OSX crash on jamming start

[na-ji]

Hello,

When I start de jamming after selecting the client, the app crash my whole OS. Here's the OSX report of the crash. I saw a lot of people had this problem, but no issue were created. So here it is.

panic(cpu 6 caller 0xffffff800846520a): Kernel trap at 0xffffff7f89a2dbb8, type 14=page fault, registers:
CR0: 0x0000000080010033, CR2: 0x0000000000004c2c, CR3: 0x0000000201ad8129, CR4: 0x00000000003626e0
RAX: 0x0000000000004c1c, RBX: 0xffffff803b574000, RCX: 0xffffff7f89a2db9c, RDX: 0x0000000000000000
RSP: 0xffffff9230a8ba80, RBP: 0xffffff9230a8ba90, RSI: 0xffffff81fd281a00, RDI: 0xffffff803a370000
R8:  0x0000000000000000, R9:  0x0000000000000000, R10: 0xffffff8008c105d8, R11: 0xffffff8008a42070
R12: 0xffffff9230a8bb84, R13: 0xffffff803f5dce60, R14: 0xffffff81fd281a00, R15: 0xffffff803f5dce60
RFL: 0x0000000000010246, RIP: 0xffffff7f89a2dbb8, CS:  0x0000000000000008, SS:  0x0000000000000010
Fault CR2: 0x0000000000004c2c, Error code: 0x0000000000000000, Fault CPU: 0x6, PL: 0, VF: 1

Backtrace (CPU 6), Frame : Return Address
0xffffff9230a8b4e0 : 0xffffff800833bb1b 
0xffffff9230a8b530 : 0xffffff80084733e5 
0xffffff9230a8b570 : 0xffffff8008464e5e 
0xffffff9230a8b5c0 : 0xffffff80082e2a40 
0xffffff9230a8b5e0 : 0xffffff800833b207 
0xffffff9230a8b6e0 : 0xffffff800833b5eb 
0xffffff9230a8b730 : 0xffffff8008ad24f9 
0xffffff9230a8b7a0 : 0xffffff800846520a 
0xffffff9230a8b920 : 0xffffff8008464f08 
0xffffff9230a8b970 : 0xffffff80082e2a40 
0xffffff9230a8b990 : 0xffffff7f89a2dbb8 
0xffffff9230a8ba90 : 0xffffff7f890bddc4 
0xffffff9230a8bad0 : 0xffffff8008a423f5 
0xffffff9230a8bb30 : 0xffffff7f890bdea8 
0xffffff9230a8bb50 : 0xffffff7f890bd2a0 
0xffffff9230a8bbb0 : 0xffffff7f890bd4ad 
0xffffff9230a8bbf0 : 0xffffff7f89a2dc98 
0xffffff9230a8bc20 : 0xffffff7f89a2db87 
0xffffff9230a8bc40 : 0xffffff80085e77af 
0xffffff9230a8bcd0 : 0xffffff80085d68e4 
0xffffff9230a8bd50 : 0xffffff80085cace2 
0xffffff9230a8bdc0 : 0xffffff80085bbd49 
0xffffff9230a8be20 : 0xffffff80088b7a00 
0xffffff9230a8bee0 : 0xffffff80088b77c0 
0xffffff9230a8bf40 : 0xffffff800899acba 
0xffffff9230a8bfa0 : 0xffffff80082e3206 
      Kernel Extensions in backtrace:
         com.apple.iokit.IONetworkingFamily(3.4)[03C05ADC-CFE0-3B32-9305-5F17640F7B06]@0xffffff7f890aa000->0xffffff7f890d9fff
         com.apple.iokit.IO80211FamilyV2(1200.12.2b1)[B2B1D9BA-37A9-3F11-99DE-753D425C1C42]@0xffffff7f899a4000->0xffffff7f89b05fff
            dependency: com.apple.driver.corecapture(1.0.4)[5C346ED2-633E-32C2-8BD8-604F7D238B2B]@0xffffff7f8971b000
            dependency: com.apple.driver.AppleMobileFileIntegrity(1.0.5)[2FAEE793-59BC-3ADF-A5E2-3BC8760AFE0B]@0xffffff7f89421000
            dependency: com.apple.kec.corecrypto(1.0)[BDC53810-BC66-3B24-8F2B-EE3F9A7CF761]@0xffffff7f8933c000
            dependency: com.apple.iokit.IOSkywalkFamily(1)[402D50B6-F30F-38C5-A7ED-610AA11F2791]@0xffffff7f89799000
            dependency: com.apple.iokit.IONetworkingFamily(3.4)[03C05ADC-CFE0-3B32-9305-5F17640F7B06]@0xffffff7f890aa000

BSD process name corresponding to current thread: JamWiFi
Boot args: chunklist-security-epoch=0 -chunklist-no-rev2-dev

Mac OS version:
19C57

Kernel version:
Darwin Kernel Version 19.2.0: Sat Nov  9 03:47:04 PST 2019; root:xnu-6153.61.1~20/RELEASE_X86_64
Kernel UUID: C3E7E405-C692-356B-88D3-C30041FD1E72
Kernel slide:     0x0000000008000000
Kernel text base: 0xffffff8008200000
__HIB  text base: 0xffffff8008100000
System model name: MacBookPro16,1 (Mac-E1008331FDC96864)
System shutdown begun: NO

System uptime in nanoseconds: 461250761364
last loaded kext at 357313547200: @filesystems.smbfs    3.4 (addr 0xffffff7f8f658000, size 446464)
loaded kexts:
@filesystems.smbfs  3.4
>AudioAUUC  1.70
@kext.AMDRadeonX6000    3.0.4
@kext.AMDRadeonServiceManager   3.0.4
>!AGraphicsDevicePolicy 4.5.21
@fileutil   20.036.15
@AGDCPluginDisplayMetrics   4.5.21
>!AHV   1
|IOUserEthernet 1.0.1
|IO!BSerialManager  7.0.2f4
>!AUpstreamUserClient   3.6.8
>pmtelemetry    1
>AGPM   111.4.1
>!APlatformEnabler  2.7.0d0
>X86PlatformShim    1.0.0
>AGDCBacklightControl   4.5.21
>!A!IKBLGraphics    14.0.3
@Dont_Steal_Mac_OS_X    7.0.0
>!ABacklight    180.1
>BridgeAudioCommunication   6.60
>!AThunderboltIP    3.1.3
>ACPI_SMC_PlatformPlugin    1.0.0
>!AMCCSControl  1.13
>!AFIVRDriver   4.1.0
>!AAVEBridge    6.1
>!AMuxControl2  4.5.21
>!ABridgeAudio!C    6.60
>!AHIDALSService    1
>!AGFXHDA   100.1.422
>!ATopCaseHIDEventDriver    3420.1
>!A!IPCHPMC 2.0.1
>!A!ICFLGraphicsFramebuffer 14.0.3
>!A!ISlowAdaptiveClocking   4.0.0
@filesystems.autofs 3.0
>usb.!UHostBillboardDevice  1.0
>BCMWLANFirmware4355.Hashstore  1
>BCMWLANFirmware4364.Hashstore  1
>BCMWLANFirmware4377.Hashstore  1
>!ABCMWLANBusInterfacePCIe  1
>!AFileSystemDriver 3.0.1
@filesystems.hfs.kext   522.0.9
@BootCache  40
@!AFSCompression.!AFSCompressionTypeDataless    1.0.0d1
@!AFSCompression.!AFSCompressionTypeZlib    1.0.0
>!AVirtIO   1.0
@filesystems.apfs   1412.61.1
@private.KextAudit  1.0
>!ASmartBatteryManager  161.0.0
>!AACPIButtons  6.1
>!ASMBIOS   2.1
>!AACPIEC   6.1
>!AAPIC 1.7
$!AImage4   1
@nke.applicationfirewall    303
$TMSafetyNet    8
@!ASystemPolicy 2.0.0
|EndpointSecurity   1
@kext.AMDRadeonX6100HWLibs  1.0
@kext.AMDRadeonX6000HWServices  3.0.4
|IOAVB!F    800.17
>!ASSE  1.0
>!ABacklightExpert  1.1.0
>!AHDA!C    283.15
|IOHDA!F    283.15
@kext.AMDRadeonX6000Framebuffer 3.0.4
@!AGPUWrangler  4.5.21
>IOPlatformPluginLegacy 1.0.0
>!ASMBus!C  1.0.18d1
>!ASMBusPCI 1.0.14d1
>!AThunderboltEDMSink   4.2.2
>!AThunderboltDPOutAdapter  6.2.4
>!AGraphicsControl  4.5.21
>!AActuatorDriver   3420.2
>!AHIDKeyboard  209
|IONDRVSupport  569.3
>!AHS!BDriver   3420.1
>IO!BHIDDriver  7.0.2f4
>!AMultitouchDriver 3420.2
