rtw_8821ce / rtw_8822be (frame injection failed): 101 errors during runtime #354
Comments
|
Some information about the ERRORs and WARNINGs: You're running an outdated version of hcxpcapngtool It can't handle the new time resolution of hcxdumptool > v6.3.0
This is a driver problem. Packet injection is not working on this driver. BTW: Please read more here (especially the Realtek section): |
ZerBea
changed the title
|
A test on rtw_8821ce driver confirmed that packet injection is not working on this driver. There is nothing I can do. We have to wait for a driver fix. |
|
A frame injection test running aireplay-ng confirmed that the driver is not working as expected: I think we can close this report, because the problem is related to the driver (no frame injection). |
|
BTW: Terminate it after a period of a few minutes. If you got a message like this frame injection is not working (driver bug): |
ZerBea
changed the title
ZerBea
changed the title
ZerBea
changed the title
|
I reported this to bugzilla: |
|
Even though this is not the news I was hoping to hear thank you very much for testing, debugging and getting back to me so quickly! |
|
Some good news: |
|
Please notice: is outdated and not longer under maintenance: It will not get the fix. |
|
Thank you for keeping me updated! I'll keep an eye out for the 6.6 kernel release. |
|
Looks like kernel 6.6 will be a good one regarding rtw88 driver. The compiled custom kernel (6.6-RC7) is running fine. I do something between the traditional way |
|
Heyo, hope you are doing well, I'm back again! I have since updated to kernel version 6.6.0 but still getting the The injection tests: $ sudo hcxdumptool -F --rcascan=active
Requesting physical interface capabilities. This may take some time.
Please be patient...
interface information:
phy idx hw-mac virtual-mac m ifname driver (protocol)
---------------------------------------------------------------------------------------------
0 2 7440bb49dc95 96de07abfd6a + wlan0 rtw_8822be (NETLINK)
available frequencies: frequency [channel] tx-power of Regulatory Domain: 00
2412 [ 1] 20.0 dBm 2417 [ 2] 20.0 dBm 2422 [ 3] 20.0 dBm 2427 [ 4] 20.0 dBm
2432 [ 5] 20.0 dBm 2437 [ 6] 20.0 dBm 2442 [ 7] 20.0 dBm 2447 [ 8] 20.0 dBm
2452 [ 9] 20.0 dBm 2457 [ 10] 20.0 dBm 2462 [ 11] 20.0 dBm 2467 [ 12] 20.0 dBm
2472 [ 13] 20.0 dBm 2484 [ 14] 20.0 dBm 5180 [ 36] 20.0 dBm 5200 [ 40] 20.0 dBm
5220 [ 44] 20.0 dBm 5240 [ 48] 20.0 dBm 5260 [ 52] 20.0 dBm 5280 [ 56] 20.0 dBm
5300 [ 60] 20.0 dBm 5320 [ 64] 20.0 dBm 5500 [100] 20.0 dBm 5520 [104] 20.0 dBm
5540 [108] 20.0 dBm 5560 [112] 20.0 dBm 5580 [116] 20.0 dBm 5600 [120] 20.0 dBm
5620 [124] 20.0 dBm 5640 [128] 20.0 dBm 5660 [132] 20.0 dBm 5680 [136] 20.0 dBm
5700 [140] 20.0 dBm 5720 [144] 20.0 dBm 5745 [149] 20.0 dBm 5765 [153] 20.0 dBm
5785 [157] 20.0 dBm 5805 [161] 20.0 dBm 5825 [165] 20.0 dBm
scan frequencies: frequency [channel] of Regulatory Domain: 00
2412 [ 1] 2417 [ 2] 2422 [ 3] 2427 [ 4] 2432 [ 5]
2437 [ 6] 2442 [ 7] 2447 [ 8] 2452 [ 9] 2457 [ 10]
2462 [ 11] 2467 [ 12] 2472 [ 13] 2484 [ 14] 5180 [ 36]
5200 [ 40] 5220 [ 44] 5240 [ 48] 5260 [ 52] 5280 [ 56]
5300 [ 60] 5320 [ 64] 5500 [100] 5520 [104] 5540 [108]
5560 [112] 5580 [116] 5600 [120] 5620 [124] 5640 [128]
5660 [132] 5680 [136] 5700 [140] 5720 [144] 5745 [149]
5765 [153] 5785 [157] 5805 [161] 5825 [165]
This is a highly experimental penetration testing tool!
It is made to detect vulnerabilities in your NETWORK mercilessly!
BPF is unset! Make sure hcxdumptool is running in a 100% controlled environment!
Initialize main scan loop...
