An easy way to increase TX Power for Wi-Fi in Kali Linux and BlackArch
How to increase txpower to 36.00 dBm
The article “How to increase TX-Power of Wi-Fi adapters in Kali Linux” discusses the theory and different approaches to increasing the TX Power to 30.00 dBm and removing restrictions on the use of blocked Wi-Fi channels. The article is quite long and some points are already outdated. Nevertheless, it is recommended for review, as it addresses such questions as: 1) why it is needed at all; 2) how to increase power by changing the region; 3) why txpower of some Wi-Fi adapters does not rise above a certain value.
A long time ago, for users of Arch Linux and BlackArch, a person with the nickname muhviehstarr (Timo Sarawinski) created the wireless-regdb-pentest package in the AUR, which is a Central Regulatory Domain Database with txpower/channels values modified for pentesters.
I took the recipes from the PKGBUILD file of the wireless-regdb-pentest package and rewrote them into Bash commands suitable for running on Kali Linux.
I also used a patch (https://github.com/buildroot/buildroot/tree/master/package/crda) and added a few commands to make the tools compatible with Python 3.
How to Boost TX Power for Wi-Fi in Kali Linux
Create the wireless-regdb-pentest.sh file:
gedit wireless-regdb-pentest.sh
And copy the following into it:
#!/bin/bash # all thanks to this awesome guy! => https://aur.archlinux.org/packages/wireless-regdb-pentest/ # thanks to them too https://github.com/buildroot/buildroot/tree/master/package/crda which pacman > /dev/null 2>&1 if [[ $? -eq '0' ]]; then sudo pacman -Sy iw libgcrypt libnl sh systemd python-attrs python-m2crypto python-pycryptodomex --needed --noconfirm else which apt > /dev/null 2>&1 if [ $? -eq '0' ]; then sudo apt update sudo apt -y install python3-m2crypto libssl-dev libnl-3-dev pkg-config libgcrypt20-dev python3-pycryptodome libnl-genl-3-dev else echo 'Man, I am really lost...' exit 1; fi fi wget 'https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/crda.git/snapshot/crda-4.14.tar.gz' wget 'https://www.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2020.04.29.tar.xz' curl 'https://aur.archlinux.org/cgit/aur.git/plain/0001-Makefile-Don-t-run-ldconfig.patch?h=wireless-regdb-pentest' > 0001-Makefile-Don-t-run-ldconfig.patch curl 'https://aur.archlinux.org/cgit/aur.git/plain/0001-Makefile-Link-libreg.so-against-the-crypto-library.patch?h=wireless-regdb-pentest' > 0001-Makefile-Link-libreg.so-against-the-crypto-library.patch curl 'https://aur.archlinux.org/cgit/aur.git/plain/crda.conf.d?h=wireless-regdb-pentest' > crda.conf.d curl 'https://aur.archlinux.org/cgit/aur.git/plain/db.txt?h=wireless-regdb-pentest' > db.txt curl 'https://aur.archlinux.org/cgit/aur.git/plain/set-wireless-regdom?h=wireless-regdb-pentest' > set-wireless-regdom curl https://raw.githubusercontent.com/buildroot/buildroot/master/package/crda/0001-crda-support-python-3-in-utils-key2pub.py.patch > 0001-crda-support-python-3-in-utils-key2pub.py.patch tar xf wireless-regdb-2020.04.29.tar.xz tar xvzf crda-4.14.tar.gz cd crda-4.14 patch -p1 -i ../0001-Makefile-Link-libreg.so-against-the-crypto-library.patch patch -p1 -i ../0001-Makefile-Don-t-run-ldconfig.patch patch -p1 -i ../0001-crda-support-python-3-in-utils-key2pub.py.patch sed -i 's/#!\/usr\/bin\/env python/#!\/usr\/bin\/env python3/' ./utils/key2pub.py cp ../db.txt ../wireless-regdb-2020.04.29/db.txt export CC=gcc export CXX=g++ cd ../wireless-regdb-2020.04.29/ make mrproper export REGDB_AUTHOR=root sed -i 's/#!\/usr\/bin\/env python/#!