Daily Archives: 2018-05-18

VoCore2: Monitor/Sniffer on WiFi

It is pretty simple by using mt7628.ko(or directly use firmware http://vonger.cn/misc/vocore2/20180419V.bin)

First install libpcap.ipk and tcpdump.ipk

Then MonitorMode=2 is MONITOR_MODE_FULL, =1 is MONITOR_MODE_REGULAR_RX, =0 is OFF.

ifconfig mon0 up
iwpriv ra0 set MonitorMode=2
tcpdump -i mon0 -w /tmp/store.cap -vv

or tcpdump -i ra0 -w /tmp/store.cap -vv

The raw data is saved to /tmp/store.cap.
Now we can use wireshark to read store.cap, check the data we get from net. 🙂

PS: CMCC-XXX is everywhere, noise…

VoCore2: Show Multiple SSIDs(up to 16 SSID)

Today when I hack the mt7628 driver, I find this hidden feature( maybe not hidden, but at least no documentation at all )

Example come first, if we want 4 different SSIDs in same VoCore2, need to setting up /etc/wireless/mt7628/mt7628.dat

This is only works for mediatek wifi driver mt7628.ko, not sure if mt76 works.

Modify BssidNum, set it to 4.

BssidNum=4
SSID1=VoCore2
SSID2=VoCore2-GUEST
SSID3=VoCore2-HOST
SSID4=VoCore2-NAS

Then reboot, you will find four raX device in your device list.

ra1       Available private ioctls :
          set              (8BE2) : set 1536 char  & get   0      
          show             (8BF1) : set 1024 char  & get   0      
          get_site_survey  (8BED) : set   0       & get 1024 char 
          set_wsc_oob      (8BF9) : set 1024 char  & get 1024 char 
          get_mac_table    (8BEF) : set 1024 char  & get 1024 char 
          e2p              (8BE7) : set 1024 char  & get 1024 char 
          bbp              (8BE3) : set 1024 char  & get 1024 char 
          mac              (8BE5) : set 1024 char  & get 1024 char 
          rf               (8BF3) : set 1024 char  & get 1024 char 
          get_wsc_profile  (8BF2) : set 1024 char  & get 1024 char 
          get_ba_table     (8BF6) : set 1024 char  & get 1024 char 
          stat             (8BE9) : set 1024 char  & get 1024 char 

br-lan    no private ioctls.

mon0      Available private ioctls :
          set              (8BE2) : set 1536 char  & get   0      
          show             (8BF1) : set 1024 char  & get   0      
          get_site_survey  (8BED) : set   0       & get 1024 char 
          set_wsc_oob      (8BF9) : set 1024 char  & get 1024 char 
          get_mac_table    (8BEF) : set 1024 char  & get 1024 char 
          e2p              (8BE7) : set 1024 char  & get 1024 char 
          bbp              (8BE3) : set 1024 char  & get 1024 char 
          mac              (8BE5) : set 1024 char  & get 1024 char 
          rf               (8BF3) : set 1024 char  & get 1024 char 
          get_wsc_profile  (8BF2) : set 1024 char  & get 1024 char 
          get_ba_table     (8BF6) : set 1024 char  & get 1024 char 
          stat             (8BE9) : set 1024 char  & get 1024 char 

ra2       Available private ioctls :
          set              (8BE2) : set 1536 char  & get   0      
          show             (8BF1) : set 1024 char  & get   0      
          get_site_survey  (8BED) : set   0       & get 1024 char 
          set_wsc_oob      (8BF9) : set 1024 char  & get 1024 char 
          get_mac_table    (8BEF) : set 1024 char  & get 1024 char 
          e2p              (8BE7) : set 1024 char  & get 1024 char 
          bbp              (8BE3) : set 1024 char  & get 1024 char 
          mac              (8BE5) : set 1024 char  & get 1024 char 
          rf               (8BF3) : set 1024 char  & get 1024 char 
          get_wsc_profile  (8BF2) : set 1024 char  & get 1024 char 
          get_ba_table     (8BF6) : set 1024 char  & get 1024 char 
          stat             (8BE9) : set 1024 char  & get 1024 char 

lo        no private ioctls.

