Oofki.Net

I’m no pro at ASM or modifying it by far but I was playing around trying to see if my AirPcap Classic has the capabilities that a TX does.

Since I have no way to modify the firmware I found that my AirPcap’s PID is 0002.  I made an educated guess from the driver inf and tried fooling it into being a TX.  No go, the name changed on the driver but nothing else.

So I took a look at the AirPcapReplay program that came with it.  Changing the EAX register from copying from a register when getting a the dword value of “CACE0002″ to just giving it a value of “CACE0102″ worked!  By the way the original ASM was  MOV EAX,DWORD PTR SS:[ESP+14].  Well at least the program recognized it as a TX.

Next I looked at airpcap.dll to make other programs that use the dll (such as cain) in hope that it would work universally.  I patched the code in a switch from JE to JNE (74 0f to 75 0f), heh such a cheap way of doing it, but it worked.  I was lucky the first check is for N version because that uses a different driver,  then the first check in the switch is for the TX, so I didn’t have to do much there.

Well I tried it and it shows up in the AirPcapReplay program, but when I try to transmit packet’s it fails.  So patching the airpcapgetdevicecapabilities routine didn’t help so much.  Cain also didn’t see it as a tx.  Weird.

So my thoughts are the firmware blocks it or it really is different hardware.  I just remembered they provide the source for the .dll so that was definitely a waste of time.  Either way it was a pretty fun and rewarding project.