{"id":20201025,"url":"https://github.com/kimocoder/qualcomm_android_monitor_mode","last_synced_at":"2025-05-16T06:04:45.032Z","repository":{"id":43082582,"uuid":"247377876","full_name":"kimocoder/qualcomm_android_monitor_mode","owner":"kimocoder","description":"Qualcomm QCACLD WiFi monitor mode for Android","archived":false,"fork":false,"pushed_at":"2024-11-28T00:14:00.000Z","size":117,"stargazers_count":313,"open_issues_count":43,"forks_count":56,"subscribers_count":32,"default_branch":"master","last_synced_at":"2025-04-08T17:16:49.146Z","etag":null,"topics":["aircrack-ng","android","monitor-mode","nethunter","qualcomm","wifi"],"latest_commit_sha":null,"homepage":"https://www.aircrack-ng.org","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kimocoder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-03-15T00:54:14.000Z","updated_at":"2025-04-04T20:54:56.000Z","dependencies_parsed_at":"2024-12-16T17:27:09.093Z","dependency_job_id":"de6ab60f-5e45-4fbd-a002-d17fb02f173f","html_url":"https://github.com/kimocoder/qualcomm_android_monitor_mode","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kimocoder%2Fqualcomm_android_monitor_mode","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kimocoder%2Fqualcomm_android_monitor_mode/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kimocoder%2Fqualcomm_android_monitor_mode/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kimocoder%2Fqualcomm_android_monitor_mode/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kimocoder","download_url":"https://codeload.github.com/kimocoder/qualcomm_android_monitor_mode/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254478186,"owners_count":22077675,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aircrack-ng","android","monitor-mode","nethunter","qualcomm","wifi"],"created_at":"2024-11-14T04:46:32.020Z","updated_at":"2025-05-16T06:04:45.013Z","avatar_url":"https://github.com/kimocoder.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# qualcomm_android_monitor_mode\nQualcomm QCACLD WiFi (Android) monitor mode\n\n[![Monitor mode](https://img.shields.io/badge/monitor%20mode-working-brightgreen.svg)](#)\n[![GitHub version](https://raster.shields.io/badge/version-DEV-lightgrey.svg)](#)\n[![GitHub issues](https://img.shields.io/github/issues/kimocoder/qualcomm_android_monitor_mode.svg)](https://github.com/kimocoder/qualcomm_android_monitor_mode/issues)\n[![GitHub forks](https://img.shields.io/github/forks/kimocoder/qualcomm_android_monitor_mode.svg)](https://github.com/kimocoder/qualcomm_android_monitor_mode/network)\n[![GitHub stars](https://img.shields.io/github/stars/kimocoder/qualcomm_android_monitor_mode.svg)](https://github.com/kimocoder/qualcomm_android_monitor_mode/stargazers)\n[![Build Status](https://travis-ci.org/kimocoder/qualcomm_android_monitor_mode.svg?branch=master)](https://travis-ci.org/kimocoder/qualcomm_android_monitor_mode)\n[![GitHub license](https://img.shields.io/github/license/kimocoder/qualcomm_android_monitor_mode.svg)](https://github.com/kimocoder/qualcomm_android_monitor_mode/blob/master/LICENSE)\n\u003cbr\u003e\n[![Kali](https://img.shields.io/badge/Kali-supported-blue.svg)](https://www.kali.org)\n[![aircrack-ng](https://img.shields.io/badge/aircrack--ng-supported-blue.svg)](https://github.com/aircrack-ng/aircrack-ng)\n[![wifite2](https://img.shields.io/badge/wifite2-supported-blue.svg)](https://github.com/derv82/wifite2)\n\n\n### NOTES\n```sh\n  An update!\n\n  This method will work OUT-of-the-BOX, it seems someone over at CodeAurora actually flipped the switch\n  on monitor mode, so the kernel patch isn't really nescessary, only for they on older/unmaintained kernels.\n\n  Great news, less dirty tricks/patching needed.\n  ```\n\n\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\n### DEPENDENCIES\n```sh\n  1. A rooted Android environment.\n  2. Either compile a kernel yourself (NetHunter chroot works)\n  3. WiFi chipset that actually uses the QCACLD driver/firmware.\n  \n  Older devices/drivers would need the patch from 'files', future kernels of 4.9, 4.14, 4.19\n  may have it WORKING from vendor. See \"LIST_OF_DEVICES.txt\" for known working phones.\n  Use issue reports for comments, new information that could help us get a working frame injection to it.\n```\n\n\u003cbr\u003e\u003cbr\u003e\n### Howto get that MONITORING MODE working\n\nConfigure device to deliver 802.11 packets in raw mode.