Command '['iw', 'wlan0', 'interface', 'add', 'monwlan0', 'type', 'monitor']' returned non-zero exit status 161

Question

Command '['iw', 'wlan0', 'interface', 'add', 'monwlan0', 'type', 'monitor']' returned non-zero exit status 161

pococ31 opened this issue 2 years ago · 6 comments

Wifi NIC card: AWUS036ACH
Driver: https://gitlab.com/kalilinux/packages/realtek-rtl88xxau-dkms
OS; Ubuntu 22.04

While running the krackattack the script stopped with error "command failed: Operation not supported (-95)"
The full details are given below:

jammy_jelly@ jammy_jelly: sudo rfkill unblock wifi
jammy_jelly@ jammy_jelly: iwconfig

wlan0 unassociated ESSID:"" Nickname:"WIFI@REALTEK"
Mode:Managed Frequency=2.412 GHz Access Point: Not-Associated
Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off
Power Management:off
Link Quality=0/100 Signal level=0 dBm Noise level=0 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

jammy_jelly@ jammy_jelly: cd krackattacks-scripts-research/krackattack/
jammy_jelly@ jammy_jelly:~/krackattacks-scripts-research/krackattack$ sudo su
root@ jammy_jelly:/home/ jammy_jelly/krackattacks-scripts-research/krackattack# source venv/bin/activate
(venv) root@ jammy_jelly:/home/ jammy_jelly/krackattacks-scripts-research/krackattack# ./krack-test-client.py
[09:06:46] Note: disable Wi-Fi in network manager & disable hardware encryption. Both may interfere with this script.
command failed: Operation not supported (-95)
Traceback (most recent call last):
File "/home/ jammy_jelly/krackattacks-scripts-research/krackattack/./krack-test-client.py", line 663, in
attack.run(options=options)
File "/home/ jammy_jelly/krackattacks-scripts-research/krackattack/./krack-test-client.py", line 465, in run
self.configure_interfaces()
File "/home/ jammy_jelly/krackattacks-scripts-research/krackattack/./krack-test-client.py", line 455, in configure_interfaces
subprocess.check_output(["iw", self.nic_iface, "interface", "add", self.nic_mon, "type", "monitor"])
File "/usr/lib/python3.10/subprocess.py", line 420, in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
File "/usr/lib/python3.10/subprocess.py", line 524, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['iw', 'wlan0', 'interface', 'add', 'monwlan0', 'type', 'monitor']' returned non-zero exit status 161.
[09:06:46] Closing hostapd and cleaning up ...
(venv) root@ jammy_jelly:/home/ jammy_jelly/krackattacks-scripts-research/krackattack#

Answer 1 · 2023-02-09T05:43:07.000Z

Can you show the output of iw list while your network card is plugged in? Most likely it doesn't support virtual monitor interface and/or AP mode.

