$(echo "$aplist" | grep "$1" | wc -l)
if [[ ! "$matchct" -eq 1 ]]; then echo "Bad essid"; usage; fi
echo "Found $bssid."
essid=$(echo "$aplist" | grep "$1" | awk '{print $1;}')
bssid=$(echo "$aplist" | grep "$1" | awk '{print $2;}')
chan=$(echo "$aplist" | grep "$1" | awk '{print $4;}' | cut -d, -f 1)
capfl="$essid.cap"
if [[ -f "$capfl" ]]; then
read -p "'$capfl' exists. Overwrite? [y/N] " ow
case $ow in
[nN][oO]|'')
echo "Canceled"
exit
;;
*)
rm -f "$capfl"
;;
esac
fi
echo "Dissociating airport and tuning to channel $chan..."
$apbin -z -c $chan &>/dev/null
echo "Waiting for handshake packets..."
tcpdump "(type mgt subtype assocreq or ether proto 0x888e) and ether host $bssid" -U -i en0 -I -c 5 -w $capfl &>/dev/null
echo "Exiting."
echo "You may try running:"
echo "aircrack-ng -w $capfl"
(If you want to run aircrack-ng on Mac OS X, you can install it via Homebrew using brew install aircrack-ng.)
If it's not already supported, I think it should possible to patch this driver (on Linux and Mac) to send arbitrary deauth frames and support general packet injection.
Apple's driver binary is based on the proprietary Broadcom driver used in Linux; i.e. they share the same core routines, including this one, in simplified pseudocode:
wlc_senddeauth(ctx, arg2, arg3, arg4, arg5, arg6) {
int err, len, mi;
int temp_out;
len = wlc_iem_calc_len(*(ctx+0x858), arg2, 0xc0, 0, 0);
mi = wlc_frame_get_mgmt_int(ctx, 0xc0, arg4, arg6, 0, len+2, &temp_out, 0);
if (mi) {
err = wlc_iem_build_frame(*(ctx+0x858, arg2, 0xc0, 0, 0, 2, len);
assert(err == 0);
temp = arg3 ? *(arg3+0x20) : 0;
err = wlc_queue_80211_frag(ctx, mi, *(*(arg2+0x10)+0x18), arg3, temp, 0, 0, 0)
assert(err == 0);
}
}
I think you could reverse-engineer wlc_queue_80211_frag's parameters using the C++ class AirPort_Brcm4360's call tree within Apple's driver binary, located at:
/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4360.kext/Contents/MacOS/AirPortBrcm4360
The last line of the shell script should readecho "aircrack-ng -w <dictionary> $capfl"
– user453074
Jul 27 '16 at 20:25
add a comment |
It's true that the b43 driver does not support the BCM4360 (14e4:43a0).
However, Broadcom's proprietary driver does support this chipset. It's in the driver package broadcom-sta-dkms available from the Debian Wheezy non-free repo.
One Kali user had success with this package for another BCM chipset. If it works for you, you could modify your Kali live image to include it.
Otherwise, it's still possible to use aircrack-ng within Kali, if the handshake packets are first captured within Mac OS X using tcpdump. Here's a shell script that will capture a WPA handshake on a MacBook Air, tested on OS X 10.11 (El Capitan):
#!/bin/sh
function usage() {
echo "usage: $(basename $0) <essid>"; exit
}
if [[ ! $(id -u) -eq 0 ]]; then echo "Must be run as root."; exit; fi
if [[ -z "$1" ]]; then usage; fi
echo "Scanning for access point..."
apbin=/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport
aplist=$($apbin -s)
matchct=$(echo "$aplist" | grep "$1" | wc -l)
if [[ ! "$matchct" -eq 1 ]]; then echo "Bad essid"; usage; fi
echo "Found $bssid."
essid=$(echo "$aplist" | grep "$1" | awk '{print $1;}')
bssid=$(echo "$aplist" | grep "$1" | awk '{print $2;}')
chan=$(echo "$aplist" | grep "$1" | awk '{print $4;}' | cut -d, -f 1)
capfl="$essid.cap"
if [[ -f "$capfl" ]]; then
read -p "'$capfl' exists. Overwrite? [y/N] " ow
case $ow in
[nN][oO]|'')
echo "Canceled"
exit
;;
*)
rm -f "$capfl"
;;
esac
fi
echo "Dissociating airport and tuning to channel $chan..."
$apbin -z -c $chan &>/dev/null
echo "Waiting for handshake packets..."
tcpdump "(type mgt subtype assocreq or ether proto 0x888e) and ether host $bssid" -U -i en0 -I -c 5 -w $capfl &>/dev/null
echo "Exiting."
echo "You may try running:"
echo "aircrack-ng -w $capfl"
(If you want to run aircrack-ng on Mac OS X, you can install it via Homebrew using brew install aircrack-ng.)
