Results 1 to 12 of 12

Thread: Issues getting RPi3 B+ to work properly in monitor mode Re4son Kernel & stock kali kernel

  1. #1
    Join Date
    2016-Apr
    Posts
    15

    Question Issues getting RPi3 B+ to work properly in monitor mode Re4son Kernel & stock kali kernel

    So I have been trying to get my Raspberry Pi 3 B+ to work for a couple days now. Here are the issues I am encountering:

    On stock Kali image, airmon says it's missing nexutil. I noticed in the arm images, there is RPi2/3 and then RPi2/3 without nexmon but I am using the one that doesn't say without nexmon.....
    On Re4son's kernel, after a while of scanning (like 4-5 min) airodump says that it's on fixed channel: -1 and it is no longer capturing packets...

    Why do you need to do mon0up/down now? Why does Airmon-ng not put the adapter into the proper mode?

    Side note: How hard is it to toggle the GPIO in kali?

  2. #2
    Join Date
    2014-Feb
    Posts
    309
    you do monstart/monstop now; this is fixed in aircrack-ng 1.4 but we don't have that version in Kali yet.

    We already use re4son's kernel, so... not sure what you're asking/meaning there.

    The main reason for why you need to do that, is that nexmon changed the way monitor mode was entered - previously it required using their nexutil utility, and thanks to the work of mame82, this is no longer required and works in a similar way to every other wireless driver.

    Not sure what your side note means. Because raspbian uses armhf as the architecture, most of their packages *should* work on kali with a raspberrypi3 , but they will *not* work with an rpi0/rpi0w/rpi1

  3. #3
    Join Date
    2016-Apr
    Posts
    15
    Quote Originally Posted by steev View Post
    you do monstart/monstop now; this is fixed in aircrack-ng 1.4 but we don't have that version in Kali yet.

    We already use re4son's kernel, so... not sure what you're asking/meaning there.

    The main reason for why you need to do that, is that nexmon changed the way monitor mode was entered - previously it required using their nexutil utility, and thanks to the work of mame82, this is no longer required and works in a similar way to every other wireless driver.

    Not sure what your side note means. Because raspbian uses armhf as the architecture, most of their packages *should* work on kali with a raspberrypi3 , but they will *not* work with an rpi0/rpi0w/rpi1
    I am saying that I have tried the re4son unofficial image and the official kali image, both have issues.

    So mon0 up should be used on the official kali image and the "missing nexutil" doesn't matter as airmon isn't used? (haven't tried that)

    I would like to continue using re4son's unofficial image, but after a little while scanning (after using check kill) it stops scanning and says fixed channel: -1 and I will not be able to restart scanning until I reboot the RPi.

    As for the side note, you answered the question.

    Screen Shot 2018-10-09 at 3.35.36 PM.jpg
    Last edited by laser411; 2018-10-09 at 19:37. Reason: attaching screenshot

  4. #4
    Join Date
    2014-Feb
    Posts
    309
    Quote Originally Posted by laser411 View Post
    I am saying that I have tried the re4son unofficial image and the official kali image, both have issues.

    So mon0 up should be used on the official kali image and the "missing nexutil" doesn't matter as airmon isn't used? (haven't tried that)

    I would like to continue using re4son's unofficial image, but after a little while scanning (after using check kill) it stops scanning and says fixed channel: -1 and I will not be able to restart scanning until I reboot the RPi.

    As for the side note, you answered the question.

    Screen Shot 2018-10-09 at 3.35.36 PM.jpg
    Not mon0 up, you should use monstart - alternatively, after a dist-upgrade (and assuming you've followed the steps for the boot firmware issue (https://forums.kali.org/showthread.p...2090#post82090) and the wifi firmware issue (apt purge firmware-brcm80211; cp /lib/firmware/brcm/brcmfmac43430-sdio.nexmon.bin /lib/firmware/brcm/brcmfmac43430-sdio.bin && cp /lib/firmware/brcm/brcmfmac43455-sdio.nexmon.bin /lib/firmware/brcm/brcmfmac43455-sdio.bin ) you should be able to use airmon-ng again as 1.4 is now in the repos.

    You can also just do the steps manually, if you look, /usr/bin/monstart is just a tiny bash script that does "iw phy phy0 interface add wlan0mon type monitor; ifconfig wlan0mon up" which, is also what airmon-ng start wlan0mon does.

    As to why the fixed channel -1; I'm not sure, that shouldn't be occuring, as it's an older bug with older kernels. Perhaps re4son knows the... reason.

  5. #5
    Join Date
    2015-Nov
    Location
    Australia
    Posts
    445
    Quote Originally Posted by steev View Post
    As to why the fixed channel -1; I'm not sure, that shouldn't be occurring, as it's an older bug with older kernels. Perhaps re4son knows the... reason.
    LOL.
    That shouldn't happen. I've been testing it over the last few hours with different images and different kernels on a B+ without getting those errors.

    @laser411: You can try the latest "Next" series kernel. That's the one I'm testing right now without any issues.


