I've added a new firmware version for BCM4329, this version resolves crashes on devices other than Nexus One (for example Evo 4G).
The new firmware:
https://code.google.com/p/bcmon/source/browse/trunk/bcm4329/fw/fw_bcm4329.bcmon.bin
Nexus One bundle - CM 7.2 nightly:
https://code.google.com/p/bcmon/source/browse/trunk/bundles/nexus_bundle.zip
EVO 4G bundle - CM 7.2 stable (thanks for Miguel Martinez work):
https://code.google.com/p/bcmon/source/browse/trunk/bundles/evo4g_cm7.2.zip
Desire Z - CM 7.2 stable (thanks for j.mampe)
http://code.google.com/p/bcmon/source/browse/trunk/bundles/bcm_desirez_cyanogenmod_7.2_bundle.zip
** The new firmware resolves errors like:
<4>[ 7585.014312] Dongle trap type 0x3 @ epc 0x1d7f8, cpsr 0x20000003, spsr 0x21000010, sp 0x47a9c,lp 0x2127, rpc 0x1d7f8 Trap offset 0x47a48, r0 0xc701ff0f, r1 0x3d410, r2 0x1, r3 0x1d7f1, r4 0x0, r5 0xc701ff0f, r6 0x3d410, r7 0x3d410
so if you tried to compile the driver for your device and experienced similar errors, give it another try :)
Is there a working version of this for the galaxy s3?
ReplyDeleteNot yet, sadly we don't own any gs3 device.
DeleteHi is there anything for the HTC EVO that I can do thanks
DeleteThank you for providing the firmware for putting the device in monitor mode. On using it with the driver, I could see the interface in monitor mode for my HTC device.
ReplyDeleteIt would be good to know whether there is a way to get some more information from the received packets in the driver like the timestamp, data rate apart from the RSSI.
It's on my list, I hope to release an update soon.
DeleteFor more information about the driver, The driver source was obtained here as suggested in one of the blog posts
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteCan you pls tell me how to compile it for this rom (Wildfire S)?
ReplyDeletehttp://forum.xda-developers.com/showthread.php?t=1226765
does the wildfire have a bcm4329/4330 chipset?
DeleteI've compiled the module for Wildfire S,
Deleteyou can find it here:
http://forum.xda-developers.com/showpost.php?p=34896821&postcount=128
thanks
Deletecan you compile for the Wildfire S please also for the stock rom ?
Deletehow can i compile a module for cm10?
Deleteor can someone do it for me?
i'm using the kernel from here. http://forum.xda-developers.com/showthread.php?t=1861623
I have it compiled and running under ICS but the signal strength in airodump-ng is always 0. I also get an error when I try to run tcpdump. I think it's because the libpcap library is missing. Any suggestions?
ReplyDeleteGreg
I don't think this is the problem, I believe that the radiotap fields are the problem, it's on my TODO list :)
DeleteI have a stock S-OFF + ROOTED EVO 4G LTE that I would like to try this on. I am not familiar with compiling apps for phones though, so it may take me some time to learn how to set everything up properly, but I will report back with my findings. Also, once it is set in monitor mode, is it temporary and will reset on reboot or is it permanent until you go in and change it back? If perm, It might be a good idea to setup an on/off script.
ReplyDeleteShort answer: It's not permanent, you got nothing to worry about.
DeleteThe firmware is loaded when you load the module (with insmod)...
Hi. Noticed you don't have a galaxy s3 for dev and testing. I have one running cm10 and would be more than willing to help out. Right now I can't compile your driver but I'm working on that. Please pm me on XDA my SN is fwayfarer
ReplyDeleteThanks
Son los mejores acabo de donar 20 dolares gracias por el trabajo que hacen !!!! Esperando Injection support for BCM4330
ReplyDeleteworks on tchem lg gt540 (swift)
ReplyDeleteIs this posible for htc flyer p510i ?
ReplyDeleteThank you.
it depends on the device chipset, if its bcm4329/4330 then yes.
DeleteI have /system/lib/modules/bcm4329.ko
DeleteThat means that is the device chipset is bcm4329 ?
And can i use the same bcmon.co from nexus one bundle ?
DeleteIs this possible for BCM4319 chipset?
ReplyDeleteno, what device use this chipset?
DeleteI think ZTE skate but i am confused because in the /system/etc directory have fw_4319.bin and fw_4329.bin.Sorry for my poor English.
DeleteThis comment has been removed by the author.
ReplyDeleteHi guys, I spent the last couple days hacking around with your code and firmware. I've managed to get everything running on the HTC Inspire 4G running cm 7.2. Thank you so much for all the great work you have done on enabling monitor mode and packet injection for the bcm4329 chipset.