eth0.1    no private ioctls.

apcli0    Available private ioctls :
          set              (8BE2) : set 1536 char  & get   0      
          show             (8BF1) : set 1024 char  & get   0      
          get_site_survey  (8BED) : set   0       & get 1024 char 
          set_wsc_oob      (8BF9) : set 1024 char  & get 1024 char 
          get_mac_table    (8BEF) : set 1024 char  & get 1024 char 
          e2p              (8BE7) : set 1024 char  & get 1024 char 
          bbp              (8BE3) : set 1024 char  & get 1024 char 
          mac              (8BE5) : set 1024 char  & get 1024 char 
          rf               (8BF3) : set 1024 char  & get 1024 char 
          get_wsc_profile  (8BF2) : set 1024 char  & get 1024 char 
          get_ba_table     (8BF6) : set 1024 char  & get 1024 char 
          stat             (8BE9) : set 1024 char  & get 1024 char 

ra3       Available private ioctls :
          set              (8BE2) : set 1536 char  & get   0      
          show             (8BF1) : set 1024 char  & get   0      
          get_site_survey  (8BED) : set   0       & get 1024 char 
          set_wsc_oob      (8BF9) : set 1024 char  & get 1024 char 
          get_mac_table    (8BEF) : set 1024 char  & get 1024 char 
          e2p              (8BE7) : set 1024 char  & get 1024 char 
          bbp              (8BE3) : set 1024 char  & get 1024 char 
          mac              (8BE5) : set 1024 char  & get 1024 char 
          rf               (8BF3) : set 1024 char  & get 1024 char 
          get_wsc_profile  (8BF2) : set 1024 char  & get 1024 char 
          get_ba_table     (8BF6) : set 1024 char  & get 1024 char 
          stat             (8BE9) : set 1024 char  & get 1024 char 

ra0       Available private ioctls :
          set              (8BE2) : set 1536 char  & get   0      
          show             (8BF1) : set 1024 char  & get   0      
          get_site_survey  (8BED) : set   0       & get 1024 char 
          set_wsc_oob      (8BF9) : set 1024 char  & get 1024 char 
          get_mac_table    (8BEF) : set 1024 char  & get 1024 char 
          e2p              (8BE7) : set 1024 char  & get 1024 char 
          bbp              (8BE3) : set 1024 char  & get 1024 char 
          mac              (8BE5) : set 1024 char  & get 1024 char 
          rf               (8BF3) : set 1024 char  & get 1024 char 
          get_wsc_profile  (8BF2) : set 1024 char  & get 1024 char 
          get_ba_table     (8BF6) : set 1024 char  & get 1024 char 
          stat             (8BE9) : set 1024 char  & get 1024 char 

eth0      no private ioctls.

eth0.2    no private ioctls.

apcli1    Available private ioctls :
          set              (8BE2) : set 1536 char  & get   0      
          show             (8BF1) : set 1024 char  & get   0      
          get_site_survey  (8BED) : set   0       & get 1024 char 
          set_wsc_oob      (8BF9) : set 1024 char  & get 1024 char 
          get_mac_table    (8BEF) : set 1024 char  & get 1024 char 
          e2p              (8BE7) : set 1024 char  & get 1024 char 
          bbp              (8BE3) : set 1024 char  & get 1024 char 
          mac              (8BE5) : set 1024 char  & get 1024 char 
          rf               (8BF3) : set 1024 char  & get 1024 char 
          get_wsc_profile  (8BF2) : set 1024 char  & get 1024 char 
          get_ba_table     (8BF6) : set 1024 char  & get 1024 char 
          stat             (8BE9) : set 1024 char  & get 1024 char 

Now we can use every ra0, ra1, ra2, ra3 same time by one VoCore2. 🙂
And we can setting network, firewall to use them for guest, nas etc…

PS: it support up to 16 ssids, you need to modify its setting in the same file.

Have fun!

mine is working so well.