How to increase TX-Power of Wi-Fi adapters in Kali Linux in 2021

#45
UNSOLVED
Topic created · 1 Posts · 65 Views
  • The default TX-Power of wireless is set to 20 dBm but you can increase it with a little trick to 30 dBm but let me warn you first that it might be illegal in your country, so use it at your own risk. Moreover some models will not support these settings or wireless chip may state that it "can" transmit with higher power, but the device's manufacturer probably did not place the appropriate heat sink in order to accomplish this.

    In different countries, legislation and technical standards varies, including in relation to Wi-Fi. In some countries it is not allowed to use the frequencies of some Wi-Fi channels (for example, channels 12, 13 and 14 can not be used in the USA). In most countries, a Wi-Fi signal power limit of 20.0 dBm is set. But there are countries in which there is a limitation of 30.0 dBm. You can take advantage of this loophole (make your wireless thinks it is located in a country where 30.0 dBm is allowed) and raise its TX Power to a value of 30.0 dBm.

    Regulatory domains (or "regdomain") is the country in which this device is supposed to work. There is also an accompanying database, in which are prescribed the permitted frequencies and the allowed power.

    The algorithm is:

    • set the system-wide setting of the regulatory domain to the value, that matches to a country where the power is allowed to be 30.0 dBm;
    • set the increased power for the wireless adapter.

    In theory, the described method should work for many wireless cards, but in practice there are the following limitations:

    • the physical inability of an adapter to operate at capacities greater than 20.0 dBm (for example, the wireless interface initially shows a power of 15.0 dBm while 20.0 dBm is allowed. In this case it is impossible to raise the power above 15.0 dBm, even to 20.0 dBm);
    • driver features, for example, some drivers ignore system settings. This is not an insoluble problem, but each model needs its own approach.

    To check capabilities of your wireless adapter issue the command:
    sudo iw list
    For example, the following frequencies and power are allowed for the US:

    alt text

    alt text

    You can examine the full current database in pain text here.
    Countries where allowed channels 1 through 13 on 30.0 dBm power are (for instance):

    • BZ
    • GY
    • NZ
    • VE

    Note that for channels at 5 GHz they have different values (different list of allowed frequencies and powers).

    Next, I'll show the power increasing of https://www.ebay.com/itm/Alfa-AWUS036NH-2000mW-USB-Wireless-Wi-Fi-Adapter-APA-M04-7-dBi-PANEL-ANTENNA/174627967413 in Kali Linux. The old guides tell to install additional packages, but currently this is not necessary. Everything you need is already available in Kali Linux!

    To find out which region is currently configured, run the command:

    sudo iw reg get

    alt text

    The string country 00 indicates that I have not set any value and the default settings was applied.

    Now set the regulatory domains to BZ:

    sudo iw reg set BZ

    To insure the setting was applied run the command:

    sudo iw reg get

    At the same time, you can look at the new features with the command:

    sudo iw list

    alt text

    To view the name of the wireless interface and its current status, use the command:

    sudo iw dev

    Next, increase the power (replace wlan0 with the actual name of your wireless interface):

    sudo ip link set wlan0 down
    sudo iw dev wlan0 set txpower fixed 30mBm
    # sudo iw wlan0 set monitor control # if monitor mode needed
    sudo ip link set wlan0 up
    

    Checking:

    sudo iw dev

    alt text

    The line [b]txpower 30.00 dBm[/b] indicates that we have succeeded.

    How to increase TX-Power of Alfa AWUS036NHA

    The above commands have no effect for AWUS036NHA. The driver of this adapter ignores regulatory domain value.

    If you have Alfa AWUS036NHA or any other that ignores settings of regulatory domain, this is no reason to give up.

    We are able to change database of the world regulatory domain.

    First let's check which country your wireless card is made for:

    sudo iw reg get

    alt text

    In my case, the [b]country GB[/b] line indicates that the adaptor was produced for the country that is named [b]GB[/b] in the database.

    My method differs from other tutorials, where the [b]wireless-regdb[/b] and [b]crda[/b] packages are manually installed. These packages should already be installed on your system (in Kali Linux is the default). The only thing we do is replace the database file.

    The latest versions of Kali Linux do not have the [b]crda[/b] package installed, let’s install it:

    sudo apt install crda

    Install the dependency required to compile the database:

    sudo apt install python3-m2crypto

    We clone the source files:

    git clone git://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.git
    cd wireless-regdb/
    

    Now we need to edit the database file:

    gedit db.txt

    In the file, find the country 00 line and replace line after it with something like that (correct it up to you):

    (2402 - 2482 @ 40), (30)
    (5170 - 5835 @ 80), (30)
    (57000 - 66000 @ 2160), (40)
    

    alt text

    Now I find and change the lines according to the country wireless made for, for me it is GB (you may have a different country – it depends on your adapters, you can see this value with the sudo iw reg get command):

    alt text

    Save and close the file.

    Patch files for using Python3

    sed -i 's/#!\/usr\/bin\/env python/#!\/usr\/bin\/env python3/' *.py

    Execute the command:

    make

    As a result, a binary file of the database (regulatory.bin) was created from the text file. We will use it to replace the file with the same name in the system.

    Delete the original database file:

    sudo rm /lib/crda/regulatory.bin

    We copy our modified database:

    sudo cp regulatory.bin /lib/crda/regulatory.bin

    Once again for the new DB format, which is also used:

    sudo rm /usr/lib/firmware/regulatory.db
    sudo cp regulatory.db /usr/lib/firmware/regulatory.db
    

    We copy the required public key (the database file is signed with a specially generated key for our user):

    sudo cp $USER.key.pub.pem /lib/crda/pubkeys/
    sudo cp $USER.x509.pem /usr/lib/crda/pubkeys/
    

    Restart your computer.

    Now do not use sudo iw reg set BZ.

    Let us check:

    sudo iw reg get

    alt text

    Strings

    country GB: DFS-ETSI
    (2402 - 2482 @ 40), (N/A, 30), (N/A)
    

    mean we are able increasing the power to 30 dBm.

    We try:

    sudo ip link set wlan0 down
    sudo iw dev wlan0 set txpower fixed 30mBm
    # sudo iw wlan0 set monitor control # if monitor mode needed
    sudo ip link set wlan0 up
    

    Result:

    alt text

    After we patched the database, there is no longer any need to change the value of the regulatory domains for any wireless interface!

    Conclusion

    Increasing TX power of the Wi-Fi adapter is undeniably useful only for Wi-Fi jamming, as well as for deauthentication attacks. In all other attacks, increasing TX power would not matter. Since power affects how loudly your Wi-Fi adapter is “talking”, but does not increase its sensitivity (how well it ‘hears’ others).

    Changing value of regulatory domains lets to unlock some channels that might not be available in your country.

    If you want to return everything to its original state, then run the following commands:

    sudo apt purge wireless-regdb crda
    sudo apt install wireless-regdb
    
Log in to reply