Hi all,
I am trying to compile the cupcake code to run it on either the emulator (on ubuntu machine), or on my own ADP1 device.
My question is - can I get some tool to allow me to DEBUG my changes ?
I mean - set breakpoints, view vars, etc.
Some of my changes I need to make in CPP code, so I guess Eclipse is not the right tool.
Get I get/buy a GUI tool somewhere ?
Can I at least use DDMS somehow ?
TIA
Ok check it out I just checked out www(DOT)nexmon(DOT)org and they have monitor mode working on the nexus 5 I have tried it and it works I was wondering if I could get this driver ported on 5.1.1 instead of having to use this on 6.0 I enjoy using my nethunter
Is nexmon a way to temporarily boot the phone to use it as a wifi interface in monitor mode, or is nexmon installed onto the phone and then you boot the phone normally and use nethunter?
m52 power! said:
Is nexmon a way to temporarily boot the phone to use it as a wifi interface in monitor mode, or is nexmon installed onto the phone and then you boot the phone normally and use nethunter?
Click to expand...
Click to collapse
nexmon is a project to enable monitor mode on the Nexus 5 smartphone. It consists of a kernel module, which is a modified bcmdhd driver, and a modified firmware that is executed on the ARM microcontroller inside the BCM4339 wifi chip. As module loading is disabled in stock kernels for the Nexus 5, we deliver a boot.img containing a kernel with enabled module loading and the modified driver module. The boot.img also disables the wpa_supplicant and p2p_supplicant services in the init.hammerhead.rc so that they are not starting automatically. This was necessary as those services interfered with our driver testing, for example, by automatically setting up an interface (ifconfig wlan0 up). The boot.img is also relatively large, as it contains a couple of tools in the /nexmon/bin directory. If size is not a problem, you can also flash the image to your phone, but then, you cannot use it for regular wifi operations anymore. In the future, we might fix this issue to make nexmon more user friendly.
If you want to report bugs or have feature requests, then feel free to contact us.
---------- Post added at 02:05 PM ---------- Previous post was at 02:02 PM ----------
BLACKHATN5 said:
Ok check it out I just checked out www(DOT)nexmon(DOT)org and they have monitor mode working on the nexus 5 I have tried it and it works I was wondering if I could get this driver ported on 5.1.1 instead of having to use this on 6.0 I enjoy using my nethunter
Click to expand...
Click to collapse
Did you try running the 6.0.1 kernel with a 5.1.1 system image? Even though there might be some stability issues, it could work – at least temporarily for playing with monitor mode. If you require a 5.1.1 kernel image, you can simply compile a 5.1.1 hammerhead kernel with enabled module support and bcmdhd enabled as a module. Then you can insmod whichever driver you want to use with your bcm4339 chip.<
Yes it is only temporary and its still in the works. I am not a said developer for the program I was just testing it
didn't work for me..
need help.
thephoenix0707 said:
didn't work for me..
need help.
Click to expand...
Click to collapse
Then explain us, what you tried to do and what failed to work. Btw. we are currently working on the project and I just saw that you have to load the nexmon.ko module instead of the bcmdhd.ko module. We intend to keep the unmodified bcmdhd driver while being able to activate monitor mode by loading the nexmon.ko.
Actually i am running nethunter 3.0 on Android M 6.0.1 on my nexus 5,then I came to know about the nexmon project so I tried enabling monitor mode by following the steps as per the website, and I guess the whole process went on perfectly.But still when I use the command airmon-ng I get an error "unable to detect for sdio".
thephoenix0707 said:
Actually i am running nethunter 3.0 on Android M 6.0.1 on my nexus 5,then I came to know about the nexmon project so I tried enabling monitor mode by following the steps as per the website, and I guess the whole process went on perfectly.But still when I use the command airmon-ng I get an error "unable to detect for sdio".
Click to expand...
Click to collapse
http://www.aircrack-ng.org/doku.php?id=airmon-ng said:
This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces status.
Click to expand...
Click to collapse
airmon-ng is a script to setup a monitor interface, but our nexmon driver automatically starts with a monitor interface that delivers frames prepended by a radio-tap header. So you do not need to run airmon-ng to start the monitor interface. You can simply try to run tcpdump to dump the received frames. Currently, injection is not working, so you will not be able to use any tools that require this feature.
i think that's why i couldn't use it with airodump too,would wait for the features to be added...
thanks for the help..
hello, can now normal use phone with this kernel ?
adorex97 said:
hello, can now normal use phone with this kernel ?