\/usr\/bin\/env python3/' *.py make cd ../crda-4.14 cp ../wireless-regdb-2020.04.29/root.key.pub.pem pubkeys/ sed -i 's/python utils\/key2pub.py/python3 utils\/key2pub.py/' Makefile make REG_BIN=../wireless-regdb-2020.04.29/regulatory.bin sudo install -d -m755 /usr/lib sudo mkdir -p /usr/lib/crda/pubkeys sudo make DESTDIR="" UDEV_RULE_DIR=/usr/lib/udev/rules.d/ SBINDIR=/usr/bin/ install cd ../wireless-regdb-2020.04.29/ sudo install -D -m644 ../wireless-regdb-2020.04.29/root.key.pub.pem /usr/lib/crda/pubkeys/root.key.pub.pem sudo install -D -m644 ../wireless-regdb-2020.04.29/regulatory.bin /usr/lib/crda/regulatory.bin # let’s skip this bashisms # (if LD_LIBRARY_PATH=../crda-4.14 ../crda-4.14/regdbdump /usr/lib/crda/regulatory.bin > /dev/null) && (echo "Regulatory database verification was succesful.") || (echo "Regulatory database verification failed.") sudo install -d -m755 /usr/lib/firmware sudo install -D -m644 ../wireless-regdb-2020.04.29/regulatory.db /usr/lib/firmware/regulatory.db sudo install -D -m644 ../wireless-regdb-2020.04.29/regulatory.db.p7s /usr/lib/firmware/regulatory.db.p7s sudo install -D -m644 ../wireless-regdb-2020.04.29/LICENSE /usr/share/licenses/wireless-regdb/LICENSE sudo install -D -m644 ../wireless-regdb-2020.04.29/regulatory.bin.5 /usr/share/man/man5/regulatory.bin.5 sudo install -D -m644 ../crda.conf.d /etc/conf.d/wireless-regdom # sudo su # if you type the commands, you have to be root now for dom in $(grep ^country ../wireless-regdb-2020.04.29/db.txt | cut -d' ' -f2 | sed 's|:||g'); do echo "#WIRELESS_REGDOM=\"${dom}\"" >> /etc/conf.d/wireless-regdom.tmp; done sort -u /etc/conf.d/wireless-regdom.tmp >> /etc/conf.d/wireless-regdom rm /etc/conf.d/wireless-regdom.tmp # CTRL+d sudo install -D -m644 ../wireless-regdb-2020.04.29/LICENSE "/usr/share/licenses/wireless-regdb/LICENSE" # Not sure if this is necessary since the crda package is already installed above. # But without these lines, I did not find crda in the system cd ../crda-4.14 sudo make install
Run like this:
sudo bash wireless-regdb-pentest.sh
After the script is finished, restart your computer.
Result:
You no longer need to enter any commands to increase the power of Wi-Fi adapters. But sometimes the power increases only after the second connection of the device to the computer.
How to increase TX Power for Wi-Fi in BlackArch
Obviously on Arch Linux and BlackArch it is possible to install wireless-regdb-pentest from the AUR.
But the problem is that the official Arch Linux repository no longer contains the python2-m2crypto package, which is a dependency for wireless-regdb-pentest.
BlackArch does not have this problem because the BlackArch repositories have the python2-m2crypto package saved.
That is, in BlackArch, to increase Wi-Fi power, just install pikaur, and then run the command:
pikaur -S wireless-regdb-pentest
Arch Linux users can use my script above. The Arch Linux version differs only in that it uses the pacman package manager instead of apt, otherwise the commands are identical.
After the script is finished, restart your computer.
Result:
Does boosting TX Power for Wi-Fi work at all?
I met opinions on the Internet that these figures do not affect anything. Not in the sense that they do not affect, in which I explained in the previous instruction “How to increase TX-Power of Wi-Fi adapters in Kali Linux”, but do not work at all. I already wrote that TX Power is how much the Wi-Fi adapter “screams” and, in fact, usually there is enough TX power. In my opinion, such a characteristic as sensitivity is no less important, that is, figuratively speaking, how well the Wi-Fi adapter “hears”. And this instruction does not improve the sensitivity in any way (but this can be done by installing a larger antenna, or initially you need to choose a Wi-Fi adapter with good sensitivity – it depends on the chipset).
