search

the-tcpdump-group / libpcap

the LIBpcap interface to various kernel packet capture mechanism
https://www.tcpdump.org/
Other
2.72k stars 855 forks source link

rpi0 bcm2835 need downgrade to 1.9.1 to work on bettercap but system need 1.10.1 to run #1041

Closed V0r-T3x closed 2 years ago

V0r-T3x commented 3 years ago

libpcap version: tcpdump version 4.99.0 libpcap version 1.10.0 (with TPACKET_V3) OpenSSL 1.1.1k 25 Mar 2021

Operating system: Linux ALOA 4.14.80-Re4son+ # 1 Thu Feb 6 15:03:43 CET 2020 armv6l GNU/Linux

configure flags: no special configuration applied

Statement of the problem and how this ##happen: I play with the p4wnp1 aloa and I installed bettercap. I could use the native physical Broadcom bcm2835 chipset from the raspberry Pi zero W to scan network with bettercap. After an update of the system, the wlan0 could not use it anymore. in bettercap i had this error message: [err] error while setting interface wlan0 in monitor mode: Cannot set rfmon for this handle

i found a report post on the bettercap caplet issues page about the problem. Bettercap: Cannot set rfmon for this handle AWUS1900 #819

Its a problem with the new version of the libpcap (1.10.0). I tried to downgrade (1.9.1-4) and the problem was solve. This create an other huge problem in my system. It seem the apt package need the libpcap 1.10.1 to work... then if I keep the 1.9.1-4, my wifi chipset work but i cannot install anything on my system and if i keep, and vice versa. Is anyone can help me to find how I can keep the 1.10.1 and make the bcm2835 work again?

infrastation commented 3 years ago

Is it true in this case that people that can git-bisect the fault don't have the hardware and people that have cannot?

infrastation commented 3 years ago

Does this reproduce on RPI3B or RPI4B?

infrastation commented 3 years ago

If anybody is willing to work on this issue (reproducing it seems to require Pi Zero W, which isn't expensive), please step in, otherwise it will be closed in 7 days.

darkr4y commented 2 years ago

Same error when use rpi OS latest version (debian bullseye) apt-cache policy libpcap0.8 will show following output:

libpcap0.8:
  Installed: 1.10.0-2
  Candidate: 1.10.0-2
  Version table:
 *** 1.10.0-2 500
        500 http://mirrors.xxx.com/raspbian/raspbian bullseye/main armhf Packages
        100 /var/lib/dpkg/status

If I want to follow up and fix this error, how do I start?

maybe some useful issue ref https://github.com/bettercap/bettercap/issues/817 https://github.com/bettercap/bettercap/issues/232

darkr4y commented 2 years ago

Try to make the two version of libpcap's .so file co-exists

8 directories, 9 files

the newest version

ls -al /usr/lib/arm-linux-gnueabihf/libpcap* -rw-r--r-- 1 root root 346020 Jan 5 2021 /usr/lib/arm-linux-gnueabihf/libpcap.a lrwxrwxrwx 1 root root 14 Jan 5 2021 /usr/lib/arm-linux-gnueabihf/libpcap.so -> libpcap.so.0.8 lrwxrwxrwx 1 root root 17 Jan 5 2021 /usr/lib/arm-linux-gnueabihf/libpcap.so.0.8 -> libpcap.so.1.10.0 -rw-r--r-- 1 root root 268436 Jan 5 2021 /usr/lib/arm-linux-gnueabihf/libpcap.so.1.10.0

* copy old version so file to target folder and set `LD_LIBRARY`, then run with bettercap in root `export LD_LIBRARY_PATH=/usr/lib/arm-linux-gnueabihf/old/ && bettercap -debug -iface mon0 -eval 'wifi.recon on'`
target folder

ls -al /usr/lib/arm-linux-gnueabihf/old total 252 drwxr-xr-x 2 root root 4096 Jan 19 14:23 . drwxr-xr-x 52 root root 45056 Jan 19 14:21 .. lrwxrwxrwx 1 root root 14 Jan 19 14:23 libpcap.so -> libpcap.so.0.8 lrwxrwxrwx 1 root root 16 Jan 19 14:22 libpcap.so.0.8 -> libpcap.so.1.9.1 -rw-r--r-- 1 root root 202964 Jan 19 14:18 libpcap.so.1.9.1

ldd to show if the old version so file loaded

ldd /usr/bin/bettercap libpcap.so.0.8 => /usr/lib/arm-linux-gnueabihf/old/libpcap.so.0.8 (0xb6f60000) libusb-1.0.so.0 => /usr/lib/arm-linux-gnueabihf/libusb-1.0.so.0 (0xb6f38000) libdl.so.2 => /lib/arm-linux-gnueabihf/libdl.so.2 (0xb6f24000) libnetfilter_queue.so.1 => /usr/lib/arm-linux-gnueabihf/libnetfilter_queue.so.1 (0xb6f0e000) libnfnetlink.so.0 => /usr/lib/arm-linux-gnueabihf/libnfnetlink.so.0 (0xb6ef8000) libpthread.so.0 => /lib/arm-linux-gnueabihf/libpthread.so.0 (0xb6ecc000) libc.so.6 => /lib/arm-linux-gnueabihf/libc.so.6 (0xb6d78000) /lib/ld-linux-armhf.so.3 (0xb6fa2000) libdbus-1.so.3 => /lib/arm-linux-gnueabihf/libdbus-1.so.3 (0xb6d24000) libudev.so.1 => /usr/lib/arm-linux-gnueabihf/libudev.so.1 (0xb6cf0000) libmnl.so.0 => /usr/lib/arm-linux-gnueabihf/libmnl.so.0 (0xb6cdc000) libsystemd.so.0 => /usr/lib/arm-linux-gnueabihf/libsystemd.so.0 (0xb6c23000) librt.so.1 => /lib/arm-linux-gnueabihf/librt.so.1 (0xb6c0b000) liblzma.so.5 => /lib/arm-linux-gnueabihf/liblzma.so.5 (0xb6bda000) libzstd.so.1 => /usr/lib/arm-linux-gnueabihf/libzstd.so.1 (0xb6b0d000) liblz4.so.1 => /usr/lib/arm-linux-gnueabihf/liblz4.so.1 (0xb6ae0000) libgcrypt.so.20 => /usr/lib/arm-linux-gnueabihf/libgcrypt.so.20 (0xb6a03000) libgpg-error.so.0 => /lib/arm-linux-gnueabihf/libgpg-error.so.0 (0xb69d6000)

and compare two version

file /usr/lib/arm-linux-gnueabihf/libpcap.so.1.10.0 /usr/lib/arm-linux-gnueabihf/libpcap.so.1.10.0: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=6b87749f782775e8fea59f9d5af2717832832e01, stripped file /usr/lib/arm-linux-gnueabihf/old/libpcap.so.1.9.1 /usr/lib/arm-linux-gnueabihf/old/libpcap.so.1.9.1: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=a84925fbd46150af814a4da6b38ac9466b48900d, stripped

but no luck, `export LD_LIBRARY_PATH=/usr/lib/arm-linux-gnueabihf/old/:$LD_LIBRARY_PATH && bettercap -debug -iface mon0 -eval 'wifi.recon on'` will show following msg:

Illegal instruction

try to use `strace` dig in:

strace bettercap -deb^C -iface mon0 -eval 'wifi.recon on' execve("/usr/bin/bettercap", ["bettercap", "-deb^C", "-iface", "mon0", "-eval", "wifi.recon on"], 0xbeb2e764 / 18 vars /) = 0 brk(NULL) = 0x2043000 uname({sysname="Linux", nodename="hacking4fun", ...}) = 0 access("/etc/ld.so.preload", R_OK) = 0 openat(AT_FDCWD, "/etc/ld.so.preload", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=55, ...}) = 0 mmap2(NULL, 55, PROT_READ|PROT_WRITE, MAP_PRIVATE, 3, 0) = 0xb6f4e000 close(3) = 0 munmap(0xb6f4e000, 55) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/tls/v6l/vfp/libpcap.so.0.8", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/usr/lib/arm-linux-gnueabihf/old/tls/v6l/vfp", 0xbe8adb08) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/tls/v6l/libpcap.so.0.8", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/usr/lib/arm-linux-gnueabihf/old/tls/v6l", 0xbe8adb08) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/tls/vfp/libpcap.so.0.8", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/usr/lib/arm-linux-gnueabihf/old/tls/vfp", 0xbe8adb08) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/tls/libpcap.so.0.8", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/usr/lib/arm-linux-gnueabihf/old/tls", 0xbe8adb08) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/v6l/vfp/libpcap.so.0.8", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/usr/lib/arm-linux-gnueabihf/old/v6l/vfp", 0xbe8adb08) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/v6l/libpcap.so.0.8", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/usr/lib/arm-linux-gnueabihf/old/v6l", 0xbe8adb08) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/vfp/libpcap.so.0.8", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat64("/usr/lib/arm-linux-gnueabihf/old/vfp", 0xbe8adb08) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/libpcap.so.0.8", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\2007\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=202964, ...}) = 0 mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f4d000 mmap2(NULL, 267600, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6edb000 mprotect(0xb6f0b000, 65536, PROT_NONE) = 0 mmap2(0xb6f1b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x30000) = 0xb6f1b000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/libusb-1.0.so.0", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=50298, ...}) = 0 mmap2(NULL, 50298, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6f40000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/libusb-1.0.so.0", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\2100\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=96192, ...}) = 0 mmap2(NULL, 160504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6eb3000 mprotect(0xb6eca000, 61440, PROT_NONE) = 0 mmap2(0xb6ed9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0xb6ed9000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/libdl.so.2", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib/arm-linux-gnueabihf/libdl.so.2", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\330\v\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=13864, ...}) = 0 mmap2(NULL, 78020, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6e9f000 mprotect(0xb6ea2000, 61440, PROT_NONE) = 0 mmap2(0xb6eb1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0xb6eb1000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/libnetfilter_queue.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/libnetfilter_queue.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\350\31\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=21724, ...}) = 0 mmap2(NULL, 86276, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6e89000 mprotect(0xb6e8e000, 61440, PROT_NONE) = 0 mmap2(0xb6e9d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0xb6e9d000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/libnfnetlink.so.0", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/libnfnetlink.so.0", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0d\21\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=21616, ...}) = 0 mmap2(NULL, 86208, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6e73000 mprotect(0xb6e78000, 61440, PROT_NONE) = 0 mmap2(0xb6e87000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0xb6e87000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/libpthread.so.0", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib/arm-linux-gnueabihf/libpthread.so.0", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0t]\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=137364, ...}) = 0 mmap2(NULL, 176728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6e47000 mprotect(0xb6e5f000, 65536, PROT_NONE) = 0 mmap2(0xb6e6f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18000) = 0xb6e6f000 mmap2(0xb6e71000, 4696, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6e71000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/libc.so.6", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib/arm-linux-gnueabihf/libc.so.6", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\240\255\1\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1321488, ...}) = 0 mmap2(NULL, 1390760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6cf3000 mprotect(0xb6e32000, 61440, PROT_NONE) = 0 mmap2(0xb6e41000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13e000) = 0xb6e41000 mmap2(0xb6e45000, 6312, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6e45000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/libdbus-1.so.3", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib/arm-linux-gnueabihf/libdbus-1.so.3", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\24\251\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=275920, ...}) = 0 mmap2(NULL, 340304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6c9f000 mprotect(0xb6ce1000, 65536, PROT_NONE) = 0 mmap2(0xb6cf1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x42000) = 0xb6cf1000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/libudev.