After countless hours, days, and months scouring the interwebz, so many failed attempts to get the maximum performance out of my wireless adapter. I finally came across a old thread with the most in dept details on how to successfully manipulate as the title states ALFA's AWUS036NHA (Atheros AR9271) Tx power limit to a full 30 dbm. This happens to be a locked down version I purchased from ( http://www.data-alliance.net/servlet/-strse-372/Alfa-AWUS036NH-2000mW-1000mW/Detail ). Before i get into this very easy quick and strait forward procedure I would like to point out that this is for education purposes only I am not encouraging you to break any laws, you should consult your country's transmit signal ordnance regulations. I take no credit on this guide I wanna give mad props to the guy who wrote this particular guide, their where only like 2 other guides they where very confusing this guide is full. I Took the liberty of copy and pasting basically the whole guide and highlighting key parts note you can pretty much copy and paste these commands into your terminal(s).



A. Install needed packages:

apt-get install python-m2crypto libgcrypt11 libgcrypt11-dev libnl-dev

B. We will now download and extract needed code in a new directory:

open a terminal

1.type cd

2.type mkdir wifichanges

3.type cd wifichanges

4.type wget http://wireless.kernel.org/download/crda/crda-1.1.3.tar.bz2 (latest as of 8/14/13)

5.type tar xvjf crda-1.1.3.tar.bz2

6.type wget https://www.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2013.02.13.tar.bz2

7.type tar xvjf wireless-regdb-2013.02.13.tar.bz2
8. close terminal

C. Okay now we will edit the db.txt file in the folder wireless-regdb-2013.02.13.tar.bz2 this text file happens to be the file that sets the regional settings

1. Open a terminal
2.type cd '/root/wifichanges/wireless-regdb-2013.02.13'
NOTE
that my user name is root and will differ from yours

3.type ~/wifichanges/wireless-regdb-2013.02.13#leafpad '/root/wifichanges/wireless-regdb-2013.02.13/db.txt'
NOTE
okay basically in at this stage you should see ~/wifichanges/wireless-regdb-2013.02.13#l highlighted in blue after you have
cd the folder so what you should only be typing is leafpad '/root/wifichanges/wireless-regdb-2013.02.13/db.txt' remeber to leave a space after you type the word leafpad this will open up the text file basically what you want to do is copy country BO settings which is

(2402 - 2482 @ 40), (N/A, 30)
(5735 - 5835 @ 40), (N/A, 30)

after you copy that by obviously right clicking and highlighting you will go to the very first country which is Country 00 and highlight those settings and paste in that spot you will also have to do this for country GB example given.




country 00:
(2402 - 2472 @ 40), (3, 20)
# Channel 12 - 13.
(2457 - 2482 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS
# Channel 14. Only JP enables this and for 802.11b only
(2474 - 2494 @ 20), (3, 20), PASSIVE-SCAN, NO-IBSS, NO-OFDM
# Channel 36 - 48
(5170 - 5250 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS
# NB: 5260 MHz - 5700 MHz requies DFS
# Channel 149 - 165
(5735 - 5835 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS
It Should end up Looking Like this

country 00:
(2402 - 2482 @ 40), (N/A, 30)
(5735 - 5835 @ 40), (N/A, 30)

country GB
(2402 - 2482 @ 40), (N/A, 30)
(5735 - 5835 @ 40), (N/A, 30)


D. Open a Terminal

1.type cd '/root/wifichanges/wireless-regdb-2013.02.13'
:~/wifichanges/wireless-regdb-2013.02.13#make what we want to do here is after the folder is cd just type make
You should now see a new regulatory.bin file in your wireless-regdb directory.
2. Close terminal

E. Open a Terminal

Note since this is my only wifi adapter i went ahead and deleted my original crda folder you dont have to do this step if you already have a crda folder but it helped when i deleted mines.

1.type cd /

2.type cd usr

3.type cd lib

4.type sudo mkdir crda
5. close terminal

F. Now we just need to copy the 2 regulatory.bin files to /usr/lib/crda
highlighting them and coping from wireless-regdb-2013.02.13 folder directly works nothing special here


1. From wireless-regdb-2013.02.13 folder Copy any .pem files you see to the crda pubkeys directory inside crda-1.1.3 folder

(Do this for each .pem) usually just 2 files just highlight them and copy from 1 folder to the other if you got lost remember that both the crda-1.1.3 folder and the wireless-regdb-2013.02.13 will both be inside the wifichanges folder located in you home root it dosn't get any easier than that


G.
1.type Open a Terminal

2.type cd '/root/wifichanges/crda-1.1.3'
~/wifichanges/crda-1.1.3#make clean Note<once the folder is cd type make clean this is very important. I was stuck before I realized to do this.

