-
Notifications
You must be signed in to change notification settings - Fork 449
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't capture packets with bad checksum #200
Comments
passing the fcsfail option is not supported. you can, however, patch the
firmware to activate the collection of frames with wrong checksum:
https://github.com/seemoo-lab/nexmon/blob/master/patches/bcm4339/6_37_34_43/nexmon/src/monitormode.c#L210
…On Wed, Mar 28, 2018 at 11:31 PM, baharxy ***@***.***> wrote:
Hi, I am using the nexmon firmware on a RPI 3, and looking to do some
debugging on packets with bad checksums that I intentionally inject to the
network.
I can capture packets with bad check sums on other wifi chipsets and linux
machines by executing "iw phy $phy_name interface add mon0 type monitor
flags fcsfail". However after using the same command on the RPI 3 with the
nexmon patch, I don't see any packets with the bad checksums.
Could you please let me know if there is anything that I am missing?
Thanks.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#200>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/ALP_7lgYqK7WaeqY37Z2j05QKQ69KSy0ks5tjAE5gaJpZM4S_Zfx>
.
--
Matthias Schulz
Secure Mobile Networking Lab - SEEMOO
Email: matthias.schulz@seemoo.tu-darmstadt.de
Web: http://www.seemoo.de/mschulz
Phone (new): +49 6151 16-25478 Fax: +49 6151 16-25471
Department of Computer Science
Center for Advanced Security Research Darmstadt
Technische Universität Darmstadt
Mornewegstr. 32 (Office 4.2.10, Building S4/14)
D-64293 Darmstadt, Germany
|
I already built the patch [that has the MONITOR_ACTIVATE_BADFCS set to (1 << 5), in monitormode.h ] for RPI3, I assume that already should have been activated the collection of frames with wrong checksum , hasn't it? |
Looks like that wlc_mctrl_hook is missing from the monitormode.c source code for bcm43430a1 (RPI 3) patches. Do you happen to know if there is any specific reason for this? Thanks. |
The key part missing from For example when applying |
You need to reverse engineere the firmware binary to find the correct
address. flash_patch_179 is just the name for the BLPatch. The location in
rom/flash was already patched before as you can see in the flashpatches.c
file in the firmware's subdirectory.
…On Fri, Mar 30, 2018 at 12:17 AM, pm-89 ***@***.***> wrote:
The key part missing from monitormode.c in RPI-3 (*BCM43430a1* ) [by
comparing versus Nexus 5 (*BCM4339*)] is:
__attribute__((at(?????, ...))) BLPatch(????, wlc_mctrl_hook);
Is there anyway to know what should be the address and the original
function name (first argument to BLPatch)?
For example when applying BLPatch on wl_monitor_hook in here
<https://github.com/seemoo-lab/nexmon/blob/eb8432ec15b0889e803b56a3a33760609eb016b3/patches/bcm43430a1/7_45_41_46/nexmon/src/monitormode.c#L112>
.
where is flash_patch_179 is coming from?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#200 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ALP_7mmtOrVtAD4s-IEvs4IX6aJXyWksks5tjV2RgaJpZM4S_Zfx>
.
--
Matthias Schulz
Secure Mobile Networking Lab - SEEMOO
Email: matthias.schulz@seemoo.tu-darmstadt.de
Web: http://www.seemoo.de/mschulz
Phone (new): +49 6151 16-25478 Fax: +49 6151 16-25471
Department of Computer Science
Center for Advanced Security Research Darmstadt
Technische Universität Darmstadt
Mornewegstr. 32 (Office 4.2.10, Building S4/14)
D-64293 Darmstadt, Germany
|
Hi, I am using the nexmon firmware on a RPI 3, and looking to do some debugging on packets with bad checksums that I intentionally inject to the network.
I can capture packets with bad check sums on other wifi chipsets and linux machines by executing "iw phy $phy_name interface add mon0 type monitor flags fcsfail". However after using the same command on the RPI 3 with the nexmon patch, I don't see any packets with the bad checksums.
Could you please let me know if there is anything that I am missing?
Thanks.
The text was updated successfully, but these errors were encountered: