Monday, October 1, 2012

New firmware for BCM4329

I've added a new firmware version for BCM4329, this version resolves crashes on devices other than Nexus One (for example Evo 4G).

The new firmware:
https://code.google.com/p/bcmon/source/browse/trunk/bcm4329/fw/fw_bcm4329.bcmon.bin

Nexus One bundle - CM 7.2 nightly:
https://code.google.com/p/bcmon/source/browse/trunk/bundles/nexus_bundle.zip

EVO 4G bundle - CM 7.2 stable (thanks for Miguel Martinez work):
https://code.google.com/p/bcmon/source/browse/trunk/bundles/evo4g_cm7.2.zip

Desire Z - CM 7.2 stable (thanks for j.mampe)
http://code.google.com/p/bcmon/source/browse/trunk/bundles/bcm_desirez_cyanogenmod_7.2_bundle.zip

** The new firmware resolves errors like:
<4>[ 7585.014312] Dongle trap type 0x3 @ epc 0x1d7f8, cpsr 0x20000003, spsr 0x21000010, sp 0x47a9c,lp 0x2127, rpc 0x1d7f8 Trap offset 0x47a48, r0 0xc701ff0f, r1 0x3d410, r2 0x1, r3 0x1d7f1, r4 0x0, r5 0xc701ff0f, r6 0x3d410, r7 0x3d410

so if you tried to compile the driver for your device and experienced similar errors, give it another try :)

104 comments:

  1. Is there a working version of this for the galaxy s3?

    ReplyDelete
    Replies
    1. Not yet, sadly we don't own any gs3 device.

      Delete
    2. Hi is there anything for the HTC EVO that I can do thanks

      Delete
  2. Thank you for providing the firmware for putting the device in monitor mode. On using it with the driver, I could see the interface in monitor mode for my HTC device.
    It would be good to know whether there is a way to get some more information from the received packets in the driver like the timestamp, data rate apart from the RSSI.

    ReplyDelete
    Replies
    1. It's on my list, I hope to release an update soon.

      Delete
  3. For more information about the driver, The driver source was obtained here as suggested in one of the blog posts

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete
  5. Can you pls tell me how to compile it for this rom (Wildfire S)?
    http://forum.xda-developers.com/showthread.php?t=1226765

    ReplyDelete
    Replies
    1. does the wildfire have a bcm4329/4330 chipset?

      Delete
    2. I've compiled the module for Wildfire S,
      you can find it here:
      http://forum.xda-developers.com/showpost.php?p=34896821&postcount=128

      Delete
    3. can you compile for the Wildfire S please also for the stock rom ?

      Delete
    4. how can i compile a module for cm10?
      or can someone do it for me?
      i'm using the kernel from here. http://forum.xda-developers.com/showthread.php?t=1861623

      Delete
    5. I just compiled this for my HTC Wildfire (first model, not S version).

      I am running Cyanogenmod 7.1.0.1-buzz

      Kernel version magic:

      2.6.35.14-nFinity preempt mod_unload ARMv6

      After 2 days failed attempts, I finally managed to compile the .KO file for my device.

      You can download it here:
      http://www.sendspace.com/file/xqkmm3


      The module correctly sets the card in monitor mode as can be confirmed with, iwconfig eth0

      The problem I am having is with airodump-ng, it seems stuck on CH 0 and doesn't show any AP's. Manually setting the channel and then specifying in airodump-ng also does not work.

      If I can resolve this issue with airodump-ng, then I suppose you can add my HTC Wildfire module to the list of supported devices.

      Anybody know why airodump-ng doesn't see any AP's?

      Delete
    6. Could you please update the link, its not working, I would really like to try it on my HTC wildfire :)

      Delete
  6. I have it compiled and running under ICS but the signal strength in airodump-ng is always 0. I also get an error when I try to run tcpdump. I think it's because the libpcap library is missing. Any suggestions?

    Greg

    ReplyDelete
    Replies
    1. I don't think this is the problem, I believe that the radiotap fields are the problem, it's on my TODO list :)

      Delete
  7. I have a stock S-OFF + ROOTED EVO 4G LTE that I would like to try this on. I am not familiar with compiling apps for phones though, so it may take me some time to learn how to set everything up properly, but I will report back with my findings. Also, once it is set in monitor mode, is it temporary and will reset on reboot or is it permanent until you go in and change it back? If perm, It might be a good idea to setup an on/off script.

    ReplyDelete
    Replies
    1. Short answer: It's not permanent, you got nothing to worry about.
      The firmware is loaded when you load the module (with insmod)...

      Delete
  8. Hi. Noticed you don't have a galaxy s3 for dev and testing. I have one running cm10 and would be more than willing to help out. Right now I can't compile your driver but I'm working on that. Please pm me on XDA my SN is fwayfarer


    Thanks

    ReplyDelete
  9. Son los mejores acabo de donar 20 dolares gracias por el trabajo que hacen !!!! Esperando Injection support for BCM4330

    ReplyDelete
  10. Is this posible for htc flyer p510i ?
    Thank you.

    ReplyDelete
    Replies
    1. it depends on the device chipset, if its bcm4329/4330 then yes.

      Delete
    2. I have /system/lib/modules/bcm4329.ko
      That means that is the device chipset is bcm4329 ?

      Delete
    3. And can i use the same bcmon.co from nexus one bundle ?

      Delete
  11. Is this possible for BCM4319 chipset?

    ReplyDelete
    Replies
    1. no, what device use this chipset?

      Delete
    2. I think ZTE skate but i am confused because in the /system/etc directory have fw_4319.bin and fw_4329.bin.Sorry for my poor English.

      Delete
  12. This comment has been removed by the author.

    ReplyDelete
  13. Hi guys, I spent the last couple days hacking around with your code and firmware. I've managed to get everything running on the HTC Inspire 4G running cm 7.2. Thank you so much for all the great work you have done on enabling monitor mode and packet injection for the bcm4329 chipset.

    ReplyDelete
    Replies
    1. Also, Give credit where credit is due... Here is the guide I followed. http://betafoo.wordpress.com/2012/10/09/monitor-mode-on-htc-desire-z-cm-7-2/
      I had some issues getting the cross compiler installed properly, and this guide didn't address issues with -werror in the source make files. Two files complained about array out of bound issues, but the module seems to function properly. Also, I had a crazy time trying to get the "+" out of the dam vermagic, so I eventually just hacked the + out of the setlocalversion code.

      Delete
  14. Could you please add /data/local/bin path for aireplay-ng too, like you did for airodump. It can not find iwconfig too :)

    ReplyDelete
  15. Just wanted to say thanks for all the hard work guys. I'll definitely be sending some small but much sincere donations your way!

    ReplyDelete
  16. Need a new firmware for Glalaxy S2. Now if you run tcpdump in monitor mode on Galaxy S2, tcpdump stops capturing after a few minutes.

    ReplyDelete
  17. porfavor un firmware con inyección y modo monitor sin que se pare para s2

    ReplyDelete
  18. plz fix your guys email lol, anyway i must of spent 2-3 hours last night trying to compile recompile download cross compile sources anything i coulde ever think of one of the main things that was a roadbloack was openssl not installing i have ubuntu running natively and backtrack in a chroot im trying to get Nvidia Tegra 2 T20 chipset into monitor mode anyways im trying everything and want to get this up and running once i get aircrack running im going to start porting over some linux programs, have you done any testing with this chipset though ill be glad to help :)

    ps there is an ssl-strip foir android now

    ReplyDelete
  19. Hello, I'm trying to modify Wifi operations (802.11 MAC) in Nexus S.
    For example, I'm trying to change the values of fields in MAC header in Beacon frame or Null data frame(for power saving mode).
    But, I have a critical problem that I cannot find the corresponding kernel files.
    I don't know where the 802.11 MAC header is created in case of TX,
    and where the values of fields of 802.11 MAC header are extracted from the received packet in case of RX.
    Please let me know how to do or what to do...
    According to your article, 802.11 related operations are performed in the firmware.
    so... how can I modify the firmware on Nexus S?
    Any help would be appreciated.
    and I'm currently working on the kernel version is 3.0.31 (JB).

    ReplyDelete
  20. ~/android/kernel/cm-kernel $ make ARCH=arm CROSS_COMPILE=$CCOMPILER -j`grep 'processor' /proc/cpuinfo | wc -l`
    scripts/kconfig/conf --silentoldconfig Kconfig
    CHK include/linux/version.h
    UPD include/linux/version.h
    CC scripts/mod/empty.o
    cc1: error: unrecognized command line option '-mlittle-endian'
    cc1: error: unrecognized command line option '-mapcs'
    cc1: error: unrecognized command line option '-mno-sched-prolog'
    cc1: error: unrecognized command line option '-mno-thumb-interwork'
    scripts/mod/empty.c:1:0: error: unknown ABI (aapcs-linux) for -mabi= switch
    scripts/mod/empty.c:1:0: error: bad value (armv5t) for -march= switch
    make[2]: *** [scripts/mod/empty.o] Error 1
    make[1]: *** [scripts/mod] Error 2
    make: *** [scripts] Error 2
    make: *** Waiting for unfinished jobs....

    ReplyDelete
  21. Im sorry in advance for a very noobish question, but does this works on a Nexus S( i9023)?

    Regards.

    ReplyDelete
  22. Hi, i have an optimus 2x p990 with cyanogenmod 7.2 wich in /system/etc/firmware has an archive named bcm4329b1_002.002.023.0735.0745.hcd is this the archive i must replace?, there is already a compilation done for my mobile?
    thanks in advance

    ReplyDelete
  23. I have a desire z. What steps do I have to perform to let your software run on my device? Can I capture raw 802.11 beacon frames using it?

    ReplyDelete
  24. And I have the need to read out that capturing from a software. I do not intend to use the information for criminal purposes! It's for a scientific experiment.

    ReplyDelete
  25. Can you maybe look at this:
    http://forum.xda-developers.com/showthread.php?t=1751184
    Hopefully it is possible to make some monitor drivers for gsg3.

    ReplyDelete
  26. Yep, we are now testing a new firmware for BCM4330.

    ReplyDelete
    Replies
    1. Wow! Nice to hear that! Do we need CM to install the new firmware? Or is a rooted phone enough? I have the Galaxy Ace 2, which doesn't have CM (yet..?).

      Thanks anyway for the time you're putting into this!

      Delete
  27. Are you guys planing on supporting the nexus 7?

    ReplyDelete
  28. When will this work for the galaxy s3

    ReplyDelete
  29. Will this work for evo3d ? if so can some one compile it ?

    ReplyDelete
  30. This comment has been removed by the author.

    ReplyDelete
  31. Will this work for Evo 3D pleas?? Evo have Broadcom BCM4329. If so can some one compile it pleas?

    ReplyDelete
  32. https://github.com/tuter/monmob

    I'm still a noob when it comes to stuff like this. But hope it helps. Eager to try if monitor mode really works on my iPod Touch 4G.

    ReplyDelete
  33. Thank you for providing the firmware for putting the device in monitor mode. On using it with the driver, I could see the interface in monitor mode for my HTC device.
    It would be good to know whether there is a way to get some more information from the received packets in the driver like the timestamp, data rate apart from the RSSI.guild wars 2 gold
    buy guild wars 2 gold
    cheap guild wars 2 gold
    cheapest guild wars 2 gold
    guild wars 2 gold for sale

    ReplyDelete
  34. What can we do for the galaxy s (epic 4g)? There is bcm4329_aps.bin, bcm4329_mfg.bin, and bcm4329_sta.bin. None of them match the md5 you gave in a previous post. I'm getting a new phone, but it would be great to still be able to use the epic for some things.

    And thanks for your great work on this. Many people said it would never be done.

    ReplyDelete
    Replies
    1. For Epic 4G SPH-D700 to run bcmod and related software

      sources
      bcmod working on Epic 4G SPH-D700 running CM7
      http://ihackarmies.com/

      Currently it looks as though to run bcmod on the Epic 4G you'll nead to be running CM7
      Unfortunetly CM10 on this device uses drivers differently so someone with a bit more know how may beet me to getting compatibility.
      However, I'm not about to assume that others will pick this up so I'll be working on it here too;
      https://github.com/S0AndS0/Debian-Kit-Mods




      Delete
  35. I managed to get it working on HTC Desire (Bravo) running Cyanogen stable cm-7.2.0.1-bravo. As the lazy ass I am, the only thing I did was to download the latest nexus bundle, open bcm4329.ko in a hex-editor and change the kernel ver magic string to mine. The kernel where almost identical, mine is 2.6.37.6-cyanogenmod-g2a32a61, it' just the g2a32a61 in the nexus module that differs.
    Don't run the script, run:
    insmod *path to module* -firmware_path=*path to firmware*

    It works pretty nice, could be laggy if there's a bit traffic in the air, especially like if your running airodump on a channel where you have a computer downloading a file in 3-400 kb/s, it could be so laggy that you hardly can use your phone until the download has stopped. Is this normal?

    But using besside-ng on my net to get WPA-handshake works, even in WEP too, but it's a little laggy due to capture all IVs.

    WARNING: Even though Desire and Nexus have nearly identical hardware, and in this case runs almost the same kernel-ver. Messing with modules not meant for your kernel could be risky, I know. Im not responsible for your bricked phone or any damage caused by following this description.

    ReplyDelete
  36. How do I hack wifi with my samsung replenish...am I to out of date? I'm not even sure what kind of chipset I have I'm getting someones wifi..but I have to stand in one spot and I'm kinda sick of this;)lol could anyone please help me so I don't have to stand here all day...it would help a lot..thx

    ReplyDelete
  37. I could do it I just need a push start...lol

    ReplyDelete
  38. Is there a working version of this for the Galaxy Note II?

    ReplyDelete
  39. Is there one for the zte advid on metro I really need it

    ReplyDelete
  40. This comment has been removed by the author.

    ReplyDelete
  41. Hello. I've searched the Internet about how to check what wifi chip do I have in my Huawei Y300, but couldn't find anything.
    I'd like to know if my phone could go on monitor mode.
    Thank you.

    ReplyDelete
  42. The consequences of today are determined by the actions of the past scarlet blade gold. To change your future, alter your decisions today scarlet blade gold, Experience is a hard teacher because she gives the test first, the lesson afterwards scarlet blade gold, but it takes character to keep you there.

    ReplyDelete
  43. The past is gone and static. Nothing we can do will change it.scarlet blade gold, the future is before us and dynamic. Everything we do will affect it rs gold, You laugh at mescarlet blade gold for being different , but I laugh at you for being the same.

    ReplyDelete
  44. The bravery of each bull is then rated with care according to the number of times he demonstrates his willingness to charge in spite of the sting of the blade Runescape gp, Henceforth will I recognize that each day I am tested by life in like manner. If I persist, if I continue to try, if I continue to charge forward, I will succeed rs gp, Your future depends on your dreams Runescape2 Gold. So go to sleep. Do not keep anything for a special occasion..

    Life is not measured by the number of breaths we take Runescape Gold, but by the moments that take our breath away rs gold. I have a simple philosophy: Fill what's empty Runescape Gold.