3.type make type make after you type make clean

4.type make install type make install after you type make

5. Reboot your machine

H. Now open a terminal

1.type iwconfig to check your dbm and type iw reg get to see your region setting

Thanks for reading this i tryed to make it as easy as possible heres the link to the thread i got this from i dont know if its computer ocd or just the need to overclock.net everything all the time but l0l it worked for me

Hey man there is no useful reason to raise your TX power unless you are in a region that everyone is using -30dbm to transmit. All that it does is makes your outbound signal stronger not your inbound reception. And more than likely burn up your card sooner.

Thanks for the quide on how to do this, I've never been able to increase power beyond 20 and this worked perfectly.

Duuuuude thats the long way. This way takes 5 seconds to boost the TX power....
#sudo ifconfig wlan1 down <<<<Assuming that's you're alfa card
#iw reg set BO
#sudo ifconfig wlan1 up
#sudo iwconfig and you will see it just about double

For historical reference we have a number of AWUSO36H recievers. We boosted all of them to 30dBM and used them for years outside in hot humid desert enviornments where the outside freeair temp in the afternoon was 48-50 deg C and in direct sunlight much hotter. None of these recievers burned out and we are still using them today.

Complicated but an interesting approach, the only problem I have with both of these methods is after I change the country code and flip back to normal to save heat and energy in the chip, I get that dreaded -1 channel problem rearing it's ugly head. Now after a complete re install of Kali on the main hard drive and never messing with the country code I now have no negative one channel problem. So; I don't dare try this!!! That -1 channel problem is a real pain [censored forum rules} . I am not sure I am right on this because I shut off updates as well. I do remember accepting a lot of updates with no -1 symptoms so the jury still out on this. The less I tinker with Kali the better it works.

post deleted

this no longer works in Kali Sana 2.0

Do you have a guide for that ?

True does not work in Kali 2. Txpower stays 20 no matter what. Any Ideas?

Guys I got this working in Sana.
I highly..:<HIGHLY>:.. advise doing this in a VM till someone who knows more about this than I do can confirm it wont break anything in future.

Prep is to download and untar both files.
Search for
crda-1.1.13.bz2
wireless-regbd-2013.11.27.bz2

Then untar both files
tar xvjf ......

https://vimeo.com/137007086

can you show your results after the reboot, as i did all of that before and it didnt work

i tried it again, and now this is working for me, did it on a normal boot not in a VM, thanks for the help bro


ignore the attached image, uploaded the wrong one

Hey man there is no useful reason to raise your TX power unless you are in a region that everyone is using -30dbm to transmit. All that it does is makes your outbound signal stronger not your inbound reception. And more than likely burn up your card sooner.

In my opinion its useful, lets say you want to make a evil twin attack its easier to make the client connect to your fake router since they get better reception. But for recieving data you need to raise the tx power of the router/client or get a better antenna/use a directional antenna to focus the signal better, but thats another story. This is just for educational purposes and should never be used for illegal purposes.



Duuuuude thats the long way. This way takes 5 seconds to boost the TX power....
#sudo ifconfig wlan1 down <<<<Assuming that's you're alfa card
#iw reg set BO
#sudo ifconfig wlan1 up
#sudo iwconfig and you will see it just about double

Thats not possible in this case since the card is region locked.. This guide works perfect.
Very useful when on "vacation" in regions where its allowed to use tx rate of 30

ifconfig wlan0 down
iw reg set BZ # new Region. BO does not work any more
iwconfig wlan0 txpower 30
ifconfig wlan0 up

though risky but if you wish -
for increasing TX power - Copy paste the following commands into a text file and save it in Home Directory as - WifiTxBoost


