Shulou(Shulou.com)06/01 Report--

I have tortured myself for more than a week as a reference for friends who encounter the same problem.

Generally, there are two methods to establish soft AP under kali linux. One is to use airbase-ng. The advantage is that it is easy to run and adapt to a wide range of network cards. For example, the common rtl8187 network cards are limited to OPN and WEP encryption, but do not support WPA and WPA2 encryption. Second, through hostapd, it supports many encryption methods, such as OPN, WEP, WPA, WPA2 and so on, but the number of network cards supported is limited.

Before I had the network card of rtl8187, I always regarded it as an artifact, but later I found that it was completely misled, not only the signal was general, but also the mode of support was quite limited, the most important thing was that I did not support hostapd to establish WPA encrypted AP. With the iw list command, you can see the modes supported by the rtl8187 Nic:

Iw list... Supported interface modes: * IBSS * managed * monitor

After a while of google, in an e-commerce that Amoy a rt3070 chip, the price is cheap, young and old, support b/g/n (rtl8187 only supports b 6dBi g), standard dual 6dBi gain antenna, iw list look, instantly found that this mud horse is the real artifact ah! (highly recommended!

Supported interface modes: * IBSS * managed * AP * AP/VLAN * WDS * monitor * mesh point

The key is the AP displayed in it, which indicates that the Nic supports soft AP mode. Let's get to the point. After I set up an WPA2-encrypted AP with the hostapd that comes with kali linux, I always show an error of not shaking hands properly when connecting to the terminal:

Pay attention to the error message marked in red, which is mainly:

Wlan2: STA xx:xx:xx:xx:xx:xx IEEE 802.11: did not acknowledge authentication responsemgmt::assoc_resp cbwlan2: STA xx:xx:xx:xx:xx:xx IEEE 802.11: did not acknowledge association responseData/PS-poll frame from not associated STA xx:xx:xx:xx:xx:xx

Next, in order to solve this problem, I searched numerous Chinese and bird language web pages on the Internet and tried various methods. For example, delete the hostapd that comes with the system, download the source code and compile it directly. However, the source code downloaded by git clone can not be compiled on my machine. I can download the tar.gz source code package provided by the official website directly. Although it can be compiled and passed, there is an error in running.

The card has been here for a long time, but some websites have also encountered this problem, which can be solved by modifying the source code and then compiling it. To modify it, comment out two return in the source code src/ap/ieee802_11.c, as follows:

If (! ok) {hostapd_logger (hapd, mgmt- > da, HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, "did not acknowledge authentication response"); / / return;} if (! ok) {hostapd_logger (hapd, mgmt- > da, HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_DEBUG, "did not acknowledge association response"); / / return;}

But my machine on the source code compilation can not pass ah! I have no choice but to change the hostapd program that comes with the system directly. Open hostapd with ida, and after sorting in the Strings windows window, find two consecutive key strings:

Double-click to find the code where the reference string is. The first is at 080D9678, and you can see that the subroutine of sub_80D95E0 calls loc_80D9678:

Continue to trace to the sub_80D95E0 and view it in a graphical view. It is obvious that jz is an error message. If something goes wrong, follow the green line and call the error message above. We just need to jump the jz to nop and let the program continue along the red line.

After viewing, this jz code is at the file offset 0009160C, the code is 746A, you just need to change it to 9090. In kali, modify the hostapd with a hexadecimal editor:

Hexeditor / usr/sbin/hostapd

Modify the value at the corresponding offset:

Similarly, jump the call to the second error message to nop, this time it is jz loc_80DC618, the file offset is 00094426, and the hexadecimal data is 0F 84 EC 01 00:

Change it all to 90 with hexeditor:

Save and launch Ctrl+x, run hostapd again, connect the phone successfully, and display connected:

It was an extremely tortuous experience. It took a long time from using airbase-ng to establish WPA encryption AP to using hostapd, from using rtl8187 network card to buying a suitable network card, from compiling code without passing to directly modifying executable file. Write down the experience for reference to friends in need, and avoid detours!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.