HCL:Wireless

From Offensive-security.com

1 Wireless Cards And Drivers
2 Tested Card List

Wireless Cards And Drivers

This section lists Cards that have been tested with BackTrack. If you have tested a card that does not appear on this list, please add it in!

BackTrack V.2.0-BackTrack V.3.0 (Final) has the following drivers included, in addition to the standard 2.6.20/2.6.21.5 kernel drivers:

madwifi-ng (Patched for Injection)
hostap (Patched for Injection)
prism54 (Patched for Injection)
bcm43xx (Patched for Injection)
rtl8180 [1] (Patched for Injection)
rtl8187 (Patched for Injection)
ipw2200 (Patched for Injection)
rt2570 (ASPj's Drivers)
rt2500 [2] (not sure if patched already but can be added with this link http://aircrack-ng.org/doku.php?id=rt2500&DokuWiki=c3d1aad1f57c675981be7c8290e369d6)
rt61
rt73
ipw2100
ipw3945
acx100 (Patch available -BETA-)
zd1211rw (Patch available -BETA-)

wlan-ng HAS BEEN REMOVED! Prism2 card owners should use the Hostap Drivers

-muts

The links provided above for the driver of the chipset are the links to the developer's actual homepage. If you want to know where the patches are coming from, click on the link that says something similar to the word `patch'. Note that the links provided may not be current and that patches may/may not work. You have been forewarned.

- hatake_kakashi

Notes about VMWare or any other virtualisation software

VMWare or any other virtualisation software generally does not allow backtrack 2 or 3 as guest to operate fully with the wireless card. The only exception are USB wireless cards, do not ask about support for VMWare supporting wireless cards for PCI/PCI-E/PCMCIA/MINI-PCI/MINI-PCIe/EXPRESS CARD in #remote-exploit or the forum

More information maybe found at Talk:HCL:Wireless or on the forum.

Tested Card List

PCI

Asus WL-138g v2

Driver : bcm43xx
Chipset : Broadcom
External Antenna: Reverse connector (RP-SMA) with a detachable antenna

Works out of the box.

Belkin F5D8001

Works out of the box.

CNet CWP-854

Driver : rt2500
Chipset : Ralink 2500
External Connectors: RP-SMA
Works out of the box.

Dlink DWA-552

Driver : Madwifi-ng
Chipset : Atheros AR5212 a/b/g/n
For Kismet, edit your kismet.conf file (/usr/local/etc/kismet.conf) to "source=madwifi_g,wifi0,Atheros"
Notice: To set up your MAC (optional) and switch into Monitor Mode type:

airmon-ng stop ath0

macchanger -a wifi0

iwconfig ath0 mode Monitor

Dlink DWL-AG530

Works out of the box.

Dlink DWL-G520

Chipset : Atheros
External Antenna: RP-SMA
Works out of the box.

Dlink DWL-G550

Chipset : Atheros AR5212 (within AR5002X)
External Antenna: Yes, omni-directional dipole antenna with 5dBi
Works great out of the box.

http://www.dlink.com/products/?sec=0&pid=414

Dlink DWL-G510

Chipset : Atheros AR5212a/b/g; Ralink RT73
Driver : madwifi-ng; rt73
External Antenna: REV-SMA

Read here

Dynex DX-EBDTC

Chipset : Broadcom
Works right of of box. Injection and monitor mode IS supported.

Foxconn WLL-3350

Driver: rt2500

MSI PC60G

Driver : RT61
Chipset : Ralink
Works out of the box. Injection and such (wireless tools) not functional

http://global.msi.com.tw/index.php?func=proddesc&prod_no=1063&maincat_no=131

Netgear WG311T

Driver : Madwifi-ng
Chipset : Atheros
External Antenna: RP-SMA Connector

Works perfectly out of the box. Injection works as Well. http://www.netgear.com/Products/Adapters/SuperGWirelessAdapters/WG311T.aspx

Netgear WPN311

Driver : Madwifi-ng
Chipset : Atheros
External Antenna: RP-SMA Connector

Works great out of the box including injection.

SMC SMCWPCI-G

Chipset : Atheros
Antenna Type : External SMA (detachable)
Operating Range :

        • Outdoors up to 1.312ft / 400m
        • Indoors up to 328ft / 100m

Works great out of the box including injection

Mini PCI (Built in)

Broadcom BCM4306 802.11b/g (rev 3)

Environment

Compatibility

Hardware ver	Software ver	Internet	Monitor	Injection
Dell 1350 WLAN Mini-PCI	2.6.20-BT-PwnSauce-NOSMP bcm43xx	yes	yes	no
HP Pavilion ZV5330us	bcm43xx	?	?	no
HP Pavilion zd8000	bcm43xx	yes	yes	?
Compaq Presario 2500	bcm43xx	yes	yes	no

Driver : bcm43xx
Notebook HP NX6110 model PT601AA#AKD
Notebook HP Pavilion ZV6170us (part of zv6000 series)
Notebook Compaq Presario V2405CA Not sure what chipset it is but doesn't work with built in Broadcom B/G
Notebook acer TravelMate 2413LMi Not sure what chipset it is but Packet injection does not work with buit in Broadcom B/G

Broadcom BCM4318 802.11b/g

Driver : bcm43xx
Notebook Compaq v2312us - It will capture packets but does not inject.
Notebook HP Pavilion dv5215us - Injection works! http://forums.remote-exploit.org/showthread.php?t=7190 First place card in monitor mode (include channel of target AP):
AirForce One 54g - Injection works but you need to have a recent version of aircrack-ng (it worked for me with the 0.9)

bt ~ # ifconfig eth0 up
bt ~ # iwconfig eth0 mode Monitor channel #

Use aireplay-ng attack 1 (fake authentication) and then attack 3 (ARP request replay attack). ~40,000 packets injected in <5 minutes. -theprez98

Notebook Acer 5000 - It will capture packets but does not inject.

