User Tools

Site Tools


broadcom

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
broadcom [2007/05/03 01:24] uovobwbroadcom [2009/08/14 19:05] – use dokuwiki internal link mister_x
Line 1: Line 1:
-=======Broadcom bcm43xx =======+======= Broadcom bcm43xx ======= 
 + 
 +As of 2.6.17, a driver for the Broadcom bcm43xx wireless chipset has been included in the kernel. Older kernels can sometimes be made to work, check out resources available [[http://bcm43xx.berlios.de|here]] While this driver natively supports monitor mode, it requires patching before packet injection can be done. After testing aireplay-ng with the patches, please contribute to the [[http://forum.aircrack-ng.org/index.php?topic=281.0|forum thread]] by reporting any successes or failures there. 
 + 
 +**Note: As of 2.6.24, this driver is considered deprecated, and you might be better off using the new [[b43]] driver instead. (B43 supports the fragmentation attack, and it's much more stable than bcm43xx.)** 
 + 
 +===== Is My Card Supported? ===== 
 + 
 +Most broadcom cards are supported EXCEPT the following: 
 + 
 +  * PCI ID 14e4:4315 
 +  * Wireless-N 
 + 
 +To determine the PCI ID of your wireless device under linux, enter: 
 + 
 +  lspci -nn 
 + 
 + 
 +=====Alternate Patch===== 
 +There is a patch by SuD which dramatically improves the injection speed: 
 + 
 +    * See http://www.latinsud.com/bcm/ 
 + 
 +Also see this [[http://forum.aircrack-ng.org/index.php?topic=2845.msg18262#msg18262|thread]] for more information. 
 + 
 +Use this patch instead of the one below. 
  
-As of 2.6.17, a driver for the Broadcom bcm43xx wireless chipset has been included in the kernel. Older kernels can sometimes be made to work, check out resources available [[http://bcm43xx.berlios.de|here]] While this driver natively supports monitor mode, it requires patching before packet injection can be done. After testing aireplay-ng with the patches, please contribute to the [[http://tinyshell.be/aircrackng/forum/index.php?topic=281.0|forum thread]] by reporting any successes or failures there. 
 =====Patching the kernel===== =====Patching the kernel=====
-  * Download the bcm43xx inject_nofcs patch for the 2.6.20 kernel from [[http://tinyshell.be/aircrackng/forum/index.php?action=dlattach;topic=281.0;id=180|here]].+  * Download the [[http://www.latinsud.com/bcm/bcm43xx-injection-linux-2.6.20.patch|bcm43xx inject_nofcs patch]] for the 2.6.20 kernel.
   * Place the patch in your kernel sources directory   * Place the patch in your kernel sources directory
-  * Run 'patch -p1 bcm43xx-injection-linux-2.6.20.patch'+  * Run 'patch -p1 -i bcm43xx-injection-linux-2.6.20.patch'
-<sub>This patch may not apply directly and may require that you modify the bcm43xx_main.c (located in $linux/wireless/net/drivers/bcm43xx/ manually.</sub>+<sub>This patch may not apply directly and may require that you modify the bcm43xx_main.c (located in $linux/wireless/net/drivers/bcm43xx/ manually)</sub>
   * Recompile your modules with 'make modules' followed by 'make modules_install'.   * Recompile your modules with 'make modules' followed by 'make modules_install'.
   * The module should now be ready to use for injection.   * The module should now be ready to use for injection.
   * Remember to reload the kernel driver or reboot your system before trying to inject packets.   * Remember to reload the kernel driver or reboot your system before trying to inject packets.
-=====Patches for aircrack-ng===== + 
-Because the bcm43xx injection scheme is rather, ahem, unconventional, it is necessary to apply one of the following patches to aireplay-ng, depending on the version you are using. The patch detects a loaded bcm43xx driver, uses "bcm43xx way" to inject packets and automatically changes the packets per second rate if needed instead of crashing aireplay-ng+ 
-  [[http://tinyshell.be/aircrackng/forum/index.php?action=dlattach;topic=281.0;id=185|aircrack-ng v0.7 patch v3]]. This is for v0.7 of aircrack +=====Testing the new module===== 
-  [[http://tinyshell.be/aircrackng/forum/index.php?action=dlattach;topic=281.0;id=187|aircrack-ng v0.8 patch v3]]This is for v0.8 of aircrack+ 
 +After building and installing the new module, it is best to test that injection is working correctly.  Use the [[injection_test|injection test]] to confirm your card can inject. 
 + 
 + 
 +===== Usage Tips ===== 
 + 
 +Forum thread:  
 +[[http://forum.aircrack-ng.org/index.php?topic=2045.0|The complete how to of making bcm43xx injection work]] 
 + 
 +Forum thread:  
 +[[http://forum.aircrack-ng.org/index.php?topic=2845.0|How I got the bcm43xx packet injection working in ubuntu 7.10]] 
 + 
 +This forum thread may also provide some useful information: [[http://forum.aircrack-ng.org/index.php?topic=281|Broadcom bcm43xx Injection]] 
 + 
 =====Known problems===== =====Known problems=====
 The bcm43xx has been verified to produce all attacks. However, there a few known problems. The bcm43xx has been verified to produce all attacks. However, there a few known problems.
Line 22: Line 61:
   * syslog shows a lot of failed assertions (!ring->suspended).   * syslog shows a lot of failed assertions (!ring->suspended).
 <sub>ASSERTION FAILED (!ring->suspended) at: drivers/net/wireless/bcm43xx/bcm43xx_dma.c:71:request_slot(). Again, a problem with DMA. Aireplay tries to write a packet, the driver wants a free DMA slot for that and can't because the DMA slots were all taken (the driver blocks all dma requests then).</sub> <sub>ASSERTION FAILED (!ring->suspended) at: drivers/net/wireless/bcm43xx/bcm43xx_dma.c:71:request_slot(). Again, a problem with DMA. Aireplay tries to write a packet, the driver wants a free DMA slot for that and can't because the DMA slots were all taken (the driver blocks all dma requests then).</sub>
 +
 +All these problems should be mitigated or fixed with the new patch!
 +
 +
 +=====Troubleshooting Tips=====
 +
 +
 +==== Confirm you are running the new module ====
 +
 +First, double check that you are in fact running the new module:
 +
 +   modinfo bcm43xx
 +
 +It will give you the fully qualified file name.  Do "ls -l <fully qualified file name>" and confirm it has the date/time of when you compiled and installed the new module.  If it does not match, then you are not running the patched module.  This would, of course, need to be fixed.
 +
 +This thread has a number of potential fixes to problems you may encounter: [[http://forum.aircrack-ng.org/index.php?topic=281|Broadcom bcm43xx Injection]]
 +
 +
 +
 +==== Why do I get ioctl(SIOCGIFINDEX) failed ? ====
 +
 +If you get error messages similar to:
 +
 +  * Error message: "SIOCSIFFLAGS : No such file or directory"
 +  * Error message: "ioctl(SIOCGIFINDEX) failed: No such device"
 +
 +Then [[faq#why_do_i_get_ioctl_siocgifindex_failedno_such_device|See this FAQ entry]].
 +
 +
 +
 +
broadcom.txt · Last modified: 2017/01/09 21:27 by mister_x