An easy way to increase TX Power for Wi-Fi in Kali Linux and BlackArch

How to increase txpower to 36.00 dBm

The article “How to increase TX-Power of Wi-Fi adapters in Kali Linux” discusses the theory and different approaches to increasing the TX Power to 30.00 dBm and removing restrictions on the use of blocked Wi-Fi channels. The article is quite long and some points are already outdated. Nevertheless, it is recommended for review, as it addresses such questions as: 1) why it is needed at all; 2) how to increase power by changing the region; 3) why txpower of some Wi-Fi adapters does not rise above a certain value.

A long time ago, for users of Arch Linux and BlackArch, a person with the nickname muhviehstarr (Timo Sarawinski) created the wireless-regdb-pentest package in the AUR, which is a Central Regulatory Domain Database with txpower/channels values modified for pentesters.

I took the recipes from the PKGBUILD file of the wireless-regdb-pentest package and rewrote them into Bash commands suitable for running on Kali Linux.

I also used a patch (https://github.com/buildroot/buildroot/tree/master/package/crda) and added a few commands to make the tools compatible with Python 3.

How to Boost TX Power for Wi-Fi in Kali Linux

Create the wireless-regdb-pentest.sh file:

gedit wireless-regdb-pentest.sh

And copy the following into it:

#!/bin/bash

# all thanks to this awesome guy! => https://aur.archlinux.org/packages/wireless-regdb-pentest/
# thanks to them too https://github.com/buildroot/buildroot/tree/master/package/crda

which pacman > /dev/null 2>&1
if [[ $? -eq '0' ]]; then
	sudo pacman -Sy iw libgcrypt libnl sh systemd python-attrs python-m2crypto python-pycryptodomex --needed --noconfirm
else
	which apt > /dev/null 2>&1
	if [ $? -eq '0' ]; then
		sudo apt update
		sudo apt -y install python3-m2crypto libssl-dev libnl-3-dev pkg-config libgcrypt20-dev python3-pycryptodome libnl-genl-3-dev
	else
		echo 'Man, I am really lost...'
		exit 1;
	fi
fi

wget 'https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/crda.git/snapshot/crda-4.14.tar.gz'
wget 'https://www.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2020.04.29.tar.xz'
curl 'https://aur.archlinux.org/cgit/aur.git/plain/0001-Makefile-Don-t-run-ldconfig.patch?h=wireless-regdb-pentest' > 0001-Makefile-Don-t-run-ldconfig.patch
curl 'https://aur.archlinux.org/cgit/aur.git/plain/0001-Makefile-Link-libreg.so-against-the-crypto-library.patch?h=wireless-regdb-pentest' > 0001-Makefile-Link-libreg.so-against-the-crypto-library.patch
curl 'https://aur.archlinux.org/cgit/aur.git/plain/crda.conf.d?h=wireless-regdb-pentest' > crda.conf.d
curl 'https://aur.archlinux.org/cgit/aur.git/plain/db.txt?h=wireless-regdb-pentest' > db.txt
curl 'https://aur.archlinux.org/cgit/aur.git/plain/set-wireless-regdom?h=wireless-regdb-pentest' > set-wireless-regdom
curl https://raw.githubusercontent.com/buildroot/buildroot/master/package/crda/0001-crda-support-python-3-in-utils-key2pub.py.patch > 0001-crda-support-python-3-in-utils-key2pub.py.patch

tar xf wireless-regdb-2020.04.29.tar.xz
tar xvzf crda-4.14.tar.gz

cd crda-4.14
patch -p1 -i ../0001-Makefile-Link-libreg.so-against-the-crypto-library.patch
patch -p1 -i ../0001-Makefile-Don-t-run-ldconfig.patch
patch -p1 -i ../0001-crda-support-python-3-in-utils-key2pub.py.patch
sed -i 's/#!\/usr\/bin\/env python/#!\/usr\/bin\/env python3/' ./utils/key2pub.py

cp ../db.txt ../wireless-regdb-2020.04.29/db.txt

export CC=gcc
export CXX=g++
cd ../wireless-regdb-2020.04.29/
make mrproper
export REGDB_AUTHOR=root
sed -i 's/#!\/usr\/bin\/env python/#!\/usr\/bin\/env python3/' *.py
make
cd ../crda-4.14
cp ../wireless-regdb-2020.04.29/root.key.pub.pem pubkeys/

