Patching Process For The Mobile Device's Internal WiFi

#!/

Uzman üye
9 Mar 2016
1,323
2
TEM
Patching Process For The Mobile Device's Internal Wifi


0.1 Warnings:

*For these process, recommending things are having a desktop pc enviroment and in Linux operating systems also known as Ubuntu's 64 bit disturbation is needed.

*Guessing minimum 100 GIBs of amount free disk space.

*In these process's applied device must have unlocked bootloader and root access.

*Applying these patches are may harmful for you device. Before start, please backup your datas and do carefully these process. All responsibility are belongs to who applied these procces to their device.

*Take a look at your device's wifi chipset (In 3.1.1 title) and need to known how many amounts of Bits of processor using your mobile device. For learn this, you can check DevCheck named application via install in Google Play Store.



1.0 Description:

The WiFi network card is makes a wide-system belong its own enviroment. This system's two main titles are; hardware and software. Our detailed so main focus is about software part.

This article gains to you; WiFi network's special ways, applying patches to WiFi's system files (wlan firmware), main rules for how are patches works and due to available wifi systems such as almost all devices; there are risk of potential wifi attacks, people are must be carefull about their modems to get defense for it.


1.1 Terms:

* internal: Included Hardwares.

* external: Excluded Hardwares.

* monitor / monitor mode: WiFi Network's Sniffing Mode.

* patch: Giving A Special Ability To Any Software Or Hardware.

* chipset: WiFi Network Card's Model Number.

*kernel: Operating System's Brain/Core.

*config: Pre-Defined Configuration Files.

*firmware: Factory Out Of Software Files.

*RAM: Random Access Memory So Device's Memory

*ROM: Read Only Memory So Like How It Seen; It Defines To Device's Operating System.

* wlan0: Internal Network's Monitor Mode.

* wlan1: External Network's Monitor Mode.

* wlan(n): N'th Network's Monitor Mode.



2.0 Starting To Patching:

Firstly you need to learn which of the WiFi card is your device uses. Generally there are two main manifacturer, these are; Qualcomm and Broadcom.

2.1 Qualcomm Patch:

Especially in the new generation of mobil devices, there is Qualcomm adaptors.
From the AirCrack company's workers also known as "kimocoder" nick named engineer is developed a patch for Qualcomm chipsets.
Lets take a look together:

Kod:
From 306e2bde24167a843ac0e9db55e64a5e272c9718 Mon Sep 17 00:00:00 2001 (Patch's Commit Code and Date)
From: =?UTF-8?q?Christian=20Bremv=C3=A5g?= <[email protected]> (Patch's Developer Info)
Date: Thu, 26 Mar 2020 02:34:43 +0100 (Share Date In GitHub)
Subject: [PATCH] Enable support for adapter monitor mode by default 

--- (patch's pre configurations)
drivers/staging/qcacld- 3.0/configs/default_defconfig | 2 +- (Changes In Kernel Which Is Defined.)
1 file changed, 1 insertion(+), 1 deletion(-) (change's main list)
[COLOR="DeepSkyBlue"]diff --git a/drivers/staging/qcacld-3.0/configs/default_defconfig b/drivers/staging/qcacld-3.0/configs/default_defconfig[/COLOR] 75a94d0 100644 (This Change's Made By Github Activity) 
[COLOR="DarkRed"]--- a/drivers/staging/qcacld-3.0/configs/default_defconfig[/COLOR] 
[COLOR="green"]+++ b/drivers/staging/qcacld-3.0/configs/default_defconfig[/COLOR] (After from these commands; before to other main command's to next command's changes are only will be defined file.)
@@ -561,7 +561,7 @@ CONFIG_CONVERGED_TDLS_ENABLE := y (Above of the colored green and defined command, this info adding to this.) (Here gains the new ability to kernel)
CONFIG_WLAN_CONV_SPECTRAL_ENABLE := y
CONFIG_WLAN_SPECTRAL_ENABLE := y
CONFIG_WMI_CMD_STRINGS := y
[COLOR="DarkRed"]-CONFIG_FEATURE_MONITOR_MODE_SUPPORT := n[/COLOR]
[COLOR="green"]+CONFIG_FEATURE_MONITOR_MODE_SUPPORT := y[/COLOR] (Here previously defined to "n" so no for monitor mode ability; changing so patching to "y" so yes now.)
CONFIG_DESC_DUP_DETECT_DEBUG := n
CONFIG_DEBUG_RX_RING_BUFFER := n
CONFIG_WLAN_FEATURE_TWT := y


2.1.1 Monitor Mode Patch For Qualcomm chipsets:

For apply this patch; firstly you need to download your mobile device's kernel source.
For download; go to your mobile device's manufanturer's web page and take a look for source part, e.g;

Samsung: https://opensource.samsung.com/uploadList?menuItem=mobile&classification1=mobile_phone

Sony:
https://developer.sony.com/develop/open-devices/downloads/open-source-archives

From Google, DeviceBrand Kernel Source you can find source via searching this.

