Category Archives: Penetrationn testing

ALFA AWUS036H Set to max power

Vivek’s video is here.

This video discusses the Alfa card in some detail. The frequency range the card operates on depends on your country. This limits which channels can be used, and the transmission power. Vivek shows us how to change the current country so as to increase the number of channels available and transmit power.

0. Start backtrack, leave the alfa card disconnected.

1. Monitor kernel messages in one terminal:

tail -f /var/log/messages

2. Plug in you alfa card.

3. You should see lines in your kernel messages that read:

cfg80211: Calling CRDA to update world regulatory domain
cfg80211: World regulatory domain updated:
cfg80211:      (start_freq - end_freq @ bandwidth), (max_antenna_gain, max eirp)
cfg80211:      (2402000 KHz - 2472000 KHx @ 40000 KHz), (300 mBi, 2000 mBm)

You can check these frequency ranges against the Wifi frequency table (wikipedia).

Transmit power is measured in dBm. 30dBm = 1W.

The table in kernel messages show EIRP (effecive isotropic radiated power). It’s a measure of the effective transmit power of a device calculated as:

EIRP = Transmit Power (in dBm) + Antenna Gain (in dBi) – Cable loss (in dBm)

4. Bring up the alfa card, and select channel 1.

Open another terminal and enter the following:

ifconfig wlan0 up
iwconfig wlan0 channel 1

In the iwconfig output you should see that the frequency is listed as 2.412GHz and it’s transmiting at 20 dBm.

5. Change the transmit power of the card:

iwconfig wlan0 txpower 30

You’ll notice if you try this you get an error as follows:

Error for wireless request "Set Tx Power" (8B26) :
    SET failed on device wlan0 ; Invalid argument.

However, we can switch our card between regulatory domains:

ifconfig wlan0 down
iw reg set US
ifconfig wlan0 up

Look at your kernel message terminal. You should see that the regulatory domain has change to the US. And that the eirp has change to 2700 mBm for channel 1.

Try changing the power again:

iwconfig wlan0 txpower 27

However if you setting the power beyond 27 you’ll still receive and error. Setting a channel of 12 or above will also cause the following error:

Error for wireless request "Set Frequency" (8B04)
    SET failed on device wlan0 ; Invalid argument.

The least restrictive countries are BO and BZ. You can set these are before as:

ifconfig wlan0 down
iw reg set BO
ifconfig wlan0 up
iwconfig wlan0 channel 13
iwconfig wlan0 txpower 30

You should receive no errors. However you should be aware that using the card in this manner may be illegal in your country.

Update: You will have to perform these steps each time you power on your VM or physical device. You can toss the below script in your init.d dir so you wont need to remember. Again, not my work, just placing here for quick reference.

    ##iw reg set <your-country-code>
    iw reg set <insert-your-country-code-here-in-CAPITAL-LETERS>All country codes are in ‘CAPITAL LETTERS’

save & close text edoter

then put it in the /etc/init.d/ directory.

So in a terminal enter

    sudo cp ~/Desktop/ /etc/init.d/
    Then make the file you created executable.e.g.
    sudo chmod +x /etc/init.d/ To set it to run on startup
    sudo update-rc.d /etc/init.d/ defaults note ‘defaults’ puts a link to start ‘/etc/init.d/’ in run levels 2, 3, 4 and 5. and puts a link to stop ‘/etc/init.d/’ into run levels 0, 1 and 6.