PinePhone Pro - wifi monitor mode

[blackndoor]

Hello, thank you for the new release including the PinePhone Pro. I tried it hopping the monitor mode may works but no luck. Do you think that would be possible ? May be by using Nexmon patches ?

[Shubhamvis98]

Hello, thank you for the new release including the PinePhone Pro. I tried it hopping the monitor mode may works but no luck. Do you think that would be possible ? May be by using Nexmon patches ?

Hi @blackndoor, I haven't tried it because I don't have a pro. As far as I know, I also haven't seen mon mode in pro yet. But sure if someone will work and make it work, we'll add it in official and git releases as well.

[blackndoor]

I tried to applied the patch from https://aur.archlinux.org/cgit/aur.git/tree/add-nexmon.patch?h=linux-aarch64-raspberrypi-4.14. The compilation works fine (after some other patches), so I replaced the brcmfmac.ko.xz with the new compiled one.

The monitor mode can now be set:

 $ sudo ip link set wlan0 down
 $ sudo iw wlan0 set monitor control
 $ sudo ip link set wlan0 up

The monitor mode seems activated (iw dev shows monitor) but:

# airodump-ng wlan0
CH 13 ][ Elapsed: 6 s ][ 2023-02-03 

BSSID              PWR  Beacons    #

BSSID              STATION          

Quitting...

airodump-ng shows no network. Same with wifite:

# wifite --kill
  .               .    
.´  ·  .     .  ·  `.  wifite2 2.6.6
:  :  :  (¯)  :  :  :  a wireless auditor by derv82
`.  ·  ` /¯\ ´  ·  .´  maintained by kimocoder
  `     /¯¯¯\     ´    https://github.com/kimocoder/wifite2

[+] option: kill conflicting processes enabled
[!] Killing 2 conflicting processes
[!] stopping NetworkManager (systemctl stop NetworkManager)
[!] Terminating conflicting process wpa_supplicant (PID 629)

    Interface   PHY   Driver              Chipset                       
-----------------------------------------------------------------------
1. wlan0       phy2  brcmfmac            unable to detect for sdio 0x02d0:0xa9bf

[+] Enabling monitor mode on wlan0... enabled!

[+] Scanning. Found 0 target(s), 0 client(s). Ctrl+C when ready 
[!] Error: No targets found. You may need to wait longer, or you may have issues with your wifi card

[!] Exiting

[!] Note: Leaving interface in Monitor Mode!
[!] To disable Monitor Mode when finished: 
[+]   ip link set wlan0 down
[+]   iw wlan0 set type managed
[+]   ip link set wlan0 up

[!] You can restart NetworkManager when finished (service NetworkManager start)

[Shubhamvis98]

Maybe some other changes are also needed to make it work. and apologies as I already mentioned that I don't have a pro so not sure if I can help with this.

[9hm2]

I tried to applied the patch from https://aur.archlinux.org/cgit/aur.git/tree/add-nexmon.patch?h=linux-aarch64-raspberrypi-4.14. The compilation works fine (after some other patches), so I replaced the brcmfmac.ko.xz with the new compiled one.

The monitor mode can now be set:

 $ sudo ip link set wlan0 down
 $ sudo iw wlan0 set monitor control
 $ sudo ip link set wlan0 up

The monitor mode seems activated (iw dev shows monitor) but:

# airodump-ng wlan0
CH 13 ][ Elapsed: 6 s ][ 2023-02-03 

BSSID              PWR  Beacons    #

BSSID              STATION          

Quitting...

airodump-ng shows no network. Same with wifite:

# wifite --kill
  .               .    
.´  ·  .     .  ·  `.  wifite2 2.6.6
:  :  :  (¯)  :  :  :  a wireless auditor by derv82
`.  ·  ` /¯\ ´  ·  .´  maintained by kimocoder
  `     /¯¯¯\     ´    https://github.com/kimocoder/wifite2

[+] option: kill conflicting processes enabled
[!] Killing 2 conflicting processes
[!] stopping NetworkManager (systemctl stop NetworkManager)
[!] Terminating conflicting process wpa_supplicant (PID 629)

    Interface   PHY   Driver              Chipset                       
-----------------------------------------------------------------------
1. wlan0       phy2  brcmfmac            unable to detect for sdio 0x02d0:0xa9bf

[+] Enabling monitor mode on wlan0... enabled!

[+] Scanning. Found 0 target(s), 0 client(s). Ctrl+C when ready 
[!] Error: No targets found. You may need to wait longer, or you may have issues with your wifi card

[!] Exiting

[!] Note: Leaving interface in Monitor Mode!
[!] To disable Monitor Mode when finished: 
[+]   ip link set wlan0 down
[+]   iw wlan0 set type managed
[+]   ip link set wlan0 up

[!] You can restart NetworkManager when finished (service NetworkManager start)

Hi pls share the patching and compilation steps

[blackndoor]

Here is the patch: patch_bkndr.txt As said, once in monitor mode, the interface shows no network.

In order to compile on your pinephone device:

$ cd your_path_to/linux-rockchip-6.1/drivers/net/wireless/broadcom/brcm80211/brcmfmac
$ make -C /lib/modules/6.1-rockchip/build M=$(pwd) brcmfmac_src=$(pwd) modules

[castr06]

willing to be a guinea pig on this if anyone has any solutions they want to try. I'll also try to tackle this as i know it must be possible, given their were prior firmwares of other os for the PPP that allowed monitor mode.

[Shubhamvis98]

Hi @castr06, @blackndoor thanks for your work. Just wanted to mention that, If a patch enables monitor mode, doesn't mean that the monitor mode will work. There's a lot more things we need to do. Like you said, the monitor mode doesn't show nearby APs, right? There's a lot of work need to be done to make this work and we need to check with kernel devs. I also don't have the Pro so I can't work on this issue.

[covar2077]

Hello any info about packet injection of built in wifi adapter?

[Shubhamvis98]

Hello any info about packet injection of built in wifi adapter?

Currently, packet injection only works on pinephone(non-pro).

[hak5peaks]

Any plans to add packet injection for the pro?

[Shubhamvis98]

Hi @Peaakss, I don't have a pinephonepro and Pine64 doesn't ship their products to India. So testing it isn't possible for me. Let's hope any other developer works on PPP.

[hak5peaks]

Thank you! I have just ordered a Pro, once its delivered I will test the firmware and give an update

[hak5peaks]

@Shubhamvis98 Testing my pinephone pro, monitoring mode and packet injection is generating errors, I guessing this is due to the different chip sets, if it was willing to open remote access to the phone would you be interested in testing with the pro?

[Shubhamvis98]

Hi @Peaakss, apologies but I tried testing things remotely but it's frustrating and takes a lot of time and patching wifi is also not possible without physical access to the device as I'm also not very good in writing driver codes. You can try patching it, @blackndoor was also working on patching the Pro, you can check with him as well.