Broadcom bcm4313 wl not work for mon/inject

[strcpy]

After 5 hours of search>try>config>fail>clean , I feel lost!

Problem:
BCM4313 802.11b/g LP-PHY [14e4:4727] chip is picked up by "wl" driver by default. it works well for normal usage, but rfmon/injection is NOT possible with this driver on this chipset.

Possible solution could be using b43 driver module instead, which I tried almost any trick/method on internet for that. b43 successfully loads, but it`s not picking up the chip and so no interface. no result with iwconfig , and no luck with trying aliases.

What I've tried with no success:
-Modifying module blacklists, trying to keep wl from loading
-completely removing wl, and installing b43 revisions.
-based on broadcom & linux kernel docs, broadcom-wl-4.178.10.4 should work, but it does not.
-no success even with broadcom-wl-4.150.10.5
-No success with recompiling broadcom driver from scratch and inserting module.
-No success on trying above tests on a clean Ubuntu Maveric (10.10)
-No success on multiple recent kernel versions
-No success on using pre-compiled ubuntu driverts for installed kernels
-- firmware-b43-lpphy-installer from ubuntu repository seems to be the one, but prior installation it checks the chip version and stop if it`s anything but bcm4312. 4313 is also a LP PHY chip, but is not supported by this package.

**I've another bcm4312 card that works flawlessly in both backtrack and clean Maveric, as it`s picked up by b43 driver, NOT damned wl .

&-} any comments are welcome... !

[macphail]

i did some sniffing around on this.
it looks like 'wl' or 'ndiswrapper' are your only options for the 4313 right now, but you can forget about monitor mode altogether with those....

broadcom is the suck and that is no surprise.
sorry man.

[Snayler]

i did some sniffing around on this.
it looks like 'wl' or 'ndiswrapper' are your only options for the 4313 right now, but you can forget about monitor mode altogether with those....

broadcom is the suck and that is no surprise.
sorry man.

BUT, they may be supported in the future, since broadcom released the source code of their drivers. Like people say in my country, "hope is the last one to die". Just keep yourself informed.

[skull2006]

you can try this :
https://help.ubuntu.com/community/Wi...iDocs%2FDevice)

[xytrix]

I have this same card "Broadcom Corporation BCM4313 802.11b/g LP-PHY [14e4:4727] (rev 01)" on my laptop, and was able to get it working under Ubuntu 10.10 using an early version of the brcm80211 driver (see brcm80211 - Linux Wireless).

Primarily I folllowed the advice of "foutrelis" on another forum (https://bbs.archlinux.org/viewtopic.php?pid=849519).

I spent close to an hour shortly after it was added to the staging-next branch and managed to compile it against 2.6.35.4 (not sure about the .4 part however). Unfortunately, it wasn't especially stable and got some kernel oops on suspend. After that, I went back to using the wl module.

Recent changes don't look like they could have improved the stability of the driver by much, so I'd advise against using it for now.

With the above said, if you're feeling adventurous you can build the driver as follows:
0. Make sure you have the `base-devel' group installed, along with `kernel26-headers' (preferably version 2.6.35.6-2 as 2.6.35.6-1 had some issues) and `linux-firmware' 20100911-1 (the one in [core] doesn't contain the firmware files for brcm80211 AFAIK).
1. Grab just the brcm80211 directory from the staging-next branch by clicking the `snapshot' link on this page (git.kernel.org - linux/kernel/git/gregkh/staging-next-2.6.git/tree - drivers/staging/brcm80211/).
2. Extract the compressed tarball and then open a terminal inside the staging-next-2.6-x directory that gets created.
3. Change the Makefile a little by running `curl -s http://ompldr.org/vNW82NA/Makefile.patch | patch -Np0'. After that, run `make'.
4. Now, you should have the compiled module `brcm80211.ko' in the current directory, which you can copy into `/lib/modules/2.6.35-ARCH/updates/'. (Create the updates directory if it doesn't exist.)

I didn't test the above steps thoroughly and I'm not certain this is the correct way to build the driver. However, I believe it'll get you a working kernel module.

To sum that up for Ubuntu, I did:

1) download the brcm80211 driver from git (see above)
2) download the kernel headers:
[sudo apt-get install kernel-package]
3) extract the drivers and fix the makefile to remove the if-statement and replace the old paths to reflect your new folder structure (the above Makefile.patch didn't work for me, $PWD was giving random build errors until I replaced it with the full driver source directory)
4) build the driver
[sudo make]
5) install the driver, making sure mac80211 is running first or you'll get errors
[sudo modprobe mac80211 && sudo insmod brcm80211.ko]

Hopefully that works.