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/libudev.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\2400\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=145008, ...}) = 0 mmap2(NULL, 211172, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6c6b000 mprotect(0xb6c8d000, 65536, PROT_NONE) = 0 mmap2(0xb6c9d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0xb6c9d000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/libmnl.so.0", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/libmnl.so.0", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\10\25\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=13680, ...}) = 0 mmap2(NULL, 77832, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6c57000 mprotect(0xb6c5a000, 61440, PROT_NONE) = 0 mmap2(0xb6c69000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0xb6c69000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/libsystemd.so.0", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/libsystemd.so.0", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0h\322\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=679180, ...}) = 0 mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6c55000 mmap2(NULL, 745520, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6b9e000 mprotect(0xb6c42000, 61440, PROT_NONE) = 0 mmap2(0xb6c51000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa3000) = 0xb6c51000 mmap2(0xb6c54000, 48, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6c54000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/librt.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib/arm-linux-gnueabihf/librt.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\20\33\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=30676, ...}) = 0 mmap2(NULL, 94728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6b86000 mprotect(0xb6b8c000, 65536, PROT_NONE) = 0 mmap2(0xb6b9c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0xb6b9c000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/liblzma.so.5", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib/arm-linux-gnueabihf/liblzma.so.5", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0x\"\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=132888, ...}) = 0 mmap2(NULL, 197040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6b55000 mprotect(0xb6b75000, 61440, PROT_NONE) = 0 mmap2(0xb6b84000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1f000) = 0xb6b84000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/libzstd.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/libzstd.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0@\222\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=771444, ...}) = 0 mmap2(NULL, 835624, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6a88000 mprotect(0xb6b43000, 65536, PROT_NONE) = 0 mmap2(0xb6b53000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xbb000) = 0xb6b53000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/liblz4.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/liblz4.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0l\32\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=116236, ...}) = 0 mmap2(NULL, 180444, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6a5b000 mprotect(0xb6a77000, 61440, PROT_NONE) = 0 mmap2(0xb6a86000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b000) = 0xb6a86000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/libgcrypt.so.20", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/libgcrypt.so.20", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0a\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=840264, ...}) = 0 mmap2(NULL, 905152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb697e000 mprotect(0xb6a46000, 65536, PROT_NONE) = 0 mmap2(0xb6a56000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc8000) = 0xb6a56000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/arm-linux-gnueabihf/old/libgpg-error.so.0", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib/arm-linux-gnueabihf/libgpg-error.so.0", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\3701\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=116164, ...}) = 0 mmap2(NULL, 180484, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6951000 mprotect(0xb696d000, 61440, PROT_NONE) = 0 mmap2(0xb697c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b000) = 0xb697c000 close(3) = 0 mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb694f000 set_tls(0xb694fcc0) = 0 mprotect(0xb6e41000, 8192, PROT_READ) = 0 mprotect(0xb697c000, 4096, PROT_READ) = 0 mprotect(0xb6a56000, 4096, PROT_READ) = 0 mprotect(0xb6a86000, 4096, PROT_READ) = 0 mprotect(0xb6b53000, 4096, PROT_READ) = 0 mprotect(0xb6e6f000, 4096, PROT_READ) = 0 mprotect(0xb6b84000, 4096, PROT_READ) = 0 mprotect(0xb6b9c000, 4096, PROT_READ) = 0 mprotect(0xb6c51000, 8192, PROT_READ) = 0 mprotect(0xb6c69000, 4096, PROT_READ) = 0 mprotect(0xb6c9d000, 4096, PROT_READ) = 0 mprotect(0xb6cf1000, 4096, PROT_READ) = 0 mprotect(0xb6e87000, 4096, PROT_READ) = 0 mprotect(0xb6e9d000, 4096, PROT_READ) = 0 mprotect(0xb6eb1000, 4096, PROT_READ) = 0 mprotect(0xb6ed9000, 4096, PROT_READ) = 0 mprotect(0xb6f1b000, 4096, PROT_READ) = 0 mprotect(0x12ba000, 4096, PROT_READ) = 0 mprotect(0xb6f4f000, 4096, PROT_READ) = 0 munmap(0xb6f40000, 50298) = 0 set_tid_address(0xb694f868) = 2806 set_robust_list(0xb694f870, 12) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0xb6e4c6a8, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0xb6d25db0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0xb6e4c764, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0xb6d25db0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 ugetrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0 brk(NULL) = 0x2043000 brk(0x2064000) = 0x2064000 --- SIGILL {si_signo=SIGILL, si_code=ILL_ILLOPC, si_addr=0xb6ede7e0} --- +++ killed by SIGILL +++ Illegal instruction