To put it quite simply, will an increase in TX Power affect the number of successful attacks? Maybe not. I would start by replacing the antenna with a larger one (if that fits your Wi-Fi adapter).
As for the statement of one of the users that he took measurements using a USB tester and did not see any difference after increasing the TX Power, then I think that this is not true. I also took measurements with a USB tester. So, the power consumption of a Wi-Fi adapter is floating and changing too quickly to even understand anything. That is, you can take physical measurements and make sure that the TX Power has increased, but not with the help of a USB tester.
I see no reason not to trust the value of txpower in the output of iw dev.
Related articles:
- How to increase TX-Power of Wi-Fi adapters in Kali Linux (100%)
- USB Wi-Fi Adapters with monitor mode and wireless injection (100% compatible with Kali Linux) 2022 (71.7%)
- Alfa AWUS052NH – Kali Linux Compatible USB Adapter (69.3%)
- Best Kali Linux Compatible USB Wi-Fi adapters 2018 (69.3%)
- How to increase TX-Power of Wi-Fi adapters in BlackArch in 2022 (59%)
- How to connect to Windows remote desktop from Linux (RANDOM - 1.6%)
not working ..
tx power stay the same with 3 of my wifi cards
─$ iw dev 1 ⨯
phy#1
Interface wlan2
ifindex 5
wdev 0x100000001
addr ae:e3:04:cd:7a:39
type managed
txpower 20.00 dBm
phy#2
Interface wlan1
ifindex 4
wdev 0x200000001
addr 52:51:f1:ef:54:d3
type managed
txpower 20.00 dBm
phy#0
Interface wlan0
ifindex 3
wdev 0x1
addr a0:88:b4:7f:9d:2c
ssid HOTBOX 4-DFD0-5GHz
type managed
channel 52 (5260 MHz), width: 40 MHz, center1: 5270 MHz
txpower 15.00 dBm
Hello! If the Wi-Fi adapter does not support TX power more than allowed 20 dBm, as in your case it happened with wlan0, which even with allowed 20 dBm has txpower 15.00 dBm, then the device will not have TX power more than its capabilities.
That is, in your case for wlan0, this should not have worked.
As for the other two wireless adapters, I can't say anything definite. Try unplug and plug them.
Did you pay attention to possible errors during script execution? Maybe for some reason it didn't work.
I have 4 Wi-Fi adapters based on Realtek, Atheros, Intel chipsets, they all show increased power in the range of 22-36 dBm.
You can do the following:
1. Run the script again and pay attention to possible errors. Please clean the folder of downloaded files first.
2. Check the values that the command outputs
3. Try restarting your computer – increased TX power values are not always stable and may drop to standard values for no apparent reason
Hi!
I tried and it really works, but Tx goes back to 20 dbm as soon as I enter monitor mode… Any soluntions?
Thanx 🙂
Hello! Try setting the wireless adapter to monitor mode with the commands described here: https://miloserdov.org/?p=4819#monitor
Please, perform more than one test as the TX power value is not always stable.
Wow, thx for a quick reply 🙂 I'll test it for sure 🙂
Thanks, man 🙂 It started to work after couple of reboots and applying Your soluton. Cheers 🙂
Hi
it only worked in the beginning, and only in STATION mode, but not anymore.
Can you explain why the old guide no longer works on Kali ?
It still works perfectly on Xubuntu.
Thanx
You can see from the screenshot in this comment that this is not true.
The problem with the previous guide is that the crda package has been removed from the Kali Linux repositories and I was unable to compile crda due to errors.
The guide, under which I am now writing a comment, shows what patches to apply to crda so that this package can be compiled. Therefore, the old instruction can be brought back to life.
its possible to make this but in live Kali from USB ?
hello alex
What kali version are you using it on?