[strcpy]

Finally I found a way to get it work, for my chipset. ( bcm4313 ).
I've used hints from below instruction :
[all variants] New brcm80211 driver guide for Broadcom wireless cards - Ubuntu Forums

Came here to mark the thread as solved, and noticed about xytrix mentioning same BRCM80211.

Thank you xytrix anyway for replaying.

I confirm that both RFMON and injection is working smoothly,
BUT
I've a wired problem here, automatic channel hopping not working with airodump.
going to play with it and update here.

[Lupius]

The brcm80211 driver is currently incomplete, so if you try to run airodump/aireplay you'll see that it's stuck in channel -1.
If you look into one of the source code files, the switch handler for monitor mode is left blank. I tried adapting the code from channel-negative-one-maxim.patch (works with compat driver) into the source code and recompiled it, but it didn't help. You're welcome to try it too.
I've been working on this issue on and off for about two months now. It seems like I just have to wait for brcm80211 to get better as time goes on.

[strcpy]

The brcm80211 driver is currently incomplete, so if you try to run airodump/aireplay you'll see that it's stuck in channel -1.
If you look into one of the source code files, the switch handler for monitor mode is left blank. I tried adapting the code from channel-negative-one-maxim.patch (works with compat driver) into the source code and recompiled it, but it didn't help. You're welcome to try it too.
I've been working on this issue on and off for about two months now. It seems like I just have to wait for brcm80211 to get better as time goes on.

Here it`s working smoothly , and channel hopping seems ok. I don`t remember which git revision I'm running on, but compare the date of my previous announcement post with git repository. Maybe you were running older code base than me?

Airodump to be specific, switch channels and detect traffic as expected,
But it`s not the case for me in Aireplay , and I guess it was cus of unpatched kernel code I was running on , not the brcm80211 itself?
I cant recall if current brcm80211 supports injection nor if aireplay attacks promised to work on this driver.

Hope other people get their hands dirty too, and report their test results here.

[Lupius]

Confirmed.

The latest build of the brcm80211 driver no longer has the channel -1 bug. Hooray!

Scratch that. After some testing, I found that the new drivers only made "Fixed channel: -1" disappear in airmon-ng. The bug is still present in aireplay-ng: "mon0 is on channel -1, but hte AP uses channel 5"

Update:

Been working at it all night. I fixed the channel -1 problem after downloading the latest compat source files and applying Maxim's patch, then recompiling the whole thing. Now I'm simply left with the problem of not being able to capture data packets. My airmon-ng shows 0 under the #Data column for all APs all the time. My aireplay-ng attacks can all be run, but they get stuck on forever reading packets...

[strcpy]

Been working at it all night. I fixed the channel -1 problem after downloading the latest compat source files and applying Maxim's patch, then recompiling the whole thing.

More comments on this,please? Didn`t get you witch patch you're mentioning.
Same problem with aireplay annoyed me before.

Note & to entire thread :
I've recompiled and installed a fresh brcm80211 git today (13 dec) and card
performance and sensitivity (better probe and detection of networks) seems have
been improved.

Updated:
Ok, Seems now I`m stuck in situation where Lupius is at. No data-packets in RFMON.
Just in case others have problem making their environment work, here`s quick comment on how to make
things work, till this stage

1-Get latest brcm80211 driver from git. No need to use git client and get entire repository. you can get just brcm80211 snapshot by visiting http://2.gp/c4nb and get only the latest brcm80211 snapshot.

2-Apply changes to Makefile in snapshot, as mentioned here http://2.gp/c4ne and follow other steps described there for building and loading brcm80211 . After this, your card will be able to pass RFMON and injection test. but the annoying "-1" channel in aireplay-ng is still there.

3-Get latest compat-wireless driver from http://2.gp/c4nf

4-Apply http://patches.aircrack-ng.org/chann...ne-maxim.patch to compat-wireless , build and install patched drivers. This will fix the "-1" channel bug, and aireplay-ng will now be able to work as expected.

5-At this stage, everything seems ok but as mentioned, in RFMON mode, brcm80211 is NOT getting data packets and just process beacons. Now wait for this bug to be fixed too, and read updates here, OR the better choice is to keep working on this issue, find the solution, and report back here