IBM AR5212 802.11abg NIC (rev 01)

Driver : Atheros

IPW2100

Driver : IPW2100
Special Notes: Will enter monitor mode, but cannot inject.

===================================== YES for IPW2200 Sorry, but it works with injection patch I use ipw2200-1.2.1 and package of aircrack.0.90 need to compile, and install Kismet works fine but I prefer airodump-ng Attack works under aireplay -2 -3 -4 -5 and -9, but not for -0 and -1

IPW2200

Driver : IPW2200 (With Injection Patches)

Boots Live and installs on hard drive detecting and installing the ipw2200 pached drivers perfectly (also on dual and multi-boot environments (MacOS, Vista, XP, BT)
About Injection, Void11 cannot be used to deauth stations. ONLY the "--interactive", "--arpreplay" and "--chopchop" options of Aireplay-ng work, due to an ipw2200 limitation. You must enable the rtap0 interface executing the following commands to make injection posible before doing anything else:

   - rmmod ipw2200
   - modprobe ipw2200 rtap_iface=1
   - ifconfig eth1 up
   - ifconfig rtap0 up

Injection has proven to be succesfull with "-i rtap0 eth1" interface parameter at the end of your aireplay-ng --arpreplay command. This allows to capture at the same time using the rtap0 interface with other programs.

Example of arp injection command:

   - aireplay-ng --arpreplay -b 00:00:00:00:00:00 -h 11:11:11:11:11:11 -i rtap0 eth1

GUI Wireless tools are at early development. Sometimes they don't work as expected and network parameters must been set in konsole. Things may appear failing when they are actually working:

   - Wireless assistant may say "connection failed" but you are associated with the AP.
   - Running Kismet a 2nd time does not work because inteface is set in monitor mode.
   - Injection failing because deauth attack is not posible, but deauth is not the only method.

You may feel misfuncionalities when following tutorials step by step without ANY previous knowledge, especially those for Wep cracking because of its complexity. But the true is that full funcionality is found on this chipset except for a few injection attacks that doesn't prevent you from auditing WEP and WPA wireless security. But to achieve this you have to learn and master some essential of linux connectivity tasks, and commands to set up network parameters using the console and troubleshoot results. You only have to check the manuals, learn and practice all possible options of the following 5 commands to be succesfull with this nice integrated ipw2200 chipset:

   - ifconfig
   - iwconfig
   - iwlist
   - modprobe
   - ping

aireplay only thing not working

Will not inject even with the patch enabled.

Kismet & AirMon didnot work for me.

Kismet did work for me.

Good tutorial for injection can be found here: http://tinyshell.be/aircrackng/forum/index.php?topic=1775.0

This tutorial worked out of the box for me, no driver patching required, however ony aireplay-ng injection attacks -2, -3, and -4 work though.

Injection is working alright, but you can only inject data frames (arp injecting works, for example). That means deauth and other attacks that may require management frames can't work. Bear in mind you must use rtap_iface=1 when loading the module to use the rtap interface, through which you can sniff while you inject in the eth interface (you have to do it that way or it won't work).

Be careful with the new 2.6 kernels, you may need to use irqpoll at boot to avoid an IRQ conflict on your computer -see below ipw3495 (in that case the conflicting device won't work at all so if it's just injection that fails, it's not an irqpoll problem).

We could not use any injecion on this due to it using Centrino technology.

WN360G

Driver : prism54
Use a PCI to MiniPCI adapter with it.
lspci output :
FCC ID: QDWWN360G

01:07.0 Network controller: Intersil Corporation ISL3890 [Prism GT/Prism Duette]/ISL3886 [Prism Javelin/Prism Xbow] (rev 01)

Mini PCIe (Built in)

Gigabit Atheros card works, but you have to use 'airmon-ng start wifi0' to set it into monitor mode.
Broadcom 4311-based Dell Wireless 1390 adapter is detected and works as mentioned below. Monitor mode works but packet injection doesn't seem to be working.

Broadcom BCM4311 802.11b/g

Driver : bcm43xx
Driver : bcmwl5.sys
Notebook HP nx6315
Notebook HP nx7400
Notebook Dell Inspiron 1501
Notebook Dell Inspiron 1505\6400
Notebook Dell Latitude d820

D820 is detected and works but the BCM4311 chip does not work with packet injection

FCC ID: MXF-C941103G
Notebook Dell Dell d520
Notebook Compaq/Dell V2000US is NOT working. Packets appear to send but after testing on a separate card I was able to determine that NONE of the attack modes work properly.