If it's not already supported, I think it should possible to patch this driver (on Linux and Mac) to send arbitrary deauth frames and support general packet injection.
Apple's driver binary is based on the proprietary Broadcom driver used in Linux; i.e. they share the same core routines, including this one, in simplified pseudocode:
wlc_senddeauth(ctx, arg2, arg3, arg4, arg5, arg6) {
int err, len, mi;
int temp_out;
len = wlc_iem_calc_len(*(ctx+0x858), arg2, 0xc0, 0, 0);
mi = wlc_frame_get_mgmt_int(ctx, 0xc0, arg4, arg6, 0, len+2, &temp_out, 0);
if (mi) {
err = wlc_iem_build_frame(*(ctx+0x858, arg2, 0xc0, 0, 0, 2, len);
assert(err == 0);
temp = arg3 ? *(arg3+0x20) : 0;
err = wlc_queue_80211_frag(ctx, mi, *(*(arg2+0x10)+0x18), arg3, temp, 0, 0, 0)
assert(err == 0);
}
}
I think you could reverse-engineer wlc_queue_80211_frag's parameters using the C++ class AirPort_Brcm4360's call tree within Apple's driver binary, located at:
/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4360.kext/Contents/MacOS/AirPortBrcm4360
The last line of the shell script should readecho "aircrack-ng -w <dictionary> $capfl"
– user453074
Jul 27 '16 at 20:25
add a comment |
It's true that the b43 driver does not support the BCM4360 (14e4:43a0).
However, Broadcom's proprietary driver does support this chipset. It's in the driver package broadcom-sta-dkms available from the Debian Wheezy non-free repo.
One Kali user had success with this package for another BCM chipset. If it works for you, you could modify your Kali live image to include it.
Otherwise, it's still possible to use aircrack-ng within Kali, if the handshake packets are first captured within Mac OS X using tcpdump. Here's a shell script that will capture a WPA handshake on a MacBook Air, tested on OS X 10.11 (El Capitan):
#!/bin/sh
function usage() {
echo "usage: $(basename $0) <essid>"; exit
}
if [[ ! $(id -u) -eq 0 ]]; then echo "Must be run as root."; exit; fi
if [[ -z "$1" ]]; then usage; fi
echo "Scanning for access point..."
apbin=/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport
aplist=$($apbin -s)
matchct=$(echo "$aplist" | grep "$1" | wc -l)
if [[ ! "$matchct" -eq 1 ]]; then echo "Bad essid"; usage; fi
echo "Found $bssid."
essid=$(echo "$aplist" | grep "$1" | awk '{print $1;}')
bssid=$(echo "$aplist" | grep "$1" | awk '{print $2;}')
chan=$(echo "$aplist" | grep "$1" | awk '{print $4;}' | cut -d, -f 1)
capfl="$essid.cap"
if [[ -f "$capfl" ]]; then
read -p "'$capfl' exists. Overwrite? [y/N] " ow
case $ow in
[nN][oO]|'')
echo "Canceled"
exit
;;
*)
rm -f "$capfl"
;;
esac
fi
echo "Dissociating airport and tuning to channel $chan..."
$apbin -z -c $chan &>/dev/null
echo "Waiting for handshake packets..."
tcpdump "(type mgt subtype assocreq or ether proto 0x888e) and ether host $bssid" -U -i en0 -I -c 5 -w $capfl &>/dev/null
echo "Exiting."
echo "You may try running:"
echo "aircrack-ng -w $capfl"
(If you want to run aircrack-ng on Mac OS X, you can install it via Homebrew using brew install aircrack-ng.)
If it's not already supported, I think it should possible to patch this driver (on Linux and Mac) to send arbitrary deauth frames and support general packet injection.
Apple's driver binary is based on the proprietary Broadcom driver used in Linux; i.e. they share the same core routines, including this one, in simplified pseudocode:
wlc_senddeauth(ctx, arg2, arg3, arg4, arg5, arg6) {
int err, len, mi;
int temp_out;
len = wlc_iem_calc_len(*(ctx+0x858), arg2, 0xc0, 0, 0);
mi = wlc_frame_get_mgmt_int(ctx, 0xc0, arg4, arg6, 0, len+2, &temp_out, 0);
if (mi) {
err = wlc_iem_build_frame(*(ctx+0x858, arg2, 0xc0, 0, 0, 2, len);
assert(err == 0);
temp = arg3 ? *(arg3+0x20) : 0;
err = wlc_queue_80211_frag(ctx, mi, *(*(arg2+0x10)+0x18), arg3, temp, 0, 0, 0)
assert(err == 0);
}
}
I think you could reverse-engineer wlc_queue_80211_frag's parameters using the C++ class AirPort_Brcm4360's call tree within Apple's driver binary, located at:
/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4360.kext/Contents/MacOS/AirPortBrcm4360It's true that the b43 driver does not support the BCM4360 (14e4:43a0).
