{"id":17988234,"url":"https://github.com/sighook/lwpp","last_synced_at":"2025-06-14T17:34:14.887Z","repository":{"id":65288037,"uuid":"220089972","full_name":"sighook/lwpp","owner":"sighook","description":"A collection of patches for the vanilla linux kernel, useful for pentesters and security engineers.","archived":false,"fork":false,"pushed_at":"2023-01-15T18:05:13.000Z","size":27,"stargazers_count":4,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-06T14:01:44.524Z","etag":null,"topics":["kernel","linux","patches","pentesting","wifi","wifi-hacking"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sighook.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-11-06T21:06:21.000Z","updated_at":"2024-08-12T19:54:37.000Z","dependencies_parsed_at":"2023-01-16T07:15:42.184Z","dependency_job_id":null,"html_url":"https://github.com/sighook/lwpp","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sighook/lwpp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sighook%2Flwpp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sighook%2Flwpp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sighook%2Flwpp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sighook%2Flwpp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sighook","download_url":"https://codeload.github.com/sighook/lwpp/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sighook%2Flwpp/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259855555,"owners_count":22922329,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kernel","linux","patches","pentesting","wifi","wifi-hacking"],"created_at":"2024-10-29T19:11:06.884Z","updated_at":"2025-06-14T17:34:14.865Z","avatar_url":"https://github.com/sighook.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Linux Wi-Fi Pentest Patches\n\nA collection of patches for vanilla linux kernel,\nuseful for pentesters and security engineers.\n\nSupported branches:\n\n- 5.3 (~~EOL: December 2019~~)\n\n- 5.4 (EOL: December 2025)\n\n## Setup\n\n- Apply the patches that correspond to your kernel branch. For example:\n\n  Note that you may use `--dry-run` option to check if there is no errors before applying.\n\n  ```sh\n  _BRANCH=5.4\n  git clone https://github.com/sighook/lwpp\n  cd /usr/src/linux-$_BRANCH\n  for _PATCH in /path/lwpp/$_BRANCH/*.patch; do\n      patch -p1 -i $_PATCH\n  done\n  ```\n\n- Build the kernel \u0026 modules. For example:\n\n  ```sh\n  cp /boot/config .config\n  make olddefconfig\n  make -j$(nproc) all\n  make modules_install\n  cp arch/x86/boot/bzImage /boot/vmlinuz\n  cp .config /boot/config\n  ```\n\n- Update bootloader. For example (in case you're using GRUB):\n\n  ```sh\n  grub-mkconfig -o /boot/grub/grub.cfg\n  ```\n\n- Reboot.\n\n- Have fun!\n\n## Description\n\n- `0001-fix-QoS-overwriting.patch`\n\n  When injecting packets the Quality of Service (QoS) header was\n  being overwritten by the driver.\n\n  This patch tells to the driver to not overwrite the QoS header\n  when the device is in the monitor mode.\n\n  Thanks to [Mathy Vanhoef](http://www.mathyvanhoef.com/2012/09/compat-wireless-injection-patch-for.html).\n\n- `0002-fix-the-channel-changing-of-the-monitor-interface.patch`\n\n  We can't change the channel when \"normal\" virtual interfaces are also using the device.\n\n  So, it's unable to change the channel of the monitor interface with the error message\n  \"SET failed on device mon0 ; Device or resource busy.\"\n\n  Practically this means that (if you don't apply this patch) we\n  need to disable them by executing \"ifconfig wlanX down\" until we\n  only have monitor interfaces over.\n\n  However disabling them all the time is annoying and most of the\n  time if you're playing with monitor mode you're not using the\n  device in a normal mode anyway.\n\n  Thanks to [Mathy Vanhoef](http://www.mathyvanhoef.com/2012/09/compat-wireless-injection-patch-for.html).\n\n- `0003-fix-injecting-fragments-on-rtl8187-based-wifi-cards.patch`\n\n  Injecting fragments was not working properly on rtl8187: only the\n  the first fragment was being transmitted.