This is an old revision of the document!
Starting with kernel 2.6.25, zd1211rw is a mac80211 driver. As a result, the installation/patching procedure is now slightly different from what it was before. This tutorial works with kernel 2.6.27 and up. Injection on 2.6.25 and 2.6.26 requires a slightly different procedure (using compat-wireless-old).
The usual mac80211 rules apply.
Tutorial taken from http://forum.aircrack-ng.org/index.php?topic=5334.0
This tutorial will explain how to achieve injection under linux with the Zydas 1211 and 1211b chip, seen nowadays on many USB Wireless devices. It's currently only being tested under Ubuntu 9.04, but it should work with the majority of the latest kernels and various distributions.
We will not be compiling our kernel in order to gain injection, instead we'll opt for compat-wireless. Let's begin with the steps.
1. Go to http://wireless.kernel.org/download/compat-wireless-2.6/ and download the latest version of compat-wireless and untar the package: tar xfj compat-wireless-2.6.tar.bz2 2. Next up, cd to your /path/to/compat-wireless directory and download the patch required for injection: http://patches.aircrack-ng.org/zd1211rw_inject_2.6.26.patch , You'll also find it in the “patches” directory of your latest aircrack-ng suite. 3. Apply the patch by patch -Np0 -i zd1211rw_inject_2.6.26.patch. If successful, the screen will return:
patching file drivers/net/wireless/zd1211rw/zd_mac.c Hunk #1 succeeded at 191 (offset 32 lines). Hunk #2 succeeded at 666 (offset -18 lines).
Note: the zd1211rw_inject_2.6.26.patch file must be in your compat-wireles-xxxx-xx-xx directory while patching, otherwise you will be asked to provide the full path for the file which needs to be patched, example: /home/user/compat-wireless-xxxx-xx-xx/drivers/net/wireless/zd1211rw/zd_mac.c
4. Patch mac80211 as described in mac80211.
5. The injection patch now is applied and we are ready to compile our driver, type make for the process to begin and wait for few minutes to complete. 6. Barring any errors, next up is installing, make install 7. Now that the newly compiled driver is installed, we are ready to use it but before that we have to unload the old driver by typing make unload 8. To load the new driver, you could either issue make load, or modprobe zd1211rw 9. That's it. This concludes the zd1211 injection tutorial. You should now be able to inject. Test your USB device, by setting it to monitor mode (airmon-ng)
# aireplay-ng -9 mon0 14:39:59 Trying broadcast probe requests… 14:39:59 Injection is working! 14:40:01 Found 1 AP
14:40:01 Trying directed probe requests… 14:40:01 00:00:00:00:00:00 - channel: 11 - 'LINKSYS' 14:40:01 Ping (min/avg/max): 0.687ms/17.616ms/33.327ms Power: 0.00 14:40:01 30/30: 100%