How to increase TX-Power of Wi-Fi adapters in Kali Linux in 2018

The default TX-Power of wireless is set to 20 dBm but you can increase it with a little trick to 30 dBm but let me warn you first that it might be illegal in your country, so use it at your own risk. Moreover some models will not support these settings or wireless chip may state that it "can" transmit with higher power, but the device's manufacturer probably did not place the appropriate heat sink in order to accomplish this.

In different countries, legislation and technical standards varies, including in relation to Wi-Fi. In some countries it is not allowed to use the frequencies of some Wi-Fi channels (for example, channels 12, 13 and 14 can not be used in the USA). In most countries, a Wi-Fi signal power limit of 20.0 dBm is set. But there are countries in which there is a limitation of 30.0 dBm. You can take advantage of this loophole (make your wireless thinks it is located in a country where 30.0 dBm is allowed) and raise its TX Power to a value of 30.0 dBm.

Regulatory domains (or "regdomain") is the country in which this device is supposed to work. There is also an accompanying database, in which are prescribed the permitted frequencies and the allowed power.

The algorithm is:

  • set the system-wide setting of the regulatory domain to the value, that matches to a country where the power is allowed to be 30.0 dBm;
  • set the increased power for the wireless adapter.

In theory, the described method should work for many wireless cards, but in practice there are the following limitations:

  • the physical inability of an adapter to operate at capacities greater than 20.0 dBm (for example, the wireless interface initially shows a power of 15.0 dBm while 20.0 dBm is allowed. In this case it is impossible to raise the power above 15.0 dBm, even to 20.0 dBm);
  • driver features, for example, some drivers ignore system settings. This is not an insoluble problem, but each model needs its own approach.

To check capabilities of your wireless adapter issue the command:

sudo iw list

For example, the following frequencies and power are allowed for the US:

You can examine the full current database in pain text here.

Countries where allowed channels 1 through 13 on 30.0 dBm power are (for instance):

  • BZ
  • GY
  • NZ
  • VE

Note that for channels at 5 GHz they have different values (different list of allowed frequencies and powers).

Next, I'll show the power increasing of Alfa AWUS052NH in Kali Linux. The old guides tell to install additional packages, but currently this is not necessary. Everything you need is already available in Kali Linux!

To find out which region is currently configured, run the command:

sudo iw reg get

The string country 00 indicates that I have not set any value and the default settings was applied.

Now set the regulatory domains to BZ:

sudo iw reg set BZ

To insure the setting was applied run the command:

sudo iw reg get

At the same time, you can look at the new features with the command:

sudo iw list

To view the name of the wireless interface and its current status, use the command:

sudo iw dev

Next, increase the power (replace wlan0 with the actual name of your wireless interface):

sudo ip link set wlan0 down
sudo iw dev wlan0 set txpower fixed 30mBm
# sudo iw wlan0 set monitor control # if monitor mode needed
sudo ip link set wlan0 up

Checking:

sudo iw dev

The line txpower 30.00 dBm indicates that we have succeeded.

How to increase TX-Power of Alfa AWUS036NHA

The above commands have no effect for AWUS036NHA. The driver of this adapter ignores regulatory domain value.

If you have Alfa AWUS036NHA or any other that ignores settings of regulatory domain, this is no reason to give up.

We are able to change database of the world regulatory domain.

First let's check which country your wireless card is made for:

sudo iw reg get

In my case, the country GB line indicates that the adaptor was produced for the country that is named GB in the database.

My method differs from other tutorials, where the wireless-regdb and crda packages are manually installed. These packages should already be installed on your system (in Kali Linux is the default). The only thing we do is replace the database file.

We clone the source files:

git clone git://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.git
cd wireless-regdb/

Now we need to edit the database file:

gedit db.txt

In the file, find the country 00 line and replace line after it with something like that (correct it up to you):

(2402 - 2482 @ 40), (30)
(5170 - 5835 @ 80), (30)
(57000 - 66000 @ 2160), (40)

Now I find and change the lines according to the country wireless made for, for me it is GB:

Save and close the file.

Execute the command:

make

As a result, a binary file of the database (regulatory.bin) was created from the text file. We will use it to replace the file with the same name in the system.

Delete the original database file:

sudo rm /lib/crda/regulatory.bin

We copy our modified database:

sudo cp regulatory.bin /lib/crda/regulatory.bin

We copy the required public key (the database file is signed with a specially generated key for our user):

sudo cp $USER.key.pub.pem /lib/crda/pubkeys/

Restart your computer.

