Nexmon Turns Nexus 5 (and RPi3!) Into WiFi Toolkit
<html> <p>Back in the day, when wardriving was still useful (read: before WPA2 was widespread), we used to wander around with a Zaurus in our pocket running Kismet. Today, every cellphone has WiFi and a significantly more powerful processor inside. But alas, the firmware is locked down.</p> <p><img data-attachment-id=„221963“ data-permalink=„http://hackaday.com/2016/09/08/nexmon-turns-nexus-5-and-rpi3-into-wifi-toolkit/mrmcd16-7748-deu-nexmon_-_make_wi-fi_hacking_on_smartphones_great_again_sdmp4-shot0005_thumbnail/“ data-orig-file=„https://hackadaycom.files.wordpress.com/2016/09/mrmcd16-7748-deu-nexmon_-_make_wi-fi_hacking_on_smartphones_great_again_sdmp4-shot0005_thumbnail.png“ data-orig-size=„600,600“ data-comments-opened=„1“ data-image-meta=„{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}“ data-image-title=„mrmcd16-7748-deu-nexmon_-_make_wi-fi_hacking_on_smartphones_great_again_sdmp4-shot0005_thumbnail“ data-image-description=„“ data-medium-file=„https://hackadaycom.files.wordpress.com/2016/09/mrmcd16-7748-deu-nexmon_-_make_wi-fi_hacking_on_smartphones_great_again_sdmp4-shot0005_thumbnail.png?w=400&h=400“ data-large-file=„https://hackadaycom.files.wordpress.com/2016/09/mrmcd16-7748-deu-nexmon_-_make_wi-fi_hacking_on_smartphones_great_again_sdmp4-shot0005_thumbnail.png?w=600“ class=„alignright size-medium wp-image-221963“ src=„https://hackadaycom.files.wordpress.com/2016/09/mrmcd16-7748-deu-nexmon_-_make_wi-fi_hacking_on_smartphones_great_again_sdmp4-shot0005_thumbnail.png?w=400&h=400“ alt=„mrmcd16-7748-deu-nexmon_-_make_wi-fi_hacking_on_smartphones_great_again_sdmp4-shot0005_thumbnail“ width=„400“ height=„400“ srcset=„https://hackadaycom.files.wordpress.com/2016/09/mrmcd16-7748-deu-nexmon_-_make_wi-fi_hacking_on_smartphones_great_again_sdmp4-shot0005_thumbnail.png?w=400&h=400 400w, https://hackadaycom.files.wordpress.com/2016/09/mrmcd16-7748-deu-nexmon_-_make_wi-fi_hacking_on_smartphones_great_again_sdmp4-shot0005_thumbnail.png?w=250&h=250 250w, https://hackadaycom.files.wordpress.com/2016/09/mrmcd16-7748-deu-nexmon_-_make_wi-fi_hacking_on_smartphones_great_again_sdmp4-shot0005_thumbnail.png 600w“ sizes=„(max-width: 400px) 100vw, 400px“/>Enter the <a href=„https://dev.seemoo.tu-darmstadt.de/bcm/bcm-public“ target=„_blank“>NexMon project</a>. If you’ve got a Nexus 5 phone with the Broadcom BCM4339 WiFi chipset, you’ve now got a monitor-mode, packet-injecting workhorse in your pocket, and it looks a lot less creepy than that old Zaurus. But more to the point, NexMon is open. If you’d like to get inside what it took to reverse-engineer a hole into the phone’s WiFi, or make your own patches, <a href=„http://arxiv.org/abs/1601.07077“ target=„_blank“>here’s a great starting place</a>.</p> <p>But wait, there’s more! The recently released Raspberry Pi 3 has a similar Broadcom WiFi chipset, and has been <a href=„https://dev.seemoo.tu-darmstadt.de/bcm/bcm-rpi3“ target=„_blank“>given the same treatment</a>, turning your RPi 3 into a wireless-sniffing powerhouse. How many Raspberry Pi “hacks” actually hack the Raspberry Pi? Well, here’s one.</p> <p>We first learned of this project from a talk given at the <a href=„https://2016.mrmcd.net/en/“ target=„_blank“>MetaRhein-Main Chaos Days</a> conference which took place last weekend. The <a href=„https://media.ccc.de/v/MRMCD16-7748-nexmon_-_make_wi-fi_hacking_on_smartphones_great_again“ target=„_blank“>NexMon talk</a> (in German, but with slides in English) is just one of the many talks, all of which are <a href=„https://media.ccc.de/c/mrmcd16“ target=„_blank“>available online</a>.</p> <p>The NexMon project is a standout, however. Not only do they reverse the WiFi firmware in the Nexus 5, but they show you how, and then apply the same methods to the RPi3. Kudos times three to [Matthias Schulz], [Daniel Wegemer], and [Matthias Hollick]!</p> </html>
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Noncommercial-Share Alike 4.0 International