Cisco Aironet 350, WEP, and Linux
Written by: Doug Jenkinson
Article
I'm a big Linux fan. It's fun to play around with. I've even done a hard drive install of Knoppix onto my laptop so I can muck about and learn Linux. I'm using KDE and its quite lovely. I've had a few issues integrating Linux with the rest of my Windows network. But Google has proven to be an exceptional teacher.
Among the most critical of my endeavours has been the use of my Laptop on my wireless network. I've been using a Cisco Aironet 350 connecting to a DLink DI-614+ access point. It works marvelously without WEP, but that's not good enough for me. Unfortunately, WEP is the only form of encryption the access point offers. And while WEP isn't the best, it is still better than nothing and will keep the casual packet sniffer away.
Using iwconfig doesn't seem to work correctly with the Aironet 350 when trying to set WEP keys but works for doing everything else. However there are work-arounds for this.
Under Linux, the Aironet 350 is exposed under the /proc filesystem. Specifically, /proc/driver/aironet/ethX where ethX is the wireless card (usually eth0 or eth1). Inside that directory are a few "files", actually hooks into the kernel.
Doing an ls -l gives us the following:
-rw-r--r-- 1 root root 0 Oct 2 17:49 APList
-rw-r--r-- 1 root root 0 Oct 2 17:49 BSSList
-rw-r--r-- 1 root root 0 Oct 2 17:49 Config
-rw-r--r-- 1 root root 0 Oct 2 17:49 SSID
-r--r--r-- 1 root root 0 Oct 2 17:49 Stats
-r--r--r-- 1 root root 0 Oct 2 17:49 StatsDelta
-r--r--r-- 1 root root 0 Oct 2 17:49 Status
-rw-r--r-- 1 root root 0 Oct 2 17:49 WepKey
Try doing a cat Config or cat Status and they print out information despite their file-size of 0.
Of interest to us, is WepKey. Which contains, surprise surprise, our WEP keys. And, WepKey is a writeable file. So we can use echo to activate WEP keys.
#>echo 0 hh:hh:hh:hh:hh > WepKey (with the WEP key in hex). This works with both 64 and 128bit keys.
You can put this into a shell script to automate this if you wanted, like something below:
Source Code
aironet_wep.sh
#! /bin/bash
# Variables for settings.
DEV=eth1 #I'm using eth1, but change this to whatever your wifi card is.
SSID=any #Replace this with your AP's SSID or leave as any for any AP.
CHANNEL=6 #Set the channel of your AP.
# The Aironet supports multiple (up to 5) keys. So set them here, if you have more than one.
# This can be used for a home/work set up.
WepKeys[0]="hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh"
WepKeys[1]="hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh"
WepKeys[2]="hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh"
WepKeys[3]="hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh"
WepKeys[4]="hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh"
WepKeyToUse=0 #And select which key to use here.
AironetWepKey=($WepKeyToUse+1) #Don't change this line.
# Stop the network adapter, disconnect from any networks, etc.
ifconfig $DEV down
# Set the SSID and channel
iwconfig $DEV essid $SSID channel $CHANNEL
# Set the WEP key
echo "$WepKeyToUse ${WepKeys[$WepKeyToUse]}" > /proc/driver/aironet/$DEV/WepKey
# Set Restricted mode and make the first (numbered 0) active
iwconfig $DEV key restricted [$AironetWepKey]
# If you need to undo the WEP set up, uncomment the following line.
# iwconfig $DEV key off channel $CHANNEL
# And activate the changes
ifconfig $DEV up
# Ideally, you're now connected.
pump -i $DEV #Ask for an IP address from the AP's DHCP.
# I use this to let me know when the script is done, and it gives me the config of the device.
# Uncomment this if you use KDE and what to see this.
# kdialog --title $DEV --passivepopup "`ifconfig $DEV`" 10 &
The only downside to using this method is that the WEP key is written to the card itself, and thus not temporary (it's permanant until overwritten, and will not be lost if the wireless card loses power). If you do opt to try the script, don't forget to chmod u+x aironet_wep.sh.
I've been using this, and it seems to work rather well. So, I'm happy.
Downloads
You can download the script.
Revisions
- v1.0 (2 Oct 2005) - Article published.
