Activating the WiFi monitor mode on Vim4 22.04

HadK123 · January 4, 2023, 3:35pm

I have Vim4 with ubuntu 22.04, I want to activate the monitor mode on the on-board WiFi card, but after running the command “sudo iwconfig wlan0 mode monitor” I get the error “Error for wireless request “Set Mode” (8B06): SET failed on device wlan0; Invalid argument”.
If I want to check the currently used driver/firmware using the command “sudo lshw -c network” I don’t get the driver or firmware version, what I get is like “… driver=wl driverversion=0 …”

Even the command “lspci | grep -i wireless” doesn’t show anything.

I think it is a firmware issue but I don’t know how to fix it. I think I found the needed firmware in the following link but not sure how to fix the issue using it.

The on-board wifi card is AP6275S Wi-Fi 6 Module

Any help is really appreciated, and thank you very much.

numbqq · January 5, 2023, 3:12am

Hello @HadK123

In order to use the Wi-Fi monitor mode, you need to upgrade the kernel.

Follow the steps below to upgrade the kernel:

wget https://dl.khadas.com/.test/wifi/linux-image-amlogic-5.4_1.4.2_arm64.deb
sudo dpkg -i linux-image-amlogic-5.4_1.4.2_arm64.deb 
sudo reboot

Afrer reboot, follow the steps below to enable monitor mode on node radiotap0

wget https://dl.khadas.com/.test/wifi/dhd_priv
chmod +x dhd_priv 
sudo ./dhd_priv monitor 1
sudo ifconfig radiotap0 up
sudo tcpdump -i radiotap0

HadK123 · January 5, 2023, 3:04pm

Hello @numbqq thank you for your reply, I tried your solution, but when I run the command “sudo ./dhd_priv monitor 1” I get the error: “dhd_priv(2.4): failed to send cmd at wlan0 with error -1”

I also checked the command that I mentioned in my original post and still getting the same results!

numbqq · January 6, 2023, 12:55am

Hello @HadK123

Which version of Ubuntu you used? I checked on my side with latest release 1.4-221229, it works well.

khadas@Khadas:~$ cat /etc/fenix-release 
# PLEASE DO NOT EDIT THIS FILE
BOARD=VIM4
VENDOR=Amlogic
VERSION=1.4
ARCH=arm64
INITRD_ARCH=arm64
IMAGE_VERSION=1.4-221229
################ GIT VERSION ################
UBOOT_GIT_VERSION=khadas-vims-u-boot-2019.01-v1.4-release
LINUX_GIT_VERSION=khadas-vims-linux-5.4-v1.4-release
FENIX_GIT_VERSION=v1.4
#############################################

Please provide the information below to me:

cat /etc/fenix-release 
uname -a

HadK123 · January 6, 2023, 2:22am

Yes @numbqq, this is what I also get, exactly what you have

khadas@Khadas:~$ cat /etc/fenix-release 
# PLEASE DO NOT EDIT THIS FILE
BOARD=VIM4
VENDOR=Amlogic
VERSION=1.4
ARCH=arm64
INITRD_ARCH=arm64
IMAGE_VERSION=1.4-221229
################ GIT VERSION ################
UBOOT_GIT_VERSION=khadas-vims-u-boot-2019.01-v1.4-release
LINUX_GIT_VERSION=khadas-vims-linux-5.4-v1.4-release
FENIX_GIT_VERSION=v1.4
#############################################
khadas@Khadas:~$ uname -a
Linux Khadas 5.4.180 #1.4.2 SMP PREEMPT Thu Jan 5 10:45:07 CST 2023 aarch64 aarch64 aarch64 GNU/Linux
khadas@Khadas:~$

numbqq · January 6, 2023, 2:27am

Hello @HadK123

I guess you connected the Wi-Fi, right? Please distconnect the Wi-Fi connection and try again.

HadK123 · January 6, 2023, 2:59pm

That worked! thank you so much @numbqq! I really appreciate your help.

CnR89 · February 1, 2023, 7:55pm

Same issue here:
How can I enable wifi monitor mode on khadas edge 2?

uname -a
Linux Khadas 5.10.66 #1.4 SMP PREEMPT Thu Dec 29 08:18:53 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux

cat /etc/fenix-release

# PLEASE DO NOT EDIT THIS FILE
BOARD=Edge2
VENDOR=Rockchip
VERSION=1.4
ARCH=arm64
INITRD_ARCH=arm64
IMAGE_VERSION=1.4-221229
################ GIT VERSION ################
UBOOT_GIT_VERSION=khadas-edges-u-boot-2017.09-v1.4-release
LINUX_GIT_VERSION=khadas-edges-linux-5.10-v1.4-release
FENIX_GIT_VERSION=v1.4
#############################################

ivan.li · February 2, 2023, 9:39am

@CnR89

1.The Monitor Mode configuration was enabled

The corresponding modification is as follows:
After modification, recompile and update the kernel

diff --git a/drivers/net/wireless/rockchip_wlan/rkwifi/bcmdhd/Makefile b/drivers/net/wireless/rockchip_wlan/rkwifi/bcmdhd/Makefile
index 5b147c9ff6e5..b74c65aa97c6 100755
--- a/drivers/net/wireless/rockchip_wlan/rkwifi/bcmdhd/Makefile
+++ b/drivers/net/wireless/rockchip_wlan/rkwifi/bcmdhd/Makefile
@@ -33,7 +33,7 @@ DHDCFLAGS = -Wall -Wstrict-prototypes -Wno-date-time                      \
        -DPOWERUP_MAX_RETRY=0 -DIFACE_HANG_FORCE_DEV_CLOSE -DWAIT_DEQUEUE     \
        -DUSE_NEW_RSPEC_DEFS -Wno-declaration-after-statement                 \
        -DWL_EXT_IAPSTA -DWL_ESCAN -DCCODE_LIST                               \
-       -DENABLE_INSMOD_NO_FW_LOAD -DBCM_USE_PLATFORM_STRLCPY
+       -DENABLE_INSMOD_NO_FW_LOAD -DBCM_USE_PLATFORM_STRLCPY -DWL_MONITOR
 
 DHDOFILES = aiutils.o siutils.o sbutils.o bcmutils.o bcmwifi_channels.o   \
        dhd_linux.o dhd_linux_platdev.o dhd_linux_sched.o dhd_pno.o           \

2.Install the tcpdump tool

$ sudo apt update
$ sudo apt-get install tcpdump

3.To enable the Monitor Mode, you need to configure it using the tool

Download and compile the configuration code.