Hello! I always use the latest release with all the latest upgrades.
hello Alex my wifi card is a AW1900 Alfa network you see my ouput iw reg get..99 ???
PLEASE HELP IVE TRIED TRIED AND TRIED NEVER SEEM TO GET A POSITIVE RESPONSE, EVEN REINSTALLED LASTEST KALI:
THIS IS WHAT IM GETTING, BY THE WAY IM BASED ON GREAT BRITAIN
(root㉿kali)-[~]
└─# bash wireless-regdb-pentest.sh
Hit:1 http://kali.download/kali kali-rolling InRelease
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
585 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
libgcrypt20-dev is already the newest version (1.10.1-2).
libnl-3-dev is already the newest version (3.7.0-0.2+b1).
libnl-genl-3-dev is already the newest version (3.7.0-0.2+b1).
libssl-dev is already the newest version (3.0.5-2).
pkg-config is already the newest version (0.29.2-1).
python3-m2crypto is already the newest version (0.38.0-3+b1).
python3-pycryptodome is already the newest version (3.11.0+dfsg1-3+b1).
The following packages were automatically installed and are no longer required:
libatk1.0-data libbroker2 libcaf-core0.17 libcaf-io0.17
libcaf-openssl0.17 libgoogle-perftools4 libhttp-server-simple-perl
libjs-terser libpath-tiny-perl libtcmalloc-minimal4 libwacom-bin
node-source-map node-terser python3-dataclasses-json python3-flask-restx
python3-limiter python3-mypy-extensions python3-responses python3-spyse
python3-token-bucket python3-typing-inspect python3.9 python3.9-minimal
ruby2.7-dev ruby2.7-doc zeek-common
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 585 not upgraded.
--2022-10-06 12:23:07-- https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/crda.git/snapshot/crda-4.14.tar.gz
Resolving git.kernel.org (git.kernel.org)… 2604:1380:4601:e00::1, 145.40.68.75
Connecting to git.kernel.org (git.kernel.org)|2604:1380:4601:e00::1|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: unspecified [application/x-gzip]
Saving to: ‘crda-4.14.tar.gz.5’
crda-4.14.tar.gz.5 [ <=> ] 71.05K --.-KB/s in 0.04s
2022-10-06 12:23:07 (1.74 MB/s) - ‘crda-4.14.tar.gz.5’ saved [72753]
--2022-10-06 12:23:07-- https://www.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2020.04.29.tar.xz
Resolving http://www.kernel.org (www.kernel.org)… 2604:1380:4601:e00::1, 145.40.68.75
Connecting to http://www.kernel.org (www.kernel.org)|2604:1380:4601:e00::1|:443… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: https://mirrors.edge.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2020.04.29.tar.xz [following]
--2022-10-06 12:23:07-- https://mirrors.edge.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2020.04.29.tar.xz
Resolving mirrors.edge.kernel.org (mirrors.edge.kernel.org)… 2604:1380:4601:e00::3, 147.75.80.249
Connecting to mirrors.edge.kernel.org (mirrors.edge.kernel.org)|2604:1380:4601:e00::3|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 24552 (24K) [application/x-xz]
Saving to: ‘wireless-regdb-2020.04.29.tar.xz.5’
wireless-regdb-2020 100%[================>] 23.98K --.-KB/s in 0.003s
2022-10-06 12:23:07 (7.86 MB/s) - ‘wireless-regdb-2020.04.29.tar.xz.5’ saved [24552/24552]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 100 581 100 581 0 0 3315 0 --:--:-- --:--:-- --:--:-- 3320
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 100 1466 100 1466 0 0 8201 0 --:--:-- --:--:-- --:--:-- 8235
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 100 48 100 48 0 0 292 0 --:--:-- --:--:-- --:--:-- 294