\nBelow is the example of starting monitor mode and channel settings + tcpdump\n\nStart monitor mode on adapter\n```sh\nip link set wlan0 down\necho \"4\" \u003e /sys/module/wlan/parameters/con_mode\nip link set wlan0 up\n```\n\nStop monitor mode on adapter\n```sh\nip link set wlan0 down\necho \"0\" \u003e /sys/module/wlan/parameters/con_mode\nip link set wlan0 up\n```\n\n\u003cbr\u003e\u003cbr\u003e\n### Information about frame injection\n\nI've found phones with frame injection support present.\nThe phone is OnePlus 3T with lineageos 17.1, it has the QCACLD-2 driver, which QCACLD-3 replaced.\nHowever, finding the solution in QCACLD-2 to port to QCACLD-3 seems like an ok solution instead of\nfiddling around half blind in QCACLD-3, propably deactivated by Qualcomm.\n\nOriginal commit where frame injection was added in QCACLD-2\nhttps://gitlab.com/Codeaurora/platform_vendor_qcom-opensource_wlan_qcacld-2.0/-/commit/3d3ad7877d1b4d097b4302a4293a1cbb2478e7bf\n\n\nGot great news regarding QCACLD-3 frame/packet injection.\nAnother device ordered for testing.\n\n\nResearch recovered this has been pushed to a few branches, devices is:\nBERYLLIUM and HELIUM for now. CAF tag: wlan-cld3.driver.lnx.2.0.r60-rel\n\nResearch links and base knowledge ..\n```sh\n'For parsing frame injection capabilities you need \"radiotap iterator\" available.\nIf the radiotap iterator is found like below, the chance is big for frame capabilities.'\nhttps://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/-/blob/wlan-cld3.driver.lnx.2.0.r60-rel/components/pkt_capture/core/inc/wlan_pkt_capture_mon_thread.h#L124\n\n'This string we will need to take a note of, because this was added to turn this capabilities of specific.\nYou see the radiotap parser defines its guarding.'\nhttps://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/-/blob/wlan-cld3.driver.lnx.2.0.r60-rel/components/pkt_capture/core/inc/wlan_pkt_capture_data_txrx.h#L36\n\n'qcacld-3.0: Fill correct 802.11hdr in rx data pkts in pkt capture mode'\nhttps://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/-/commit/60cebbb9e9884de7310623b25549c96e41f63333\n\n'this is the struct where the packet/payload gets crafted'\nhttps://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/-/blob/wlan-cld3.driver.lnx.2.0.r60-rel/components/pkt_capture/core/src/wlan_pkt_capture_main.c#L255\n\n\nAnd we have more clues below:\n\n'qcacld-3.0: Add INI parameter for packet capture mode support'\nhttps://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/-/blob/wlan-cld3.driver.lnx.2.0.r60-rel/components/pkt_capture/dispatcher/inc/cfg_pkt_capture.h\n\n'qcacld-3.0: vendor command changes to configure parameters for monitor mode'\nhttps://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/-/commit/db872287ef87a6c2765a7612f1eb3246c98c48e0\n\n'qcacld-3.0: Update path for monitor files'\nhttps://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/-/commit/35736804a84aa4340102d2897e4bc5626761be83\n\n'fw-api: Add hw headers for wkk monitor'\nhttps://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/fw-api/-/commit/4b855f97afe633afe0addfb7f44865c88fc42c02\n```\n\nThread will be updated.\n\n\n\u003cbr\u003e\u003cbr\u003e\n### Logs / Outputs\n\n* 'iw phy0 info' output is over [here](https://github.com/kimocoder/qualcomm_android_monitor_mode/blob/master/docs/iwphy_output.txt)\n\n\n\u003cbr\u003e\u003cbr\u003e\n### Downloads / Patches\n  * Android QCACLD-3.0 patch to enable monitor mode - [DOWNLOAD HERE](https://github.com/kimocoder/qualcomm_android_monitor_mode/raw/master/files/enable_monitor_mode.patch)\n\u003cbr\u003e\u003cbr\u003e\n\n\n\u003cbr\u003e\u003cbr\u003e\n### Credits\n* kimocoder\n  * Twitter: https://twitter.com/kimocoder\n  \n* @Re4son\n  * Url: https://github.com/Re4son\n\n* @johanlike (DJY)\n  * Url: https://github.com/johanlike\n\n* Qualcomm\n  * https://www.qualcomm.com\n\n* CodeAurora\n  * https://www.codeaurora.org\n\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\n\n\n\n\u003cbr\u003e\u003cbr\u003e\n![Setting up a custom command](https://i.imgur.com/cTJhOTB.jpg)\n\u003cbr\u003e\u003cbr\u003e\n![Running monitor mode](https://i.imgur.com/s5gzFso.jpg)\n\u003cbr\u003e\u003cbr\u003e\n![Running wifite2](https://i.imgur.com/VNpiXEk.jpg)\n\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\n\n\n\n\n\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkimocoder%2Fqualcomm_android_monitor_mode","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkimocoder%2Fqualcomm_android_monitor_mode","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkimocoder%2Fqualcomm_android_monitor_mode/lists"}