Now do not use sudo iw reg set BZ.

Let us check:

sudo iw reg get

Strings

country GB: DFS-ETSI
    (2402 - 2482 @ 40), (N/A, 30), (N/A)

mean we are able increasing the power to 30 dBm.

We try:

sudo ip link set wlan0 down
sudo iw dev wlan0 set txpower fixed 30mBm
# sudo iw wlan0 set monitor control # if monitor mode needed
sudo ip link set wlan0 up

Result:

After we patched the database, there is no longer any need to change the value of the regulatory domains for any wireless interface!

Conclusion

Increasing TX power of the Wi-Fi adapter is undeniably useful only for Wi-Fi jamming, as well as for deauthentication attacks. In all other attacks, increasing TX power would not matter. Since power affects how loudly your Wi-Fi adapter is “talking”, but does not increase its sensitivity (how well it ‘hears’ others).

Changing value of regulatory domains lets to unlock some channels that might not be available in your country.

Recommended for you:

16 Comments to How to increase TX-Power of Wi-Fi adapters in Kali Linux in 2018

  1. techtox says:

    Hi man.. Thanks for the guide! But I have a problem using the Alfa 036NH. No networks show up after increasing to 30 OR 33dBm.

    • Alex Alex says:

      Hello! Unfortunately, I cannot reproduce the bug because I have no Alfa 036NH. I suppose its hardware is restricted with a maximum output power 2000mW.

      If you need, I can provide for you the guide how to revert made changes.

      • techtox says:

        Hey Alex, thanks for the quick reply. Don't worry, I did this on a Virtual Machine which has no value to me. I am not going to try random things on the internet on machines that have high value 😀 I also made a snapshot. 

        I am even more confused now.. I just reinstalled Kali after being completely lost, and without ever touching regions or anything else explained in here, the adapter won't show networks. I got it working again after updating/upgrading, dist upgrade.. Then I rebooted and stopped working again. This is really getting on my nerves 😀 I might just grab an old HDD/SSD and install it on there instead of a Virtual Machine.

        I don't think this has anything to do with you, it's all on my side… Will keep trying… 

         

        Thanks though!

      • techtox says:

        Oh, totally forgot. 33dBm is equal to 2000mW, is it not? 

        • Alex Alex says:

          Yep, you're right. Physics measures are not my strong point. )))

          • techtox says:

            No worries. It's way less worse than simply killing proccesses that interfere with airmon-ng.. I feel so stupid 😀 Never had this problem, EVER. But I think this was the problem. I installed 2017.2 instead of 2017.3 and simply changed region, nothing else. Then I did airmon-ng check kill and that fixed it. I will now test it on the other VM with 2017.3 + updates/upgrades + dist upgrade and will report back.

  2. Pete says:

    I have UBUNTU 17.10  and a laptop HP with a afla network card. 

    This worked, but it took two days to solve the problem. It was rather odd but it work. The problem was when I was trying to get sudo cp $USER.key.pub.pem /lib/crda/pubkeys/ to work.

    So what I did was ls and found the root.key.bub.pem copy and the other wone into the crda/pubkeys .

    reboot and it worked. 

    Ubunto , did not have it set up from install or not sure why but you get the 00 for country code. Reall problem. the txpower is at 20 by defualt.

  3. stefano says:

    I don't know why was so difficult to find a working guide for the awus036nha! worked like a charm for kali 2018, thanks!

  4. Andres says:

    Hi, I have AWUS036NHR, I followed the guide and this is my result after restart:

    root@default:~# iw reg get
    global
    country 00: DFS-UNSET
        (2402 – 2472 @ 40), (N/A, 33), (N/A)
        (2457 – 2482 @ 20), (N/A, 33), (N/A), AUTO-BW, NO-IR
        (2474 – 2494 @ 20), (N/A, 33), (N/A), NO-OFDM, NO-IR
        (5170 – 5250 @ 80), (N/A, 33), (N/A), AUTO-BW, NO-IR
        (5250 – 5330 @ 80), (N/A, 33), (0 ms), DFS, AUTO-BW, NO-IR
        (5490 – 5730 @ 160), (N/A, 33), (0 ms), DFS, NO-IR
        (5735 – 5835 @ 80), (N/A, 33), (N/A), NO-IR
        (57240 – 63720 @ 2160), (N/A, 0), (N/A)

    Unfortunately, if I set the txpower to 30 or 33, nothing happens. Changing the region to BO or GY doesn't help either. Any idea?