>!AInputDeviceSupport   3420.4
|IO!BHost!CUARTTransport    7.0.2f4
|IO!BHost!CTransport    7.0.2f4
>!A!ILpssUARTv1 3.0.60
>!A!ILpssUARTCommon 3.0.60
>!AOnboardSerial    1.0
@kext.AMDSupport    3.0.4
@!AGraphicsDeviceControl    4.5.21
|IOAccelerator!F2   438.2.8
|IOGraphics!F   569.3
|IOSlowAdaptiveClocking!F   1.0.0
>X86PlatformPlugin  1.0.0
>IOPlatformPlugin!F 6.0.0d8
@plugin.IOgPTPPlugin    800.14
|IOEthernetAVB!C    1.1.0
@kext.triggers  1.0
>usb.IOUSBHostHIDDevice 1.2
>usb.cdc.ecm    5.0.0
>usb.cdc.ncm    5.0.0
>usb.cdc    5.0.0
>usb.networking 5.0.0
>usb.!UHostCompositeDevice  1.2
>!ABCMWLANCore  1.0.0
>mDNSOffloadUserClient  1.0.1b8
>IOImageLoader  1.0.0
|IO80211!FV2    1200.12.2b1
>corecapture    1.0.4
|IOSkywalk!F    1
|IOSurface  269.6
@filesystems.hfs.encodings.kext 1
|IOAudio!F  300.2
@vecLib.kext    1.2.0
|IOSerial!F 11
>!AXsanScheme   3
>usb.!UVHCIBCE  1.2
>usb.!UVHCI 1.2
>usb.!UVHCICommonBCE    1.0
>usb.!UVHCICommon   1.0
>!AEffaceableNOR    1.0
|IOBufferCopy!C 1.1.0
|IOBufferCopyEngine!F   1
|IONVMe!F   2.1.0
>!AThunderboltPCIDownAdapter    2.5.2
>!AThunderboltDPInAdapter   6.2.4
>!AThunderboltDPAdapter!F   6.2.4
>!AHPM  3.4.4
>!A!ILpssI2C!C  3.0.60
>!A!ILpssDmac   3.0.60
>!A!ILpssI2C    3.0.60
>!AThunderboltNHI   5.8.1
|IOThunderbolt!F    7.4.7
>usb.!UHostPacketFilter 1.0
|IOUSB!F    900.4.2
>usb.!UXHCIPCI  1.2
>usb.!UXHCI 1.2
>!AEFINVRAM 2.1
>!AEFIRuntime   2.1
>!ASMCRTC   1.0
|IOSMBus!F  1.1
|IOHID!F    2.0.0
$quarantine 4
$sandbox    300.0
@kext.!AMatch   1.0.0d1
>!AKeyStore 2
>!UTDM  489.60.3
|IOSCSIBlockCommandsDevice  422.0.2
>!ACredentialManager    1.0
>KernelRelayHost    1
>!ASEPManager   1.0.1
>IOSlaveProcessor   1
>!AFDEKeyStore  28.30
>!AEffaceable!S 1.0
>!AMobileFileIntegrity  1.0.5
@kext.CoreTrust 1
|CoreAnalytics!F    1
|IOTimeSync!F   800.14
|IONetworking!F 3.4
>DiskImages 493.0.0
|IO!B!F 7.0.2f4
|IO!BPacketLogger   7.0.2f4
|IOUSBMass!SDriver  157.40.7
|IOSCSIArchitectureModel!F  422.0.2
|IO!S!F 2.1
|IOUSBHost!F    1.2
>usb.!UCommon   1.0
>!UHostMergeProperties  1.2
>!ABusPower!C   1.0
|IOReport!F 47
>!AACPIPlatform 6.1
>!ASMC  3.1.9
>watchdog   1
|IOPCI!F    2.9
|IOACPI!F   1.4
@kec.pthread    1
@kec.corecrypto 1.0
@kec.Libm   1

I have a MacBook Pro (16-inch, 2019).

Thanks!

[anonymouz4]

From the crashlog, it‘s not really possible to see where the error occurrs exactly and I never encountered this issue on the mac‘s I tested it on, so I can‘t do much about it.

So only thing you could do is launch it via xcode (as root!) and set many many breakpoints to identify at which line exactly the problem is.

[sasquelch]

Also getting the same crash... Will see if I can find anything useful.