$ wget https://dl.khadas.com/development/wifi/dhd_priv.tgz
$ tar xvzf dhd_priv.tgz 
$ cd dhd_priv
$ make
$ ls dhd_priv
dhd_priv

Run the following command to configure the Monitor Mode:
Turn on WiFi and leave it unconnected

$ sudo ./dhd_priv monitor 1

4.Configure the listening node and test

$ sudo ifconfig radiotap0 up
$ ifconfig radiotap0
radiotap0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        unspec 00-00-00-00-00-00-10-CC-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 84967  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Monitor data:

$ sudo tcpdump -i radiotap0
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on radiotap0, link-type IEEE802_11_RADIO (802.11 plus radiotap header), snapshot length 262144 bytes
02:45:43.246094 226443984us tsft short preamble 24.0 Mb/s 5180 MHz 11a -67dBm signal -92dBm noise antenna 1 BA RA:68:77:24:51:be:2d (oui Unknown) 
02:45:43.248106 226444815us tsft short preamble 24.0 Mb/s 5180 MHz 11a -79dBm signal -92dBm noise antenna 1 BA RA:68:77:24:51:be:2d (oui Unknown) 
02:45:43.248109 226445024us tsft short preamble 6.0 Mb/s 5180 MHz 11a -77dBm signal -92dBm noise antenna 1 Beacon (Sales) [6.0* 9.0 12.0* 18.0 24.0* 36.0 48.0 54.0 Mbit] ESS CH: 36, PRIVACY
02:45:43.248111 226445853us tsft short preamble 24.0 Mb/s 5180 MHz 11a -79dBm signal -92dBm noise antenna 1 BA RA:68:77:24:51:be:2d (oui Unknown) 
02:45:43.248112 226445934us tsft short preamble wep 6.0 Mb/s 5180 MHz 11a -77dBm signal -92dBm noise antenna 1 Data IV:7200 Pad 20 KeyID 1
02:45:43.251586 226448984us tsft short preamble 6.0 Mb/s 5180 MHz 11a -77dBm signal -92dBm noise antenna 1 Beacon () [6.0* 9.0 12.0* 18.0 24.0* 36.0 48.0 54.0 Mbit] ESS CH: 36, PRIVACY
02:45:43.251764 226449742us tsft -78dBm signal -92dBm noise antenna 1 5180 MHz 11n ht/20 6.5 Mb/s MCS 0 20 MHz long GI greenfield BCC FEC Acknowledgment RA:16:1c:79:a3:40:30 (oui Unknown) 
02:45:43.268748 226466307us tsft -78dBm signal -92dBm noise antenna 1 5180 MHz 11n ht/20 6.5 Mb/s MCS 0 20 MHz long GI greenfield BCC FEC Acknowledgment RA:16:1c:79:a3:40:30 (oui Unknown) 
02:45:43.289979 226487888us tsft short preamble 24.0 Mb/s 5180 MHz 11a -44dBm signal -92dBm noise antenna 1 BA RA:8c:c8:4b:53:1c:3b (oui Unknown) 
02:45:43.294177 226492091us tsft short preamble 6.0 Mb/s 5180 MHz 11a -85dBm signal -92dBm noise antenna 1 Clear-To-Send RA:dc:21:5c:58:8b:53 (oui Unknown) 
02:45:43.294881 226492449us tsft short preamble 6.0 Mb/s 5180 MHz 11a -86dBm signal -92dBm noise antenna 1 Clear-To-Send RA:dc:21:5c:58:8b:53 (oui Unknown) 
02:45:43.299183 226497114us tsft short preamble 24.0 Mb/s 5180 MHz 11a -77dBm signal -92dBm noise antenna 1 Request-To-Send TA:68:54:5a:54:bf:7d (oui Unknown) 
02:45:43.299205 226497159us tsft short preamble 12.0 Mb/s 5180 MHz 11a -60dBm signal -92dBm noise antenna 1 Clear-To-Send RA:68:54:5a:54:bf:7d (oui Unknown) 
02:45:43.299597 226497535us tsft short preamble 24.0 Mb/s 5180 MHz 11a -77dBm signal -92dBm noise antenna 1 Request-To-Send TA:68:54:5a:54:bf:7d (oui Unknown)

CnR89 · February 3, 2023, 2:58pm

Thank you @ivan.li. It works like a charm.

CnR89 · March 8, 2023, 2:37pm

@ivan.li Hello again,

I can capture packets with “WL_MONITOR” flag but I can’t send raw packets.

Is there anyway to send raw wifi packet’s in monitor mode?

numbqq · March 9, 2023, 8:45am

Could you tell us how to test this feature ?

CnR89 · March 9, 2023, 8:57am

I wrote a golang project which already works on raspberry pi with dongle.
I can capture packets with this code but I can’t send on khadas.

Also I tried aircrack-ng injection test which is fails too

 aireplay-ng -9 radiotap0

numbqq · March 10, 2023, 12:48am

Hello @CnR89

It is not supported.