User Tools

Site Tools


This is an old revision of the document!

Broadcom bcm43xx


As of 2.6.17, a driver for the Broadcom bcm43xx wireless chipset has been included in the kernel. Older kernels can sometimes be made to work, check out resources available here While this driver natively supports monitor mode, it requires patching before packet injection can be done.

Download the bcm43xx inject_nofcs patch for the 2.6.17 kernel from here. To apply this to your kernel dirver, place the patch in your kernel sources directory, and run 'patch -p3 <bcm43xx.patch'. This patch may not apply directly and may require that you modify the bcm43xx_main.c manually. Then, recompile your modules with 'make modules' followed by 'make modules_install'. The module should now be ready to use for injection.

Because the bcm43xx injection scheme is rather, ahem, unconventional, it is necessary to apply one or more of the following patches to aireplay-ng.


  • First patch, detects and uses a bcm43xx device. Crashes aireplay-ng after a certain number of packets have been injected (link dead).
  • Ignore memory error. A workaround for the above problem.
  • A different workaround (do not attempt to use this patch with other cards) (link does not exist).

The bcm43xx has been verified to produce successful deauths and fakeauths, but other attacks await confirmation. Please contribute to the forum thread by reporting any successes or failures there.

broadcom.1170616562.txt.gz · Last modified: 2007/02/04 20:16 by mister_x