Monitor mode for iDevices

[Alex47]

To be fair though, who isn't jailbroken here?

[A12danrulz]

I'm not saying that for the benefit of the members. The vast majority of views we get are from unregistered guests who might not know that you need root access to get access to the firmware

[Ironman]

True A12. The vast majority of our traffic is from people who never register. And many may not know that jailbreaking their iDevice or rooting their Android is the first thing to do. Everything else comes after.

[Markanees]

I have iPad 2 3G matches the requirement
I can test anything ( I have 5.1.1 blobs )
but the steps in the read me is not clear for me
can anyone make it simpler

[andres]

I have iPad 2 3G matches the requirement
I can test anything ( I have 5.1.1 blobs )
but the steps in the read me is not clear for me
can anyone make it simpler

Let's see if I can help you.

01 - Jailbrake your device.
02 - Install OpenSSH server from Cydia (and change your passwords, this is for security reasons).
03 - Install Python from Cydia.
04 - Install libpcap library from Cydia.
05 - Install tcpdump from Cydia.
06 - Download patcher directory from the github repository to your device.
07 - Download tools/iOS/server/ioctl.py from the github repository to your device.
08 - Download tools/iOS/aeropuerto.py from the github repository to your device.
09 - Download tools/monitor_mode_magic_pcap.py from the github repository to your device.
10 - From a terminal on the device execute bcm-patcher.py to patch the firmware. Check the usage help when executing the script with no parameters.
11 - Execute aeropuerto.py to disable MPC and set the channel.
     # ./aeropuerto.py start 6
12 - Start executing tcpdump.
     # tcpdump -i en0 -s 65535 -w monitor.cap ether host 88:88:88:88:88:88
13 - Once we stop tcpdump execute monitor_mode_magic_pcap.py to  create a valid 802.11 pcap capture file.
     # /monitor_mode_magic_pcap.py monitor.cap test.cap
14 - Execute aeropuerto.py to enable MPC. MPC means Minimal Power Consumption and if it's not restore after sniffing the battery is going to consume faster than usual.
     # ./aeropuerto.py stop
15 - Execute aircrak-ng with the test.pcap file that was created by monitor_mode_magic_pcap.py scritp.
     # aircrack-ng test.pcap

Hope this was helpful.

[Markanees]

When I run
./bcm-patcher.py
I get this #Usage: bcm_patcher firmware_file
Is this means means that it's patched
And
I am getting some problems in understanting the steps after stopping tcpdump !

[andres]

When I run
./bcm-patcher.py
I get this #Usage: bcm_patcher firmware_file
Is this means means that it's patched
And
I am getting some problems in understanting the steps after stopping tcpdump !

With no parameters the "Usage" message is show. To patch the firmware you need to put the firmware path as parameter of the script. For example:

# ./bcm_patcher.py /usr/share/firmware/wifi/4329b1/duo.bin

Your firmware is not necessarily called duo.bin, check the path for your firmware file.

Let me know if something doesn't work.

[[null]]

Let's see if I can help you.

01 - Jailbrake your device.
02 - Install OpenSSH server from Cydia (and change your passwords, this is for security reasons).
03 - Install Python from Cydia.
04 - Install libpcap library from Cydia.
05 - Install tcpdump from Cydia.
06 - Download patcher directory from the github repository to your device.
07 - Download tools/iOS/server/ioctl.py from the github repository to your device.
08 - Download tools/iOS/aeropuerto.py from the github repository to your device.
09 - Download tools/monitor_mode_magic_pcap.py from the github repository to your device.
10 - From a terminal on the device execute bcm-patcher.py to patch the firmware. Check the usage help when executing the script with no parameters.
11 - Execute aeropuerto.py to disable MPC and set the channel.
     # ./aeropuerto.py start 6
12 - Start executing tcpdump.
     # tcpdump -i en0 -s 65535 -w monitor.cap ether host 88:88:88:88:88:88
13 - Once we stop tcpdump execute monitor_mode_magic_pcap.py to  create a valid 802.11 pcap capture file.
     # /monitor_mode_magic_pcap.py monitor.cap test.cap
14 - Execute aeropuerto.py to enable MPC. MPC means Minimal Power Consumption and if it's not restore after sniffing the battery is going to consume faster than usual.
     # ./aeropuerto.py stop
15 - Execute aircrak-ng with the test.pcap file that was created by monitor_mode_magic_pcap.py scritp.
     # aircrack-ng test.pcap

Hope this was helpful.

+1. This is practically a tutorial in itself. Things like this are what help out new members the most!

[Markanees]

It is giving me the chip not supported

[andres]

It is giving me the chip not supported

If you are interested you can send me the firmware files and I will try to reverse it and generate a patch to support your device.

[A3MIRAL]

I'm not jailbroken! (iPhone 5 :/)

[UberN00b]

I'm not jailbroken! (iPhone 5 :/)

Do you use i-funbox to manually install .deb's? Even with Prompt or iSSH, would iNinja tools even work on a non-jailbroken iDevice? I

[A3MIRAL]

No...they won't.

[Markanees]

If you are interested you can send me the firmware files and I will try to reverse it and generate a patch to support your device.

ok I can send you it but where I don't see email in your bio

[andres]

I'm not jailbroken! (iPhone 5 :/)

In your information says that you have an ipod touch 3G, apparently this device has a BCM4329[1].
If you are interested on using the tool on this device, contact me over PM and I will try to help you.

[1] - http://www.ifixit.com/Teardown/iPod+Touch+3rd+Generation+Teardown/1158/2#s6203