View Full Version : [Working Hardware] Linksys WUSB54GC v1 (Ralink 2573 USB - rt73usb)

2013-04-29, 15:31
OS: Kali Linux 1.0.3 (x86)
Machine: Virtual (VMware)
Make/Model: Linksys WUSB54GC v1 Compact Wireless-G USB Adapter
Chipset: Ralink 2573 USB
Driver: rt73usb
Stack: mac80211
Injection: Yes
Method: Works out of the box. Plug in USB & go!
Reaver: Needs '--ignore-fcs'

Other hardware: ALFA AWUS036H (https://forums.kali.org/showthread.php?3816-Working-Hardware-ALFA-AWUS036H-500mW-%28Realtek-RTL8187L-rtl8187%29) & Edimax EW-7711UAN (https://forums.kali.org/showthread.php?25266-Working-Hardware-Edimax-EW-7711UAN-(Ralink-RT2870-rt2800usb))

root@kali:~# lsusb
Bus 001 Device 002: ID 13b1:0020 Linksys WUSB54GC v1 802.11g Adapter [Ralink RT73]
Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 005: ID 0e0f:0008 VMware, Inc.
root@kali:~# dmesg | grep -i RT73
[ 7241.571232] Registered led device: rt73usb-phy0::radio
[ 7241.571255] Registered led device: rt73usb-phy0::assoc
[ 7241.571270] Registered led device: rt73usb-phy0::quality
[ 7241.573367] usbcore: registered new interface driver rt73usb
[ 7241.675688] rt73usb 1-1:1.0: firmware: agent loaded rt73.bin into memory

root@kali:~# ifconfig
lo Link encap:Local Loopback
inet addr: Mask:
inet6 addr: ::1/128 Scope:Host
RX packets:108 errors:0 dropped:0 overruns:0 frame:0
TX packets:108 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6480 (6.3 KiB) TX bytes:6480 (6.3 KiB)

wlan0 Link encap:Ethernet HWaddr 00:18:f8:a4:9e:ff
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

root@kali:~# iwconfig
wlan0 IEEE 802.11bg ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:on

lo no wireless extensions.


root@kali:~# ls -l /sys/class/net/wlan0/device/driver
lrwxrwxrwx 1 root root 0 Apr 29 16:03 /sys/class/net/wlan0/device/driver -> ../../../../../../../bus/usb/drivers/rt73usb
root@kali:~# lsmod | grep -i rt73usb
rt73usb 22006 0
rt2x00usb 13393 1 rt73usb
rt2x00lib 37542 2 rt73usb,rt2x00usb
crc_itu_t 12332 1 rt73usb
usbcore 109555 6 btusb,uhci_hcd,rt73usb,rt2x00usb,ehci_hcd,usbhid

root@kali:~# airmon-ng

Interface Chipset Driver

wlan0 Ralink 2573 USB rt73usb - [phy0]

root@kali:~# airmon-zc

X[PHY]Interface Driver[Stack]-FirmwareRev Chipset Extended Info

K[phy0]wlan0 rt73usb[mac80211]-unavailable Linksys WUSB54GC v1 802.11g Adapter [Ralink RT73]


root@kali:~# iwlist wlan0 frequency
wlan0 14 channels in total; available frequencies :
Channel 01 : 2.412 GHz
Channel 02 : 2.417 GHz
Channel 03 : 2.422 GHz
Channel 04 : 2.427 GHz
Channel 05 : 2.432 GHz
Channel 06 : 2.437 GHz
Channel 07 : 2.442 GHz
Channel 08 : 2.447 GHz
Channel 09 : 2.452 GHz
Channel 10 : 2.457 GHz
Channel 11 : 2.462 GHz
Channel 12 : 2.467 GHz
Channel 13 : 2.472 GHz
Channel 14 : 2.484 GHz

root@kali:~# airmon-ng start wlan0 6

Found 4 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
2663 NetworkManager
2774 dhclient
3813 dhclient
8859 wpa_supplicant

Interface Chipset Driver

wlan0 Ralink 2573 USB rt73usb - [phy0]
(monitor mode enabled on mon0)


root@kali:~# aireplay-ng --test -e NETGEAR mon0
16:05:27 Waiting for beacon frame (ESSID: NETGEAR) on channel 6
Found BSSID "00:24:B2:xx:yy:zz" to given ESSID "NETGEAR".
16:05:27 Trying broadcast probe requests...
16:05:27 Injection is working!
16:05:29 Found 1 AP

16:05:29 Trying directed probe requests...
16:05:29 00:24:B2:xx:yy:zz - channel: 6 - 'NETGEAR'
16:05:29 Ping (min/avg/max): 2.676ms/9.759ms/16.307ms Power: -41.76
16:05:29 29/30: 96%

