How to Set Your Wi-Fi Card's TX Power Higher Than 30 dBm

Do you have an Alfa AWUS036NH Wi-Fi adapter that claims it can go to 2000 mWs, or some card that can supposedly transmit power over 1000 mW? If so, you may have run into problems setting your card's TXPOWER higher than 30 dBm, which is about 1000 mW. Well, I will show you how to break that barrier and go as high as you want!

WARNING

Removing all restrictions is illegal in the United States. This tutorial is only for educational reasons, and if you choose to apply it and break the law, then that is your choice and not mine. Please be careful putting this into action.

Changing Your Wi-Fi Card's TX Power

A while ago, OccupyTheWeb posted an article on how to create an evil twin. In this article, OTW pointed out one use for increasing the TXPOWER, such that we can overwhelm local APs so that a user may connect to our AP instead of the authentic AP. OTW showed you how to set your TXPOWER all the way to 30 dBm, or 1 full watt, or 1000 mW.

I'm going to quickly review the commands to do so:

• iw reg set BO
• iwconfig wlan0 txpower 30

If you try to go over 30, though, you will get an error.

What happens is that the iw reg set command reads the regulatory database for the country that you specified (BO) and comes back with the rules for that country. In Bolivia, the rules are that you can set your txpower to 30 dBm and no more, but if we were to change those rules, we could change how much we can increase it to.

So without further delay, let's get into how to change that!

NOTE: KALI users have to do it just a tad bit differently. Go to Step 7 to learn what the differences are. The differences occur in Steps 4 through 6.

Step 1: Install Packages

For this to work, we need to install a couple packages first, and those packages are as follows:

• python-m2crypto
• libgcrypt11
• libgcrypt11-dev
• libnl-dev

So, let's make sure those are installed:

• apt-get install python-m2crypto libgcrypt11 libgcrypt11-dev libnl-dev

As you can see, mine were already installed. Yours, however, may not be.

Step 2: The Files

Now we need to download the CRDA files and the wireless regulatory database files. We can download those from here:

• CRDA
• Wireless-regdb

DOWNLOAD THE LATEST VERSIONS

When downloading CRDA, you probably will only have one choice of the latest version, but when downloading the wireless-regdb, you will see they have different extensions: .bz2, .gz, .sign, and .xz. You want the .bz2 version for this tutorial.

At the time this tutorial was made, the latest version for each is as follows:

• CRDA-1.1.3.tar.bz2
• wireless-regdb-2013.10.11.tar.bz2

Now navigate to where you downloaded those files and lets unzip them. I put the two files on my desktop. Once you are in the directory of the files, unzip them like so:

• tar xvjf {full name of your file}

And you'll do that for each file.

Previous SlideNext Slide

You should now have two new folders in the directory that you had them in.

Step 3: I Make My Own Rules

Now here is the interesting part. This is where we actually get to change the regulations. Change your directory to the wireless-regdb folder, and in there you will find a file called db.txt. This is the file we will edit. Let's take a quick look at it.

• more db.txt

Now let's take a look at a few things here. Look at what I underlined above. First, let's notice the first entry, country 00, which is the world regulatory domain and this is applied before all else. So when you turn on your BackTrack system, the world domain is applied to you first and then you can change regulatory domains from there to other countries like country AM.

The second thing I underlined, which can go a max of 20 dBm, the third thing I underlined, on the 2.4ghz band. If you wanna change how high you can go, that is the number you want to change.

For example, let's change Bolivia's rules.

• nano db.txt

Scroll down until you find country BO.

Look at what I highlighted. This is the number we want to change.

If your card can go up to 2000 mW, then you would change that number to 33, which stands for 33 dBm, which is approximately 2000 mW. The number you are replacing is in decibels, so you choose how much you want. There is no limit computer-wise, but be careful, the stronger the transmission power, the more dangerous it can get for your health. Don't have the antenna in your mouth while transmitting at 2 watts or you may get cancer.

UPDATE: Some wireless cards like the AWUS036NHA may be stuck in a country and cannot be changed from that country. In that case, Find out which country your card believes it is in and change that country's configurations.

QUICK DECIBEL UNDERSTANDING:

Every 10 decibels is a 10X increase in power starting from 1 dBm equal to 1mW... 10 dBm equals 10 mW, 20 dBm equals 100 mW, 30 dBm equals 1000 mW, and so on. Every 3 decibels is approximately double that of the prior power, so 30 dBm is 1000 mW, if we add 3 dBm, then we can double the power such that 33 dBm is about equal to 2000 mW.

