kimocoder / qualcomm_android_monitor_mode Goto Github PK

Good day everyone!

Yesterday I was happy to find that Qualcomm has added FRAME INJECTION capabilities.
For now it's limited to platforms: LITHIUM/BERYLLIUM but time will possibly change that as it's available for porting and so.

Regarding porting, Qualcomm have a lot of switches and hiding of feature going on, also some HW/platform/arch checks
for this feature, for now.

More information TBA in repo shortly!

con_mode doesn't exist in parameters folder (xiaomi 8)

I cannot find the driver in the kernel source.can you point me in the right direction?

Hi,guys! Thanks for this greate job!
I have run the shell

echo "4" > /sys/module/wlan/parameters/con_mode

and the tcpdump can't capture any 802.11 packets:

venus:/system/framework # iw dev
phy#0
Interface wlan0
ifindex 27
wdev 0x4
addr 6c:f7:84:XX:XX:XX
type monitor
venus:/system/framework # iw dev set channel 6
command failed: No such device (-19)
237|venus:/system/framework # iw dev wlan0 set channel 6
venus:/system/framework # tcpdump -i wlan0 -vv
tcpdump: listening on wlan0, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 262144 bytes

...
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
venus:/system/framework #

Any ideas? thanks a lot!

I have redmi note 4 but how to use don't know please help me

Whats wrong @kimocoder ?

Monitor mode is working but channel changing is very slow on the Pixel 3a XL. Also airodump says fixed channel 0 for wlan0.
I cant seem to capture a handshake with wifite or manually.
OS: Lineage 18.1
Nethunter generic (latest build)

Any help greatly appreciated.

@kimocoder Needed instructions to patch the enable_monitor_mode.patch to my driver

The "LIST_OF_DEVICES.txt" file contains the XiaoMi Redmi 5 Plus device.
It uses the prima driver, not qcacld-x.x.
In the early prima drivers used on official firmware (MIUI), there really is a file "/sys/module/wlan/parameters/con_mode". But changing it leads to a reboot.
Perhaps this will work on third-party firmware.
Are there any real Redmi 5 Plus users who were able to switch to monitoring mode?

Well @ZerBea ... This one's a happy go lucky find!
All QCACLD WiFi drivers (Android) supports monitor mode on the internal 🥇

Is there a patch file for enabling frame injection?

It's valid only for v3.0?
More confortable than use USB wifi adapter for me oneplus 3 :(.
Sorry for me bad english.

It is not working and it shows no wifi monitor mode wlan0.so i tried wlan0mon github repo...it works fine.
But,i cannot use deauth attacks.
I have custom nethunter kernel for redmi note 4 with injection patch but still not deauth any device.
Airmon-ng shows that "fixed channel wlan0: -1".
Aireplay-ng shows negative channel....so i used ignore-negative-one....
But,still not working injection deauth attcack

Realme narzo 20 pro
CPU: mediately G95

hi dear @kimocoder
my device uses bcm43455, kernel source:
https://github.com/LineageOS/android_kernel_sony_msm8994

i think your patch doesnt works for my device because there isnt /drivers/staging/qcacld-3.0/configs/default_defconfig file in my device's source.

but @ruleh writed patch for bcmdhd: https://github.com/ruleh/misc/blob/master/monitor/bcmdhd_enable_monitor.patch

can this work for my device ?
regards..

Hello,

is Oneplus 8T monitor mode supported with this method ?

Cards tested: Alfa AWUS036ACS with Rtl8811au dkms driver.

Hi i have a question any idea why my phone restarts next second after puting wifi in monitor mode msm8953 huawei nova plus

Custom Kernel Source : https://github.com/Daisy-R-sources/kernel_xiaomi_sleepy

is there any way we can patch it and get the injection to work?

Fix missing injection path

@kimocoder

Fix missing injection path …
This is the test:
root@kali:/# echo "4" > /sys/module/parameters/con_mode
bash: /sys/module/parameters/con_mode: No such file or directory
root@kali:/# echo "4" > /sys/module/wlan/parameters/con_mode
root@kali:/#

My device is listed here mi note 5 plus (vince) i am using pixel experience rom with nethunter kernel but this method doesn't work for me please help

Any news on packet injection? Does it work just recompiling the kernel with pkt_capture component enabled?

supports monitoring but not injection. Thanks for the efforts is a wonderful thing

Is there any way to turn on monitor mode on Hijacker? When I tried the commands you gave, I always had error. When I tried the command on android shell I got error "RNETLINK answers: Try again" after like 5 times of running the command it finally works but no hijacker. Please help.