sed -i 's/python utils\/key2pub.py/python3 utils\/key2pub.py/' Makefile
make REG_BIN=../wireless-regdb-2020.04.29/regulatory.bin

sudo install -d -m755 /usr/lib
sudo mkdir -p /usr/lib/crda/pubkeys
sudo make DESTDIR="" UDEV_RULE_DIR=/usr/lib/udev/rules.d/ SBINDIR=/usr/bin/ install
cd ../wireless-regdb-2020.04.29/

sudo install -D -m644 ../wireless-regdb-2020.04.29/root.key.pub.pem /usr/lib/crda/pubkeys/root.key.pub.pem
sudo install -D -m644 ../wireless-regdb-2020.04.29/regulatory.bin /usr/lib/crda/regulatory.bin

# let’s skip this bashisms
# (if LD_LIBRARY_PATH=../crda-4.14 ../crda-4.14/regdbdump /usr/lib/crda/regulatory.bin > /dev/null) && (echo "Regulatory database verification was succesful.") || (echo "Regulatory database verification failed.")

sudo install -d -m755 /usr/lib/firmware
sudo install -D -m644 ../wireless-regdb-2020.04.29/regulatory.db /usr/lib/firmware/regulatory.db
sudo install -D -m644 ../wireless-regdb-2020.04.29/regulatory.db.p7s /usr/lib/firmware/regulatory.db.p7s
sudo install -D -m644 ../wireless-regdb-2020.04.29/LICENSE /usr/share/licenses/wireless-regdb/LICENSE
sudo install -D -m644 ../wireless-regdb-2020.04.29/regulatory.bin.5 /usr/share/man/man5/regulatory.bin.5
sudo install -D -m644 ../crda.conf.d /etc/conf.d/wireless-regdom

# sudo su # if you type the commands, you have to be root now
for dom in $(grep ^country ../wireless-regdb-2020.04.29/db.txt | cut -d' ' -f2 | sed 's|:||g'); do echo "#WIRELESS_REGDOM=\"${dom}\"" >> /etc/conf.d/wireless-regdom.tmp; done
sort -u /etc/conf.d/wireless-regdom.tmp >> /etc/conf.d/wireless-regdom
rm /etc/conf.d/wireless-regdom.tmp
# CTRL+d

sudo install -D -m644  ../wireless-regdb-2020.04.29/LICENSE "/usr/share/licenses/wireless-regdb/LICENSE"

# Not sure if this is necessary since the crda package is already installed above. 
# But without these lines, I did not find crda in the system
cd ../crda-4.14
sudo make install

Run like this:

sudo bash wireless-regdb-pentest.sh

After the script is finished, restart your computer.

Result:

You no longer need to enter any commands to increase the power of Wi-Fi adapters. But sometimes the power increases only after the second connection of the device to the computer.

How to increase TX Power for Wi-Fi in BlackArch

Obviously on Arch Linux and BlackArch it is possible to install wireless-regdb-pentest from the AUR.

But the problem is that the official Arch Linux repository no longer contains the python2-m2crypto package, which is a dependency for wireless-regdb-pentest.

BlackArch does not have this problem because the BlackArch repositories have the python2-m2crypto package saved.

That is, in BlackArch, to increase Wi-Fi power, just install pikaur, and then run the command:

pikaur -S wireless-regdb-pentest

Arch Linux users can use my script above. The Arch Linux version differs only in that it uses the pacman package manager instead of apt, otherwise the commands are identical.

After the script is finished, restart your computer.

Result:

Does boosting TX Power for Wi-Fi work at all?

I met opinions on the Internet that these figures do not affect anything. Not in the sense that they do not affect, in which I explained in the previous instruction “How to increase TX-Power of Wi-Fi adapters in Kali Linux”, but do not work at all. I already wrote that TX Power is how much the Wi-Fi adapter “screams” and, in fact, usually there is enough TX power. In my opinion, such a characteristic as sensitivity is no less important, that is, figuratively speaking, how well the Wi-Fi adapter “hears”. And this instruction does not improve the sensitivity in any way (but this can be done by installing a larger antenna, or initially you need to choose a Wi-Fi adapter with good sensitivity – it depends on the chipset).

To put it quite simply, will an increase in TX Power affect the number of successful attacks? Maybe not. I would start by replacing the antenna with a larger one (if that fits your Wi-Fi adapter).