[thermogl]

Issue seems to be with pcap_inject call in ANInterface. Debugging is hard because it detaches after the authentication prompt succeeds.

[anonymouz4]

@thermogl That why I said "as root!". Since when you launch it via xcode as root, it won't show the elevation prompt as its already root

[thermogl]

Even just trying to step into pcap_inject results in the crash. Problem with the library perhaps.

[thermogl]

pcap_sendpacket has similar issue. Difference is indefinite hang instead of crash.

[Apprisco]

Let me put my 2 cent on this issue, the issue only happens with all mac models from 2018 and on. All 2017 and prior models work, so it seems to be a card issue.

[anonymouz4]

@MayhemGang Probably, bc all my testing Devices are pre 2018. But even the newer one's should technically support monitor mode, so injecting own packages should be possible, generally speaking.

[sanomike]

@anonymouz4 how can I jam a network and stay connected to the internet. It was possible in the previous version. Is it not on this version?

[DeadlySoft]

I have this issue on my air 2019. xcode start as root but have a crash osX and restart pc

[BernardoCama]

Same problem with my macbook pro 2018

[eararipe]

Having the same issue with T2 MacBook Pro 2018. Click, wait 2 seconds, kernel panic.

[marquarth]

Let me put my 2 cent on this issue, the issue only happens with all mac models from 2018 and on. All 2017 and prior models work, so it seems to be a card issue.

@MayhemGang this makes sense.. but if this is a hardware problem then we are doomed.

so i did a little research, for the 2019 MBP entry model, the wifi+bt module according to the iFixit teardown is Murata 1SA 339S00616 SS9521026 this is as far as I found... I can't pull out the datasheet of this chipset, perhaps this is Apple exclusive and the datasheet is not for public use.

[Oppen]

It could be a firmware or driver issue, too. In that case, there's hope that Apple pushes a fix eventually.

[marquarth]

@thermogl which mac yr and model are you running this on?

Even just trying to step into pcap_inject results in the crash. Problem with the library perhaps.

pcap_sendpacket has similar issue. Difference is indefinite hang instead of crash.

I unfortunately could not boot my older mac to try this on... I'm stuck with the 2019 MBP.

[Oppen]

I was able to inject with a dumb demo program (read a packet and inject it back), but it wasn't in monitor mode. With JamWiFi I get the crash. I'm not sure the model (I'm quite noob with Mac), but at least I know it's Mojave.

[marquarth]

I was able to inject with a dumb demo program (read a packet and inject it back), but it wasn't in monitor mode. With JamWiFi I get the crash. I'm not sure the model (I'm quite noob with Mac), but at least I know it's Mojave.

hi @Oppen can you share this demo program with me? thanks!

[acheong08]

I have the same problem on my MacBook Pro (13-inch, 2019, Four Thunderbolt 3 port) but I will test this on my 2016 MacBook Air soon once this pandemic is over.

[madeyexz]

@acheong08 It crashed on my MacBook Pro (13-inch, 2019, Four TB3) but it worked on my friend's MacBook Pro (13-inch, 2017, Four TB3) tested today

ohh by the way, is the older version(JamWiFi without maintence) not functioning on newer MBP? I tried but the "Do it!" function never worked.

[anonymouz4]

Guys, If you take a look at the README, it clearly says that devices build 2018 and later seem to crash, so there's no need for everyone to state that individually. And if you post Kernel Panic Reports, please set your boot-args to keepsyms=1, bc I'm not gonna resolve every symbol manually.

[Oppen]

I think it is useful, actually. The developer stated a lack of hardware for testing, so knowing who else may help on testing is definitely useful.

[vrxj81]

@anonymouz4 let me know if I can help in anyway I have an MBP 15,1

[acheong08]

I have tested other deauth tools on my MacBook Pro 2018/2019 and all of them crash my computer. Other tools such as Reaver and Pixie Dust which requires packet injection also crashes the computer. It seems like packet injection and deauth won't be working anytime soon for us.

[acheong08]

This isn't a software issue

[acheong08]

It's a hardware issue

[hoangnam2261]

From the crashlog, it‘s not really possible to see where the error occurrs exactly and I never encountered this issue on the mac‘s I tested it on, so I can‘t do much about it.

So only thing you could do is launch it via xcode (as root!) and set many many breakpoints to identify at which line exactly the problem is.

I debugged and it crashed by this block

@synchronized (writeBuffer) { [writeBuffer addObject:packet]; }

in file ANWiFiSniffer.m