injection test observations

[liklev]

hi, successfully installed driver. i followed your readme.md and by that it looks to me that the original zeerooo's git is cloned/ compiled.
there after loading the modul i had little trouble to find how to unbind from rtlxxxu and bind it to rtl8192eu. finally i figured it and my "tenda u1" (FCC ID: V7TU1DET) sticks running with this driver.
Unfortunately after reboot the binding returns to rtl8xxxu driver, so i have to rebind it every time with a script after reboot. (i gave 0bda:818b new_id).
So observations: as soon your driver in charge the sticks start up in promiscuous mode without any user involvement, and they got wlan1/wlan2 names.
airodump-ng / aireplay-ng work directly, airmon-ng showing the rtl8192eu driver.

with aireplay-ng i made card to card test (both card is the tenda u1):
on all 3 APs in vicinity made 30/30 100%
attack -0 ok
attack -1 open ok
attack -1 psk ok
the rest of attacks -2,3,4,5,6,7 all failed.

is that supposed to mean that deauth and fakeauth work only?

after using one or few times the cards stop finding ap-s.
even i set airodump on a single channel.
stations show up but no APs.
probably networkmanager messed it up. after reboot and rebind again working.

cheers, lev

[liklev]

oh, there is another one. looks like somewhere along the source a 12dBm txpower limit applied, while free setting of txpower looks not implemented. (some other forum explained that the 12dBm was just for testing purpose back in time).
where it is possible to change it at least to the legal 20dBm then recompile.
this 12dbm/16mWatt txpower i guess is far below the hardware ability.

regards, lev

[liklev]

further digging into the source files i found a 12 dbm "announcment" only in "ioctl_cfg80211.c"
from line 3621 to 3632.
looks like anyone asking to get txpower the return is 12dBm regardless of anything.

is that so? i'm not an expert on any level in programming drivers.

[kimocoder]

The txpower issue is related in most Realtek drivers, it's been fixed in our rtl8812au drivers at https://github.com/aircrack-ng/rtl8812au branch from v5.6.4 and above where the phydm has been updated.

[liklev]

is the 8812au branch helps some way with the 8192eu?
during the injection test i had a feeling it is on higher power than 12dBm because it was able to make 30/30 with APs a house or 2 away.

i use the dkms driver with a pair of alfa awus1900 and powerwise everything ok.
card-to-card injection test brings only 5,7 fails, but i did not test it field/mac-matching to see if it can do that.
anyhow i'm not fully satisfied with the awus kind 8814au solution, even with 4x8dBm whip antenna is not that sensitive like oldschool chipsets.