Windows Drivers and Client Software: http://www.wireless-driver.com/download/broadcom/2007-6-26/Broadcom-4311-BCM4311KFBG-Driver_0.htm

PCI ID:
BCM43XG, PCI\VEN_14E4&DEV_4320&SUBSYS_00E70E11
BCM43XGT, PCI\VEN_14E4&DEV_4320&SUBSYS_12F4103C
BCM43XG1, PCI\VEN_14E4&DEV_4320&SUBSYS_12F8103C
BCM43XG2, PCI\VEN_14E4&DEV_4320&SUBSYS_12FA103C
BCM43XG3, PCI\VEN_14E4&DEV_4320&SUBSYS_12FB103C
BCM43XM1, PCI\VEN_14E4&DEV_4324&SUBSYS_12F9103C
BCM43XM2, PCI\VEN_14E4&DEV_4324&SUBSYS_12FC103C

BCM43XG1, PCI\VEN_14E4&DEV_4318&SUBSYS_1355103C
BCM43XG2, PCI\VEN_14E4&DEV_4318&SUBSYS_1356103C
BCM43XG3, PCI\VEN_14E4&DEV_4318&SUBSYS_1357103C
BCM43XM1, PCI\VEN_14E4&DEV_4319&SUBSYS_1358103C
BCM43XM2, PCI\VEN_14E4&DEV_4319&SUBSYS_1359103C
BCM43XM3, PCI\VEN_14E4&DEV_4319&SUBSYS_135A103C

BCM43XG11, PCI\VEN_14E4&DEV_4311&SUBSYS_1363103C
BCM43XG12, PCI\VEN_14E4&DEV_4311&SUBSYS_1364103C
BCM43XG13, PCI\VEN_14E4&DEV_4311&SUBSYS_1365103C
BCM43XM11, PCI\VEN_14E4&DEV_4312&SUBSYS_1360103C
BCM43XM12, PCI\VEN_14E4&DEV_4312&SUBSYS_1361103C
BCM43XM13, PCI\VEN_14E4&DEV_4312&SUBSYS_1362103C
BCM43XM14, PCI\VEN_14E4&DEV_4312&SUBSYS_135F103C

IPW3945

Driver : IPW3945
Special Notes : Enable the drivers via KDE menu or cd /usr/src/drivers/ipw3945-1.2.0/ && ./load
Special Notes : Enters monitor mode, but cannot inject
Special Notes : You may need to start the image with "bt irqpoll" Good way to tell: you see what looks like function call backtraces on startup and the suggestion to run "bt irqpoll" scrolls by pretty fast. Check your dmesg for more details if it scrolls too fast for you.

IPWRAW (IPW3945 Monitor + Inject)

Driver : IPWRAW, A guide can be found [here]
Or an easy to use lzm module can be found here [here]
Note : This driver is not included in Backtrack2 by default.
Special Notes : Locked in monitor mode and can be used in all aireplay-ng attacks.
For Kismet, edit your Kismet.conf to "source=ipw3945,wifi0,Intel"
Notice: After starting airodump-ng only run one command at a time. If you do not your system may hang or freeze.

 ifconfig wifi0 down
 #Change to AP BSSID
 nano /sys/class/net/wifi0/device/bssid
 # Channel of AP
 nano /sys/class/net/wifi0/device/channel
 # Change from 108 to 2
 nano /sys/class/net/wifi0/device/rate
 ifconfig wifi0 up
 airodump-ng rtap0
 #wifi0 is used for all other commands.

IPW4965/IWL4965 agn

Monitor: yes, works natively on backtrack3
Injection: no, there are works being done on it.

To load the driver

 modprobe iwl4965

Gigabyte GN-WS50G b/g

Driver: Madwifi-ng
Managed: yes
Monitor: yes
Injection: yes

PCMCIA Cards

3COM 3CRWE154G72 v1

Driver : prism54
Chipset : Intersil PrismGT FullMAC
Notice : other revisions of this card are not prismGT FullMAC

3COM 3CRPAG175B with XJACK Antenna

Driver : Madwifi-ng
Chipset : Atheros AR5212
Notes : detected at boot time, injection works, everything goes like in aircrack-ng tutorials

Agere Systems ORiNOCO GOLD PC Card Classic

Notes: see Enterasys Roamabout 802.11 DS High Rate

AirLink101 AWLC4130

Driver : Madwifi-ng
Chipset : Atheros
Notes: Found at boot up. Forum users report 100% working, making this the cheapest working Atheros (and maybe overall) card out there.

ASUS WL100G

Driver : bcm43xx
Chipset : Broadcom BCM43xx
Notes: It is found at boot-up and is ready to go.

Belkin F5D6020 v3

Driver : Realtek
Chipset : rtl8180
Notes: Requires terminal input of iwconfig and dhcpcd wlan0
Notes: Full capability and injection

Belkin F5D7010 V1000

Driver : bcm43xx
Chipset : Broadcom BCM43xx
Notes: Detected at boot-up and is ready to go. Didn't have an opportunity yet to test the packet injection so can't report on that.

