Apr 3, 2008

UBUNTU: Crack wireless with bcm43xx?

It take me a long long time to learn how to make this one right. First try would be a year ago where I try to use aircrack-ng to crack wireless WEP by using my bcm43xx wifi card. But on that time, broadcom card isnt supported yet for monitoring mode(at least the driver is not supported yet).

But yesterday when I had a chance to chat with one of irc user which his nick I wont published here, we talk several things about wireless security. Meaning, how secure/how fast a secure wireless(WEP/WPA) can be hack and crack. It's all about him on the first place. He manage to find about 60 Access Point at his place and all were encrypted with WEP/WPA.

So, to make it short - Aircrack-ng is the best tools to deal with this situation where you need to a wireless which is forbidden for you to access. Then why not crack it and have your internet connection for free? So we begin discussing on the application, aircrack seem to be the best because it was easy to use. You can learn a little bit about aircrack from here.

So I would like to give my way of configuring my Broadcom(bcm43xx) card to use with aircrack. Now/today bcm43xx is a supported card for injection/monitoring mode/capturing packets but only after you patch the card. Well here is how to setup your bcm43xx:
  • #mkdir bcm43xxinject
  • #cd bcm43xxinjinect

  • You now need a sub directory for our kernel output

  • #mkdir kernelout

  • #cp /boot/config-2.6.22-14-generic ./config-2.6.22-14-generic

  • #cd kernelout

  • #ln -s ../config-2.6.22-14-generic .config

  • Now you need to get the kernel source for Gutsy, go get a snack while it downloads, it is about 60 meg.

  • #cd ../
  • #apt-get source linux-image-2.6.22-14-generic

  • get the new patch (updated for the new kernel), and patch the kernel:

  • #cd linux-source-2.6.22-2.6.22/drivers/net/wireless/bcm43xx ; wget -nc http://www.latinsud.com/bcm/bcm43xx-injection-linux-2.6.20.patch

  • #patch -p1 [ exact location of patch file ]
  • Now we compile the new bcm kernel module

  • #cd ~/bcm43xxinject/linux-source-2.6.22-2.6.22

  • We have to manually change the version info (bug) so we don't get a tainted kernel.

  • #sudo gedit Makefile

    change extraversion from "= 9" to "= -14-generic" . This should be the default but it has not been updated yet. Save and exit then:

  • #make O=../kernelout outputmakefile
  • #make O=../kernelout archprepare

  • #make O=../kernelout modules

  • That last one will take a while. Finish your snack you got before, maybe go watch some tv or something industrious like that.
    Now with all gods willing hope this would compile with no errors.

    Remember to always backup...

  • #cd ..

  • #mkdir kernelbackup

  • #cd kernelbackup

  • #sudo cp /lib/modules/2.6.22-14-generic/kernel/drivers/net/wireless/bcm43xx/*.ko ./

  • We are finally ready to install our 'pachinko' new patched drivers:
  • #cd ..

  • #cd kernelout/drivers/net/wireless/bcm43xx/

  • #sudo cp -dpR *.ko /lib/modules/2.6.22-14-generic/kernel/drivers/net/wireless/bcm43xx/

    Next we have to load our new drivers:

  • #sudo modprobe -r bcm43xx
  • #sudo modprobe bcm43xx
So now you have your bcm43xx working. Note: If you are using ndiswrapper before this, please remove bcm43xx from your blacklist list so that the module will load on the startup. This is important. If you do not remove bcm43xx from the blacklist list, then there is no point doing this patch.

But if you would like to use ndiswrapper for surfing and all sort of work(except using aircrack) than you dont have to remove bcm43xx from blacklist. All you need to do is:

  1. To load bcm43xx :
    1. sudo modprobe -r ndiswrapper ; sleep 5 ; sudo modprobe bcm43xx
  2. To load ndiswrapper back:
    1. sudo modprobe -r bcm43xx ; sleep 5 ; sudo modprobe ndiswrapper
So there you go.. I hope everything would be good for you guys. BCM43XX isnt that bad right?

Thank you for your unbelievable support on Negative Zero - Permission to read and write blog for nearly 4 years. Don't forget to like Negative Zero on Facebook.
Blogirific.com Blog Directory

Post(s) you might like to read :


  1. Any chance of you posting the actual compiled module. I don't have enough free space to compile & even when I did it never seemed to work.
    Your help would be really appreciated!

  2. Stuck on step -

    #patch -p1 < style="font-weight: bold;">Now we compile the new bcm kernel module

    I get an error...

  3. What should I run in place of that patch command?

  4. well, actually i didnt notice the error in my post here. sorry..
    the exact command should be:
    sudo patch -p1 [the location of the patch file]
    and this will ask you on which file to patch.
    you have to type it like this..
    where everything inside [] should be replace with your exact location.

  5. I'm not sure this exactly works for Hardy (2.6.24-generic kernel). When I run the patch command, it works for a bit (patches some "hunks") but I get errors eventually that it can't find certain files (lost the command line output). Have any idea what it could be? All the steps before it worked fine.

  6. yes..
    on Hardy Heron which use 2.6.24-16-generic as the default kernel, you'll need another patch in order to make it work. Plus, in hardy bcm43xx is not use anymore, they have change it to b43 firmware which is more stable.

    Maybe you could download SUD's patch here:
    Sud's Patch and look for your kernel version. Make sure you use b43 driver.

  7. Thanks!
    Very helpful and clear tutorial.