Prism2.5 / Intersil WLAN-Adapter and WPA_PSK

nospam@example.com (n00dl3s) — Wed, 18 Apr 2007 19:59:52 +0200

A couple of weeks ago my Senao 2511 CD PLUS / EXT2 card stopped playing nicely with my own wireless network at home (I use it on a gentoo x86 system). My network is hidden and uses WPA-PSK for encryption, and until some time ago wpa_supplicant was working without problems. However, when trying to associate the card with the network i ran into this problem:

ioctl [PRISM2_IOCTL_PRISM2_PARAM] Operation not supported

After some searching the web, I was quite sure that I needed to upgrade either my hostap-drivers or the firmware on my wireless card.
Since I am using a pretty recent kernel and the in-kernel hostap driver (compiled as modules), I concluded that the firmware on the NIC must be the culprit.

A check with hostap_diag showed this:

# hostap_diag wlan0
NICID: id=0x800c v1.0.0 (PRISM II (2.5) Mini-PCI (SST parallel flash))
PRIID: id=0x0015 v1.1.0 # <-- this is the "primary" firmware
STAID: id=0x001f v1.4.9 (station firmware) # <-- this is the "secondary" firmware

This site has a nicely written overview on flashing your Prism2(2.5) / Intersil card with new firmware and also offers lots of different firmware packages to download here . The site walks you trough the whole process, which is great because it also informs about the danger of turning your precious equipment into not-so-precious garbage.

The program needed to flash the new firmware is called prism2_srec and is included in the hostap_utils package (available for many distros or -
alternatively - get sources from here and compile it yourself). The nice thing about prism2_srec is that you can do a check first without really flashing the firmware. This makes it highly unlikely that you ruin your wireless card because of flashing the wrong firmware onto it...

So, first I did the test-run:

prism2_srec -v wlan0 # note the absence of any switches (besides the -v for verbosity)

The test-run gave me an "OK" at the end, which gave me confidence to actually flash the card.

prism2_srec -v -f wlan0 # the -f switch stands for "flash", be careful!!!

So afterwards the output of hostap_diag reads like this:

NICID: id=0x800c v1.0.0 (PRISM II (2.5) Mini-PCI (SST parallel flash))
PRIID: id=0x0015 v1.1.1
STAID: id=0x001f v1.8.2 (station firmware)

The firmware i used was v1.1.1 (primary) and v1.8.2 (secondary) which both work absolutely flawless. Some people have reported packet-loss when using the most recent secondary firwmare (v.1.8.4), so I thought I'd better stay away from that one...

So, after trying wpa_supplicant again, no errors anymore

Thanks to Jun Sun for all the info I needed...

Patching hostap drivers for packet-injection

nospam@example.com (n00dl3s) — Tue, 17 Apr 2007 20:59:00 +0200

Most of the more advanced techniques to crack wireless networks use packet-injection, either to produce more traffic in case of WEP cracking (replay attacks ) or to de-authenticate a connected client (in order to sniff the re-authentication handshake for WPA-PSK cracking).

In any case, the stock hostap driver doesn't allow you to inject packets, so I had to patch it.
You can get the patches here. Be sure to pick the right one for your card/driver. I used the hostap-kernel-2.6.18.patch which also works on my 2.6.19-beyond2 kernel. After applying the patch to the kernel sources, i did a make && make modules_install and rebooted the box. After that, injection worked great, but my card seemed to pick up much less traffic than before

When running kismet before, within seconds i could see dozens of wireless networks, but now only once in a while a new network appeared on the screen. Since the injection itself worked, I was quite sure I applied the patch correctly. After some research, I learnt that the injection patch can lead to problems if you use firmware that is rather old (although no precise version number for what is "too old" was mentioned anywhere).

Read my post here on how to upgrade the firmware on prism2/2.5/3 cards.

http://united-geeks.org/blog - WLAN

Prism2.5 / Intersil WLAN-Adapter and WPA_PSK

Patching hostap drivers for packet-injection