Extract your downloaded kernel source and go inside this:

Kod:
cd [I]YourKernelSource[/I]

Download and apply patch:
Kod:
wget https://github.com/kimocoder/qualcomm_android_monitor_mode/raw/master/files/enable_monitor_mode.patch
Kod:
patch -p1 < enable_monitor_mode.patch

Here need to an patch succesfull output from terminal, otherwise that mean there is a conflicts happened to your device.

2.1.2 Compiling Kernel:

A patched kernel; need to compile and flash. For this, you need to download some necessery packages. First lets install packages:

Kod:
sudo apt-get install -y build-essential kernel-package libncurses5-dev bzip2  lib32z1 lib32ncurses5 lib32bz2-1.0 android-tools-adb android-tools-fastboot

If your mobile device is have ARM processor:

Kod:
git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/arm/arm-eabi-4.8/

If your mobile device is have ARM64 processor:

Kod:
git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/

That our downloaded toolchain package need for building process.

Kod:
cd [I]DownloadedToolchainFolder/I]

If your mobile device is have ARM processor:

Kod:
export CROSS_COMPILE=$(pwd)/bin/arm-eabi-

If your mobile device is have ARM64 processor:

Kod:
export CROSS_COMPILE=$(pwd)/bin/aarch64-linux-android-

with this command the toolchain is defining to system.

Kod:
cd ../

If your mobile device is have ARM64 processor::

Kod:
export ARCH=arm64 && export SUBARCH=arm64

If your mobile device is have ARM processor:

Kod:
export ARCH=arm && export SUBARCH=arm

Now you need to find predefined defconfig file. This file names as YourDevice'sCodeName_defconfig .
For ARM64 devices, this file is in
arch/arm64/configs/ folder. For learn the which defconfig is for your mobile device, you need to search via Google to YourDevice'sName codename .
Here copy or remember that your get that codename and enter these commands:

Kod:
make clean
Kod:
make mrproper
Kod:
make [I]YourCopiedDefconfigFile[/I]
Kod:
make -j4
(In your computer's 4 cores are will use)

And building process were start.

After the compiling process, the output must like this;

For 32 Bits:

sp5Nra.png


For 64 Bits:

c6XFLc.png



2.1.3 Backupping The Stock Kernel:


Now lets backup your available so stock kernel. (if your mobile device isnt start after flashing the compiled kernel you will need to this) (for recovery process, please take a look at the 4.1.1 title) For this, firstly open your device and connect via host cable to your computer and:

Kod:
adb shell

Kod:
mount -o remount,rw /system

Kod:
dd if=/dev/block/bootdevice/by-name/boot of=boot.img

Kod:
adb pull /boot.img

This command is defines the your kernel named as boot.img which is comes to pre-installed. if; defines InputFile, of is; OutFile directory.


2.1.4 Flashing The Compiled Kernel To Your Mobile Device


As you can see, your compiled kernel in; arch/arm64/configs/ or arch/arm/boot/ of folder. Now lets using named Android Image Kitchen tool for install so change stock and custom kernel (change stock kernel name to ori.img for dont lost this)

Now lets open a terminal and enter these commands;

Kod:
git clone https://github.com/osm0sis/Android-Image-Kitchen -b AIK-Linux aik
This command will download AIK tool to your aik named folder.İf your mobile device is 64 bits, then you will see Image.gz-dtb named and in arch/arm64/configs/ folder this file. Copy this to aik folder; else so if your mobile device is 32 bits, then copy zImage named and in arch/arm/boot/ folder this file.
Also copy the previously your taked stock kernel file from where you pulled.

XxlgG0.png



Now open a new terminal and:

Kod:
sudo ./unpackimg.sh [I]your stock kernel file[/I]

via this command, the firmware files from stock kernel will be extract.

PHDiWQ.png


Now enter this command:

Kod:
ls split_img

KliUqb.png


In original so stock kernel's inside files are extracting:

4nNfkI.png



So last process must be like this:

a3085D.png



Kod:
rm split_img/ori.img-zImage

Kod:
mv ori.img-zImage /split img

Kod:
./repackimg.sh

And new kernel so custom kernel is ready:

WZSmBR.png




open your device and connect via host cable to your computer:

Kod:
adb reboot bootloader

Kod:
fastboot flash boot image-new.img

Kod:
fastboot reboot

If your mobile device is opened, then it means kernel works.


