Aug. 20, 2008
I recently purchased a new Asus eee 900 as I dropped my previous lovely pink 700 in the floor breaking the screen 
Due to its small size I thought it could be suitable for carrying around while performing wireless assesments. This led me to setting it up as both a scanning/monitoring device using the built-in wireless interface and a fake access point. Kismet basically ran out of the box while the fake access point took some more work.
As a friend told me about the airbase-ng project I though I would give it a shot...
Having tried airbase-ng with both the built-in Atheros chipset and with numerous USB rt73 based wifi-interfaces I was still not satisfied with the result. Even though I got airbase-ng working (at least sometimes) it would not let clients associate to the wifi-network to the extent that the "karma" madwifi-ng driver patches do. In spots were the patched madwifi drivers were picking up and letting 10 clients associate, airbase-ng would pick up and associate one and only list direct and broadcast probes from the others. Having limited time to debug the software in order to understand the reason for this I stuck to the madwifi-ng "karma" patches.
A good set of "karma" madwifi-ng patches are available from www.digininja.org and can be downloaded here:
http://www.digininja.org/files/karma-madwifi-0.9.4-3379.patch
These patches make it possible to activate and inactivate the "karma" behaviour by using iwpriv and therefore do not interfere as much with the driver as other patches have been doing in the past.
In order to install them to the eee a subversion snapshot of the madwifi-ng drivers, supporting the chipset in the eee must be downloaded. A subversion snasphot of the madwifi-ng driver can be downloaded from here:
http://snapshots.madwifi.org/madwifi-hal-0.10.5.6/madwifi-hal-0.10.5.6-r3835-20080801.tar.gz
As the patches come for another subversion version than the one were downloading a couple of hunks will fail when applying the patch. In order to address these failed hunks I am supplying an additional patch which has to be applied after this first one to correct the failed hunks. This patch can be found here:
http://www.cqure.net/files/001-madwifi-hal-0.10.5.6-r3835-20080801-digininja-fixup.patch
These are the steps i took to install the patched driver to the eee PC:
wget http://snapshots.madwifi.org/madwifi-hal-0.10.5.6/madwifi-hal-0.10.5.6-r3835-20080801.tar.gz tar xvzf madwifi-hal-0.10.5.6-r3835-20080801.tar.gz cd madwifi-hal-0.10.5.6-r3835-20080801/ wget http://www.digininja.org/files/karma-madwifi-0.9.4-3379.patch patch -p1 < karma-madwifi-0.9.4-3379.patch wget http://www.cqure.net/files/001-madwifi-hal-0.10.5.6-r3835-20080801-digininja-fixup.patch patch -p1 < 001-madwifi-hal-0.10.5.6-r3835-20080801-digininja-fixup.patch make sudo make install
2 Responses to “Runing karma on the eee”
Hi Patrik,
Did you try karmetasploit (http://www.metasploit.com/dev/trac/wiki/Karmetasploit )?
It seems to be based on airbase-ng (HD Moore submitted some patches), not sure how it compares to karma when it comes to associating clients…
By jmc on Aug 21, 2008
Yes I am actually running karmetasploit but not with the airbase-ng as access point. The setup steps are very similar except for the airbase-ng stuff as the madwifi patches from digininja provide this functionality. I am using a small shell script that gets the wifi-interface running in AP/master mode prior to starting the dhcp-daemon and the metasploit framework.
If someone wants this script drop me a line and I will make sure to e-mail it to you.
By Patrik on Aug 22, 2008