Click to expand...
Click to collapse
You can normally use your phone with this kernel, but regular wifi operation does not work with the monitor mode firmware. We also offer a lot of other firmware pathches, including frame injection. Additionally, there will be a demo on this years WiSec conference https://www.securityweek2016.tu-darmstadt.de/wisec/program/.
normally flase boot.img after root and not working monitor mode ,no flashing n hunter
I am flase nexmon on my nexus 5 .but not enabled monitor mode and not installing nethunter..after flashing boot.img ,I am flash boot.img normally...but not working bcmon..and not installing any kernel after flase boot.img...please help me..how to enabled monitor mode....please say me steps by step..
vicky80800 said:
I am flase nexmon on my nexus 5 .but not enabled monitor mode and not installing nethunter..after flashing boot.img ,I am flash boot.img normally...but not working bcmon..and not installing any kernel after flase boot.img...please help me..how to enabled monitor mode....please say me steps by step..
Click to expand...
Click to collapse
There is a step by step instruction online:
Code:
Download the boot.img (this project is still in heavy development, the monitor mode should work on the boot.img in this commit though: 1171d135)
adb reboot bootloader
fastboot boot boot.img
without the flash parameter, this boot image will be reset to the previous one on the next reboot
fastboot reboot
adb shell
su -
insmod /nexmon/nexmon.ko
ifconfig wlan0 up
do whatever you want, e.g. run tcpdump: /nexmon/bin/tcpdump -i wlan0 -s0
If you simply want monitor mode, use the boot.img from commit 1171d135. We are also developing new patches. To run those you need to clone the git repo and run:
Code:
make boot
to compile everything and load the modified boot image onto your phone.
Then you can choose and load one of the patches from the firmware_patching directory on your phone by executing:
Code:
make reloadfirmware FWPATCH=monitor_mode_example
Then you can setup the interface
Code:
adb shell su -c 'ifconfig wlan0 up'
And run tcpdump
Code:
tcpdump -i wlan0 -s0
In the self build image, there are a lot of pentesting tools that are all built from source, such as aircrack-ng. Using aufs as overlay filesystem, you will find them overlayed over your system binaries, so that you can directly run them. We also patched the kernel to be able to create raw sockets without root priviledges, which allows you to access interfaces directly from Java code in Android apps, without the need of a binary that runs as root.
After installing boot.img not working WiFi network..no network found.. Can you say why ??
vicky80800 said:
After installing boot.img not working WiFi network..no network found.. Can you say why ??
Click to expand...
Click to collapse
Yes, because we disable wpa_supplicant and p2p_supplicant as they hinder development and always pull up the wifi interface when it is not intended to be pulled up.
To reenable the two services, comment the following lines in the Makefile and recompile your own boot.img:
Code:
&& sed -i '/service wpa_supplicant/,+11 s/^/#/' init.hammerhead.rc \
&& sed -i '/service p2p_supplicant/,+14 s/^/#/' init.hammerhead.rc \
Thanks ..for help
Hi @matthiasschulz,
thanks for your great work. I'm having two questions:
1. Is it possible to use your developed kernel driver with an other handset? I'm thinking of my LG G3 which also has the BCM4339 chipset.
2. It seems that one needs a specially built kernel to use your driver. Are you planing to do it like bcmon where no kernel compile is needed as they work with LD_PRELOAD to hook the C Library syscalls ?
3. Can your driver somehow be used from within a running android phone without the need to reboot into fastboot mode?
thank you very much!
hack_rid said:
1. Is it possible to use your developed kernel driver with an other handset? I'm thinking of my LG G3 which also has the BCM4339 chipset.
Click to expand...
Click to collapse
The kernel always depends on the device you use, however, you can take our modified bcmdhd driver for the BCM4339 and compile it for the LG G3.
hack_rid said:
2. It seems that one needs a specially built kernel to use your driver. Are you planing to do it like bcmon where no kernel compile is needed as they work with LD_PRELOAD to hook the C Library syscalls ?
Click to expand...
Click to collapse
We needed to rebuild the kernel, as the original Marshmallow kernel for the Nexus 5 stock firmware has module loading disabled. Hence, the WiFi driver is directly included in the kernel. As long as other devices do not have module loading activated, you cannot simply load our modified driver. Just replacing the WiFi firmware binary and using the LD_PRELOAD hack might work however.
hack_rid said:
3. Can your driver somehow be used from within a running android phone without the need to reboot into fastboot mode?
Click to expand...