According to this the QCACLD-2 driver supports packet injection, it would help if we can know what SOCs are using the QCACLD-2 driver,since the oneplus 3t is based on the sdm821 then the first soc on the list is the sdm821

Hello everyone, I have a Realme 5, I need to activate the monitor mode . Is this useful for my device?

My device is Redmi K20/mi9t
The regular version
Is this device supported
I guess it would because the pro version is already there
Plus Do I need the patch and if yes where to place it

PS. I found no place to talk to u other than issues
I Wich u reply asap
Thx in advance.

Can I patch Linux kernel version 3.10 with this? Because this is the output when I patch my kernel

`can't find file to patch at input line 14
Perhaps you should have used the -p or --strip option?
The text leading up to this was:

|From 306e2bde24167a843ac0e9db55e64a5e272c9718 Mon Sep 17 00:00:00 2001
|From: =?UTF-8?q?Christian=20Bremv=C3=A5g?= [email protected]
|Date: Thu, 26 Mar 2020 02:34:43 +0100
|Subject: [PATCH] Enable support for adapter monitor mode by default
|
|---
| drivers/staging/qcacld-3.0/configs/default_defconfig | 2 +-
| 1 file changed, 1 insertion(+), 1 deletion(-)
|
|diff --git a/drivers/staging/qcacld-3.0/configs/default_defconfig b/drivers/staging/qcacld-3.0/configs/default_defconfig
|index 8e7f42665cee..9918575a94d0 100644
|--- a/drivers/staging/qcacld-3.0/configs/default_defconfig
|+++ b/drivers/staging/qcacld-3.0/configs/default_defconfig

File to patch:
`

When I put my wifi in monitors mode using the echo command
I lose the p2p0 interface and I can't add any other interfaces
Are there any solution?

Hello!
I want to make some research to run frame injection on devices with QCACLD-3 driver (like Xiaomi Mi9T / OnePlus 7 Pro, etc). As I can see QCACLD-2-based device OnePlus 3T with LineageOS 17.1 is supporting frame injection.
I have this device too and unfortunately have no luck to run injection on it and I need some help. If someone got it working - please, tell me what steps I need to reproduce. I will be glad to any suggestions!
At this moment I have this software installed on my device:

I have started the mode by echo "4" > /sys/module/wlan/parameters/con_mode

I have checked my kernel source are patches have been done

But airmon iFace show no Moniter mode on

Running into an issue when running the wifi in monitor mode. I have a Pixel 3a chroot with the custom command as outlined and all works fine except the cell connection I am using for data backhaul complete shuts off when the wifi is in monitor mode.

Everything goes back to normal if I shutoff the monitor mode.

Any help would be appreciated.

It's work on qcacld-2.0 or on this op3t device,? .....and can someone tell me how can I port qcacld-2.0 to qcacld-3.0!
I am just going to try this in my op3t with Kali nethunter ,Android 10 (Leanage os 17.1) .....

For me when i use this script and do iwconfig it gives

MODE= Unknown/Bug

what should i do for this
Android 11 Lineage OS 18.1
Kali Nethunter: Generic arm64
kernal ver= 4.9
Please Help!

Can anyone got success on Xiaomi Redmi 5A ?Device as it is stated as being tested here but unable to get it around can anyone give me specific steps to make it working.
I am on stock ROM Oreo MIUI GLOBAL 11.0.2
Rooted and installed the latest Nethuter app

@kimocoder I just saw your tweet mentioning

WiFi injection + monitor mode on internal (QCACLD)

That sounds like big news, I am surprised we haven't heard more about it. Is there something specific about the Nord that makes that possible, or will this be able to be ported to other devices?

As far as I'm aware, right now, the only phones that have injection working on the internal wireless are the (now very old) phones supported by Nexmon... Having a modern phone capable of packet injection would be great.

The title says it all .

hello i am a newbie how to install this on my phone, i have rooted Oneplus5 with NH installed

pls give me a suggestion/kernel for poco x2

Hello everyone I have Redmi note 4X it does support monitor mode but I am having problem with packet injection can someone help me

Hi, I just discovered monitor mode on my Oneplus7T thanks to the information you provided in this repo. I was wondering if I should expect power levels to be -1/-95 in airodump or maybe I am just missing something? I am using my own home built NH kernel. Do you think this would require patching of the QCACLD driver?

On the OnePlus 6 and 7 the only signal strength that I am shown in -96dBm for all devices not matter how close.
This is only happening on OxygenOS 9.5 and 10. When the OnePlus 6 was on 9.0.9 it displayed signal strengths correctly.

Are you able to provide any advice on this or point me in the right direction to a fix?

