Pictures that were promised earlier

Saturday 23 January 2010 at 9:11 pm (for those not following, my RTL8187 wireless card came with these:)

Something else for a change - RTL8187 USB devices in Kismet on OS X

Saturday 23 January 2010 at 8:56 pm Firstly, the StackBook project is no further than it was. StackOS needs a rewrite to make it behave better (you learn how to do these things after it's too late). I still haven't found a suitable hinge either... must get to that.

Anyway, I decided to get my hands on a RTL8187 USB card and a "9"dbi antenna (9 is in quotes because I know a manufacturer who makes a similar one, and they claim it is a 7) to go with it. Entertainingly, this card comes with a pressed BackTrack 3 CD... and Chinese instructions for such. I will post some pictures later. Pictures are here.

The card works fine with the RTL8187 drivers in KisMac. And it works with Kismet on Debian running on my EEE 701SD. Kismet on OS X, however, does not support this device. To fix that, I have created rtl8187_tuntap. This is a daemon that drives the USB card using KisMac's userspace USB driver framework, and passes the packets out over a tap interface.

At the moment it uses IOKit to talk to the card over USB. It should theoretically be possible to port it to use libusb and make it crossplatform (the ObjC code doesnt do anything particularly nonportable - and the CoreFoundation stuff could be replaced). On Linux, this is not terribly useful, as there already exists monitor mode drivers for these cards. But on Windows, the possibility is there. Yes, you heard me - monitor mode on Windows - but it is not a high priority. Go and install Linux.

To get it to run, build it with XCode, and ensure the UsbVendorsRTL8187.plist file is in with the built binary. It's in the Build/Debug folder. Cd into the directory and run it as root (sudo ./rtl8187tuntap).

If you don't have the OS X tun/tap installed, install it.

If all goes right, you should see an iteration of all your USB devices, and then:

2010-01-23 20:32:11.167 rtl8187tuntap[2050:e07] Start capture
2010-01-23 20:32:14.751 rtl8187tuntap[2050:e07] Capture started
2010-01-23 20:32:14.893 rtl8187tuntap[2050:e07] Now recieving frames


At this point, it then is reading packets and reporting them out via tap0.

Now for the Kismet side: You need at least revision 3010 of the SVN development sources. Compile and configure it with the source interface tap0 (it will autodetect the source type).

To Do

• Why doesn't signal strength work? It is being reported in the header...


• Write as a Kismet plugin.


• Implement channel hopping - at the moment you can change channel by writing a number to /tmp/rtl8187_channel - and i suggest using cat > not echo as the pipe can only be opened once (must fix that). This will come with it being a kismet plugin.


• Clean up the log outputs...


• Tun/Tap on Mac OS X does not have an option to change the DLT (data link type) - and as a result no other software besides Kismet will behave right because it is told that the header format is a standard ethernet packet. I am told that Dragorn attempted to correct this, but the developers were not interested.

Now for the important bit: Download rtl8187tuntap v4.

Any bugs etc - leave me a comment.