Answer 2 · 2023-02-09T06:43:16.000Z

jammy_jelly@jammy_jelly: lsusb
Bus 001 Device 002: ID 0bda:8812 Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter
jammy_jelly@jammy_jelly: iw list
Wiphy phy0
wiphy index: 0
max # scan SSIDs: 9
max scan IEs length: 2304 bytes
max # sched scan SSIDs: 0
max # match sets: 0
Retry short limit: 7
Retry long limit: 4
Coverage class: 0 (up to 0m)
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP-128 (00-0f-ac:4)
* CMAC (00-0f-ac:6)
Available Antennas: TX 0x2 RX 0x2
Supported interface modes:
* IBSS
* managed
* AP
* monitor
Band 1:
Capabilities: 0x1972
HT20/HT40
Static SM Power Save
RX Greenfield
RX HT20 SGI
RX HT40 SGI
RX STBC 1-stream
Max AMSDU length: 7935 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 16 usec (0x07)
HT Max RX data rate: 150 Mbps
HT TX/RX MCS rate indexes supported: 0-7
Bitrates (non-HT):
* 1.0 Mbps
* 2.0 Mbps
* 5.5 Mbps
* 11.0 Mbps
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 2412 MHz [1] (20.0 dBm)
* 2417 MHz [2] (20.0 dBm)
* 2422 MHz [3] (20.0 dBm)
* 2427 MHz [4] (20.0 dBm)
* 2432 MHz [5] (20.0 dBm)
* 2437 MHz [6] (20.0 dBm)
* 2442 MHz [7] (20.0 dBm)
* 2447 MHz [8] (20.0 dBm)
* 2452 MHz [9] (20.0 dBm)
* 2457 MHz [10] (20.0 dBm)
* 2462 MHz [11] (20.0 dBm)
* 2467 MHz [12] (20.0 dBm)
* 2472 MHz [13] (20.0 dBm)
* 2484 MHz [14] (20.0 dBm)
Band 2:
Capabilities: 0x1972
HT20/HT40
Static SM Power Save
RX Greenfield
RX HT20 SGI
RX HT40 SGI
RX STBC 1-stream
Max AMSDU length: 7935 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 16 usec (0x07)
HT Max RX data rate: 150 Mbps
HT TX/RX MCS rate indexes supported: 0-7
VHT Capabilities (0x03c031a2):
Max MPDU length: 11454
Supported Channel Width: neither 160 nor 80+80
short GI (80 MHz)
TX STBC
SU Beamformee
+HTC-VHT
VHT RX MCS set:
1 streams: MCS 0-9
2 streams: MCS 0-9
3 streams: not supported
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT RX highest supported: 867 Mbps
VHT TX MCS set:
1 streams: MCS 0-9
2 streams: MCS 0-9
3 streams: not supported
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT TX highest supported: 867 Mbps
Bitrates (non-HT):
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 5075 MHz [15] (30.0 dBm)
* 5080 MHz [16] (30.0 dBm)
* 5085 MHz [17] (30.0 dBm)
* 5090 MHz [18] (30.0 dBm)
* 5100 MHz [20] (30.0 dBm)
* 5120 MHz [24] (30.0 dBm)
* 5140 MHz [28] (30.0 dBm)
* 5160 MHz [32] (30.0 dBm)
* 5180 MHz [36] (30.0 dBm)
* 5200 MHz [40] (30.0 dBm)
* 5220 MHz [44] (30.0 dBm)
* 5240 MHz [48] (30.0 dBm)
* 5260 MHz [52] (30.0 dBm)
* 5280 MHz [56] (30.0 dBm)
* 5300 MHz [60] (30.0 dBm)
* 5320 MHz [64] (30.0 dBm)
* 5340 MHz [68] (30.0 dBm)
* 5360 MHz [72] (30.0 dBm)
* 5380 MHz [76] (30.0 dBm)
* 5400 MHz [80] (30.0 dBm)
* 5420 MHz [84] (30.0 dBm)
* 5440 MHz [88] (30.0 dBm)
* 5460 MHz [92] (30.0 dBm)
* 5480 MHz [96] (30.0 dBm)
* 5500 MHz [100] (30.0 dBm)
* 5520 MHz [104] (30.0 dBm)
* 5540 MHz [108] (30.0 dBm)
* 5560 MHz [112] (30.0 dBm)
* 5580 MHz [116] (30.0 dBm)
* 5600 MHz [120] (30.0 dBm)
* 5620 MHz [124] (30.0 dBm)
* 5640 MHz [128] (30.0 dBm)
* 5660 MHz [132] (30.0 dBm)
* 5680 MHz [136] (30.0 dBm)
* 5700 MHz [140] (30.0 dBm)
* 5720 MHz [144] (30.0 dBm)
* 5745 MHz [149] (30.0 dBm)
* 5765 MHz [153] (30.0 dBm)
* 5785 MHz [157] (30.0 dBm)
* 5805 MHz [161] (30.0 dBm)
* 5825 MHz [165] (30.0 dBm)
* 5845 MHz [169] (30.0 dBm)
* 5865 MHz [173] (30.0 dBm)
* 5885 MHz [177] (30.0 dBm)
Supported commands:
* set_interface
* new_key
* start_ap
* new_station
* set_bss
* join_ibss
* set_pmksa
* del_pmksa
* flush_pmksa
* remain_on_channel
* frame
* set_wiphy_netns
* set_channel
* connect
* disconnect
WoWLAN support:
* wake up on anything (device continues operating normally)
software interface modes (can always be added):
* monitor
interface combinations are not supported
Device supports SAE with AUTHENTICATE command
Device supports scan flush.
max # scan plans: 1
max scan plan interval: -1
max scan plan iterations: 0
Supported TX frame types:
* IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
Supported RX frame types:
* IBSS: 0xd0
* managed: 0x40 0xb0 0xd0
* AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* P2P-client: 0x40 0xd0
* P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
Supported extended features:
jammy_jelly@jammy_jelly:

Answer 3 · 2023-02-09T23:57:48.000Z

The RTL8812AU unfortunately isn't supported. See an older thread at #71

Answer 4 · 2023-02-13T06:45:19.000Z

I previously used ALFAUS036ACHM in kali15.05( using the mt76 driver) but it seems to have no option to disable hardware encryption/decryption and hence Krack-script was crashing #90

So now I shifted to
Wifi NIC card: AWUS036ACH
Driver: https://gitlab.com/kalilinux/packages/realtek-rtl88xxau-dkms
OS; Ubuntu 22.04
but this also I have to wait.

Can you recommend a WiFi adapter and driver, OS-version in which I can try krack-attack script successfully ?
I can try that in meantime...

Answer 5 · 2023-02-13T20:04:52.000Z

I've just tested some dongles that I had nearby. The following three worked:

Bus 003 Device 017: ID 148f:5572 Ralink Technology, Corp. RT5572 Wireless Adapter: "CSL Wireless Network Adaptor 1200 Mbps USB 3.0 AC1200 Dual Band WiFi Dongle USB WLAN Stick WLAN Stick 2.4 GHz Frequency Band WPS Button Windows 10"
https://www.amazon.de/dp/B0873BNBD8
Others with the same chip RT5572 likely also work, see https://deviwiki.com/wiki/Ralink_RT5572
Bus 003 Device 018: ID 0cf3:9271 Qualcomm Atheros Communications AR9271 802.11n: "TP-Link TL-WN722N" or "Technoethical N150 HGA"
https://tehnoetic.com/tet-n150hga?tag=modwiffir-20
Others with the same AR9271 chip should also work. This are hard to find, but nevertheless see https://deviwiki.com/wiki/Atheros_AR9271
Bus 003 Device 019: ID 0bda:8176 Realtek Semiconductor Corp. RTL8188CUS 802.11n WLAN Adapter
Others with the same chip RTL8188CUS likely also work, see https://deviwiki.com/wiki/0bda

Answer 6 · 2023-02-14T09:16:10.000Z

Thank you so much Mr. Vanhoefm for your valuable time. I close this issue. I will be looking for code updates for Alfa Cards from you.