    • nbctcp says:

      INFO:

      • ALFA AWUS036NH
      • KALI Linux 2018 latest

      PROBLEMS:

      1. every time I reboot. It changed to

      iw reg get
      global
      country 00: DFS-UNSET
              (2402 – 2472 @ 40), (6, 20), (N/A)
              (2457 – 2482 @ 20), (6, 20), (N/A), AUTO-BW, PASSIVE-SCAN
              (2474 – 2494 @ 20), (6, 20), (N/A), NO-OFDM, PASSIVE-SCAN
              (5170 – 5250 @ 80), (6, 20), (N/A), AUTO-BW, PASSIVE-SCAN
              (5250 – 5330 @ 80), (6, 20), (0 ms), DFS, AUTO-BW, PASSIVE-SCAN
              (5490 – 5730 @ 160), (6, 20), (0 ms), DFS, PASSIVE-SCAN
              (5735 – 5835 @ 80), (6, 20), (N/A), PASSIVE-SCAN
              (57240 – 63720 @ 2160), (N/A, 0), (N/A)

      But actually I already change global part to 30db.

      I can proof that by typing

      iw reg set 00
      iw reg get
      global
      country 00: DFS-UNSET
              (2402 – 2472 @ 40), (N/A, 30), (N/A)
              (2457 – 2482 @ 20), (N/A, 30), (N/A), AUTO-BW, NO-IR
              (2474 – 2494 @ 20), (N/A, 30), (N/A), NO-OFDM, NO-IR
              (5170 – 5250 @ 80), (N/A, 30), (N/A), AUTO-BW, NO-IR
              (5250 – 5330 @ 80), (N/A, 40), (0 ms), DFS, AUTO-BW, NO-IR
              (5490 – 5730 @ 160), (N/A, 40), (0 ms), DFS, NO-IR
              (5735 – 5835 @ 80), (N/A, 40), (N/A), NO-IR
              (57240 – 63720 @ 2160), (N/A, 0), (N/A)

      QUESTIONS:
      1. how to keep country 00 30db on reboot

      tq

      • Alex Alex says:

        Hello! It is interesting behavior and I also can reproduce it. But: only if no wireless cards are connected. Once I connect a wireless adapter, I get the higher values without necessity to set Regulatory domains explicitly.

        Also, to apply values from the patched database it is enough to call any ‘wireless’ command like that:

        iw dev

        The first screen: before and after I plugged wireless adapter:

        The second screen: before and after I ran iw dev:

        I guess it is kind of optimization: the system does not load heavy database if there is no real need (no wireless interface). The system is smart!

  5. nbctcp says:

    In my case.

    I need to run "iw dev" at least once to keep it persistent on reboot.

    here after I ran "iw dev" and reboot

    iw reg get
    global
    country 00: DFS-UNSET
            (2402 – 2472 @ 40), (N/A, 30), (N/A)
            (2457 – 2482 @ 20), (N/A, 30), (N/A), AUTO-BW, NO-IR
            (2474 – 2494 @ 20), (N/A, 30), (N/A), NO-OFDM, NO-IR
            (5170 – 5250 @ 80), (N/A, 30), (N/A), AUTO-BW, NO-IR
            (5250 – 5330 @ 80), (N/A, 40), (0 ms), DFS, AUTO-BW, NO-IR
            (5490 – 5730 @ 160), (N/A, 40), (0 ms), DFS, NO-IR
            (5735 – 5835 @ 80), (N/A, 40), (N/A), NO-IR
            (57240 – 63720 @ 2160), (N/A, 0), (N/A)

    tq

  6. krys says:

    hi   

    could you please clarify command above as its in green

    # sudo iw wlan0 set monitor control # if monitor mode needed

    is that’s what i need to type in order to bring tx up for monitor mode as well or some other command, or command above is sufficient enough  to up tx in both monitor and managed mode

    thanks

    • Alex Alex says:

      Hello! The actual command you ask about is:

      sudo iw wlan0 set monitor control

      But I commented it, because not everyone needs the monitor mode.

      So if you need the monitor mode, use the command just above. If you do not need the monitor mode, skip the command.

Leave a Reply

Your email address will not be published.

Please consider supporting this blog

Love the stuff I create? Please consider donating to help things rolling faster! miloserdov.org/?p=1460