Belkin F5D7010 V3000UK

Driver : RT61
Chipset : Unknown will update later (SORRY)
Notes : Detected at boot-up with final BT2 (ra0). I have no had any problem to put it in Monitor mode; unfortunately packet injection does not work.

Belkin F5D7010 V5000

Driver : Atheros
Chipset : Atheros
Notes : Works great from what I could tell. Detected at boot-up with latest BT2. Packet injection appears to work.

Belkin F5D7010 V6000

Driver : RT61
Chipset : Ralink
Notes: after untar the files, in the Module dir, make clean, make debug and then make install then modprobe rt61 debug=1

Belkin F5D7011

Driver : bcm43xx
Chipset : Broadcom 4306
Notes: Picked up on boot and I can inject into my router without a problem.

Buffalo WLI-CB-G54HP

Driver : bcm43xx/b43
Chipset : Broadcom BCM4318
Notes: It is found at boot-up and is ready to go. Packet injection works perfectly.

Use b43 driver and mac80211. bcm43xx will not show correct PWR levels in airodump-ng and may have issues with injection if not at PPS (Packets Per Second)

Cisco AIR-LMC350

Driver : airo_cs
Chipset : Cisco Aironet
Monitor mode HOWTO
Special Notes : airodump-ng output on wifiX shows garbled output whilst ethX does not work. Kismet will work with this card. More information: airo

Cisco AIR-PCM350-T

Driver : airo_cs
Chipset : Cisco Aironet
Monitor mode HOWTO
Special Notes : airodump-ng output on wifiX shows garbled output whilst ethX does not work. Kismet will work with this card. More information: airo

Cisco Aironet AIR-CB21AG-A-K9

Driver : Madwifi-ng
Chipset : Atheros
lspci : 03:00.0 Ethernet controller: Atheros Communications, Inc. AR5212 802.11abg NIC (rev 01)

Dlink DWA-645

Driver: Madwifi-ng
Chipset: Atheros AR5416 a/b/g/n
External Antenna: None
Comments: BT2's copy of madwifi cannot be detected. You will either need to download the latest driver from madwifi.org or from the cvs/svn trunk. The N part of this card will not work as there are no support under madwifi yet. Kismet could use the b and g portion of the card but n remains untouched. Slow network detection too with built-in antennas.
Update: Have a look at ath9k project.. no information on monitoring or injection but project looks promising.

Dlink DWL-650+

Driver : acx100
Chipset : Texas Instruments ACX100
Special Notes: Enable the drivers via KDE menu or cd /usr/src/drivers/acx100/ && insmod ./acx100.ko

got an error and modified it a bit and it worked. cd /usr/src/drivers/acx100 && insmod ./acx.ko

Dlink DWL-G650

Driver : Madwifi-ng
Chipset : Atheros AR5212 a/b/g
For Kismet, edit your kismet.conf file (/usr/local/etc/kismet.conf) to "source=madwifi_g,wifi0,Atheros"
Notice: To set up into Monitor Mode type:

airmon-ng start wifi0 
ifconfig ath1 up 
iwconfig ath1 mode Monitor

Dlink DWL-G630, 650+/-

Refer to this site for information.

Dlink DWL-G650M

Chipset: Atheros Communications, Inc. AR5005VL 802.11bg Wireless NIC (rev 01)

This chipset is not yet supported as it is a MIMO capable chip.

D-Link WNA-1330

Driver : Madwifi-ng
Chipset : Atheros

When the card is enabled and in monitor mode it can not change back to channel 1 via iwconfig commands.

iwconfig ath0 channel 1

Will not work. It will not COMPLAIN either. So unless you are actually double-checking the freq you are on, you don't know that it's not working.

To get the card back on channel 1 for monitoring, you'll have to ifconfig ath0 down, iwconfig ath0 channel 1, and then ifconfig ath0 up.[3]

Enterasys Roamabout 802.11 DS High Rate

Driver : orinoco_cs, wvlan_cs, wavelan_cs
Chipset : Hermes I
Mode : 802.11b only (11Mbps)
Driver capabilities : Connect + Monitor only
Driver Source 1 : http://www.nongnu.org/orinoco/
Driver Source 2 : http://www.projectiwear.org/~plasmahh/orinoco.html
Driver Source 3 : http://secure.enterasys.com/software/RoamAbout/CSIxD/linux/
Firmware supplied : Lucent/Agere 8.72
Firmware downloads source 1 : http://orinoco.gotchi.at/
Firmware downloads source 2 : http://www.andrewhakman.dhs.org/orinoco/files/
More information: http://airsnort.shmoo.com/orinocoinfo.html
Notes :

The firmware supplied cannot be used to monitor as orinoco_cs notes the firmware as buggy. Suggested to downgrade the firmware may help. You will need to downgrade to 7.52 and apply 3.2.1 patch.

http://gentoo-wiki.com/HOWTO_Orinoco_USB#Kismet Hermes I version for sniffing.

Update:

Theoretically one is able to use airjack to make hermes do some mitm attack however that will require more deeper analysis.

Gigabyte GN-WM01GT AirCruiserG Mach G

Driver : madwifi-ng
Chipset : Atheros
2.4Ghz 802.11b/g 108Mbps with internal antenna.
Notice : Seems to work 100%. Interface is: ath0

Lucent Technologies Orinoco Silver

Works perfectly out of the box. However, this card doesn't support packet injection because it is Hermes I based. It is perfect for wardriving and sniffing wireless networks though.

Note: see section: Enterasys Roamabout 802.11 DS High Rate

Linksys WPC11v4

Driver: rtl8180
Chipset: rtl8180
Notes: Requires terminal input of iwconfig and dhcpcd wlan0
Notes: Full capability including injection

Linksys WPC54G v3

Driver : bcm43xx
Chipset : Broadcom Corporation BCM4318 [AirForce One 54g] 802.11g Wireless LAN Controller (rev 02)
Subsystem: Linksys WPC54G-EU version 3 [Wireless-G Notebook Adapter]

Monitor mode currently supported but injection may or may not work. Apparently a new driver is coming out dubbed as b43 and is only available in either kernel 2.6.24 and wireless-2.6 git. Injection may not work even patching b43 drivers, in the meantime bcm43xx driver is outdated and has problems every now and then.

Motorola WN825G v2

Driver : bcm43xx
Chipset : Broadcom 4306

Card is recognized in response to "iwconfig" but LEDs do not illuminate until "ifconfig eth# up". Injection not tested but should work similarly to other Broadcom cards. See here for Broadcom injection.

NetGear MA401

Driver : HostAP
Chipset : Prism 2

To inject packets you have to load the HostAP driver. [4].

NetGear WPN511

Driver : Madwifi-ng
Chipset : Atheros
Comments: Monitor mode and packet injection supported. All current supported attack modes 0-5 tested and working perfect.

NetGear WPN511 - Range Max

Driver : Madwifi-ng
Chipset : Atheros AR5212 a/b/g
Internal Antenna: 2 x Hirose UF.L. One of them has connector the other does not have one soldered on.
Comments: Monitor mode and packet injection supported. Also known as WPN511GE, exactly the same chipset.

NetGear WG511T

Driver : Madwifi-ng
Chipset : Atheros
Notes: Works with Backtrack, (out of the box).

Supports all current Aireplay-NG attacks (-1,-2,-3,-4,-5)

If you can't get this card to run in Monitor mode try the following:

BT ~#airmon-ng stop ath0

BT ~#airmon-ng start wifi0

Then run iwconfig and check if ath0 is in Monitor mode. If it still isn't, try the following:

BT ~#ifconfig ath0 down

BT ~#airmon-ng start ath1

wifi0 should now parent ath1, and ath1 should be in Monitor mode. If it isn't, try:

BT ~#airmon-ng start wifi0

NetGear WAG511v2

Driver : Madwifi-ng
Chipset : Atheros

NetGear WG511 v1

Driver : prism54/p54
Chipset : Intersil PrismGT FullMAC
Notice : See here for Netgear's ambiguous naming of models.
lspci : 03:00.0 Network controller: Intersil Corporation ISL3890 [Prism GT/Prism Duette]/ISL3886 [Prism Javelin/Prism Xbow] (rev 01)

Works great with Backtrack 2 Final, have cracked many WEP keys. Supports packet injection. These cards are extremely rare but they sport 2x Hirose U.F.L connectors internally.

NetGear WG511 v2

Driver : prism54/p54
Chipset : Intersil PrismGT FullMAC
Notice : See here for Netgear's ambiguous naming of models.
lspci : 03:00.0 Network controller: Intersil Corporation ISL3890 [Prism GT/Prism Duette]/ISL3886 [Prism Javelin/Prism Xbow] (rev 01)

Like its brother NetGear WG511 v1 this one also works well except it only has 1x Hirose U.F.L connector. See here for information on external antenna hack.

NetGear WG511 v3

Driver : p54
Chipset : Conexant PrismGT SoftMAC
Notice : See here for Netgear's ambiguous naming of models.

This card requires compat-wireless or kernel build later than 2.6.24 mainly because its a softmac and it was not heavily supported until the release of p54. The release of p54 driver depends on mac80211 rather than ieee80211 (old and deprecated support for other softMAC based devices). Do not hold your breath for monitor/injection support either.

NetGear WG511v2

Chipset : Marvell
lspci : Marvell Technology Group Ltd. 88w8335 [Libertas] 802.11b/g Wireless (rev 03)
lspci -n : 11ab:1faa (rev 03)
FCC ID : PY3WG511V2H1
CANADA ID : 4054A-WG511V21
CE : 0470

There are no native linux driver support for this chip. If you want to gain native linux driver support, you should email Marvell directly.

Netgear WG511U

Driver : Madwifi-ng
Chipset: Atheros AR5212 a/b/g
External Antenna: None
Internal Antenna: 2 x Hirose UF.L. One of them has connector the other does not have one soldered on.

NetGear WPN511GR

Driver : Madwifi-ng
Chipset : Atheros

Netgear WPNT511

Driver: N/A *Windows only: ndiswrapper*
Chipset: Airgo AGN300 True MIMO
External Antenna: None
Comments: No linux drivers yet. Ndiswrapper may work for normal connection but nothing else.
Update: Linux native (alpha stage) available: http://sourceforge.net/projects/agnx80211driver/. This requires kernel version either 2.6.24 or wireless-git-2.6.24 package. Not recommended for beginners and not patched at all yet.