    @Steev: The mon0up/mon0down scripts are a carry over from a time before Marcus' changes to Nexmon became mainstream. They are obsolete now and I'll retire them from my images and kernel packages in favour of your monstart/monstop scripts. That should reduce the level of confusion.

  6. #6
    Join Date
    2016-Apr
    Posts
    15
    Can I swap to that kernel, without issues, directly over your unofficial kali image's kernel?

  7. #7
    Join Date
    2016-Apr
    Posts
    15
    Here are some entries coming into the system log that may shed some insight

    Code:
    [ 1433.688895] brcmfmac: brcmf_vif_add_validate: Attempt to add a MONITOR interface...
    [ 1433.689095] brcmfmac: brcmf_mon_add_vif: brcmf_mon_add_vif called
    [ 1433.689227] brcmfmac: brcmf_mon_add_vif: Adding vif "mon0"
    [ 1445.778073] device mon0 entered promiscuous mode
    [ 1481.492958] brcmfmac: brcmf_sdio_hostmail: Unknown mailbox data content: 0x40012
    [ 1485.195964] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1485.196593] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1485.196746] brcmfmac: _brcmf_set_multicast_list: Setting mcast_list failed, -110
    [ 1487.755975] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1487.756597] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1487.756751] brcmfmac: _brcmf_set_multicast_list: Setting allmulti failed, -110
    [ 1490.315984] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1490.316638] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1490.320161] brcmfmac: brcmf_cfg80211_nexmon_set_channel: Set Channel failed: chspec=4107, -110
    [ 1492.875983] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1492.880186] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1492.883874] brcmfmac: _brcmf_set_multicast_list: Setting BRCMF_C_SET_PROMISC failed, -110
    [ 1495.436009] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1495.440138] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1495.443701] brcmfmac: brcmf_cfg80211_get_channel: chanspec failed (-110)
    [ 1497.995995] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1497.999966] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1500.556001] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1500.559974] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1503.116011] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1503.119895] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1503.123260] brcmfmac: brcmf_do_escan: error (-110)
    [ 1503.126639] brcmfmac: brcmf_cfg80211_scan: scan error (-110)
    [ 1505.676028] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1505.679860] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1505.683100] brcmfmac: brcmf_cfg80211_nexmon_set_channel: Set Channel failed: chspec=4107, -110
    [ 1508.316037] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1508.319851] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1508.323109] brcmfmac: brcmf_cfg80211_get_channel: chanspec failed (-110)
    [ 1510.876027] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1510.880040] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1510.883360] brcmfmac: brcmf_cfg80211_nexmon_set_channel: Set Channel failed: chspec=4107, -110
    [ 1511.067638] brcmfmac: brcmf_cfg80211_get_channel: chanspec failed (-512)
    [ 1512.071072] brcmfmac: brcmf_cfg80211_get_channel: chanspec failed (-512)
    [ 1518.796046] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1518.799752] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1518.802958] brcmfmac: _brcmf_set_multicast_list: Setting mcast_list failed, -110
    [ 1521.356068] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1521.359808] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1521.363030] brcmfmac: brcmf_cfg80211_nexmon_set_channel: Set Channel failed: chspec=4097, -110
    [ 1523.916060] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1523.919811] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1523.923070] brcmfmac: _brcmf_set_multicast_list: Setting allmulti failed, -110
    [ 1526.476086] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1526.479813] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1526.483014] brcmfmac: brcmf_cfg80211_nexmon_set_channel: Set Channel failed: chspec=4103, -110
    [ 1529.036069] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1529.036639] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1529.036654] brcmfmac: _brcmf_set_multicast_list: Setting BRCMF_C_SET_PROMISC failed, -110
    [ 1531.596080] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1531.599890] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1534.156088] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1534.159906] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1534.163140] brcmfmac: brcmf_cfg80211_nexmon_set_channel: Set Channel failed: chspec=4098, -110
    [ 1536.716093] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1536.719996] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1539.276088] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1539.280379] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1539.283777] brcmfmac: _brcmf_set_multicast_list: Setting mcast_list failed, -110
    [ 1541.836102] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1541.839943] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1541.843340] brcmfmac: brcmf_cfg80211_nexmon_set_channel: Set Channel failed: chspec=4104, -110
    [ 1544.396113] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1544.400128] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1544.403629] brcmfmac: _brcmf_set_multicast_list: Setting allmulti failed, -110
    [ 1546.956131] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1546.960091] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1546.963634] brcmfmac: brcmf_cfg80211_nexmon_set_channel: Set Channel failed: chspec=4099, -110
    [ 1549.516117] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 1549.520274] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 1549.523876] brcmfmac: _brcmf_set_multicast_list: Setting BRCMF_C_SET_PROMISC failed, -110
    root@Rpi:~#
    If it will help your testing, I will send you an image of my SD card.

  8. #8
    Join Date
    2015-Nov
    Location
    Australia
    Posts
    445
    Quote Originally Posted by laser411 View Post
    Can I swap to that kernel, without issues, directly over your unofficial kali image's kernel?
    Yep, the following will do the trick:

    Code:
    sudo -Es
    cd /usr/local/src
    wget -O re4son-kernel_next.tar.xz https://re4son-kernel.com/download/re4son-kernel-next/
    tar -xJf re4son-kernel_next.tar.xz
    cd re4son-kernel_4.14*
    ./install.sh
    Should work with any Kali, Sticky-Fingers or Raspbian image.