    ReplyDelete
  45. Thanks. I always enjoy reading your posts - they are always humorous and intelligent.I am a china tour lover,You can learn more: China tourism | China travel service | China travel

    ReplyDelete
  46. HD2 support with for NexusHD2-ICS-CM9-HWA V3.0b ROM at:
    http://forum.xda-developers.com/showpost.php?p=42678515&postcount=12443

    ReplyDelete
  47. only for NexusHD2-ICS-CM9-HWA V3.0b ?

    can be possible for [Pixeldroid JB 4.2.2 V6.0 FINAL] [AOKP] ?
    http://forum.xda-developers.com/showthread.php?t=2235043

    ReplyDelete
  48. Could anyone compile it for Motorola Atrix 4G (BCM4329).
    Please share.

    ReplyDelete
  49. How to I get this to work on my HTC evo v 4g?

    ReplyDelete
  50. Is there a working version for atrix 4g on cm 7.2

    ReplyDelete
  51. Device
    HTC HD2. ( rooted)
    ANDROID 2.3.7
    Baseband ver : 15.42.50.11H_2.15.50.14
    Kernel ver :[MIUI] 2.6.32.15_tytung_r12.4-geeabf2c tytung@ubuntu#120, sat oct 1 CST 2011
    Build no. 2.4.2.0
    Wifi chipset bcm4329


    WHAT I HAVE DONE :

    Install. Bcmon apk
    Turn on wifi
    Enable Monitor mode -->
    Install firmware tools? --> yes,
    Nothing happened,
    App hangs and couldn't wifi on-off,

    After reboot phone, wifi works, not bcmon

    Note :

    Module bcm4329.ko path is. /system/lib/modules/bcm4329.ko

    Firmware path : /system/etc/firmware/fw_bcm4329.bin
    And, /system/etc/firmware/fw_bcm4329_apsta.bin
    And, /system/etc/firmware/fw_bcm4329_bcmon.bin,

    Busybox installed,

    ReplyDelete
  52. This comment has been removed by the author.

    ReplyDelete
  53. Hey. Sorry for my bad englisch. But i have a Problem. I have a Htc Desire z. Bcmon works in Terminal perfect. But if i run reaver for android Ort speedkey it still Hangs on waiting for beacon. I have cyanogenmod 7 and bcm4329. Is there any solution for this Problem?? I try this for few weeks

    ReplyDelete
  54. Would u mind compiling one for the HTC sensation? I am fairly certain it contains the bcm4329 chipset... Thanx in advance, I know many people are waiting for a sensation package like myself. Thanx for all the work everyone involved in the bcmon project have done! We all appreciate u.

    ReplyDelete
  55. Firmware and tools not detected
    Any help for htc desire 816

    ReplyDelete
  56. I'm learning to speak Chinese because I believe it's the only way to really learn about China.When I was searching for a place to learn to speak Chinese, I called several schools. Hanbridge was the best because they had excellent teachers and a very friendly and welcoming spirit. ?I really appreciate the opportunity to learn here and would recommend Hanbridge to others.

    ReplyDelete
  57. Can work with bcm 4329 / HTC wildfire s ?

    ReplyDelete
  58. hi bro i have samsung note 3 i was download bcmon but not working in my phone plz give me link for my mobile

    ReplyDelete
  59. This comment has been removed by the author.

    ReplyDelete
  60. Suitable with acer iconia a1-713 or not?

    ReplyDelete
  61. Bcmon is comfortable for Micromax a311or not and how to do moniter mod

    ReplyDelete
  62. Im using note 3 help me please
    Bmon_wrapper_loaded
    Error: only position independent executables (PIE) are supported.

    ReplyDelete
  63. hey...do you have a firmware for the galaxy v plus SM-G318MZ???

    ReplyDelete
  64. hey...do you have a firmware for the galaxy v plus SM-G318MZ???

    ReplyDelete
  65. Really nice article that you have to write , i really appriciate
    Office Toolkit Crack

    ReplyDelete
  66. Bcmon dose'nt open settings
    And firmware or monitor module dose not found in aircrackgui

    ReplyDelete
  67. This blog shows just how technology can make things easier and convenient, making people know more things and invent more ideas. Thank you for the time you took to create and also decided that it was nice to share. Web Articles Writing Help Great piece of writing.

    ReplyDelete