CHA FREQ BEACON RESPONSE S MAC-AP ESSID SCAN-FREQUENCY: 2432
--------------------------------------------------------------------------
1 2412 14:01:29 + a8...52 {SSID} [0]
1 2412 14:01:28 + 4e...1b {SSID} [0]
1 2412 14:01:28 + 72...1e [0]
1 2412 14:01:28 + bc...37 {SSID} [0]
1 2412 14:01:28 + 7e...ea {SSID} [0]
1 2412 14:01:28 + 8d...d9 [0]
1 2412 14:01:28 + 9e...d2 {SSID} [0]
161 5805 14:01:27 + ae...16 {SSID} [0]
157 5785 14:01:27 + ad...e8 [0]
157 5785 14:01:27 bb...e8 [0]
157 5785 14:01:27 + fb...8e {SSID} [0]
149 5745 14:01:26 + 8e...f6 [0]
6 2437 14:01:15 e8...b1 [0]
6 2437 14:01:15 + 5e...9f {SSID} [0]
6 2437 14:01:14 + 40...43 {SSID} [0]
^C
10 ERROR(s) during runtime
10542 Packet(s) captured by kernel
835 Packet(s) dropped by kernel
Warning: no PROBERESPONSES received (frame injection may not work as expected)
Possible reasons:
no AP in range
frames are filtered out by BPF
driver is broken
driver does not support frame injection
exit on sigterm
---
$ sudo aireplay-ng --test wlan0
14:02:13 Trying broadcast probe requests...
14:02:15 No Answer...
14:02:15 Found 4 APs
14:02:15 Trying directed probe requests...
14:02:15 D6...85 - channel: 6 - {SSID}
14:02:21 0/30: 0%
14:02:21 5E...9D - channel: 6 - ''
14:02:22 Ping (min/avg/max): 1.039ms/38.736ms/170.404ms Power: -77.72
14:02:22 29/30: 96%
14:02:22 Injection is working!
14:02:22 5E...9F - channel: 6 - {SSID}
14:02:26 Ping (min/avg/max): 1.019ms/17.460ms/70.213ms Power: -78.00
14:02:26 18/30: 60%
14:02:26 9C...42 - channel: 6 - {SSID}
14:02:33 0/30: 0%
Dump error: $ sudo hcxdumptool -i wlan0 -w dumpfile.pcapng
CHA LAST R 1 3 P S MAC-AP ESSID (last seen on top) SCAN-FREQUENCY: 2412
-----------------------------------------------------------------------------------------
1 13:57:12 + 18...d3 {SSID}
1 13:57:12 + ae...97
1 13:57:12 88...bb
1 13:57:12 + 88...47
1 13:57:12 + 88...46 {SSID}
1 13:57:12 + 90...23
1 13:57:12 b6...d2
1 13:57:12 + ac...d2 {SSID}
1 13:57:12 + 42...51
1 13:57:12 + a6...d2
1 13:57:12 + 9c...f2 {SSID}
1 13:57:12 + 70...4d
1 13:57:12 + bc...97 {SSID}
1 13:57:12 + a8...15 {SSID}
1 13:57:12 + 70...4a {SSID}
1 13:57:12 + 82...51
1 13:57:12 70...54
1 13:57:12 + 70...4b
1 13:57:12 + 88...49
1 13:57:12 + 18...d3 {SSID}
LAST E 2 MAC-AP-ROGUE MAC-CLIENT ESSID (last seen on top)
-----------------------------------------------------------------------------------------
103 ERROR(s) during runtime
1585 Packet(s) captured by kernel
837 Packet(s) dropped by kernel
1 SHB written to pcapng dumpfile
1 IDB written to pcapng dumpfile
1 ECB written to pcapng dumpfile
55 EPB written to pcapng dumpfile
exit on errorNew info: $ lsb_release -a
No LSB modules are available.
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2023.4
Codename: kali-rolling
$ uname -a
Linux Captain 6.6.4 #2 SMP PREEMPT_DYNAMIC x86_64 GNU/Linux
$ hcxdumptool --version
hcxdumptool 6.3.2-73-gc32827d (C) 2023 ZeroBeat
running on Linux kernel 6.6.4
running GNU libc version 2.37
compiled by gcc 13.2.0
compiled with Linux API headers 6.5.6
compiled with GNU libc headers 2.37
enabled REALTIME DISPLAY
enabled GPS support
disabled BPF compiler
$ hcxpcapngtool --version
hcxpcapngtool 6.3.2-15-g80c151f (C) 2023 ZeroBeat
|
|
That is not a problem of hcxdumptool. It looks like the PCIe device has been deactivated by ASPM, This is the status of my rtw_8821ce after ASPM has been disabled running kernel: |
|
BTW: Some words about KALI. |
|
Please notice that there are still some open bugs: Also please notice that it is in general not a good idea to use internal PCIe devices: |
|
kali-linux-2023.4 and wifislax64-3.4-final Test using 8812bu (Chipset: rtw_8822be) cannot capture to PMKID run command . . . seems no error |
|
8812bu is an out of tree kernel driver - it is not part of the Linux stock kernel: There are several different drivers out in the wildness. Some of them may support packet injection and some not: An overview is here: |
Running into
101 errors during runtimeerror after <60sec of capturing handshakes, when trying to recapture again it will show the same error in <10 secs.The first pcapng file looks fine and I can also
hcxpcapngtoolwithout issue (only warning), the second file it will throwmissing frameserrors.OS, env, etc.:
The text was updated successfully, but these errors were encountered: