Running broadcom Wifi chip on Raspberry PI in monitoring mode requires modifications from nexmon.
The source code on GitHub https://github.com/seemoo-lab/nexmon The solution patches the firmware and changes the brcmfmac kernel module. It's very specific to the linux kernel version and the broadcom WiFi/blluetooth chip used in the Raspberry PI.
| Model | Wifi Chipset| | ========= |===========| 3 | bcm43430a1 Zero W | bcm43430a1 3B+ |bcm43455c0 4B |bcm43455c0
Currently only the 4.14, 4.19 and 5.4 kernels are supported. This is an issue, because Raspian is already running 5.10 kernels and will automatically upgrade to it when you perform an 'apt update'.
First you download an older version of raspbian that still uses one of the supported kernels.
For example this old version of Raspian-lite dated 2020-02-14 using kernel 4.19.97-v7+ :
To lock the kernel version in aptitude:
sudo apt-mark hold raspberrypi-kernel
sudo apt-mark hold raspberrypi-kernel-headers
Now it's safe to run:
sudo apt update
sudo apt upgrade
After the upgrades of the packages,
sudo reboot
and check the kernel version when you're back online:
uname -r
If all went well, this should still say:
4.19.97-v7+ The following instructions are copied and only slightly modified from https://pimylifeup.com/raspberry-pi-nexmon/. These are excellent instructions on how to build and install nexmon on your RPi3B+.
You should be able to go straight to step 4
1 Before we go ahead and install the Nexmon patches, we need first to upgrade our Raspberry Pi to ensure that we are running the latest available version of the Raspbian operating system.
To update and upgrade Raspbian we need to run the following two commands.
sudo apt-get update
sudo apt-get upgrade
2 Once Raspbian has finished updating we will now need to restart the Raspberry Pi.
Restarting the Pi will ensure that the Nexmon setup scripts can detect the current kernel version, especially if an update occurred in the previous two steps.
To reboot the Raspberry Pi, run the following command.
sudo reboot
3 Before we can continue this tutorial on installing the Nexmon driver patches, we must first ensure we are running on a version of the Kernel supported by the patcher.
We can check the kernel version by running the command below.
uname -r
This command you should return something like “4.14.98-v7+“. As long as you are running a version of the kernel that starts with “4.9“, “4.14“, or “4.19“, then you can proceed with the tutorial.
5 Now that we are interacting as the superuser we will need to install all the packages required for compiling the Nexmon kernel patches.
Please note that it can take quite some time for the Raspberry Pi Kernel Headers to be installed to your Raspberry Pi as they contain hundreds of small files.
Run the command below to install all of Nexmon’s required packages.
sudo apt install git libgmp3-dev gawk qpdf bison flex make raspberrypi-kernel-headers autoconf texinfo
6 With all the required packages for installing Nexmon now installed to our Raspberry Pi lets proceed on to cloning the Nexmon repository.
Run the command below to clone the repository.
git clone https://github.com/seemoo-lab/nexmon.git
As this is a rather large repository, it will take up to 250mb on your Raspberry Pi and will take some time to clone fully.
1 Now that we have the Nexmon code cloned to our Raspberry Pi we need to proceed to compile two libraries that it requires.
2 To proceed, we need to check to see if a required library is available to us. To do this, we can just run the “stat” command below to see if the file exists.
stat /usr/lib/arm-linux-gnueabihf/libisl.so.10
If this command returns the text displayed below, then you need to follow step 3 otherwise you can skip to step 4 of this tutorial.
stat: cannot stat '/usr/lib/arm-linux-gnueabihf/libisl.so.10': No such file or directory
3 If the “libisl.so.10” file is unavailable we will have to compile a new version of it using the provided source code from the Nexmon repository.
Follow the steps below to learn how to compile the library from scratch and move it into the correct position.
3a. Let’s begin by first changing into the isl buildtools directory in the Nexmon source code folders.
cd /home/pi/nexmon/buildtools/isl-0.10
3b. Now that we are in the correct directory let’s run the configure script to prepare the isl library for compilation.
./configure 3c. Once the configuration process has completed, we can now compile the library by running the following command.
make 3d. When your Raspberry Pi has finished compiling the required library, we can now run the makefile install command.
sudo make install
3e. Finally, once all of that has finished, we need to create a link between our newly installed library file and the spot where we expect this library file to exist.
To link this file, you need to run the command below.
sudo ln -s /usr/local/lib/libisl.so /usr/lib/arm-linux-gnueabihf/libisl.so.10
4 Our next step is to see if the libmpfr.so.4 library exists by running the following command.
stat /usr/lib/arm-linux-gnueabihf/libmpfr.so.4
If you get the following message then you will need to follow step 5 otherwise skip to the next section.
stat: cannot stat '/usr/lib/arm-linux-gnueabihf/libmpfr.so.4': No such file or directory
5a To compile libmpfr we need to first change into the buildtools directory provided by Nexmon.
cd /home/pi/nexmon/buildtools/mpfr-3.1.4
5b We need to now run autoreconf to prepare the makefile for the library so that we can compile it on our Raspberry Pi.
autoreconf -f -i
5c Use the following command to configure the setup scripts for the Raspbian operating system.
./configure 5d Finally compile and install the library by running the following two commands.
sudo ln -s /usr/bin/automake-1.16 /usr/bin/automake-1.15
make sudo make install
5e The last thing we need to do is create a link between our newly compiled file and the place where the Nexmon script expects it.
sudo ln -s /usr/local/lib/libmpfr.so /usr/lib/arm-linux-gnueabihf/libmpfr.so.4
1 With the two libraries we need now installed and available on our Raspberry Pi we can now proceed to compile
To start with, we need to utilize the “source” command and the “source_env.sh” file.
The “source_env.sh” file will set up the current bash session with the environment variables that the Nexmon makefile expects.
cd /home/pi/nexmon
source setup_env.sh
2 With the bash session now configured correctly let’s run the “make” command in the root directory of the nexmon source code.
This command will generate all the required files needed for patching the various versions of the kernel.
make 3 Here things get a little bit more complicated. There are two different folders that you will need to change into depending on what version of the Raspberry Pi that you have.
These folders contain the patches for the current version of the Broadcom chip on our Raspberry Pi.
Raspberry Pi 3 / Raspberry Pi Zero W:
cd /home/pi/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/
Raspberry Pi 3+:
cd /home/pi/nexmon/patches/bcm43455c0/7_45_154/nexmon/
Also for the Raspberry Pi 3+ You will need to run the following two commands while in this directory due to an issue in the makefile. This fix was provided by WiredLife from GitHub, you can find more about this issue there.
sed -i -e 's/ifeq ($(findstring 4.9,$(shell uname -r)),4.9)/ifeq ($(findstring 4.9.,$(shell uname -r)),4.9.)/g' Makefile
sed -i -e 's/else ifeq ($(findstring 4.14,$(shell uname -r)),4.14)/else ifeq ($(findstring 4.14.,$(shell uname -r)),4.14.)/g' Makefile
4 Now that we are in the correct directory we can go ahead and run the makefile by using the make command.
Running the make command will generate the patched versions of the firmware.
make 5 With the compiled versions of the patched firmware now created let's go ahead and make a backup of the current firmware by running the command below.
make backup-firmware
6 Now let’s install the firmware by running the following command.
This command will swap out the current firmware. However, we will need to do other changes to make the driver be loaded properly on boot.
sudo bash -c 'source ~pi/nexmon/setup_env.sh && make install-firmware'
7 The final thing that we need to do is to compile and install Nexmon’s utility tool.
To do this, we must first change into the nexutil directory.
cd /home/pi/nexmon/utilities/nexutil
8 Now that we are in the correct directory we can proceed to compile the utility and install it to our Raspbian operating system.
make sudo make install
1 For this section, we will need to make a note of the kernel version that we are currently running as there are various versions of the brcmfmac driver that we can utilize.
Run the following command to retrieve the Kernel version and make a note of the first two numbers.
uname -r
2 Now that we know the kernel version we now need to find the path of the default driver.
We can retrieve driver information by utilizing the “modinfo” command.
modinfo brcmfmac
Using this command you can retrieve the directory that the driver is located in, and it should be the first entry in the list.
Below is the location that was generated for our system, notice we also removed the file “brcmfac.ko” from the directory name.
Make a note of this as we will need the directory for the next few steps.
filename: /lib/modules/4.14.98-v7+/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/
3 With the directory in hand, we can now start the process of replacing the brcmfac driver so that our modified version with the Nexmon patches will be loaded on boot.
Before we replace the driver, we should make a backup of the original just in case you ever want to revert to the default driver.
Let’s make a backup of the driver by running the following command. Make sure you replace
sudo mv <kerneldirectory>/brcmfmac.ko <kerneldirectory>/brcmfmac.ko.orig
4 Now that we have made a backup of the default driver we can now proceed to replace the driver with our new one.
Make sure you utilize the correct command for the version of the kernel that you are running. There are two different commands based on whether you are running kernel version “4.9” or “4.14“.
Also, make sure that you select the right directory for the version of the Pi that you are using.
Like the last step make sure that you replace
Raspberry Pi 3 / Raspberry Pi Zero W
sudo cp /home/pi/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac_kernel49/brcmfmac.ko <kerneldirectory>/
Raspberry Pi 3+
sudo cp /home/pi/nexmon/patches/bcm43455c0/7_45_154/nexmon/brcmfmac_4.9.y-nexmon/brcmfmac.ko <kerneldirectory>/
Raspberry Pi 3 / Raspberry Pi Zero W
sudo cp /home/pi/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac_4.14.y-nexmon/brcmfmac.ko <kerneldirectory>/
Raspberry Pi 3+
sudo cp /home/pi/nexmon/patches/bcm43455c0/7_45_154/nexmon/brcmfmac_4.14.y-nexmon/brcmfmac.ko <kerneldirectory>/
Raspberry Pi 3 / Raspberry Pi Zero W
sudo cp /home/pi/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac_4.19.y-nexmon/brcmfmac.ko <kerneldirectory>/
Raspberry Pi 3+
sudo cp /home/pi/nexmon/patches/bcm43455c0/7_45_154/nexmon/brcmfmac_4.19.y-nexmon/brcmfmac.ko <kerneldirectory>/
5 Once you have copied over the replacement driver that’s been patched using Nexmon we need to run the following command.
This command will use the depmod utility to recreate the list of modules. Doing this will ensure that our modified driver will be loaded in.
sudo depmod -a
6 Once that is complete, reboot the Raspberry Pi using the following command.
sudo reboot
7 One way to check to see if the patch is working as intended is to check whether “monitor” is in the supported interfaces list.
You can do this by first retrieving the physical id of the wlan interface by using the command below.
iw dev
Make a note of the physical number for your wlan0 interface, in our case, this was “phy#0”
8 With the physical id now available. Run the following command to retrieve all information about that device.
Make sure you replace phy0 with the correct one for your wlan0 interface.
iw phy0 info
This command will dump a ton of information about your wireless interface. However, there is only one section that we want to investigate.
That section is the “Supported interfaces modes:” section. In here you want to see whether “*monitor” is there.
If the text is there, then that indicates that the Nexmon firmware patches are working as intended and has allowed the Raspberry Pi’s wireless to enter monitor mode.
I hope that this tutorial into Raspberry Pi Nexmon has been helpful and that you now have the firmware patches installed. If you have anything else to add or want to leave feedback, then please don’t hesitate to leave a comment below.