#!/bin/bash

echo "hello, root!"
echo " taking down wlan0"
ifconfig wlan0 down
sleep 3

echo "setting Region to Bolivia"
iw reg set GY
sleep 3

echo "setting TxPower to 30"
iwconfig wlan0 txpower 30
sleep 2

echo "starting wlan0"
ifconfig wlan0 up
echo "pulling wlan0 interface up"
iwconfig
sleep 5

echo "good bye"

apply following commands to increase TX power (when needed) -


chmod +x WifiTxBoost
./WifiTxBoost

(you may edit file with wlan1 too, the monitor mode (wlan1mon will be as per TX power set)



i here put a simple list of commands before starting penetration testing - (i assume that you are using 2 network cards)
save these commands in a text file and apply these commands before starting any testing -



ifconfig -a

macchanger -m 00:01:02:03:04:05 eth0

iw wlan0 interface add wlan0mon type monitor

ifconfig wlan0 down
ifconfig wlan0mon down

macchanger -m 00:02:03:04:05:06 wlan0
macchanger -m 00:04:05:06:07:08 wlan0mon

chmod +x WifiTxBoost
./WifiTxBoost

ifconfig wlan0 up
ifconfig wlan0mon up


ifconfig wlan1 down
macchanger -m 00:03:04:05:06:07 wlan1
ifconfig wlan1 up

iwconfig

ifconfig -a

thanking you.

Just a question on tx power. I setup your script and this is the output. Wondering if I'm getting 20 or 30dBm? Using Kali v2

root@kali:~# ./wifitx.sh
hello, root!
taking down wlan0
setting Region to GY
setting TxPower to 30
starting wlan0
pulling wlan0 interface up
wlan0 IEEE 802.11bgn ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry short limit:7 RTS thr=2347 B Fragment thr:off
Encryption key:off
Power Management:off

lo no wireless extensions.

eth0 no wireless extensions.

good bye
root@kali:~# iw reg get
country GY: DFS-UNSET
(2402 - 2482 @ 40), (N/A, 30), (N/A)
(5735 - 5835 @ 80), (N/A, 30), (N/A)
root@kali:~#

forget this tutorial it doesn't work. read here: https://forums.kali.org/showthread.php?28874-ALFA-AWUS036NHA-hacking-EEPROM-via-UART-JTAG

I'm able to change to TX Power for my Alfa AWUS036H but not for my new AWUS036NHR v.2

AWUS036NHR v.2
wlan0 IEEE 802.11bgn ESSID off/any
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry short limit:7 RTS thr=2347 B Fragment thr off
Encryption key off
Power Management off

AWUS036H
wlan1 IEEE 802.11bg ESSID off/any
Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm
Retry short limit:7 RTS thr off Fragment thr off
Encryption key off
Power Management off

Does it work for anyone? Does it has any advantage over the default value (20) ?

Thanks

can somehelp to update this tutorial for kali linux 2.0

im struggle for a week and still unsuccessful. please help guys!

Go in this order and of course do not type in my explanations.

iwconfig - shows you settings of your wifi adapters - internal and external

ifconfig wlan(x) down - (replace x with your adapter. ex 1 or 0) This must be done in order to free up the adapter status for the alteration.

iw reg set GY - (this sets the geographical region to obtain the "allowed" txpower)

iw reg get - (this shows you what region you are set)

iwconfig wlan(x) txpower 30 - This is the command that sets txpower and 30 is the highest you'll get

macchanger wlan(x) -r - Thought I'd throw this in at this point to show you how to disguise the adapter's mac address - non floating - meaning you have to enter the command each time to change. You should always use one that is disguised. You can even spoof a client mac address too. Look it up.

iwconfig wlan(x) mode monitor - At this time as well, if your adapter isn't in monitor mode when you typed just "iwconfig" by itself at the command prompt; this will change it to monitor mode. This needs to be done to utilize the adapter with all the kali apps.

ifconfig wlan(x) up - This reinstates the connection of your adapter. So in this case for example I shall type in "ifconfig wlan1 up" to reinstate.

iwconfig - to check your work.

Good luck. Wifi penetration is very close to impossible these days unless you have a wep encrypted router. Most all modern routers have lock out limiters.

Meh. Really depends on the proximity and your adapter. For the most part it will increase the already available APs in your immediate area. To really see a noticeable, yet still limited difference is by utilizing a booster. Properly coupled with the power output of your adapter.


I'm able to change to TX Power for my Alfa AWUS036H but not for my new AWUS036NHR v.2

AWUS036NHR v.2
wlan0 IEEE 802.11bgn ESSID off/any
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry short limit:7 RTS thr=2347 B Fragment thr off
Encryption key off
Power Management off

AWUS036H
wlan1 IEEE 802.11bg ESSID off/any
Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm
Retry short limit:7 RTS thr off Fragment thr off
Encryption key off
Power Management off

True. The NHA is also one that you can't change TX on as well.