This is an old revision of the document!
b43 is the new driver for wireless cards with Broadcom chipsets. It performs quite well in terms of monitoring and injection, although it has no support for the 802.11a wireless band.
b43 is a mac80211 driver, so it requires at least Aircrack-ng 1.0-rc1.
A fairly up-to-date list is kept here. At the time of writing this article, chipsets with the following PCI IDs were unsupported :
|PCI ID||Device ID||Product Name|
|14e4:4313||0x4313||4311 5 Ghz|
|14e4:4329||0x4329||4321 2.4 Ghz|
|14e4:432a||0x432a||4321 5 Ghz|
|14e4:432c||0x432c||4322 2.4 Ghz|
|14e4:432d||0x432d||4322 5 Ghz|
|14e4:4357||0x4357||43225 2.4 Ghz|
To determine the PCI ID of your wireless device under linux, enter:
Also, if the PCI ID of your card is 14e4:4315 (BCM4312 with a LP “Low Power” PHY, commonly found on laptops), you need to install the development version of the driver, since it is unsupported by the stable versions - you will get a “UNSUPPORTED PHY” message in dmesg if you try to use it anyway. More information is provided underway.
2.6.24 kernels and newer don't need any patches applied to the driver itself. The only patch that is needed (for fragmentation attack support) is the standard mac80211 frag+ack patch.
If you have the card with the 14e4:4315 PCI ID, then you need to install the compat-wireless package, since today's stable versions of the drivers do not support this card at all. In fact, the b43 driver is constantly being improved and using the development version of it can yield very positive results for all its users. More information, as well as detailed installation steps, is provided by the compat-wireless article as well as this.
Because of Broadcom's licensing, the firmware - which is essential for the card to run - cannot be freely distributed and is obtainable only by “extracting” their proprietary driver. In order to do this, a program called b43-fwcutter is needed. The procedure varies depending on the kernel and driver versions used, but is generally pretty simple. Keep in mind that you also need to apply different steps if you have the card with the 14e4:4315 PCI ID. A very good description containing detailed steps is provided by the wireless-kernel wiki (scroll down to see the actual steps).
Keep in mind that your distribution might offer its own b43-fwcutter package and scripts intended to obtain and extract the firmware. It is up to you if you're going to do it manually or let your distro do the work. If you have the card with the 14e4:4315 PCI ID, you have no choice and have to do everything by yourself.
After building and installing the new module, it is best to test that injection is working correctly. Use the injection test to confirm your card can inject.
First, double check that you are in fact running the new module:
modinfo b43 modinfo b43legacy
It will give you the fully qualified file name. Do “ls -l <fully qualified file name>” and confirm it has the date/time of when you compiled and installed the new module. If it does not match, then you are not running the patched module. This would, of course, need to be fixed.
This thread has a number of potential fixes to problems you may encounter: Broadcom bcm43xx Injection
This is a known issue with all mac80211 drivers. To avoid this error, make sure you do:
ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig wlan0 up
airmon-ng start wlan0
This way, you can monitor on mon0 while still being associated on wlan0.
If you get error messages similar to:
Then See this FAQ entry and scroll up to see the “Installing the firmware” section of this article.
See this forum entry: http://forum.aircrack-ng.org/index.php?topic=6434.0