b43/b43legacy is the name of the new driver for wireless b/g cards with Broadcom chipsets. It performs quite well in terms of monitoring and injection, although it has no support for the 802.11a wireless band.
b43 is a mac80211 driver, so it requires at least Aircrack-ng 1.0-rc1.
A fairly up-to-date list is kept here. At the time of writing this article, chipsets with the following PCI IDs are supported:
To determine the PCI ID of your wireless device under linux, enter:
lspci -vnn | grep 14e4
Supported VIDs table
If your device ID is NOT listed here, it means it is not supported by aircrack-ng at this time.
Some chips are covered by both the “b43” and “wl” driver. If you have such device, you have to make sure you blacklist the “wl” driver before you utilize b43, otherwise they will collide and your card will stop functioning altogether, let alone hope for injection. The “wl” driver does not support aircrack-ng.
2.6.24 kernels and newer don't need any patches applied to the driver itself for monitor mode and packet injection. The only patch that is needed (for fragmentation attack support) is the standard mac80211 frag+ack patch.
Important note: If you install or update your b43 driver via compat-wireless, you have to know that the b43/ssb modules are part of your distribution's initramfs image. To avoid problems with loading your new b43 driver, update your initramfs image to complete the process. To do so, simply run:
sudo update-initramfs -u
If you have a card with the 14e4:4315 PCI ID and a kernel lower than 2.6.33, you need to install the compat-wireless package, since today's stable versions of the drivers do not support this card at all. In fact, the b43 driver is constantly being improved and using the development version of it can yield very positive results for all its users. More on this particular card here.
Because of Broadcom's licensing, the firmware - which is essential for the card to run - cannot be freely distributed and is obtainable only by “extracting” their proprietary driver. In order to do this, a program called b43-fwcutter is needed. The procedure varies depending on the kernel and driver versions used, but is generally pretty simple. Keep in mind that you also need to apply different steps if you have the card with the 14e4:4315 PCI ID. A very good description containing detailed steps is provided by the wireless-kernel wiki (scroll down to see the actual steps).
Keep in mind that your distribution might offer its own b43-fwcutter package and scripts intended to obtain and extract the firmware. It is up to you if you're going to do it manually or let your distro do the work. If you have the card with the 14e4:4315 PCI ID, you have no choice and have to do everything by yourself.
After building and installing the new module, it is best to test that injection is working correctly. Use the injection test to confirm your card can inject.
First, double check that you are in fact running the new module:
modinfo b43 modinfo b43legacy
It will give you the fully qualified file name. Do “ls -l <fully qualified file name>” and confirm it has the date/time of when you compiled and installed the new module. If it does not match, then you are not running the patched module. This would, of course, need to be fixed.
This thread has a number of potential fixes to problems you may encounter: Broadcom bcm43xx Injection
This is a known issue with all mac80211 drivers. To avoid this error, make sure you do:
ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig wlan0 up
airmon-ng start wlan0
This way, you can monitor on mon0 while still being associated on wlan0.
If you get error messages similar to:
Then See this FAQ entry and scroll up to see the “Installing the firmware” section of this article.
See this forum entry: http://forum.aircrack-ng.org/index.php?topic=6434.0