Tested on;

Steps to replicate;

adb shell
su
ip l s wlan0 down
echo '4' > /sys/module/wlan/parameters/con_mode
ip l s wlan0 up
iw wlan0 set channel 11
tcpdump -i wlan0

Results in the following output:

15:50:39.697334 2933164239us tsft short preamble bad-fcs 12.0 Mb/s 2462 MHz -96dBm signal antenna 0 unknown 802.11 ctrl frame subtype (6)
15:50:40.293248 2980843473us tsft short preamble fragmented bad-fcs 48.0 Mb/s 2462 MHz -96dBm signal antenna 0
15:50:40.495792 2997050789us tsft short preamble fragmented bad-fcs 24.0 Mb/s 2462 MHz -96dBm signal antenna 0 Unhandled Management subtype(f)
15:50:43.158100 3210167391us tsft short preamble bad-fcs 54.0 Mb/s 2462 MHz -96dBm signal antenna 0 Request-To-Send TA:MACADDRESS (oui Unknown)
15:50:43.175615 3211585927us tsft short preamble fragmented bad-fcs 48.0 Mb/s 2462 MHz -96dBm signal antenna 0 [|802.11]
15:50:43.181477 3212071815us tsft short preamble fragmented bad-fcs 36.0 Mb/s 2462 MHz -96dBm signal antenna 0 Probe Response, PRIVACY[|802.11]
15:50:43.258892 3218101771us tsft short preamble bad-fcs 18.0 Mb/s 2462 MHz -96dBm signal antenna 0 Request-To-Send TA:MACADDRESS (oui Unknown)
15:50:43.268590 3219001339us tsft short preamble fragmented bad-fcs 48.0 Mb/s 2462 MHz -96dBm signal antenna 0 Unhandled Management subtype(7)
15:50:43.292739 3220803003us tsft short preamble bad-fcs 6.0 Mb/s 2462 MHz -96dBm signal antenna 0 unknown 802.11 ctrl frame subtype (2)
15:50:43.411676 3230322507us tsft short preamble fragmented bad-fcs 36.0 Mb/s 2462 MHz -96dBm signal antenna 0 Unhandled Management subtype(7) IV:7d9616 Pad 35 KeyID 3
15:50:43.484738 3236325555us tsft short preamble fragmented bad-fcs 12.0 Mb/s 2462 MHz -96dBm signal antenna 0 Request-To-Send TA:MACADDRESS (oui Unknown)
15:50:43.502844 3237762067us tsft short preamble fragmented bad-fcs 24.0 Mb/s 2462 MHz -96dBm signal antenna 0 Unhandled Management subtype(e) IV:ea49a6 Pad 3 KeyID 1
15:50:43.825597 3263446167us tsft short preamble bad-fcs 24.0 Mb/s 2462 MHz -96dBm signal antenna 0 Acknowledgment RA:MACADDRESS (oui Unknown)
15:50:44.513247 3318452357us tsft short preamble fragmented bad-fcs 48.0 Mb/s 2462 MHz -96dBm signal antenna 0 CF-End RA:MACADDRESS (oui Unknown)
15:50:44.815545 3342642175us tsft short preamble bad-fcs 54.0 Mb/s 2462 MHz -96dBm signal antenna 0 unknown 802.11 frame type (3)

Hello everyone. I've found another one solution to enable monitor mode support on qcacld-3.0, 4.4.78 kernel version. Since no one answered me on the forum: https://forums.kali.org/showthread.php?52775-Kernel-sharing-for-LG-V30-(H930DS), I'll write the solution here. So, the main thing is that monitor mode on LG V30+ already enabled and tcpdump works out of the box. To make airodump works you need to change some ioctls like in commit: SrDayne/lge_msm8998_h930ds@4a08cb5.

здравствуйте я заранее извиняюсь не владею английским языком по этому пишу на русском языке надеюсь на вашу помощь! у меня проблема с kali nethunter я установил на 4 разных телефонов но не получается запустить процесс режима монитор моде может кто-то подскажет как правильно установить nethunter заранее спасибо за помощь!

Hi @kimocoder. Wonderful job on this project!
Ive tested Redmi Note 7 and got monitor mode without problem.
I have another older device like Galaxy Note 3 with custom ROM LineageOS17.1 (SD800/MSM8974) Ive been testing which shares similar wireless chip with Nexus 5 at the time.
Latest nethunter kernel is only for Nougat LOS14.1.

Running the echo 4 for turning on mon mode returns:
bash: /sys/module/wlan/parameters/con_mode: No such file or directory

Also, how do I use the patch file? Is it for kernel options for menuconfig and thus require rebuilding Galaxy Note 3 kernel that supports monitor mode? Or is the patch file for nethunter kernel?

Thank you.