Broadcom Limited BCM4350 802.11ac Wireless Network Adapter (rev 08)

martinllanos · September 12, 2017, 12:31am

Resulta que tengo una ultrabook que trae el chipset de BROADCOM BMC4350, esta incluido dentro del driver “brcmfmac” de Kali Linux 2017.1
Este driver no soporta “monitoring” e “injection”.
Alguien sabe si ya existe un driver que si permita realizar monitoring/injection, este chipset soporta el protocolo 802.11ac y estaria muy bueno poder utilizar las herramientas de aircrack-ng sin tener que pinchar con una placa USB externa.
Dentro de 2 dias me llega mi primera placa ALFA, pero me seria de gran utilidad contar con un adaptador wlan adicional.

Saludos.

kcdtv · September 12, 2017, 9:12am

En Linux Wireless dicen que tiene soporte modo monitor: Broadcom brcmsmac(PCIe) and brcmfmac(SDIO/USB) drivers

[quote]softmac driver specifics

Integrated with mac80211
Using BCMA bus driver
Uses minstrel_ht rate algorithm
HW based encryption not enabled yet
**monitor mode**

[/quote]
No hablan específicamente de inyección de paquetes,
¿Qué te devuelven (sudo) airmon-ng y (sudo) iw list?

martinllanos · September 18, 2017, 3:55pm

Este es el resultado de los comandos;

[code]root@blender:/# airmon-ng start wlan0

PHY Interface Driver Chipset

phy1 wlan0 brcmfmac Broadcom Limited BCM4350 802.11ac Wireless Network Adapter (rev 08)

ERROR adding monitor mode interface: command failed: Operation not supported (-95)
[/code]

root@blender:/usr/src# iwlist Usage: iwlist [interface] scanning [essid NNN] [last] [interface] frequency [interface] channel [interface] bitrate [interface] rate [interface] encryption [interface] keys [interface] power [interface] txpower [interface] retry [interface] ap [interface] accesspoints [interface] peers [interface] event [interface] auth [interface] wpakeys [interface] genie [interface] modulation

root@blender:/usr/src# lspci -Dn 0000:01:00.0 0280: 14e4:43a3 Network controller: Broadcom Limited BCM4350 802.11ac Wireless Network Adapter (rev 08)

kcdtv · September 18, 2017, 6:05pm

No te he pedido iwlist
Pero

iw list

**iw **es un comando iwlist es otro
En este caso necesitamos que uses iw con su opción list:

iw list

martinllanos · September 18, 2017, 6:54pm

Como sera de grande la biblioteca de comandos de linux si te equivocas lo mismo te regresa un resultado

