Linux on the MSI S270

Wireless network

The Inprocomm IPN 2220

The mini-pci wireless network card is an IPN2220. Since there are no native linux drivers for it you'll need ndiswrapper. Ndiswrapper uses the windows drivers to get the card working. You'll most probably be missing various unimportant functions like master and monitor mode, but them's the breaks.

Installing Ndiswrapper

Download and compile. Since version 1.5 you don't need any special "AMD64" options.

Download neti2220X64.zip and use the .inf driver.

# ndiswrapper -i neti2220X64.inf
# ndiswrapper -l
Installed ndis drivers:
neti2220x64             driver present, hardware present

WEP and WPA

There are essentially two types of encryption available for wireless networks (three if you count "no encryption"): there's WEP and WPA. WEP is a piece of cake to crack. WPA is also crackable but only by brute-force, which isn't really cracking if you think about it. See the paragraph about cracking WEP lower down on this page.

Connecting to WEP networks only

I've found that Gentoo's weird and wonderful /etc/conf.d/wireless file to be non-functional and therefore wrote a series of scripts to connect to WEP networks.

ifconfig wlan0 up
iwconfig wlan0 mode managed essid NETWORKID key s:PASSWORD
iwconfig
pump -i wlan0

The third line isn't really necessary, I just like to see what's happening.

Connecting to WPA and/or WEP networks

Since finding out first-hand how unsecure a WEP network is, I've bought a WPA-capable router/AP and installed wpa_supplicant. With wpa_supplicant you can connect to WPA-protected networks, and WEP networks.

As per usual, installing wpa_supplicant is beyond the scope of this page. Once installed, you'll need a wpa_supplicant.conf file. Here is mine:

ctrl_interface=/var/run/wpa_supplicant

network={
        ssid="ESSIDWPA"
        psk="WPAPASSWORD"
}

network={
        ssid="ESSIDWEP"
        key_mgmt=NONE
        wep_key0="WEPPASSWORD"
        wep_tx_keyidx=0
}

The above example file includes two examples, one for WPA and another for WEP.

Note: After starting wpa_supplicant you'll probably experience a several (2-3) minute wait before getting an IP-address. I'm not sure if this is normal, since using scripts to connect to a WEP network takes no more than a few seconds. I'll update this page if I find out more about the delay.

How to crack WEP

Cracking WEP is criminally easy. You basically need three tools: airodump and aircrack and a network card that isn't an IPN2220. I use a RT2500 USB-based dongle for this. Cracking WEP consists of you sitting around on your ass while your wireless card captures/dumps enough packets from the network for aircrack to parse. Typically you'll need about 800.000 packets to crack 128bit WEP.

Once again: You can't use the IPN2220 to crack networks because it doesn't support monitor mode. Buy an external USB network dongle (or whatever) to crack networks. Maybe, some time in the future, ndiswrapper will support monitor mode with this card.

How to crack WEP in three easy steps

Find out which network you want to crack.
You can use kismet or iwlist scan for this, but if you already know the essid and channel of the target network you can skip this step.
Use airodump on that network/channel until you have enough packets.
```
# airodump WLAN0 FILENAME
```
Run aircrack on the capture file.
```
# aircrack FILENAME.CAP
```

A few caveats

The network has to be relatively active. If it is only used to check email once a day you'll probably be waiting for a few months to get the packets you need. If people are downloading lots of stuff you'll be done in a few hours.
You can inject packets into the network to speed up the collection process, but I understand that it can arouse suspicion.
Likewise, forcing people off the network in order to spoof their MAC address will also arouse suspicion.

Linux on S270