As for the statement of one of the users that he took measurements using a USB tester and did not see any difference after increasing the TX Power, then I think that this is not true. I also took measurements with a USB tester. So, the power consumption of a Wi-Fi adapter is floating and changing too quickly to even understand anything. That is, you can take physical measurements and make sure that the TX Power has increased, but not with the help of a USB tester.

I see no reason not to trust the value of txpower in the output of iw dev.

Recommended for you:

19 Comments to An easy way to increase TX Power for Wi-Fi in Kali Linux and BlackArch

  1. psyh0x says:

    not working ..

    tx power stay the same with 3 of my wifi cards

    ─$ iw dev                                                                                                                                                         1 ⨯
    phy#1
            Interface wlan2
                    ifindex 5
                    wdev 0x100000001
                    addr ae:e3:04:cd:7a:39
                    type managed
                    txpower 20.00 dBm
    phy#2
            Interface wlan1
                    ifindex 4
                    wdev 0x200000001
                    addr 52:51:f1:ef:54:d3
                    type managed
                    txpower 20.00 dBm
    phy#0
            Interface wlan0
                    ifindex 3
                    wdev 0x1
                    addr a0:88:b4:7f:9d:2c
                    ssid HOTBOX 4-DFD0-5GHz
                    type managed
                    channel 52 (5260 MHz), width: 40 MHz, center1: 5270 MHz
                    txpower 15.00 dBm

     

     

    • Alex says:

      Hello! If the Wi-Fi adapter does not support TX power more than allowed 20 dBm, as in your case it happened with wlan0, which even with allowed 20 dBm has txpower 15.00 dBm, then the device will not have TX power more than its capabilities.

      That is, in your case for wlan0, this should not have worked.

      As for the other two wireless adapters, I can't say anything definite. Try unplug and plug them.

      Did you pay attention to possible errors during script execution? Maybe for some reason it didn't work.

      I have 4 Wi-Fi adapters based on Realtek, Atheros, Intel chipsets, they all show increased power in the range of 22-36 dBm.

      You can do the following:

      1. Run the script again and pay attention to possible errors. Please clean the folder of downloaded files first.

      2. Check the values that the command outputs

      iw reg get

      3. Try restarting your computer – increased TX power values are not always stable and may drop to standard values for no apparent reason

  2. turbonalesnik says:

    Hi!

    I tried and it really works, but Tx goes back to 20 dbm as soon as I enter monitor mode… Any soluntions?

    Thanx 🙂

  3. Nannino says:

    Hi

    it only worked in the beginning, and only in STATION mode, but not anymore.

    Can you explain why the old guide no longer works on Kali ?

    It still works perfectly on Xubuntu.

    Thanx

    • Alex says:

      it only worked in the beginning, and only in STATION mode, but not anymore.

      You can see from the screenshot in this comment that this is not true.

      The problem with the previous guide is that the crda package has been removed from the Kali Linux repositories and I was unable to compile crda due to errors.

      The guide, under which I am now writing a comment, shows what patches to apply to crda so that this package can be compiled. Therefore, the old instruction can be brought back to life.

  4. anonim says:

    its possible to make this but in live Kali from USB ?

  5. Anonymous says:

    hello alex
    What kali version are you using it on?

  6. paul says:

    hello Alex my wifi card is a AW1900 Alfa network you see my ouput iw reg get..99 ???

  7. kirk says:

    PLEASE HELP IVE TRIED TRIED AND TRIED NEVER SEEM TO GET A POSITIVE RESPONSE, EVEN REINSTALLED LASTEST KALI:

    THIS IS WHAT IM GETTING, BY THE WAY IM BASED ON GREAT BRITAIN

    (root㉿kali)-[~]
    └─# bash wireless-regdb-pentest.sh
    Hit:1 http://kali.download/kali kali-rolling InRelease
    Reading package lists… Done
    Building dependency tree… Done
    Reading state information… Done
    585 packages can be upgraded. Run 'apt list --upgradable' to see them.
    Reading package lists… Done
    Building dependency tree… Done
    Reading state information… Done
    libgcrypt20-dev is already the newest version (1.10.1-2).
    libnl-3-dev is already the newest version (3.7.0-0.2+b1).
    libnl-genl-3-dev is already the newest version (3.7.0-0.2+b1).
    libssl-dev is already the newest version (3.0.5-2).
    pkg-config is already the newest version (0.29.2-1).
    python3-m2crypto is already the newest version (0.38.0-3+b1).
    python3-pycryptodome is already the newest version (3.11.0+dfsg1-3+b1).
    The following packages were automatically installed and are no longer required:
      libatk1.0-data libbroker2 libcaf-core0.17 libcaf-io0.17
      libcaf-openssl0.17 libgoogle-perftools4 libhttp-server-simple-perl
      libjs-terser libpath-tiny-perl libtcmalloc-minimal4 libwacom-bin
      node-source-map node-terser python3-dataclasses-json python3-flask-restx
      python3-limiter python3-mypy-extensions python3-responses python3-spyse
      python3-token-bucket python3-typing-inspect python3.9 python3.9-minimal
      ruby2.7-dev ruby2.7-doc zeek-common
    Use 'sudo apt autoremove' to remove them.
    0 upgraded, 0 newly installed, 0 to remove and 585 not upgraded.
    --2022-10-06 12:23:07--  https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/crda.git/snapshot/crda-4.14.tar.gz
    Resolving git.kernel.org (git.kernel.org)… 2604:1380:4601:e00::1, 145.40.68.75
    Connecting to git.kernel.org (git.kernel.org)|2604:1380:4601:e00::1|:443… connected.
    HTTP request sent, awaiting response… 200 OK
    Length: unspecified [application/x-gzip]
    Saving to: ‘crda-4.14.tar.gz.5’

    crda-4.14.tar.gz.5      [ <=>             ]  71.05K  --.-KB/s    in 0.04s   

    2022-10-06 12:23:07 (1.74 MB/s) - ‘crda-4.14.tar.gz.5’ saved [72753]

    --2022-10-06 12:23:07--  https://www.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2020.04.29.tar.xz
    Resolving http://www.kernel.org (www.kernel.org)… 2604:1380:4601:e00::1, 145.40.68.75
    Connecting to http://www.kernel.org (www.kernel.org)|2604:1380:4601:e00::1|:443… connected.
    HTTP request sent, awaiting response… 301 Moved Permanently
    Location: https://mirrors.edge.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2020.04.29.tar.xz [following]
    --2022-10-06 12:23:07--  https://mirrors.edge.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2020.04.29.tar.xz
    Resolving mirrors.edge.kernel.org (mirrors.edge.kernel.org)… 2604:1380:4601:e00::3, 147.75.80.249
    Connecting to mirrors.edge.kernel.org (mirrors.edge.kernel.org)|2604:1380:4601:e00::3|:443… connected.
    HTTP request sent, awaiting response… 200 OK
    Length: 24552 (24K) [application/x-xz]
    Saving to: ‘wireless-regdb-2020.04.29.tar.xz.5’

    wireless-regdb-2020 100%[================>]  23.98K  --.-KB/s    in 0.003s  

    2022-10-06 12:23:07 (7.86 MB/s) - ‘wireless-regdb-2020.04.29.tar.xz.5’ saved [24552/24552]