any help?
darkr4y commented 2 years ago

I also tried the aircrack-ng

sudo -i
ip link set wlan0 down
iw dev wlan0 set type monitor
ip link set wlan0 up
airmon-ng start wlan0
airodump-ng wlan0mon

it runs very well as always. Still not sure where the key problem :(

darkr4y commented 2 years ago

I think I may have found the problem. There may be bugs in higher versions of libpcap,but during my testing, I confused the rpiOS and kali deb packages, resulting in the Illegal instruction error above. replace the download url to https://mirrors.xxxx.com/raspbian/raspbian/pool/main/libp/libpcap/libpcap0.8_1.8.1-3%2Bdeb9u1_armhf.deb Then repeat the steps for setting LD_LIBRARY_PATH, now two version of libpcap can co-exists.

vim /etc/systemd/system/bettercap.service add env

[Unit]
Description=bettercap api.rest service.
Documentation=https://bettercap.org
Wants=network.target

[Service]
Environment="LD_LIBRARY_PATH=/usr/lib/arm-linux-gnueabihf/old/"
Type=simple
PermissionsStartOnly=true
ExecStart=/usr/bin/bettercap-launcher
Restart=always
RestartSec=30
infrastation commented 2 years ago

Do you have the hardware and the OS where this problem reproduces?

darkr4y commented 2 years ago

Do you have the hardware and the OS where this problem reproduces?

yep

I have Raspi Zero W v1.1 and the os is RaspiOS which used to be called Raspbian(the lastest version based on Debian Bullseye)

and what can I do for you to help you ? plz feel free to ask 😃

infrastation commented 2 years ago

As far as the problem description goes, the bug is not present in libpcap 1.9.1, but is present in 1.10.0. If you know how to do git bisection, it would help if you could identify the commit that introduced the problem.

darkr4y commented 2 years ago

Try to invest:

Reference in Bettercap https://github.com/bettercap/bettercap/blob/81ae731b9f57109c5443fc7e8ef5f5f3d3614fa9/network/pcap.go#L45

Since Bettercap is based on Go, it references GoPacket as a library, so check the error message to find https://github.com/google/gopacket/blob/3aa782ce48d4a525acaebab344cedabfb561f870/pcap/pcap.go#L857

var CannotSetRFMon = errors.New("Cannot set rfmon for this handle")

Called from https://github.com/google/gopacket/blob/3aa782ce48d4a525acaebab344cedabfb561f870/pcap/pcap_unix.go#L633

func (p *InactiveHandle) pcapSetRfmon(monitor bool) error

in LibPcap's C func pcap_can_set_rfmon Reference in version 1.9.x https://github.com/the-tcpdump-group/libpcap/blob/ec338eab6c50805580fd902d5db6b837826d40bc/pcap.c#L500 Reference in version 1.10.x https://github.com/the-tcpdump-group/libpcap/blob/ec338eab6c50805580fd902d5db6b837826d40bc/pcap.c There seems to be no difference between the above code, but further comparison reveals that in 1.10.x there are different pointer assignments, corresponding to different callers, as follows

----- 1.10.x -----
pcap-airpcap.c
p->can_set_rfmon_op = airpcap_can_set_rfmon;
pcap-npf.c 
p->can_set_rfmon_op = pcap_can_set_rfmon_npf;
...