However, Broadcom's proprietary driver does support this chipset. It's in the driver package broadcom-sta-dkms available from the Debian Wheezy non-free repo.
One Kali user had success with this package for another BCM chipset. If it works for you, you could modify your Kali live image to include it.
Otherwise, it's still possible to use aircrack-ng within Kali, if the handshake packets are first captured within Mac OS X using tcpdump. Here's a shell script that will capture a WPA handshake on a MacBook Air, tested on OS X 10.11 (El Capitan):
#!/bin/sh
function usage() {
echo "usage: $(basename $0) <essid>"; exit
}
if [[ ! $(id -u) -eq 0 ]]; then echo "Must be run as root."; exit; fi
if [[ -z "$1" ]]; then usage; fi
echo "Scanning for access point..."
apbin=/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport
aplist=$($apbin -s)
matchct=$(echo "$aplist" | grep "$1" | wc -l)
if [[ ! "$matchct" -eq 1 ]]; then echo "Bad essid"; usage; fi
echo "Found $bssid."
essid=$(echo "$aplist" | grep "$1" | awk '{print $1;}')
bssid=$(echo "$aplist" | grep "$1" | awk '{print $2;}')
chan=$(echo "$aplist" | grep "$1" | awk '{print $4;}' | cut -d, -f 1)
capfl="$essid.cap"
if [[ -f "$capfl" ]]; then
read -p "'$capfl' exists. Overwrite? [y/N] " ow
case $ow in
[nN][oO]|'')
echo "Canceled"
exit
;;
*)
rm -f "$capfl"
;;
esac
fi
echo "Dissociating airport and tuning to channel $chan..."
$apbin -z -c $chan &>/dev/null
echo "Waiting for handshake packets..."
tcpdump "(type mgt subtype assocreq or ether proto 0x888e) and ether host $bssid" -U -i en0 -I -c 5 -w $capfl &>/dev/null
echo "Exiting."
echo "You may try running:"
echo "aircrack-ng -w $capfl"
(If you want to run aircrack-ng on Mac OS X, you can install it via Homebrew using brew install aircrack-ng.)
If it's not already supported, I think it should possible to patch this driver (on Linux and Mac) to send arbitrary deauth frames and support general packet injection.
Apple's driver binary is based on the proprietary Broadcom driver used in Linux; i.e. they share the same core routines, including this one, in simplified pseudocode:
wlc_senddeauth(ctx, arg2, arg3, arg4, arg5, arg6) {
int err, len, mi;
int temp_out;
len = wlc_iem_calc_len(*(ctx+0x858), arg2, 0xc0, 0, 0);
mi = wlc_frame_get_mgmt_int(ctx, 0xc0, arg4, arg6, 0, len+2, &temp_out, 0);
if (mi) {
err = wlc_iem_build_frame(*(ctx+0x858, arg2, 0xc0, 0, 0, 2, len);
assert(err == 0);
temp = arg3 ? *(arg3+0x20) : 0;
err = wlc_queue_80211_frag(ctx, mi, *(*(arg2+0x10)+0x18), arg3, temp, 0, 0, 0)
assert(err == 0);
}
}
I think you could reverse-engineer wlc_queue_80211_frag's parameters using the C++ class AirPort_Brcm4360's call tree within Apple's driver binary, located at:
/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4360.kext/Contents/MacOS/AirPortBrcm4360edited Jul 25 '16 at 3:31
answered Jul 18 '16 at 8:15
user453074
The last line of the shell script should readecho "aircrack-ng -w <dictionary> $capfl"
– user453074
Jul 27 '16 at 20:25
add a comment |
The last line of the shell script should readecho "aircrack-ng -w <dictionary> $capfl"
– user453074
Jul 27 '16 at 20:25
The last line of the shell script should read
echo "aircrack-ng -w <dictionary> $capfl"– user453074
Jul 27 '16 at 20:25
The last line of the shell script should read
echo "aircrack-ng -w <dictionary> $capfl"– user453074
Jul 27 '16 at 20:25
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1023847%2faircrack-ng-not-working-on-macbook-air-early-2015-using-live-kali-linux-usb-with%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