\n\n  A simple test to further isolate the issue by instructing to driver\n  to send the following frames (from a userland program):\n\n  *  Send the first fragment\n  *  Send an ARP request packet\n  *  Send the second fragment, which is the last one\n\n  It turned out the device actually transmits the ARP request packet first, and only then sends the first fragment!\n\n  It first waiting for ALL the fragments before it begins sending them.\n\n  Furthermore, it would only send the next fragment once the previous one has been acknowledged (which isn't detected in monitor mode, hence only the first fragment is transmitted).\n\n  Thanks to [Mathy Vanhoef](http://www.mathyvanhoef.com/2012/09/compat-wireless-injection-patch-for.html).\n\n- `0004-skip-frame-ACKing-renumbering-handle-sequence-by-use.patch`\n\n  Packet injection may want to control the sequence number, so if an injected packet is found, skip renumbering it.\n\n  Also make the packet NO_ACK to avoid excessive retries (ACKing and retrying should be handled by the injecting application).\n\n  **FIXME** This may break hostapd and some other injectors. This should be done using a radiotap flag.\n\n  Thanks to [aircrack patches](http://patches.aircrack-ng.org/). *(Original author is unknown.)*\n\n- `0005-Enable-monitoring-and-injection-for-the-Zydax-1211rw.patch`\n\n  _Enable monitoring and injection for the Zydax 1211rw driver_\n\n  Thanks to [aircrack patches](http://patches.aircrack-ng.org/). *(Original author is unknown.)*\n\n- `0006-Override-regdomain-hardcoded-in-EEPROM-with-custom-v.patch`\n\n  _Override regdomain hardcoded in EEPROM with custom value_\n\n  Usage:\n\n  Get your country code from `linux/drivers/net/wireless/ath/regd.h` and supply as a parameter.\n\n  Example:\n\n  `sudo modprobe carl9170 override_eeprom_regdomain=\u003cCODE\u003e`\n\n  Thanks to [Paul Fertser](fercerpav@gmail.com).\n\n- `0007-carl9170-Enable-sniffer-mode-promisc-flag-to-fix-inj.patch`\n\n  _carl9170: Enable sniffer mode promisc flag to fix injection_\n\n  The removal of the `AR9170_MAC_SNIFFER_ENABLE_PROMISC` flag to fix an issue\n  many years ago caused the AR9170 to not be able to pass probe response\n  packets with different MAC addresses back up to the driver. In general\n  operation, this doesn't matter, but in the case of packet injection with\n  `aireplay-ng` it is important. aireplay-ng specifically injects packets with\n  spoofed MAC addresses on the probe requests and looks for probe responses\n  back to those addresses. No other combination of filter flags seem to fix\n  this issue and so `AR9170_MAC_SNIFFER_ENABLE` is required to get these packets.\n\n  This was originally caused by commit `e0509d3bdd7365d06c9bf570bf9f11` which\n  removed this flag in order to avoid spurious ack noise from the hardware.\n\n  In testing for this issue, keeping this flag but not restoring the\n  `AR9170_MAC_RX_CTRL_ACK_IN_SNIFFER` flag on the `rc_ctrl` seems to solve this\n  issue, at least with the most current firmware v1.9.9.\n\n  Thanks to [Steve deRosier](derosier@cal-sierra.com)\n\n- `0008-mac80211-ignore-AP-power-level-when-tx-power-type-is.patch`\n\n  _mac80211: ignore AP power level when tx power type is \"fixed\"_\n\n  In some cases a user might want to connect to a far away access point,\n  which announces a low tx power limit. Using the AP's power limit can\n  make the connection significantly more unstable or even impossible, and\n  mac80211 currently provides no way to disable this behavior.\n\n  To fix this, use the currently unused distinction between limited and\n  fixed tx power to decide whether a remote AP's power limit should be\n  accepted.\n\n  Usage:\n\n  `iw dev XXX set txpower fixed YYY`\n\n  Thanks to [Felix Fietkau](nbd@openwrt.org)\n\n- `0009-ath9k-override-regdomain-hardcoded-in-EEPROM-with-cu.patch`\n\n  _ath9k: override regdomain hardcoded in EEPROM with custom value_\n\n  Get your country code from linux/drivers/net/wireless/ath/regd.h\n  and supply as a parameter:\n\n  `modprobe ath9k_hw override_eeprom_regdomain=\u003cCODE\u003e; modprobe ath9k`\n\n\u003c!-- vim:ft=markdown\nEnd of file. --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsighook%2Flwpp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsighook%2Flwpp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsighook%2Flwpp/lists"}