Click to collapse
Not yet. Currently, we disable the wpa_supplicant and p2p_supplicant services during boot as they always try to activate the WiFi interface, which is annoying when developing new firmware patches. If someone would figure out how to stop and start the two services while the device is running, one could switch between a working original firmware version and our patches.
Hi Matthias,
thanks for your answer!
I'm digesting it!
I'm sure you closely followed the development of bcmon. If not, you can find some slides here where the devs explain how they achieved what is there:
dropbox...com/sh/le8zeczpddf3nx0/fdXn4LSxGI
link source:
bcmon.blogspot...de/2013/07/monitor-mode-reloaded_14.html
they reached a pretty portable solution. the only thing they need as a pre-requirement is root and the matching chipset
looking forward to your progress
Hey, @matthiasschulz can you tell me please why i can't get monitor mode (ex:in airodump-ng) in kali Terminal Emulator([email protected] 3.1). I have a Nexus 5 with Android 6.0.1 M0B30Y with Nethunter 3.1 on top of it and I booted nexmon (boot.img) from fastboot (command: fastboot boot boot.img).I didn't forget to insert the kernel module and bring the wlan0 interface up. The nice thing is that I can use only your tools from /nexmon/bin, like airodump-ng, but not in kali terminal, just in root android. It's something, for example,a simlink or a little bit more complicated than that?
Hello all,
I would like to try to install a "real" Linux distro on an old tablet I have. Android is Linux, and all Linux distros are the same to some extent - kernel with built-in modules, loadable modules, plus a rootfs, everything else is basically eye candy.
The question is... I won't really be able to use the tablet, unless I have the drivers to communicate with the hardware. Drivers in linux are just kernel modules that are either builtin or loadable, so the question is - how do I extract the kernel modules?
Thanks in advance!
Hi there everyone, how would one go about checking what partitions are present on devices such as Huawei e3372h or e8372h and how to dump them using gnu/linux. I am OK with terminal/shell scripting, I've done some basic Arduino/Raspberry projects, but I want to get more into firmware (binwalk, repackaging, etc). Where would one start? What tools shall I look to familiarize myself with? I very much want to avoid using blobs like pre-compiled windows tools that are difficult to inspect. Is it possible to dump firmware (incl. boot partitions) using standard gnu/linux toolset (like dd) or at least tools that have source code available?
I have been looking for resources both here and on Russian/German fora, unfortunately most of posted solutions are based on Windows *.exe files and knowing a bit about Linux I am 100% sure that whatever these programs are doing is also possible to be done on Linux in a cleaner more transparent and reproducible manner (that is better for educating oneself).
Any hints much appreciated
If device's Android is rooted, if Android is version 6 and higher, then you can dd the partitions in question.
Thank you for your response! Is there an Android running on USB modems/routers such as Huawei e8372h? I am looking to dump all partitions from such device and to be able to restore them before I start any modifications. This way I should be able to restore devices to their original "factory" state if anything goes sideways (except if I hard-brick them).
I have a number of e3372h(-153) and e8372h(-153) devices that I can experiment with (they have different versions of firmware on them and the very-very first thing I want to do is to extract all images (including boot partition if possible) and test if I can restore from these backups). Only then I want to start modding them or checking other people's modifications...
So far I have managed to switch modes of these devices. For example for e8372 I can have it on the host machine (Ubuntu GNU/Linux laptop) visible as
virtual CD-ROM (/dev/sr0)
hi-link device (accessible from 192.168.8.1)
3 x TTY device (one of which can execute AT commands)
emergency boot mode with one TTY device
With the last one i have executed
balong-usbdload -p /dev/ttyUSB0 usblsafe-8372.bin (following https://gist.github.com/ValdikSS/323bcdfceb2f09d9c6ef02db1bc573e2 and https://github.com/forth32/balong-usbdload.git)
expecting to gain telnet acces to device and possibly dump the remaining partitions to the microDS card (using nanddump) but for some reason I still cannot log in using telnet
BTW Using Windows based tools that I have no source code for is pointless for me as my main goal is to learn the structure and functioning of these devices and be able to modify them myself.
If successful I intend to publish these images and tutorialize my notes on how to backup/restore, but for now I need a direction myself
IMO all tools, either compiled for Windows OS or Mac OS or Linux OS, in background simply run Android shell scripts.