PROXIM ORiNOCO 802.11b/g Gold (Model: 8470-WD)

Driver : Madwifi-ng
Chipset : Atheros
Notice : To set monitor mode type "airmon-ng start wifi0" and then use ath1
If your card does not appear to be recognized when you first insert it, type "modprobe ath_pci" and then run "dmesg" again.
For Kismet, edit your Kismet.conf to "source=madwifi_g,wifi0,Atheros"

Windows Drivers and Client Software: http://support.proxim.com/cgi-bin/proxim.cfg/php/enduser/std_adp.php?p_faqid=1082

Linux Drivers: http://www.madwifi.org

Senao NL-2511CD/SL-2511CD PLUS EXT2

Driver : HostAP (wlan-ng drivers have been removed from BT2 final. See here to use HostAP driver)
Chipset : Prism 2.5
Firmware : 1.74 is suggested, check [here] for instructions.
FCC ID: NI3-2511CD-PLUS3
For Kismet, edit your Kismet.conf to "source=hostap,Wlan0,Prism2"
Notes: If you are using orinoco_cs drivers, you need to follow this as orinoco_cs is not recommended for this device.
To raise the output of this card to 250mw Not verified

Caution! This might destroy your card if you do not know exactly what your doing!
The change in readmif seems stable only in Master mode.

ifconfig wlan0 up
iwpriv wlan0 alc 0
iwpriv wlan0 readmif 116   [-> actual powertx value]
iwpriv wlan0 writemif 62 49 [-> I've no idea at all why "49"]
iwpriv wlan0 readmif 116  [-> now showing something around 252]

With a Spectran HF-2025E spectrum RF analyzer from elektrosmog.de
Here are the results: [5][6][7]
Force the card to give the maximum txpower.

iwpriv wlan0 alc0
iwpriv wlan0 writemif 62 128

Force the card to give the somewhat minimum txpower.

iwpriv wlan0 writemif 62 127

Sitecom WL-100b

Driver: bcm43xx
Chipset: Broadcom 4306
External Antenna: None
Notes: Tested with BackTrack 3 beta released on 14th December 2007, 700MB CD version (bt3b141207.iso).
Notes: Both monitor mode and packet injection work fine (with the following caveats below).
Notes: The wireless interface is eth1, and it must be "brought up" before use. The command to do this is:

ifconfig eth1 up

You will now see the "Power" and "Link" lights have turned on, which indicates that the card is ready for use.

Notes: When using the --arpreplay option of aireplay-ng, the default packet speed is too fast for the bcm43xx driver to handle, so it keeps crashing every hundred packets or so. To fix this, add option: "-x 30" to the command line, which will limit aireplay-ng to 30 packets per second. I've found that "30" is the highest value it can take without crashing. This will slow things down quite a bit, but not too badly and at least it works.

SMC 2532W-B

Driver : HostAP
Chipset : prism2.5

SMC SMC2536W-AG

Driver : Madwifi-ng
Chipset : Atheros AR5212 a/b/g
External Antenna : None

SMC WCB-G

Driver : Madwifi-ng
Chipset : Atheros

SWEEX LW051 ver:1.0

Driver : Madwifi-ng
Chipset : Atheros AR2413A
Notes: It is found at boot-up and is ready to go, but BT2 says it is a AR5212 which seems to make no difference. Packet injection works perfectly.

TP-link SuperG&eXtended Range 108M Wireless Cardbus Adapter(TL-WN610G)

Drivers : MadWifi-ng
Chipset : Atheros AR5212 802.11abg NIC (rev 01)

[External Antenna Modification]

TP-link eXtended Range 54M Wireless Cardbus Adapter (TL-WN510G)

Drivers : MadWifi-ng
Chipset : Atheros AR5212 b/g

Ubiquiti SRC

Driver : Madwifi-ng
Chipset : Atheros AR5212 a/b/g
FCC ID: SWX-SRC
lspci : 03:00.0 Ethernet controller: Atheros Communications, Inc. AR5212 802.11abg NIC (rev 01)

Product Page

Wistron WLAN 802.11a/b/g Cardbus CB9-GP

Driver : madwifi-ng
Chipset : Atheros AR5212

X-Micro WLAN 11g PCMCIA Card (XWL-11GPAG)

Driver : Madwifi-ng
Chipset : Atheros

ZCom XI-325HP+

Driver : HostAP
Chipset : Prism 2.5

Zyxel ZyAIR G-100 PCMCIA Card (FCC ID:N89-WE601l)

Driver : prism54
Chipset : Intersil PrismGT FullMAC

USB Dongles

Airlink101 AWLL3026

Driver : zydas
Chipset: zd1211rw
Nice USB Dongle. Inexpensive (<$10). Easy to antenna mod. Full capability and injection

ALFA Networks AWUS036H

Driver : rtl8187
Chipset : Realtek 8187
For Kismet, edit your Kismet.conf to "source=rt8180,wlan0,ALFA"

This card works out of the box including injection with BackTrack3.