2.1.5 Testing The Monitor Mode:

Download the named Terminal Emulator in Google Play Store and enter these commands from your mobile device:

Kod:
echo "4" > /sys/module/wlan/parameters/con_mode

Kod:
airodump-ng wlan0

And result:

Z5LGI2.png



For turn off monitor mode:

Kod:
ip link set wlan0 down

Kod:
echo "0" > /sys/module/wlan/parameters/con_mode

Kod:
ip link set wlan0 up


3.1.1 Monitor Mode Patch For Broadcom Chipsets:

Which devices are have Broadcom chipsets are unlikely Qualcomm, you need to patch the firmware manually change with stock firmware. For learn which firmware is your mobile device uses:

https://store.nethunter.com/en/packages/de.tu_darmstadt.seemoo.nexmon/

In this link, download named NexMon apk file, open it and gain root access.

Then, go to firmware path from left side:

SsqHKT.png


After entering firmware path, open your file explorer app and copy your stock firmware to /vendor directory.

MQJEMG.png
:


In NexMon app, press select firmware and select that your copied firmware.

l0HgCF.png


Lg0Ts1.png


bii8Mh.png


Yes that knowned WiFi chipset and now remove your copied firmware from /vendor directory (warning: please remove only where is your copied firmware; else if you remove from main directory, your wifi isnt works)


Now lets apply patches for our bcm chipset; but first lets install necessery packages:

Kod:
sudo apt-get install git gawk qpdf adb flex bison

Kod:
sudo dpkg --add-architecture i386

Kod:
sudo apt-get update && apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386

Kod:
git clone https://github.com/seemoo-lab/nexmon.git

Kod:
cd nexmon

Kod:
source setup_env.sh

Kod:
make

This command will extract the files which is wrote C programming language so will make it executable.


e.g. for bcm4339 chipset :


Kod:
cd patches/bcm4339/6_37_34_43/nexmon/

Kod:
make

After finish compiling process via make command, disconnect wifi networks from your mobile device and connect via host cable to your computer. Now;

Backupping Process:

Kod:
make backup-firmware

Installing The Patched Firmware:

Kod:
make install-firmware

And patching is okey.


Now patched firmware is installed your mobile device and if there is a trouble so your wifi cant open:

Kod:
make install-backup

Via run this command, it will restore the stock firmware.

Now for install the AirCrack-ng packages, you need to install and setup the Android NDK version 11c:

https://developer.android.com/ndk/downloads/older_releases

Find the version 11c and install via this link:

NdTjms.png


After download, extract that zip file via press right click and extract tab. Copy the folder directory link from the out of this folder via press right click and properties tab and open the terminal and enter these commands:

Kod:
export NDK_ROOT= [I]YourCopiedFolderDirectoryLink[/I]

Kod:
export PATH=$NDK_ROOT:$PATH

Here we defined the that folder's link to terminal and again in this terminal; inside of the NexMon folder, go to the utilities directory and connect your mobile device via host cable to your computer. Now:


Kod:
make

Kod:
make install

This command will install all of the AirCrack packages from which are in utilities folder.

In your mobile device, install the BusyBox and Terminal Emulator app from Google Play Store Open the BusyBox app, gain root access and press install to /system/xbin and /system/bin .

Open Terminal Emulator app from your mobile device and enter these commands:

Kod:
nexutil -m2

This command will active the monitor mode.

Kod:
nexutil -m0

This command will passive so turn off the monitor mode.

If your mobile device is have ARM (32 bits)
processor:

Kod:
export LD_PRELOAD=/system/lib/l i b nexmon.so

If your mobile device is have ARM64 (64 bits) processor:

Kod:
export LD_PRELOAD=/system/lib64/l i b nexmon.so

Kod:
airodump-ng wlan0

And done.

Airodump Output:

O7DmS5.jpg




4.1.1 Recovery Mode:

Yes you backup the stock kernel and after installation; if your mobile device isnt started, then open a new terminal and lets restore the your mobile device's stock kernel:

Kod:
adb reboot bootloader

Kod:
fastboot flash boot boot.img

This command will restores the previous so stock kernel and your device will open.

MAIN SUBJECT (TR): https://www.turkhackteam.org/networ...wifisinde-yamalama-islemleri.html#post9326380



 
Son düzenleme:

M3m0ry

Kıdemli Üye
3 Haz 2017
4,429
124
3
xD
Cevap: Patching Process For The Mobile Device's Internal

I read this article's Turkish version too. Both of them are nice :))
 
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.