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 100 63075 100 63075 0 0 243k 0 --:--:-- --:--:-- --:--:-- 243k
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 100 126 100 126 0 0 746 0 --:--:-- --:--:-- --:--:-- 750
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 100 8938 100 8938 0 0 40626 0 --:--:-- --:--:-- --:--:-- 40812
crda-4.14/
crda-4.14/.gitignore
crda-4.14/CONTRIBUTING
crda-4.14/LICENSE
crda-4.14/Makefile
crda-4.14/README
crda-4.14/copyleft-next-0.3.0
crda-4.14/crda.8
crda-4.14/crda.c
crda-4.14/crda.spec
crda-4.14/db2rd.c
crda-4.14/debian-example/
crda-4.14/debian-example/changelog
crda-4.14/debian-example/compat
crda-4.14/debian-example/control
crda-4.14/debian-example/copyright
crda-4.14/debian-example/docs
crda-4.14/debian-example/rules
crda-4.14/intersect.c
crda-4.14/nl80211.h
crda-4.14/optimize.c
crda-4.14/pubkeys/
crda-4.14/pubkeys/linville.key.pub.pem
crda-4.14/pubkeys/sforshee.key.pub.pem
crda-4.14/regdb.h
crda-4.14/regdbdump.8
crda-4.14/regdbdump.c
crda-4.14/reglib.c
crda-4.14/reglib.h
crda-4.14/udev/
crda-4.14/udev/regulatory.rules
crda-4.14/utils/
crda-4.14/utils/key2pub.py
patching file Makefile
patching file Makefile
patching file Makefile
Hunk #1 succeeded at 115 (offset 3 lines).
patching file utils/key2pub.py
Removed public key, regulatory.bin, regulatory.db.5 and compressed man pages
Generating public key for root…
openssl rsa -in ~/.wireless-regdb-root.key.priv.pem -out root.key.pub.pem -pubout -outform PEM
writing RSA key
Generating certificate for root…
./gen-pubcert.sh ~/.wireless-regdb-root.key.priv.pem root.x509.pem
Generating regulatory.bin digitally signed by root…
./db2bin.py regulatory.bin db.txt ~/.wireless-regdb-root.key.priv.pem
sha1sum db.txt > sha1sum.txt
Generating regulatory.db
./db2fw.py regulatory.db db.txt
Signing regulatory.db (by root)…
GEN keys-gcrypt.c
Trusted pubkeys: pubkeys/linville.key.pub.pem pubkeys/root.key.pub.pem pubkeys/sforshee.key.pub.pem
CC libreg.so
CC crda.o
LD crda
CC intersect.o
LD intersect
CC regdbdump.o
LD regdbdump
CC db2rd.o
LD db2rd
CC optimize.o
LD optimize
CHK ../wireless-regdb-2020.04.29/regulatory.bin
INSTALL libreg
INSTALL libreg-headers
INSTALL crda
INSTALL regdbdump
INSTALL 85-regulatory.rules
INSTALL crda.8.gz
INSTALL regdbdump.8.gz
INSTALL libreg
INSTALL libreg-headers
INSTALL crda
INSTALL regdbdump
INSTALL 85-regulatory.rules
INSTALL crda.8.gz
INSTALL regdbdump.8.gz
┌──(root㉿kali)-[~]
└─# iw dev
phy#1
Interface wlan1
ifindex 4
wdev 0x100000001
addr 5a:69:73:41:fd:b6
type managed
txpower 20.00 dBm
phy#0
Interface wlan0
ifindex 3
wdev 0x1
addr 80:00:0b:33:5b:53
ssid BT-TQCP32
type managed
channel 1 (2412 MHz), width: 20 MHz, center1: 2412 MHz
txpower 15.00 dBm
┌──(root㉿kali)-[~]
└─#
This is strange but Kali is debian not arch.
Okay… You're one of those people who's doing it completely wrong…
No, there is no such command in my article:
Next, does it bother you that you get a “command not found” error for empty lines?
It is just a glitch in my terminal. It is already correctly written.
how to reset everything and get back to original tx-power ?
┌──(root㉿kali-raspberry-pi)-[~kali]
└─# sudo bash wifitx.sh
wifitx.sh: line 2: : command not found
wifitx.sh: line 8: syntax error near unexpected token `then'
wifitx.sh: line 8: ` if [ $? -eq '0' ]; then'
Does it bother you that you get a “command not found” error for empty lines?