Notes : There is a common misconception with regards to this device requiring two USB connectors. This device does not exactly need both USB connectors plugged in for it to work. The only reason why it was provided with two USB connectors is because of an instance whereby a person uses either an unpowered USB hub and/or the output from the computer's USB port is inadequate (very rare case for computers to do that, most do power their USB ports) and with other USB devices hooked onto either the unpowered USB hub or computer's USB ports there may not be enough power for the USB network dongle to work. So having the second USB connector plugged in gives the USB network dongle a slightly upper hand advantage in being provided with more power.

ALFA Networks AWUS036S

Driver : rt73
Chipset : Ralink RT73

This card works out of the box including injection with BackTrack3. You will need to ifconfig device up before you can set monitor mode, etc.

ASUS WL-167G

Driver : rt73 (older version rt2570)
Chipset : rt2571WF (older verson Ralink 2570)

Notice : Range is moderate but both monitor mode and injection work perfectly. Injects IV's at a very slow rate (about 300-500 IV's per minute), taking about 35 hours to collect 1,000,000 IV's.

AVM Fritz!Wlan USB V1.1

Driver : ndiswrapper
Chipset :Texas Instrument TNetW1450
Notice : NdisWrapper will never work with Aircrack-ng Suite

Notice : Works fine even with WPA/WPA2 encryption.Used ndiswrapper version 1.39 and the windows drivers from the cd.

Belkin F5D7050 V1

Driver : rt2570
Chipset : rt2571F

Worked fine upon boot. My version 3 card did not go into monitor mode.

Later versions (don't know which ones) use the bcm43xx chipset from broadcom. 'modprobe bcm43xx' then 'ifconfig -a' you will see your adapter as ethX

- It will not inject packets **

Belkin F5D7050 (4000 series)

Driver : zd1211rw
Chipset : zd1211b

Upon boot, works fine in monitor mode but doesn't inject packets. However, if you patch the kernel following the instructions at [8], packet injection works great. After patching, all of the various attacks (fragementation, chopchop, arp replay, fakeauth) work fine with aircrack-ng.

Belkin F5D7050B

Driver : rt73
Chipset: Ralink 2570

Works fine on boot including packet injection.

Notes: FCC ID k75-f5d7050b is reported to not being able to detect APs, possibly due to different radio chip.

Belkin F5D7050E

Driver : r8187
Chipset: Realtek RTL8187B
FCCID : K7SF5D7050E

You will need compat-wireless2.6 along with r8187 driver to get this working.

Belkin F5D7051

Driver : rt73+rt2570/rndis_wlan (mac80211_stack)
Chipset: rt2570/bcm4320

Belkin have changed the chipset that they use in the usb adapters apparently. They now use the bcm4320 chipset instead of the rt2570. The bcm4320 drivers will only work with rndis_wlan which requires mac80211. There will probably be no support for rndis_wlan in terms of monitoring/injecting.

Owners of the older version of the hardware (with rt2570) are recommended to use serialmonkey's/ASPj's driver which should already be included in the backtrack.

Buffalo Airstation G54 WLI-U2-KG54-AI (2A)

Driver : rt2570
Chipset : Ralink 2570

Chiefmax

Driver : RT73
Chipset : rt2571WF

D-Link DWL 122 (USB) F/W 3.2.1 H/W A1

Driver : wlan-ng
Chipset : prism 2.5
Notice : There are drivers for injection however they only work on 2.6.11 kernels or older.

D-Link DWL G122 (USB) F/W 2.03 B1

Driver : rt2570
Chipset : Ralink 2570
lsusb : Bus 1 Device 3: ID 2001:3c00 D-Link Corp. [hex] DWL-G122 802.11g rev. B1 [ralink]
Notice : rev. C1 uses [ralink] RT73

This dongle must be tweaked if u want to inject with it. Additionally, its covering is very limited, recommended a cantenna!!!

Rev B1 users read here VERY IMPORTANT (credit goes to allelectrix from aircrack-ng forum)

D-Link WUA-1340

Chipset: Ralink 2571 (RT73)
Driver : rt73
Chipset : Ralink
Notice : Follow instructions for using driver with aircrack-ng: http://www.aircrack-ng.org/doku.php?id=rt73

Edimax EW-7317UG

Driver: zd1211rw
Chipset: zd1211
Notice: After updating aircrack suite to aircrack-ng 1.0 dev. Monitor mode and packet injection supported.

Edimax EW-7318USG

Driver : rt73
Chipset : Ralink
Notice : Follow instructions for using driver with aircrack-ng: http://www.aircrack-ng.org/doku.php?id=rt73

Linksys WUSB54g v4

Driver : rt2570
Chipset : Ralink 2570

No problems with any injection (kismet, airodump...). Very good USB dongle.

Does not capture WPA/WPA2 handshake.Update driver to v.1.6.0

Extremely easy to antenna mod.