  9. #9
    Join Date
    2015-Nov
    Location
    Australia
    Posts
    445
    Quote Originally Posted by laser411 View Post
    Here are some entries coming into the system log that may shed some insight
    If it will help your testing, I will send you an image of my SD card.
    Thanks. Not sure if I need it but I'll let you know if I do.
    I'm currently running some long term tests with various kernels and different settings. We are 1 1/2 hours into it and all of them are still happily doing their thing.
    I'll leave them running over night and post the results in the morning.

  10. #10
    Join Date
    2015-Nov
    Location
    Australia
    Posts
    445
    Quote Originally Posted by re4son View Post
    I'll leave them running over night and post the results in the morning.
    First results are in:

    I was able to reproduce it with three different kernels and different settings, e.g. power_save on/off, etc.
    It took over 3 1/2 hours before anything happened but they all eventually bombed out.

    I am currently running an experimental 4.14.71 kernel and that's happily been doing its thing without problems for 6 hours now.

    More to come

  11. #11
    Join Date
    2016-Apr
    Posts
    15
    That is potentially unrelated as mine seemingly dies within 10 minutes every time with some being nearly instant.

    Side note: I am not very advanced in linux so I have made little to no changes in the image supplied on your site. The only changes I have probably made were: apt upgrade, sshd config, and using airmon check kill. Other than that, I am using the image basically "as is" on my RPi3 B+

  12. #12
    Join Date
    2019-Jan
    Location
    Liverpool
    Posts
    3
    Hi re4son,

    Wondering if you can advise?

    I'm having similar problems to the above with a Raspberry Pi 3B+ and the Nexmon firmware.

    I started off compiling nexmon myself to sit on top of an embedded docker framework called Balena (for details: https://github.com/dynamicdevices/nexmon-binaries)

    I got these built up OK and running to the extent I can run the Wifi chip in monitor mode and sniff packets.

    However when I run mdk3 the firmware falls over.

    I was googling and found that Kali now runs on ARM (awesome! I think this might be my future RPi distro of choice - will try to get some Docker images to run with Balena.io).

    I then found the thread here and have worked through your advice above but see the same problem.

    Details:

    - Downloaded "StickyFingers-Kali-Pi-armhf-180923.img" and installed onto RPi 3B+

    ```
    root@kali-pi:~# uname -a
    Linux kali-pi 4.14.62-Re4son-v7+ #2 SMP Sat Sep 22 22:53:40 AEST 2018 armv7l GNU/Linux

    root@kali-pi:~# cat /etc/issue
    Kali GNU/Linux Rolling \n \l
    ```


    - ran `mon0up` and then `mdk3 mon0 d -c 6`

    This gives one packet sent and stops sending


    ```
    root@kali-pi:~# mdk3 mon0 d -c 6

    Disconnecting between: B0:CA:68:9D:CE:19 and: 00:15:6D:7E:C1:C9 on channel: 6
    Packets sent: 1 - Speed: 1 packets/sec

    ```

    When I look at the log with `dmesg` I see similar failures to what I used to see with older nexmon firmware/drivers

    ```
    [ 343.796381] brcmfmac: brcmf_sdio_hostmail: Unknown mailbox data content: 0x40012
    [ 349.191791] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 349.192130] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 349.192141] brcmfmac: brcmf_cfg80211_nexmon_set_channel: Set Channel failed: chspec=4102, -110
    [ 354.551778] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 354.552166] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 354.552207] brcmfmac: _brcmf_set_multicast_list: Setting mcast_list failed, -110
    [ 357.111758] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 357.112230] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    [ 357.112249] brcmfmac: _brcmf_set_multicast_list: Setting allmulti failed, -110
    [ 359.671807] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
    [ 359.672168] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle
    ```

    Then restarted, installed re4son-kernel_next.tar.xz as you advise in #8

    Ran the monstart script you give above and I get the same behaviour with mdk3 (maybe it gets a little further with sending 4/5 packets but it's the same failure mode in the logs.

    I'm wondering if this is an issue I should raise with the nexmon guys relating to packet injection testing or if there's something else you can advise I try?

    Also would really love to know if you can replicate this failure mode to know it's not just finger trouble on my part!

    Thanks,

    Alex Lennon

Similar Threads

  1. Realtek RTL8811AU Monitor mode issues on Kernel 5.4
    By ovikintobor in forum TroubleShooting Archive
    Replies: 3
    Last Post: 2021-01-02, 17:51
  2. Replies: 1
    Last Post: 2020-09-11, 14:25
  3. Kernel 5.4 wireless monitor mode patches
    By joker5bb in forum General Archive
    Replies: 0
    Last Post: 2020-04-04, 00:39
  4. I made Kernel for Monitor Mode
    By darobbe in forum NetHunter General Questions
    Replies: 2
    Last Post: 2018-10-01, 17:16

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •