2. 7iP5 Li57
1. Conditions: weather/time/other
2. Antenna inside and outside
3. HW
4. SW
5. RF
6. Channel plan(s)
7. “Good” news 4 everyone (CRDA, Syste.md)
8. TP-Link 722n as hamradio
9. 802.11 @ OS X
10. Some stupid phun if some time remains
3. Independent conditions
Weather:
•H2O + RF = ? Remember borsch in microwave.
•WWW - Wardriving/Warwalking/Warsitting 8). IT’S TiME TO HACK!!
•DFS*
Happy hours:
•WEP - anytime
•WPS - night
•WPA-Personal - evening
•WPA-Enterprise – 9:00 or when normal people come to the job? 8)
Other:
•Depends on your neighbors, interference, PRNG, ISP, etc..
12. RF
• 700MHz – ITS in Japan
• 900 MHz (802.11ah) – US unlicensed
• 2.4 GHz (802.11b/g/n) – everyone uses @ home
• 3.6 GHz, 4.9GHz (802.11y) – US, Public Safety WLAN 50 MHz of spectrum
from 4940 MHz to 4990 MHz (WLAN channels 20–26) are in use by public
safety entities in the US.
• 5 GHz (802.11a/h/j/n/ac) – 802.11ac is what you should use @ home
• 5.9 GHz (802.11p) – Wireless Access in Vehicular Environments (WAVE),
ITS in EU
• 60 GHz (802.11ad) – WiGig. 7Gbit/s, 10m, beamforming, HDMI over WiFi
20. Channel plans
Theory:
•US => 1,6,11
•WORLD => 1,5,9,13
IRL fcukups:
•wtf is channel plan?
•40MHz bandwith will give me more speed!
•More AP power will give me more speed!
•More antennas will give me more speed!
26. Meanwhile in Russia
Также во исполнение протокольной записи к решению ГКРЧ от 19
августа 2009 г. № 09-04-09, ГКРЧ решила[16] (п.2):
Выделить полосы радиочастот 5150-5350 МГц и 5650-6425 МГц для
применения на территории Российской Федерации за
исключением городов, указанных в приложении № 2 [1], РЭС
фиксированного беспроводного доступа гражданами Российской
Федерации и российскими юридическими лицами без оформления
отдельных решений ГКРЧ для каждого физического или
юридического лица.
Brief: 802.11a/h/j/n channels: 36-64, 136-165.
35. ath9k advanced
• echo "$bandwidth" >
/sys/kernel/debug/ieee80211/$phy/ath9k/chanbw
• ls /sys/kernel/debug/ieee80211/phy*/ath9k_htc/registers/
• ath9k_htc AP mode client fw limit
https://lists.ath9k.org/pipermail/ath9k-devel/2013-
April/010513.html
• echo '1' > /sys/kernel/debug/ieee80211/phy0/ath9k/disable_ani
• iw --debug dev wlan0 info
36. 802.11 hacking @ OS X
• No INJ, only RFMON => No sending deauth frames*
• Use reaver-wps, aircrack-ng, tcpdump from mac ports
• airport cmd with RFMON support
/System/Library/PrivateFrameworks/Apple80211.framework/Version
s/Current/Resources/airport
• Scapy patched for RFMON @ OSX https://github.com/0x90/scapy-osx
• WPSIK
• PrivateFrameworks: Apple80211, CoreWLAN, etc…
• Horst to be patched
39. KARMA vs MANA
KARMA
•Client->ProbeRequest ESSID=FreeWiFi
•ProbeReply ESSID=FreeWiFi BSSID=00:13:37…
•+ PineAP @ Mark V == beconizer by ESSID list
MANA
•PNL gathering (capture broadcast)
•Beacon Broadcast
•Hidden SSID