The can_set_rfmon_op pointer is usually assigned in the pcap_create_interface function Is it possible that pcap_can_set_rfmon func returning the wrong value because of a misidentified device interface in version 1.10.x?

infrastation commented 2 years ago

To identify the change that has introduced the regression, please use git-bisect(1); most likely libpcap-1.9-bp will be the initial "good" revision and libpcap-1.10-bp will be the initial "bad" revision.

darkr4y commented 2 years ago

To identify the change that has introduced the regression, please use git-bisect(1); most likely libpcap-1.9-bp will be the initial "good" revision and libpcap-1.10-bp will be the initial "bad" revision.

git bisect start 8c6c412 82001f3 8c6c412 is for libpcap-1.10-bp 82001f3 is for libpcap-1.9-bp

try to compile libpcap and test with bettercap

cd /home/pi/libpcap
make clean && ./configure && make
ln -s libpcap.so.1.10.0-PRE-GIT libpcap.so.0.8
sudo -i
export LD_LIBRARY_PATH=/home/pi/libpcap/ && bettercap -debug -iface mon0 -eval 'wifi.recon on'

It is strange that this version is working properly and I confirmed the path of the loaded .so with ldd /usr/bin/bettercap

I also tried to change the good and bad version range which from libpcap-1.10-bp to libpcap-1.10.1 and the results that did not meet expectations (ef0762f is for libpcap-1.10.0)

ef0762f is the first bad commit

Any good advice on which step I did wrong?

infrastation commented 2 years ago

Thank you trying to bisect the problem. From your comments I understand the problem does not reproduce as originally described, is this correct?

darkr4y commented 2 years ago

The expectation is to find the bad version between the two versions, libpcap-1.9-bp and libpcap-1.10-bp but in my test, the libpcap-1.10-bp is good version is it possible to show that the bad version is not between the two versions? and I found that the first bad version is libpcap-1.10.0

infrastation commented 2 years ago

libpcap-1.10-bp is commit 8c6c412 and libpcap-1.10.0 is commit ef0762f, which is the next commit and which does not change any C code. So these results don't make sense. Let me suggest to put dynamic linking complexity out of the problem space, in that you can compile tcpdump to use static libpcap, and then run tcpdump with --monitor-mode to see if the function call fails. Alternatively, you could provide remote SSH access to the board.

infrastation commented 2 years ago

For reference, on RPI3B rev. 1.2 it is impossible to reproduce this issue because the interface does not support monitor mode (tested with 2022-01-28-raspios-bullseye-armhf-lite.img and the latest master branches):

tcpdump -i wlan0 --monitor-mode
tcpdump: wlan0: That device doesn't support monitor mode

I wonder if it looks the same on RPI0W.

darkr4y commented 2 years ago

libpcap-1.10-bp is commit 8c6c412 and libpcap-1.10.0 is commit ef0762f, which is the next commit and which does not change any C code. So these results don't make sense. Let me suggest to put dynamic linking complexity out of the problem space, in that you can compile tcpdump to use static libpcap, and then run tcpdump with --monitor-mode to see if the function call fails. Alternatively, you could provide remote SSH access to the board.

so this is really confuse me. I'll try to use tcpdump for testing. and if you want to set raspi own Wifi SoC (interface wlan0) in monitor mode, it must be replace the bcm's driver (nexmon) someone had made a repo to install it

infrastation commented 2 years ago

Thank you for trying. It is important to know the steps to reproduce the issue. Maybe developers of the Linux distribution where this happens would be in a better position to state the problem.

infrastation commented 2 years ago

If this problem report does not have exact steps to reproduce in 14 days, it will be closed.

infrastation commented 2 years ago

It is time.

evilsocket commented 3 months ago

for the record i'm still looking into this, airodump-ng works because it's not using the system libpcap:

ldd $(which airodump-ng)                                                                                                                   

        linux-vdso.so.1 (0x00007fff5ffd7000)
        libaircrack-osdep-1.6.0.so => /lib/x86_64-linux-gnu/libaircrack-osdep-1.6.0.so (0x00007f1180414000)
        libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007f118039e000)
        libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007f1180260000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1180037000)
        libnl-3.so.200 => /lib/x86_64-linux-gnu/libnl-3.so.200 (0x00007f1180014000)
        libnl-genl-3.so.200 => /lib/x86_64-linux-gnu/libnl-genl-3.so.200 (0x00007f1180009000)
        libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f117ffe3000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f118045c000)