ReplyDeleteAlso, Give credit where credit is due... Here is the guide I followed. http://betafoo.wordpress.com/2012/10/09/monitor-mode-on-htc-desire-z-cm-7-2/
DeleteI had some issues getting the cross compiler installed properly, and this guide didn't address issues with -werror in the source make files. Two files complained about array out of bound issues, but the module seems to function properly. Also, I had a crazy time trying to get the "+" out of the dam vermagic, so I eventually just hacked the + out of the setlocalversion code.
Could you please add /data/local/bin path for aireplay-ng too, like you did for airodump. It can not find iwconfig too :)
ReplyDeleteJust wanted to say thanks for all the hard work guys. I'll definitely be sending some small but much sincere donations your way!
ReplyDeleteNeed a new firmware for Glalaxy S2. Now if you run tcpdump in monitor mode on Galaxy S2, tcpdump stops capturing after a few minutes.
ReplyDeleteporfavor un firmware con inyección y modo monitor sin que se pare para s2
ReplyDeleteplz fix your guys email lol, anyway i must of spent 2-3 hours last night trying to compile recompile download cross compile sources anything i coulde ever think of one of the main things that was a roadbloack was openssl not installing i have ubuntu running natively and backtrack in a chroot im trying to get Nvidia Tegra 2 T20 chipset into monitor mode anyways im trying everything and want to get this up and running once i get aircrack running im going to start porting over some linux programs, have you done any testing with this chipset though ill be glad to help :)
ReplyDeleteps there is an ssl-strip foir android now
Hello, I'm trying to modify Wifi operations (802.11 MAC) in Nexus S.
ReplyDeleteFor example, I'm trying to change the values of fields in MAC header in Beacon frame or Null data frame(for power saving mode).
But, I have a critical problem that I cannot find the corresponding kernel files.
I don't know where the 802.11 MAC header is created in case of TX,
and where the values of fields of 802.11 MAC header are extracted from the received packet in case of RX.
Please let me know how to do or what to do...
According to your article, 802.11 related operations are performed in the firmware.
so... how can I modify the firmware on Nexus S?
Any help would be appreciated.
and I'm currently working on the kernel version is 3.0.31 (JB).
~/android/kernel/cm-kernel $ make ARCH=arm CROSS_COMPILE=$CCOMPILER -j`grep 'processor' /proc/cpuinfo | wc -l`
ReplyDeletescripts/kconfig/conf --silentoldconfig Kconfig
CHK include/linux/version.h
UPD include/linux/version.h
CC scripts/mod/empty.o
cc1: error: unrecognized command line option '-mlittle-endian'
cc1: error: unrecognized command line option '-mapcs'
cc1: error: unrecognized command line option '-mno-sched-prolog'
cc1: error: unrecognized command line option '-mno-thumb-interwork'
scripts/mod/empty.c:1:0: error: unknown ABI (aapcs-linux) for -mabi= switch
scripts/mod/empty.c:1:0: error: bad value (armv5t) for -march= switch
make[2]: *** [scripts/mod/empty.o] Error 1
make[1]: *** [scripts/mod] Error 2
make: *** [scripts] Error 2
make: *** Waiting for unfinished jobs....
el proyecto se ha cancelado?
ReplyDeleteIm sorry in advance for a very noobish question, but does this works on a Nexus S( i9023)?
ReplyDeleteRegards.
Hi, i have an optimus 2x p990 with cyanogenmod 7.2 wich in /system/etc/firmware has an archive named bcm4329b1_002.002.023.0735.0745.hcd is this the archive i must replace?, there is already a compilation done for my mobile?
ReplyDeletethanks in advance
I have a desire z. What steps do I have to perform to let your software run on my device? Can I capture raw 802.11 beacon frames using it?
ReplyDeleteAnd I have the need to read out that capturing from a software. I do not intend to use the information for criminal purposes! It's for a scientific experiment.
ReplyDeleteCan you maybe look at this:
ReplyDeletehttp://forum.xda-developers.com/showthread.php?t=1751184
Hopefully it is possible to make some monitor drivers for gsg3.
Is this project still alive?
ReplyDeleteYep, we are now testing a new firmware for BCM4330.
ReplyDeleteWow! Nice to hear that! Do we need CM to install the new firmware? Or is a rooted phone enough? I have the Galaxy Ace 2, which doesn't have CM (yet..?).
DeleteThanks anyway for the time you're putting into this!
Are you guys planing on supporting the nexus 7?
