diff --git a/research/ath9k-firmware/0001-Do-not-modify-sequence-number-of-injected-frames.patch b/research/ath9k-firmware/0001-Do-not-modify-sequence-number-of-injected-frames.patch new file mode 100644 index 000000000..f0713cdab --- /dev/null +++ b/research/ath9k-firmware/0001-Do-not-modify-sequence-number-of-injected-frames.patch @@ -0,0 +1,74 @@ +From 6bdda82886a2e65cbac47d96eb45a205c951353d Mon Sep 17 00:00:00 2001 +From: Mathy +Date: Sun, 1 Mar 2020 04:53:33 -0500 +Subject: [PATCH] Do not modify sequence number of injected frames + +This was tested on Debian for a device purely in monitor mode, and +for a device that had both a managed client interface and a monitor +interface. +--- + install.sh | 23 +++++++++++++++++++++++ + target_firmware/wlan/if_owl.c | 6 ++++++ + 2 files changed, 29 insertions(+) + create mode 100755 install.sh + +diff --git a/install.sh b/install.sh +new file mode 100755 +index 0000000..d620f78 +--- /dev/null ++++ b/install.sh +@@ -0,0 +1,23 @@ ++#!/bin/bash ++set -e ++ ++# Make backup of original firmware ++if [[ ! -e /usr/lib/firmware/htc_7010.fw.backup ]]; ++then ++ cp /usr/lib/firmware/htc_7010.fw /usr/lib/firmware/htc_7010.fw.backup ++ cp /usr/lib/firmware/htc_9271.fw /usr/lib/firmware/htc_9271.fw.backup ++ echo "Made backup of original files (old directory)" ++fi ++ ++if [[ ! -e /usr/lib/firmware/ath9k_htc/htc_7010-1.4.0.fw.backup ]]; ++then ++ cp /usr/lib/firmware/ath9k_htc/htc_7010-1.4.0.fw /usr/lib/firmware/ath9k_htc/htc_7010-1.4.0.fw.backup ++ cp /usr/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw /usr/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw.backup ++ echo "Made backup of original files (new directory)" ++fi ++ ++cp target_firmware/htc_*.fw /usr/lib/firmware/ ++cp target_firmware/htc_7010.fw /usr/lib/firmware/ath9k_htc/htc_7010-1.4.0.fw ++cp target_firmware/htc_9271.fw /usr/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw ++echo "Copied compiled firmware to the system" ++ +diff --git a/target_firmware/wlan/if_owl.c b/target_firmware/wlan/if_owl.c +index 6dda78c..3058efc 100755 +--- a/target_firmware/wlan/if_owl.c ++++ b/target_firmware/wlan/if_owl.c +@@ -837,10 +837,14 @@ static void ath_tgt_tx_seqno_normal(struct ath_tx_buf *bf) + + INCR(ni->ni_txseqmgmt, IEEE80211_SEQ_MAX); + ++ // Mathy: this field doesn't seem to influence seqno of injected frames + bf->bf_seqno = (tid->seq_next << IEEE80211_SEQ_SEQ_SHIFT); + ++#if 0 ++ // Mathy: this DOES influence seqno of injected frames + *(u_int16_t *)wh->i_seq = adf_os_cpu_to_le16(bf->bf_seqno); + wh->i_seq[0] |= fragno; ++#endif + + if (!(wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG)) + INCR(tid->seq_next, IEEE80211_SEQ_MAX); +@@ -931,6 +935,8 @@ static a_int32_t ath_tgt_txbuf_setup(struct ath_softc_tgt *sc, + bf->bf_shpream = AH_FALSE; + + bf->bf_flags = HAL_TXDESC_CLRDMASK; ++ // Mathy: to prevent seqno from being overwritten in injected ++ // frames, this doesn't have to be set to PSPOLL. + bf->bf_atype = HAL_PKT_TYPE_NORMAL; + + return 0; +-- +2.20.1 + diff --git a/research/ath9k-firmware/README.md b/research/ath9k-firmware/README.md new file mode 100644 index 000000000..3c48df9c6 --- /dev/null +++ b/research/ath9k-firmware/README.md @@ -0,0 +1,3 @@ +The two firmware images in this directory are patched so the sequence number +of injected frames is not overwritten. This patch is on top of the public +open ath9k_htc firmware. diff --git a/research/ath9k-firmware/htc_7010.fw b/research/ath9k-firmware/htc_7010.fw new file mode 100644 index 000000000..abe2f4cee Binary files /dev/null and b/research/ath9k-firmware/htc_7010.fw differ diff --git a/research/ath9k-firmware/htc_9271.fw b/research/ath9k-firmware/htc_9271.fw new file mode 100644 index 000000000..32af75f2c Binary files /dev/null and b/research/ath9k-firmware/htc_9271.fw differ diff --git a/research/ath9k-firmware/install.sh b/research/ath9k-firmware/install.sh new file mode 100755 index 000000000..ee1c63b5b --- /dev/null +++ b/research/ath9k-firmware/install.sh @@ -0,0 +1,23 @@ +#!/bin/bash +set -e + +# Make backup of original firmware +if [[ ! -e /usr/lib/firmware/htc_7010.fw.backup ]]; +then + cp /usr/lib/firmware/htc_7010.fw /usr/lib/firmware/htc_7010.fw.backup + cp /usr/lib/firmware/htc_9271.fw /usr/lib/firmware/htc_9271.fw.backup + echo "Made backup of original files (old directory)" +fi + +if [[ ! -e /usr/lib/firmware/ath9k_htc/htc_7010-1.4.0.fw.backup ]]; +then + cp /usr/lib/firmware/ath9k_htc/htc_7010-1.4.0.fw /usr/lib/firmware/ath9k_htc/htc_7010-1.4.0.fw.backup + cp /usr/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw /usr/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw.backup + echo "Made backup of original files (new directory)" +fi + +cp htc_*.fw /usr/lib/firmware/ +cp htc_7010.fw /usr/lib/firmware/ath9k_htc/htc_7010-1.4.0.fw +cp htc_9271.fw /usr/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw +echo "Copied compiled firmware to the system" +