Removed NIC specific values in MAC Address for privacy
Added in another WiFi card

root@kali:~# aireplay-ng --test -e NETGEAR -i mon1 mon0
17:03:43 Trying card-to-card injection...
17:03:43 Attack -0: OK
17:03:43 Attack -1 (open): OK
17:03:43 Attack -1 (psk): OK
17:03:43 Attack -2/-3/-4/-6: OK
17:03:43 Attack -5/-7: OK

root@kali:~# airodump-ng mon0
CH 8 ][ Elapsed: 16 s ][ 2015-04-25 11:37


90:EF:68:xx:yy:zz -50 10 2 0 13 54e. WPA2 CCMP PSK ABC
9C:80:DF:xx:yy:zz -77 7 0 0 11 54e WPA2 CCMP PSK ABC
58:98:35:xx:yy:zz -78 9 1 0 1 54e WPA2 CCMP PSK ABC
68:A0:F6:xx:yy:zz -81 5 0 0 10 54e WPA2 CCMP PSK ABC
80:37:73:xx:yy:zz -81 7 1 0 6 54e WPA2 CCMP PSK ABC

BSSID STATION PWR Rate Lost Frames Probe

(not associated) E2:0C:7F:xx:yy:zz -81 0 -11 0 2 ABC
90:EF:68:xx:yy:zz B8:E8:56:xx:yy:zz -15 0 - 1 12 3

Removed MAC addresses & SSIDs for privacy

root@kali:~# wash -i mon0

Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

BSSID Channel RSSI WPS Version WPS Locked ESSID
[!] Found packet with bad FCS, skipping...
[!] Found packet with bad FCS, skipping...
[!] Found packet with bad FCS, skipping...
root@kali:~# wash -i mon0 --ignore-fcs

Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

BSSID Channel RSSI WPS Version WPS Locked ESSID
58:98:35:xx:yy:zz 1 -82 1.0 No ABC
80:37:73:xx:yy:zz 6 -84 1.0 Yes ABC
68:A0:F6:xx:yy:zz 10 -86 1.0 Yes ABC
9C:80:DF:xx:yy:zz 11 -82 1.0 Yes ABC
Removed MAC addresses & SSIDs for privacy

2014-03-27, 08:06
Hi g0tmi1k,

I have a Edimax EW-7318USg (rt2573 chipset) on a fully updated and installed kali-linux-all vm:
Linux Kali 3.12-kali1-686-pae #1 SMP Debian 3.12.6-2kali1 (2014-01-06) i686 GNU/Linux

Everything looks the same except that aireplay-ng --test fails the whole time on multiple APs. and injection does not work.

Any ideas on getting this working?


2014-04-23, 07:08
I got it working after the latest dist-upgrade. Thanks

2014-04-23, 19:46
What does this do? And i have a problem anyone help me. I have linksys wusb54gc v1 adapter and i attack the tp link 842 nd router but

Reported by umih...@gmail.com , Jun 4, 2013
A few things to consider before submitting
an issue:
0. We write documentation for a reason, if
you have not read it and are
having problems with Reaver these pages are
required reading before
submitting an issue:
1. Reaver will only work if your card is in
monitor mode. If you do not
know what monitor mode is then you should
learn more about 802.11 hacking
in linux before using Reaver.
2. Using Reaver against access points you do
not own or have permission to
attack is illegal. If you cannot answer
basic questions (i.e. model
number, distance away, etc) about the
device you are attacking then do not
post your issue here. We will not help you
break the law.
3. Please look through issues that have
already been posted and make sure
your question has not already been asked
here: http://code.google.com/p
4. Often times we need packet captures of
mon0 while Reaver is running to
troubleshoot the issue (tcpdump -i mon0 -s0
-w broken_reaver.pcap). Issue
reports with pcap files attached will
receive more serious consideration.
Answer the following questions for every
issue submitted:
0. What version of Reaver are you using?
(Only defects against the latest
version will be considered.)
reaver 1.4
1. What operating system are you using
(Linux is the only supported OS)?
Linux kali 3.7-trunk-686-pae #1 SMP Debian
3.7.2-0+kali6 i686 GNU/Linux
2. Is your wireless card in monitor mode
yes. Atheros chipset.
3. What is the signal strength of the Access
Point you are trying to crack?
4. What is the manufacturer and model # of
the device you are trying to
5. What is the entire command line string
you are supplying to reaver?
reaver -i mon0 -b F8:1A:67:D9:C8:B6 -c 1 -
vv --pin 42726944 -d 15
6. Please describe what you think the issue
I know this AP's WPS Pin code so i tried to
get the passphare quickly cause TP-Link's AP
has a protection function as it designed to
lock out (disable) WPS connection after
several failed WPS. It will turn on WPS
after over 12 hours.
7. Paste the output from Reaver below.
[+] Switching mon0 to channel 1
[+] Waiting for beacon from
[+] Associated with xxxxxxxxxx
[+] Trying pin 42726944
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x03), re-
trying last pin

And router closing wps any one help me
Note : wash - i mon - C not founding modem i found airodump-ng