ReplyDeleteWhen will this work for the galaxy s3
ReplyDeleteWill this work for evo3d ? if so can some one compile it ?
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteWill this work for Evo 3D pleas?? Evo have Broadcom BCM4329. If so can some one compile it pleas?
ReplyDeletehttps://github.com/tuter/monmob
ReplyDeleteI'm still a noob when it comes to stuff like this. But hope it helps. Eager to try if monitor mode really works on my iPod Touch 4G.
Thank you for providing the firmware for putting the device in monitor mode. On using it with the driver, I could see the interface in monitor mode for my HTC device.
ReplyDeleteIt would be good to know whether there is a way to get some more information from the received packets in the driver like the timestamp, data rate apart from the RSSI.guild wars 2 gold
buy guild wars 2 gold
cheap guild wars 2 gold
cheapest guild wars 2 gold
guild wars 2 gold for sale
When will this work for the galaxy s3swtor gold
ReplyDeletebuy swtor gold
cheap swtor gold
tor credits
buy tor credits
cheap tor credits
What can we do for the galaxy s (epic 4g)? There is bcm4329_aps.bin, bcm4329_mfg.bin, and bcm4329_sta.bin. None of them match the md5 you gave in a previous post. I'm getting a new phone, but it would be great to still be able to use the epic for some things.
ReplyDeleteAnd thanks for your great work on this. Many people said it would never be done.
Will this work fort razor max
ReplyDelete???
I managed to get it working on HTC Desire (Bravo) running Cyanogen stable cm-7.2.0.1-bravo. As the lazy ass I am, the only thing I did was to download the latest nexus bundle, open bcm4329.ko in a hex-editor and change the kernel ver magic string to mine. The kernel where almost identical, mine is 2.6.37.6-cyanogenmod-g2a32a61, it' just the g2a32a61 in the nexus module that differs.
ReplyDeleteDon't run the script, run:
insmod *path to module* -firmware_path=*path to firmware*
It works pretty nice, could be laggy if there's a bit traffic in the air, especially like if your running airodump on a channel where you have a computer downloading a file in 3-400 kb/s, it could be so laggy that you hardly can use your phone until the download has stopped. Is this normal?
But using besside-ng on my net to get WPA-handshake works, even in WEP too, but it's a little laggy due to capture all IVs.
WARNING: Even though Desire and Nexus have nearly identical hardware, and in this case runs almost the same kernel-ver. Messing with modules not meant for your kernel could be risky, I know. Im not responsible for your bricked phone or any damage caused by following this description.
Xperia j support?
ReplyDeleteHow do I hack wifi with my samsung replenish...am I to out of date? I'm not even sure what kind of chipset I have I'm getting someones wifi..but I have to stand in one spot and I'm kinda sick of this;)lol could anyone please help me so I don't have to stand here all day...it would help a lot..thx
ReplyDeleteI could do it I just need a push start...lol
ReplyDeleteIs there a working version of this for the Galaxy Note II?
ReplyDeleteIs there one for the zte advid on metro I really need it
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteHello. I've searched the Internet about how to check what wifi chip do I have in my Huawei Y300, but couldn't find anything.
ReplyDeleteI'd like to know if my phone could go on monitor mode.
Thank you.
The consequences of today are determined by the actions of the past scarlet blade gold. To change your future, alter your decisions today scarlet blade gold, Experience is a hard teacher because she gives the test first, the lesson afterwards scarlet blade gold, but it takes character to keep you there.
ReplyDeleteThe past is gone and static. Nothing we can do will change it.scarlet blade gold, the future is before us and dynamic. Everything we do will affect it rs gold, You laugh at mescarlet blade gold for being different , but I laugh at you for being the same.
ReplyDeleteThe bravery of each bull is then rated with care according to the number of times he demonstrates his willingness to charge in spite of the sting of the blade Runescape gp, Henceforth will I recognize that each day I am tested by life in like manner. If I persist, if I continue to try, if I continue to charge forward, I will succeed rs gp, Your future depends on your dreams Runescape2 Gold. So go to sleep. Do not keep anything for a special occasion..
ReplyDeleteLife is not measured by the number of breaths we take Runescape Gold, but by the moments that take our breath away rs gold. I have a simple philosophy: Fill what's empty Runescape Gold.
Thanks. I always enjoy reading your posts - they are always humorous and intelligent.I am a china tour lover,You can learn more: China tourism | China travel service | China travel
ReplyDeleteHD2 support with for NexusHD2-ICS-CM9-HWA V3.0b ROM at:
ReplyDeletehttp://forum.xda-developers.com/showpost.php?p=42678515&postcount=12443