Notice now I changed the number to 33. When we are finished here, when I change my regulatory domain to BO, i can set my txpower to 33.

Now save the changes when you are done by pressing first, Ctrl+X, then Y, and finally, Enter.

Step 4: Swap

Now we need to swap our old regulatory file with our new one. While still in the wireless-regdb directory, just enter the command make.

• make

You'll notice you have some new files now in that directory. This is good.

Our regulatory.bin file in this directory now needs to be replaced with the old one.

First navigate to the authentic regulatory.db's location.

• cd /usr/lib/crda

And let's also make a backup of the old one just in case.

• mv regulatory.bin regulatoryOLD.bin

Now let's bring in the new one. Go back to your directory of our new regulatory.bin and let's copy it over and verify it's there.

• cd {path to your new regulatory.bin}
• cp regulatory.bin /usr/lib/crda/regulatory.bin
• cd /usr/lib/crda
• ls

And see my new regulatory.bin in there with the old one.

Step 5: Validating

Now we have our new regulatory.db, but it is not valid yet. Go back to the wireless-regdb directory and you'll notice you have some files with an extension of .pem. Copy ANY and ALL files ending with a .pem into your downloaded crda directory in pubkeys. These are the files that crda will use to check if regulatory.bin is valid.

• cd ~/Desktop/wireless-regdb-2013.10.11
• cp root.key.pub.pem ~/Desktop/crda-1.1.3/pubkeys/root.key.pub.pem
• cp linville.key.pub.pem ~/Desktop/crda-1.1.3/pubkeys/linville.key.pub.pem

And verify:

• cd ~/Desktop/crda-1.1.3/pubkeys
• ls

Looks good! We have just one more step now.

Step 6: The Final Step

Now go up a directory from where you are back to the downloaded crda directory and install this puppy. On BackTrack, I ran into a problem just doing straight up make install, so you should make first.

• cd ..
• make
• make install

If all goes correctly, your screen should look just like mine. Now just reboot your computer, change your regulatory domain to BO, and turn that puppy up!

After reboot:

• iw reg set BO
• iwconfig wlan0 txpower 33

If you try txpower at 33 without changing the domain, you get an error, but once you change your regulatory domain you are good to go!

And that's all you need to know on BackTrack!

Step 7: KALI Users

This fix will actually work for ANY Linux distribution, so long as you are smart and know how to adapt to different systems.

First off, make sure you are completely updated.

• apt-get update
• apt-get upgrade

And then you can do Step 1, if you have any problems.

Step 8: Changes

So once you get to Step 4, Kali users will come to a problem. Kali users do not have the usr directory. INSTEAD, the old regulatory bin is located in /lib/crda. If you are a Kali user, then the commands for Step 4 will change as follows:

• make
• cd /lib/crda
• mv regulatory.bin regulatoryOLD.bin
• cd {path to your new regulatory.bin}
• cp regulatory.bin lib/crda/regulatory.bin
• cd lib/crda
• ls

Step 9: Changes

Step 5 just has one little added step.

You, Kali user, have one extra .pem file hiding in the original directory. I'm actually not too sure if this is necessary, but we're gonna cover our bases just in case. Navigate to /lib/crda/pubkeys and copy the benh@debian.org.key.pub.pem, as well into your downloaded crda directory, ALONG WITH the other .pem files from the wireless-regdb directory.

Added step:

• cd /lib/crda/pubkeys
• cp benh@debian.org.key.pub.pem ~/Desktop/crda-1.1.3/pubkeys/benh@debian.org.key.pub.pem

Step 10: Changes

This step is more complicated for you, Kali user. You need to open and edit the Makefile inside the downloaded crda directory.

• nano Makefile

Look at the 3rd line in the make file. Do you see how it says

REG_BIN?=/usr/lib/crda/regulatory.bin, remember how I said that Kali does not have a /usr directory? Well, all you have to do is change that line to:

• REG_BIN?=/lib/crda/regulatory.bin

And now you can continue like normal. Just have to do make and make install like normal in Step 6 and that's it!

HOORAY! It's Finally Finished!

WHEW!!! That was a long tutorial, eh? Well it was for me. Fortunately, you are now able to set your WiFi card to as high as you want! Now you can easily overwhelm any local AP even more! Or, you could maybe even find other uses for it! This is just a prelude, though, as I have another tutorial on the way that ties into overwhelming other APs.

This was my first tutorial, though! Did you like it? Was I clear enough? Any questions? Please comment and give feedback or ask questions!