      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     100   581  100   581    0     0   3315      0 --:--:-- --:--:-- --:--:--  3320
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     100  1466  100  1466    0     0   8201      0 --:--:-- --:--:-- --:--:--  8235
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     100    48  100    48    0     0    292      0 --:--:-- --:--:-- --:--:--   294
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--       0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     100 63075  100 63075    0     0   243k      0 --:--:-- --:--:-- --:--:--  243k
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     100   126  100   126    0     0    746      0 --:--:-- --:--:-- --:--:--   750
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     100  8938  100  8938    0     0  40626      0 --:--:-- --:--:-- --:--:-- 40812
    crda-4.14/
    crda-4.14/.gitignore
    crda-4.14/CONTRIBUTING
    crda-4.14/LICENSE
    crda-4.14/Makefile
    crda-4.14/README
    crda-4.14/copyleft-next-0.3.0
    crda-4.14/crda.8
    crda-4.14/crda.c
    crda-4.14/crda.spec
    crda-4.14/db2rd.c
    crda-4.14/debian-example/
    crda-4.14/debian-example/changelog
    crda-4.14/debian-example/compat
    crda-4.14/debian-example/control
    crda-4.14/debian-example/copyright
    crda-4.14/debian-example/docs
    crda-4.14/debian-example/rules
    crda-4.14/intersect.c
    crda-4.14/nl80211.h
    crda-4.14/optimize.c
    crda-4.14/pubkeys/
    crda-4.14/pubkeys/linville.key.pub.pem
    crda-4.14/pubkeys/sforshee.key.pub.pem
    crda-4.14/regdb.h
    crda-4.14/regdbdump.8
    crda-4.14/regdbdump.c
    crda-4.14/reglib.c
    crda-4.14/reglib.h
    crda-4.14/udev/
    crda-4.14/udev/regulatory.rules
    crda-4.14/utils/
    crda-4.14/utils/key2pub.py
    patching file Makefile
    patching file Makefile
    patching file Makefile
    Hunk #1 succeeded at 115 (offset 3 lines).
    patching file utils/key2pub.py
    Removed public key, regulatory.bin, regulatory.db.5 and compressed man pages
    Generating public key for root…
    openssl rsa -in ~/.wireless-regdb-root.key.priv.pem -out root.key.pub.pem -pubout -outform PEM
    writing RSA key
    Generating certificate for root…
    ./gen-pubcert.sh ~/.wireless-regdb-root.key.priv.pem root.x509.pem
    Generating regulatory.bin digitally signed by root…
    ./db2bin.py regulatory.bin db.txt ~/.wireless-regdb-root.key.priv.pem
    sha1sum db.txt > sha1sum.txt
    Generating regulatory.db
    ./db2fw.py regulatory.db db.txt
    Signing regulatory.db (by root)…
      GEN  keys-gcrypt.c
      Trusted pubkeys: pubkeys/linville.key.pub.pem pubkeys/root.key.pub.pem pubkeys/sforshee.key.pub.pem
      CC   libreg.so
      CC   crda.o
      LD   crda
      CC   intersect.o
      LD   intersect
      CC   regdbdump.o
      LD   regdbdump
      CC   db2rd.o
      LD   db2rd
      CC   optimize.o
      LD   optimize
      CHK  ../wireless-regdb-2020.04.29/regulatory.bin
      INSTALL  libreg
      INSTALL  libreg-headers
      INSTALL  crda
      INSTALL  regdbdump
      INSTALL  85-regulatory.rules
      INSTALL  crda.8.gz
      INSTALL  regdbdump.8.gz
      INSTALL  libreg
      INSTALL  libreg-headers
      INSTALL  crda
      INSTALL  regdbdump
      INSTALL  85-regulatory.rules
      INSTALL  crda.8.gz
      INSTALL  regdbdump.8.gz
                                                                                 
    ┌──(root㉿kali)-[~]
    └─# iw dev
    phy#1
            Interface wlan1
                    ifindex 4
                    wdev 0x100000001
                    addr 5a:69:73:41:fd:b6
                    type managed
                    txpower 20.00 dBm
    phy#0
            Interface wlan0
                    ifindex 3
                    wdev 0x1
                    addr 80:00:0b:33:5b:53
                    ssid BT-TQCP32
                    type managed
                    channel 1 (2412 MHz), width: 20 MHz, center1: 2412 MHz
                    txpower 15.00 dBm
                                                                                 
    ┌──(root㉿kali)-[~]
    └─#

     

  8. Mohammed Mehdi TBER says:

    This is strange but Kali is debian not arch.

    ┌──(root㉿localhost)-[/home/mohammedmehditber/Downloads]
    └─# bash wireless-regdb-pentest.sh wireless-regdb-pentest.sh  
    wireless-regdb-pentest.sh: line 2:  : command not found
    wireless-regdb-pentest.sh: line 5:  : command not found
    wireless-regdb-pentest.sh: line 11: syntax error near unexpected token `then'
    wireless-regdb-pentest.sh: line 11: `    if [ $? -eq '0' ]; then
     

    • Alex says:

      Okay… You're one of those people who's doing it completely wrong…

      No, there is no such command in my article:

      bash wireless-regdb-pentest.sh wireless-regdb-pentest.sh

      Next, does it bother you that you get a “command not found” error for empty lines?

  9. Michael says:

    how to reset everything and get back to original tx-power ?

  10. eval says:

    ┌──(root㉿kali-raspberry-pi)-[~kali]
    └─# sudo bash wifitx.sh
    wifitx.sh: line 2:  : command not found
    wifitx.sh: line 8: syntax error near unexpected token `then'
    wifitx.sh: line 8: `    if [ $? -eq '0' ]; then'

Leave a Reply

Your email address will not be published. Required fields are marked *