Differences

This shows you the differences between two versions of the page.

--- broadcom [2007/02/04 20:18] – moved outdated message mister_x
+++ broadcom [2017/01/09 21:27] (current) – Mark page as deprecated. mister_x
@@ Line 1: / Line 1: @@
-=======Broadcom bcm43xx (outdated)=======
+====== DEPRECATED ======
-As of 2.6.17, a driver for the Broadcom bcm43xx wireless chipset has been included in the kernel. Older kernels can sometimes be made to work, check out resources available [[http://bcm43xx.berlios.de|here]] While this driver natively supports monitor mode, it requires patching before packet injection can be done.
+**IMPORTANT NOTE**: This page is deprecated, updated documentation can be found [[install_drivers|here]]
-Download the bcm43xx inject_nofcs patch for the 2.6.17 kernel from [[http://tinyshell.be/aircrackng/forum/index.php?action=dlattach;topic=281.0;id=34|here]]. To apply this to your kernel dirver, place the patch in your kernel sources directory, and run 'patch -p3 <bcm43xx.patch'. This patch may not apply directly and may require that you modify the bcm43xx_main.c manually. Then, recompile your modules with 'make modules' followed by 'make modules_install'. The module should now be ready to use for injection.
+======= Broadcom bcm43xx =======
+As of 2.6.17, a driver for the Broadcom bcm43xx wireless chipset has been included in the kernel. Older kernels can sometimes be made to work, check out resources available [[http://bcm43xx.berlios.de|here]] While this driver natively supports monitor mode, it requires patching before packet injection can be done. After testing aireplay-ng with the patches, please contribute to the [[http://forum.aircrack-ng.org/index.php?topic=281.0|forum thread]] by reporting any successes or failures there.
+**Note: As of 2.6.24, this driver is considered deprecated, and you might be better off using the new [[b43]] driver instead. (B43 supports the fragmentation attack, and it's much more stable than bcm43xx.)**
+===== Is My Card Supported? =====
+Most broadcom cards are supported EXCEPT the following:
+  * PCI ID 14e4:4315
+  * Wireless-N
+To determine the PCI ID of your wireless device under linux, enter:
+  lspci -nn
+=====Alternate Patch=====
+There is a patch by SuD which dramatically improves the injection speed:
+    * See http://www.latinsud.com/bcm/
+Also see this [[http://forum.aircrack-ng.org/index.php?topic=2845.msg18262#msg18262|thread]] for more information.
+Use this patch instead of the one below.
+=====Patching the kernel=====
+  * Download the [[http://www.latinsud.com/bcm/bcm43xx-injection-linux-2.6.20.patch|bcm43xx inject_nofcs patch]] for the 2.6.20 kernel.
+  * Place the patch in your kernel sources directory
+  * Run 'patch -p1 -i bcm43xx-injection-linux-2.6.20.patch'.
+<sub>This patch may not apply directly and may require that you modify the bcm43xx_main.c (located in $linux/wireless/net/drivers/bcm43xx/ manually)</sub>
+  * Recompile your modules with 'make modules' followed by 'make modules_install'.
+  * The module should now be ready to use for injection.
+  * Remember to reload the kernel driver or reboot your system before trying to inject packets.
+=====Testing the new module=====
+After building and installing the new module, it is best to test that injection is working correctly.  Use the [[injection_test|injection test]] to confirm your card can inject.
+===== Usage Tips =====
+Forum thread:
+[[http://forum.aircrack-ng.org/index.php?topic=2045.0|The complete how to of making bcm43xx injection work]]
+Forum thread:
+[[http://forum.aircrack-ng.org/index.php?topic=2845.0|How I got the bcm43xx packet injection working in ubuntu 7.10]]
+This forum thread may also provide some useful information: [[http://forum.aircrack-ng.org/index.php?topic=281|Broadcom bcm43xx Injection]]
+=====Known problems=====
+The bcm43xx has been verified to produce all attacks. However, there a few known problems.
+  * aireplay exits with "out of memory error" / syslog shows "out of DMA slots"
+<sub>There is a problem in the bcm43xx driver when injecting packets using DMA access. I'll try to compile the mod without DMA and see what happens asap. I'll also make another patch soon that waits till the send buffer is empty before resuming after an error occurred. Now it just waits a second before resuming at a lower rate.</sub>
+  * packets per second is adjusted to around 25 pps
+<sub>Same problem as above, there is a problem with injection and DMA access.</sub>
+  * syslog shows a lot of failed assertions (!ring->suspended).
+<sub>ASSERTION FAILED (!ring->suspended) at: drivers/net/wireless/bcm43xx/bcm43xx_dma.c:71:request_slot(). Again, a problem with DMA. Aireplay tries to write a packet, the driver wants a free DMA slot for that and can't because the DMA slots were all taken (the driver blocks all dma requests then).</sub>
+All these problems should be mitigated or fixed with the new patch!
+=====Troubleshooting Tips=====
+==== Confirm you are running the new module ====
+First, double check that you are in fact running the new module:
+   modinfo bcm43xx
+It will give you the fully qualified file name.  Do "ls -l <fully qualified file name>" and confirm it has the date/time of when you compiled and installed the new module.  If it does not match, then you are not running the patched module.  This would, of course, need to be fixed.
+This thread has a number of potential fixes to problems you may encounter: [[http://forum.aircrack-ng.org/index.php?topic=281|Broadcom bcm43xx Injection]]
+==== Why do I get ioctl(SIOCGIFINDEX) failed ? ====
+If you get error messages similar to:
+  * Error message: "SIOCSIFFLAGS : No such file or directory"
+  * Error message: "ioctl(SIOCGIFINDEX) failed: No such device"
+Then [[faq#why_do_i_get_ioctl_siocgifindex_failedno_such_device|See this FAQ entry]].
-Because the bcm43xx injection scheme is rather, ahem, unconventional, it is necessary to apply one or more of the following patches to aireplay-ng.
-\\
-\\
-**Patches:**
-  * First patch, detects and uses a bcm43xx device. Crashes aireplay-ng after a certain number of packets have been injected (link dead).
-  * [[http://tinyshell.be/aircrackng/forum/index.php?action=dlattach;topic=281.0;id=98|Ignore memory error]]. A workaround for the above problem.
-  * A different workaround (do not attempt to use this patch with other cards) (link does not exist).
-\\
-The bcm43xx has been verified to produce successful deauths and fakeauths, but other attacks await confirmation. Please contribute to the [[http://tinyshell.be/aircrackng/forum/index.php?topic=281.0|forum thread]] by reporting any successes or failures there.