Broadcom bcm43xx Injection

[Hiram]

To fix Write failed: Bad File Descriptor error; I tried with no luck:

modprobe -i bcm43xx
ifconfig ethX up
iwconfig ethX mode monitor

any suggestions?

Thanks

[rexstuff]

A quick update: I've finally gotten off my lazy butt and created a testing environment. So far, I have been able to successfully fakeauth and deauth (the other computer actually went offline), but for some reason my card is unable to detect ARP requests. I've had my bcm card right next to another computer that's been generating ARPs (I can even see them on wireshark), but aireplay-ng -3 <whatever> eth1 remains at (got 0 ARP). Anyone else having this problem, or know how to work around it?

Also, I have created a wiki page for the broadcom chipset, http://www.aircrack-ng.org/doku.php?id=broadcom , please add to or modify it appropriately.

[Sammy Calea]

Somehow the download link doesn`t work for me 
...can someone please send me the patch via mail? I would really appreciate that.
Are there more Informations on patching the Broadcom?

[taners]

gentoo linux # patch -p3 <bcm43xx.patch
can't find file to patch at input line 5
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|Index: wireless-dev/drivers/net/wireless/bcm43xx/bcm43xx_main.c
|===================================================================
|--- wireless-dev.orig/drivers/net/wireless/bcm43xx/bcm43xx_main.c        2006-06-24 22:07:55.000000000 +0200
|+++ wireless-dev/drivers/net/wireless/bcm43xx/bcm43xx_main.c        2006-06-24 23:11:51.000000000 +0200
--------------------------
File to patch: drivers/net/wireless/bcm43xx/bcm43xx_main.c
patching file drivers/net/wireless/bcm43xx/bcm43xx_main.c
Hunk #2 FAILED at 3165.
Hunk #3 FAILED at 3277.
Hunk #4 succeeded at 3551 with fuzz 2 (offset 2 lines).
2 out of 4 hunks FAILED -- saving rejects to file drivers/net/wireless/bcm43xx/bcm43xx_main.c.rej
gentoo linux # gedit drivers/net/wireless/bcm43xx/bcm43xx_main.c

i use this : http://www.aircrack-ng.org/doku.php?id=broadcom

help..

[rexstuff]

That patch has always had issues applying. I could never figure out why, it may have something to do with whitespace differences.

Try this one instead, same command, procedure, etc. (be sure to revert to the old bcm43xx_main.c first). Let me know if this one works, and we'll post it instead if it does.

[NebuK]

hi,

i got it working so far having applied the kernel patch and the one for aireplay-ng making it use the /sys fd. so - theoretically everything works except the problem that aireplay-ng crashes after sending some packages. somehow i cant find the patch fixing this issue there is one on the aircrack-ng site for broadcom, but the url seems kind of down.

could someone point me to that patch?

thanks for the great work everyone!

- nebuk

[rexstuff]

Ok, I think I got the ignore-memory patch working. Some.

In the aireplay source directory, _try_

patch -p0 <ignore-mem.patch

Let me know.

[NebuK]

okay, now i applied the ingore mem patch to aircrack (had to do it manually), but somehow the fakeauth attack on my own network (with mac acl disabled) doesnt seem to work. after a few Sending Authentication Request it says it can authenticate. i use the simple "128"bit wep on that ap.

dmesg says nothing bot that eth2 entered the promiscuous mode.

what can i do to find the problem?

thanks

[noworries]

Hi,

Could someone send aireplay-ng.patch to here or to my mail address ? (noworriesci {at} gmail.com)

This link does not work.
http://random.blackworlds.org/aireplay-ng.patch

Thanks..

[Mister_X]

Reposting it is better

[noworries]

It has been attached.
http://tinyshell.be/aircrackng/forum/index.php?action=dlattach;topic=281.0;id=28

I could not see.. sorry..

But i have another question.

I have applied this patch. After that i have got memory error. Then i replaced this line :

errno == ENOBUFS )

with this :

 errno == ENOBUFS || (dev.is_bcm43xx && errno == ENOMEM) .

Now it seems working without any error. But  packet injection is very slow.

Read 27591 packets (got 13 ARP requests), sent 7528 packets...

sent 7528 packets : this line is increasing 10 in a second. And i could not see any improvement in airodump. Do i have to do something ?

Thanks..

[noworries]

I have been trying to inject packets with this chipset for 5 days, days and nights. I have installed 2 times linux, i have compiled 2 times kernel, i have download linux cd, i did not have blank cd, so i have bought blank cd. bla bla bla.. I spent maybe more than 40 hours for this.

Now i gave up. I will buy new wireless card which has ralink chipset.. I am on sale on ebay.  LinkSys WUSB54G USB Network Adaptor. Now 10 dolar.. 


Do not try packet injection with broadcom chipset.. it's really good advice..

[Brayan]

Excuse my language, i'm french.
Hi, I'm currently using a bcm4318 on my laptop (Acer Aspire 3003WLMI) on Gentoo (kernel 2.6.17-gentoo-r4) with a patched driver but  packet injection doesn't work with aireplay (patched).
Did someone sucess to make a bcm4318 work   with these injections?
Thank for all.

[Mister_X]

txpower on 4318 is currently very weak, so that's logical it doesn't work. Even a simple connection to an AP is hard, you have to be very close to it

[Brayan]

Thank for your response, I seen that a simple connection to an AP is very hard :S
I'll wait for a new bcm43xx driver.
Thanks a lot and sorry again for my language.