This is an old revision of the document!
b43 is the new driver for wireless cards with Broadcom chipsets. It performs quite well in terms of monitoring and injection, although it has no support for the 802.11a wireless band.
b43 is a mac80211 driver, so it requires at least Aircrack-ng 1.0-rc1.
A fairly up-to-date list is kept here. At the time of writing this article, chipsets with the following PCI IDs were unsupported :
To determine the PCI ID of your wireless device under linux, enter:
Also, if the PCI ID of your card is 14e4:4315 (BCM4312 with a LP “Low Power” PHY, commonly found on laptops), you need to install the development version of the driver, since it is unsupported by the stable versions - you will get a “UNSUPPORTED PHY” message in dmesg if you try to use it anyway. More information is provided underway.
2.6.27 kernels and newer don't need any patches applied to the driver itself. The only patch that is needed (for fragmentation attack support) is the standard mac80211 frag+ack patch.
If you have the card with the 14e4:4315 PCI ID, then you need to install the compat-wireless package, which contains latest development versions of the wireless drivers. At the time of writing this article, the newest version of the package comes from 14 October 2009. This version will also be used in this little guide on how to install it. Make sure you've got your kernel headers (for the kernel you're currently running) and basic development tools installed.
$ wget http://www.orbit-lab.org/kernel/compat-wireless-2.6/2009/10/compat-wireless-2009-10-14.tar.bz2 $ tar -jxf compat-wireless-2009-10-14.tar.bz2 $ cd compat-wireless-2009-10-14 $ wget http://patches.aircrack-ng.org/mac80211.compat08082009.wl_frag+ack_v1.patch $ patch -p1 < mac80211.compat08082009.wl_frag+ack_v1.patch $ make # make install
The compilation process might take a while. Also, please note that while the patch provided here works for the currently discussed version, it does not have to work with newer ones. A reboot is recommended after running make install in order to avoid “Unresolved symbol in module” messages.
Because of Broadcom's licensing, the firmware - which is essential for the card to run - cannot be freely distributed and is obtainable only by “extracting” their proprietary driver. In order to do this, a program called b43-fwcutter is needed. The procedure varies depending on the kernel and driver versions used, but is generally pretty simple. Keep in mind that you also need to apply different steps if you have the card with the 14e4:4315 PCI ID. A very good description containing detailed steps is provided by the wireless-kernel wiki (scroll down to see the actual steps).
Keep in mind that your distribution might offer its own b43-fwcutter package and scripts intended to obtain and extract the firmware. It is up to you if you're going to do it manually or let your distro do the work. If you have the card with the 14e4:4315 PCI ID, you have no choice and have to do everything by yourself.
After building and installing the new module, it is best to test that injection is working correctly. Use the injection test to confirm your card can inject.
First, double check that you are in fact running the new module:
modinfo b43 modinfo b43legacy
It will give you the fully qualified file name. Do “ls -l <fully qualified file name>” and confirm it has the date/time of when you compiled and installed the new module. If it does not match, then you are not running the patched module. This would, of course, need to be fixed.
This thread has a number of potential fixes to problems you may encounter: Broadcom bcm43xx Injection
This is a known issue with all mac80211 drivers. To avoid this error, make sure you do:
ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig wlan0 up
airmon-ng start wlan0
This way, you can monitor on mon0 while still being associated on wlan0.
If you get error messages similar to:
Then See this FAQ entry and scroll up to see the “Installing the firmware” section of this article.