> ath/hal: > dma_beacon_response_time swba_backoff sw_beacon_response_time I'm not familiar with the exploit, but I am familiar with madwifing. Have you tried creating the ath1 VAP device? wlanconfig should be able to accomplish that for you. good luck, tim