Linksys WUSB54g v4 users read here VERY IMPORTANT (credit goes to allelectrix from aircrack-ng forum)

Linksys WUSB54GC

Driver : RT73
Chipset : Ralink Technology, Corp. 802.11b/g WiFi
Notice 1: The interface is named rausb0, not eth0 or ath0 etc.
Notice 2: Built-in [BackTrack] Driver does not support fragmentation attack; however, the following driver does:

http://homepages.tu-darmstadt.de/~p_larbig/wlan/rt73-k2wrlz-2.0.1.tar.bz2

Needs activation before use

  bt ~ # ifconfig rausb0 up
  bt ~ # iwconfig rausb0 mode monitor

Everything works out of the BT3 box!

MicroEdge MEG55A Wireless-G USB Dongle

Driver : rt2570
Chipset : Ralink rt2570
Notice : Works fine out of the box. airmon-ng start rausb0 kicked straight into monitor mode, successfully reinjects packets while monitoring.

NetGear WG111v2

Driver : rtl8187/prism54(?)
Chipset : Realtek RTL-8187L / Intersil-Conexant GW3887
FCC ID : PY305400026 / PY3WG111V2

Be careful not all wg111v2 sticks have the realtek chipset the v2 with the word netgear set into the stick. To verify the differences, type `lsusb' when you have the device connected. Apparently, older versions of this card is equipped with Conexant and the later versions are with Realtek. There has been no easy way of identifying the difference between the two apart from checking the FCC ID or via plugging it in.

USB ID: 0846:6a00 is Realtek RTL-8187L chipset
USB ID: 0846:4240 is Intersil/Conexant GW3887 chipset

RTL8187L users : Drivers are available on the forum however the range on this card in my opinion is poor.
GW3887 users : Use p54usb driver. You will need firmware for this and the current status for monitoring/injection is unknown.

NetGear WG111T

Driver : ndiswrapper
Chipset : Atheros AR2112A-00
FCC ID: PY3WG111T
Notice : NdisWrapper will never work with Aircrack-ng Suite

You can breath life to your small USB-WG111T by doing the next steps:
1)Download and extract the driver (using wine?) from Netgear
As of 2008-03-29, driver 2.1 is here: http://kbserver.netgear.com/release_notes/d103172.asp
2)change to root shell 'sudo su -'
3)rmmod ndiswrapper
4)ndiswrapper -i netwg11t.inf
4)modprobe ndiswrapper
5)iwconfig

Netopia ter/gusb-e

Driver : rt2570
Chipset : Ralink Technology, Corp. 802.11g WiFi
Notice : works fine as i know

OvisLink Evo-w54usb

Driver : rt2570
Chipset : Ralink 2570
Notice : injection works, just have to "ifconfig rausb0 up" before anything

SafeCom SWMULZ-5400

Driver : zd1211rw
Chipset : zd1211b
Notice : Works with packet injection with new patch found in aircrack-ng 0.8

ZyDAS 1211

Driver : zd1211rw
Chipset : ZyDAS Chipset

Notice 1 (properly for BT2): For basic functionality, you need to get the firmware from [here], untar it to /usr/lib/firmware/ - reinsert the card and the firmware should load OK. Addendum: I had to unzip to /lib/firmware/zd1211, but after that it worked fine.

Notice 2 (for BT3): Test with 1211b / Lutec USB Stick:

Works out of the box in monitoring mode, runs as eth1 (on my box, yours may differ). Injection is possible without any driver or kernel modding, but ONLY with SpoonWEPs POS801 attack (didn´t find the according aireplay mode, airreplay standalone DID NOT work!). Besides, for me WEP cracking did only work like this - but then without any problems:

a.) "airodump-ng eth1", get bssid, close it

b.) start SpoonWEP. It´s only used for starting the correct airreplay mode.

c.) Select 2nd Attack Option (POS801..), this is the ONLY attack-mode which will work with 1211b!

d.) Close SpoonWEP`s WS-Dump window, keep SpoonWEP`s Mainwindow = aireplay thread running

e.) start airodump-ng again, dump data traffic now

f.) start aircrack-ng manually

g.) you are done!

for more help with the commands check: http://blip.tv/file/930698/

Conclusion: not perfect, but cheap USB-Dongle WEP-Cracking out of the box - without any patching - if u know what to do.

-> *NOOB-Compatibility Award*

Still, Realtek-USB-Chipset more recommended if u can find it, can run SpoonWEP without any hacks.

SMCWUSB-G EU

Appears to use a ZD1211 chipset.

MSI US54SE

Version 1

Appears to use a ZD1211 chipset.

Version 2

Uses rt73 chipset.
Notice: This particular rt73-Version is not supported, yet.

Hawking HWUG1

Driver: rt73
Chipset: ralink
Injection and monitor mode work fine, just have to "ifconfig rausb0 up" and it works

Hawking HWU8DD

Driver: Rev. A: unknown Rev.B: zd1211rw
Chipset: Rev. A: zd1211 (not supported) Rev. B: zd1211b (supported)
lsusb: Rev. A: unknown Rev. B: 0ace:1215 ZyDAS WLA-54L WiFi?
Credits: Talkie Toaster/openxs

The only way to tell the difference between Rev. A and Rev B. is by the sticker on the actual device (on the bottom) or the actual CD. Apart from that, on the box/packaging it would have vista ready sticker for Rev. B

Retrieved from "http://backtrack.offensive-security.com/index.php/HCL:Wireless"