blender@blender:~$ sudo iw list Wiphy phy1 max # scan SSIDs: 10 max scan IEs length: 2048 bytes max # sched scan SSIDs: 16 max # match sets: 16 max # scan plans: 1 max scan plan interval: 508 max scan plan iterations: 0 Retry short limit: 7 Retry long limit: 4 Coverage class: 0 (up to 0m) Device supports roaming. Supported Ciphers: * WEP40 (00-0f-ac:1) * WEP104 (00-0f-ac:5) * TKIP (00-0f-ac:2) * CCMP-128 (00-0f-ac:4) * CMAC (00-0f-ac:6) Available Antennas: TX 0 RX 0 Supported interface modes: * IBSS * managed * AP * P2P-client * P2P-GO * P2P-device Band 1: Capabilities: 0x1022 HT20/HT40 Static SM Power Save RX HT20 SGI No RX STBC Max AMSDU length: 3839 bytes DSSS/CCK HT40 Maximum RX AMPDU length 65535 bytes (exponent: 0x003) Minimum RX AMPDU time spacing: 16 usec (0x07) HT TX/RX MCS rate indexes supported: 0-15 Bitrates (non-HT): * 1.0 Mbps * 2.0 Mbps (short preamble supported) * 5.5 Mbps (short preamble supported) * 11.0 Mbps (short preamble supported) * 6.0 Mbps * 9.0 Mbps * 12.0 Mbps * 18.0 Mbps * 24.0 Mbps * 36.0 Mbps * 48.0 Mbps * 54.0 Mbps Frequencies: * 2412 MHz [1] (20.0 dBm) * 2417 MHz [2] (20.0 dBm) * 2422 MHz [3] (20.0 dBm) * 2427 MHz [4] (20.0 dBm) * 2432 MHz [5] (20.0 dBm) * 2437 MHz [6] (20.0 dBm) * 2442 MHz [7] (20.0 dBm) * 2447 MHz [8] (20.0 dBm) * 2452 MHz [9] (20.0 dBm) * 2457 MHz [10] (20.0 dBm) * 2462 MHz [11] (20.0 dBm) * 2467 MHz [12] (20.0 dBm) * 2472 MHz [13] (20.0 dBm) * 2484 MHz [14] (disabled) Band 2: Capabilities: 0x1062 HT20/HT40 Static SM Power Save RX HT20 SGI RX HT40 SGI No RX STBC Max AMSDU length: 3839 bytes DSSS/CCK HT40 Maximum RX AMPDU length 65535 bytes (exponent: 0x003) Minimum RX AMPDU time spacing: 16 usec (0x07) HT TX/RX MCS rate indexes supported: 0-15 VHT Capabilities (0x0c015820): Max MPDU length: 3895 Supported Channel Width: neither 160 nor 80+80 short GI (80 MHz) SU Beamformer SU Beamformee VHT RX MCS set: 1 streams: MCS 0-9 2 streams: MCS 0-9 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported VHT RX highest supported: 0 Mbps VHT TX MCS set: 1 streams: MCS 0-9 2 streams: MCS 0-9 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported VHT TX highest supported: 0 Mbps Bitrates (non-HT): * 6.0 Mbps * 9.0 Mbps * 12.0 Mbps * 18.0 Mbps * 24.0 Mbps * 36.0 Mbps * 48.0 Mbps * 54.0 Mbps Frequencies: * 5170 MHz [34] (disabled) * 5180 MHz [36] (17.0 dBm) * 5190 MHz [38] (17.0 dBm) * 5200 MHz [40] (17.0 dBm) * 5210 MHz [42] (17.0 dBm) * 5220 MHz [44] (17.0 dBm) * 5230 MHz [46] (17.0 dBm) * 5240 MHz [48] (17.0 dBm) * 5260 MHz [52] (20.0 dBm) (radar detection) * 5280 MHz [56] (20.0 dBm) (radar detection) * 5300 MHz [60] (20.0 dBm) (radar detection) * 5320 MHz [64] (20.0 dBm) (radar detection) * 5500 MHz [100] (20.0 dBm) (radar detection) * 5520 MHz [104] (20.0 dBm) (radar detection) * 5540 MHz [108] (20.0 dBm) (radar detection) * 5560 MHz [112] (20.0 dBm) (radar detection) * 5580 MHz [116] (20.0 dBm) (radar detection) * 5600 MHz [120] (20.0 dBm) (radar detection) * 5620 MHz [124] (20.0 dBm) (radar detection) * 5640 MHz [128] (20.0 dBm) (radar detection) * 5660 MHz [132] (20.0 dBm) (radar detection) * 5680 MHz [136] (20.0 dBm) (radar detection) * 5700 MHz [140] (20.0 dBm) (radar detection) * 5720 MHz [144] (20.0 dBm) (radar detection) * 5745 MHz [149] (20.0 dBm) * 5765 MHz [153] (20.0 dBm) * 5785 MHz [157] (20.0 dBm) * 5805 MHz [161] (20.0 dBm) * 5825 MHz [165] (20.0 dBm) Supported commands: * new_interface * set_interface * new_key * start_ap * join_ibss * set_pmksa * del_pmksa * flush_pmksa * remain_on_channel * frame * set_wiphy_netns * set_channel * start_sched_scan * start_p2p_device * connect * disconnect * crit_protocol_start * crit_protocol_stop * Unknown command (122) Supported TX frame types: * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 Supported RX frame types: * managed: 0x40 0xd0 * P2P-client: 0x40 0xd0 * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0 * P2P-device: 0x40 0xd0 WoWLAN support: * wake up on disconnect * wake up on magic packet * wake up on pattern match, up to 8 patterns of 1-128 bytes, maximum packet offset 1500 bytes software interface modes (can always be added): valid interface combinations: * #{ managed } <= 1, #{ P2P-device } <= 1, #{ P2P-client, P2P-GO } <= 1, total <= 3, #channels <= 1 * #{ managed } <= 1, #{ AP } <= 1, #{ P2P-client } <= 1, #{ P2P-device } <= 1, total <= 4, #channels <= 1 Device supports scan flush.

kcdtv · September 18, 2017, 7:21pm

Con estos drivers no hay modo monitor ni con iwconfig

Supported interface modes: * IBSS * managed * AP * P2P-client * P2P-GO * P2P-device