singe/wifi-frequency-hacker singe/wifi-frequency-hacker

  • Stars
    star
    155
  • Rank 232,839 (Top 5 %)
  • Language
  • License
    GNU General Publi...
  • Created over 7 years ago
  • Updated over 7 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
singe/wifi-frequency-hacker
github

singe

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A modified frequency regulatory domain configuration that doesn't limit you.

wifi-frequency-hacker

A modified frequency regulatory domain configuration that doesn't limit you.

Overview

Different countries enforce different frequency restrictions on the various wifi channels. This can be a pain if your card/OS is forcing you into a different configuration than the one you need. There are numerous reasons why this may be happening. From drivers favouring EEPROM configurations over your settings to weird decision making based on observed network activity. Either way, the discerning wifi hacker doesn't want to have to bother with such things.

Contents

This contains a modified binary regulations configuration (regulatory.bin), based on the plain-text input file (db.txt). This configuration sets all countries to the same setting, and that setting is the least restrictive possible. That way, no matter what domain you're being forced into, you get the same functionality.

Benefits

This includes:

  • Being able to access all sorts of channels, such as 14 (JP only usually) in 2.4Ghz, an assortment in 5Ghz and even some of the new 60Ghz or special 4Ghz bands.
  • Being able to transmit at full power (30dBm), no power limits.
  • Being able to use large band configurations (40/80/160) where the continuous spectrum allows is.
  • Being able to ignore DFS.

The caveat is that your hardware needs to support what you're trying to do (e.g. this won't give a 2.4Ghz only card 5Ghz capabilities).

Warnings

Of course, this let's you do dangerous things too, and you need to be very careful how you use this. In particular:

  • Many of these configurations are completely illegal in many different countries. Passive monitoring of those frequencies isn't likely to get you caught, but transmitting at full power in some of them could not only get you in trouble, but also interfere with critical services such as emergency services. Here's a list of actions taken against those caught violating FCC rules in this way in the US https://www.fcc.gov/general/u-nii-and-tdwr-interference-enforcement
  • Many of these configurations are impossible, for example, channel 14 (2474-2494) should only be available in Japan, at 20Mhz width and 802.11b only (no OFDM). However, with this configuration, you may be able to violate all of that and create a network no device would be able to connect to.
  • You could break your device. Transmitting at too high power on frequencies or configurations the firmware/hardware never thought anyone could/would may lead to undesirable consequences to your hardware.

When in doubt, don't transmit! This wiki page usually has the latest details on which wifi channels are available in which country: https://en.wikipedia.org/wiki/List_of_WLAN_channels

Installing

If you have a crda compiled with external key support, you need to do two things to install this. The first is to overwrite your existing regulatory.bin with the new one. The second is to copy my public key to the right directory.

When overwriting the .bin, make sure to make a backup of the original so you can go back to normal wifi function if you need to/want to.

My public key is needed because the binary is signed by my private key, and crda needs the public key to validate that signature.

On Kali Rolling 2016.1 I ran the following commands:

apt-get install wireless-regdb crda

This will make sure you get the pre-requisites.

git clone https://github.com/singe/wifi-frequency-hacker
cd wifi-frequency-hacker

Get a copy of this repo.

cp /lib/crda/regulatory.bin /lib/crda/regulatory.bin.orig
cp regulatory.bin /lib/crda/
cp singe.key.pub.pem /lib/crda/pubkeys/

Make a backup of the original file, and replace it with the new one, and add my public key to crda's list of accepted keys.

iw reg set ZA

If you change to a new locale that isn't your current, the new setting will take effect.

iw reg get

You should see something like:

country XX: DFS-UNSET
	(2400 - 2494 @ 80), (N/A, 30), (N/A)
	(4910 - 4990 @ 80), (N/A, 30), (N/A)
	(5030 - 5090 @ 40), (N/A, 30), (N/A)
	(5150 - 5350 @ 160), (N/A, 30), (N/A)
	(5470 - 5730 @ 160), (N/A, 30), (N/A)
	(5725 - 5875 @ 80), (N/A, 30), (N/A)
	(17100 - 17300 @ 160), (N/A, 30), (N/A)
	(57000 - 66000 @ 2160), (N/A, 40), (N/A)

The country doesn't matter (all countries are set to the same). But you should see that list of frequencies, anything less or with DFS options, and your changes to regulatory.bin haven't been applied, either because you need to compile your own version that trust your key (see the link at the end) or because you overwrote the wrong regulatory.bin.

iw list|grep dBm

These will give you a view of the resulting configuration. The first a list of the regulatory restrictions, and the second the net result of the channels available to you. You shouldn't see any "disabled" notes here, if you do, and you applied the crda changes correctly, then it means your firmware is preventing use of these channels.

If it doesn't seem to be working, try running:

regdbdump /lib/crda/regulatory.bin

If the output includes Database signature verification failed, your version of crda is probably compiled with static signatures, and you will need to compile and install your own crda binary using the instructions linked below. Fedora is known to use static signatures.

Making your own

Information on building your own is available from the kernel.org team at: https://wireless.wiki.kernel.org/en/developers/regulatory

More Repositories

1

container-breakouts

Testing/collecting some container breakouts
Python
93
star
2

ebpf-docker-for-mac

How to run eBPF on Docker for mac
Python
73
star
3

singrep

singe's grep - a fast grep using single-file parallelism
Rust
47
star
4

x86_64_workshop

Container and files for a beginners workshop on writing Linux x86_64
Assembly
25
star
5

hashcat-brain

A docker container for running the hashcat brain server
Dockerfile
22
star
6

yellow

A simple binary wrapper for DNS canarytokens.
C
22
star
7

nthasher

A fast wordlist to nthash converter
Rust
21
star
8

linuxkit-for-mac

A method for building LinuxKit images for Docker-CE with custom kernels.
Shell
20
star
9

wpa3_brute

Simple mods to wpa_supplicant to allow more efficient online bruting
C
18
star
10

mainframe_brute

Mainframe bruter and screen automation utility.
Python
18
star
11

fast-permute

A fast python tool for creating permutations of alphanumerics
Python
9
star
12

kak-containers

Using PID, mount & network namespaces with chroot to learn about containers.
Shell
5
star
13

dinlind

Docker in LinuxKit (qemu) in Docker
Dockerfile
5
star
14

linuxkit-mac80211_hwsim

Container for the WiFi hardware simulator & associated kernel modules built against linuxkit kernels
Dockerfile
4
star
15

snapbook

Hide all your Facebook posts by marking their privacy settings as "Only Me"
Python
4
star
16

wpa_supplicant

My modifications to wpa_supplicant
C
2
star
17

wspr-pewpew

A hacky set of scripts to animate activity from WSPRnet over time
HTML
2
star
18

hackcheck

Check if the specified machine shows up in databases indicating a potential compromise.
Perl
2
star
19

vodasms-cli

Send mobile text messages to Vodacom South Africa subscribers from the command line.
Perl
2
star
20

arg2stdin

A simple utility to pass cli arguments as stdin to a specified command
Rust
2
star
21

learning-asm

Fiddling with asm
Assembly
2
star
22

mobile-proxy

A set of tools for running a proxy.pac setup that will force advanced proxy settings or block unwanted network requests usable on anything that supports proxy.pac
Python
2
star
23

SuperGenPass2

My fork of the SuperGenPass.net project
PHP
1
star
24

plex-zatechshow

A Plex plugin for the ZA Tech Show weekly audio/video cast.
Ruby
1
star
25

maldso

Malicious linker tricks
1
star