Hello there.
So recently I've been trying to install Nethunter on my old POCO X2 (phoenixin) device and I'm having some trouble getting the monitor mode to start. I did my research in the last few days and know for a fact that my internal wifi does support monitor mode. I have even attached the 'iw phy0 info' below for reference. It shows monitor mode under "supported interface modes" there.
But what I can't find is a supported kernel to get those drivers to enable monitor mode. Kali does not have any dedicated for my device. I even tried building one with the Kali Nethunter Kernel Builder but I'm not very familiar with Kernel building and ended up soft bricking my phone.
So anyone out there, familiar with Kernel Building could help me get this thing to work. Would greatly appreciate it.
Things I have tried so far:-
[All these methods were done on a Rooted device with Magisk 25.1]
[Nethunter website does not have a supported Nethunter package for POCO X2]
1. Installed Nethunter Lite Generic version without Kernel through Magisk. (Didn't work)
2. Tried building a kernel with NH Kernel Builder. Took a source kernel and modified it a little looking at other Nethunter kernels. (Ended up soft bricking my phone and had to reset it)
3. Tried installing a similar device (Xiaomi Mi 9T) Nethunter supported package through Magisk. The module installed but installing the kernel bricked the phone again.
'iw phy0 info' script
Airmon-ng output
Method I use to enable monitor mode and the error that I get.
Method 1 (Root Kali Terminal)
Method 2 (Termux)
That's all I can think of right now. Please let me know if u need any other info about anything else.
Phone Specs:-
ROM - Project Elixir Android 12
So recently I've been trying to install Nethunter on my old POCO X2 (phoenixin) device and I'm having some trouble getting the monitor mode to start. I did my research in the last few days and know for a fact that my internal wifi does support monitor mode. I have even attached the 'iw phy0 info' below for reference. It shows monitor mode under "supported interface modes" there.
But what I can't find is a supported kernel to get those drivers to enable monitor mode. Kali does not have any dedicated for my device. I even tried building one with the Kali Nethunter Kernel Builder but I'm not very familiar with Kernel building and ended up soft bricking my phone.
So anyone out there, familiar with Kernel Building could help me get this thing to work. Would greatly appreciate it.
Things I have tried so far:-
[All these methods were done on a Rooted device with Magisk 25.1]
[Nethunter website does not have a supported Nethunter package for POCO X2]
1. Installed Nethunter Lite Generic version without Kernel through Magisk. (Didn't work)
2. Tried building a kernel with NH Kernel Builder. Took a source kernel and modified it a little looking at other Nethunter kernels. (Ended up soft bricking my phone and had to reset it)
3. Tried installing a similar device (Xiaomi Mi 9T) Nethunter supported package through Magisk. The module installed but installing the kernel bricked the phone again.
'iw phy0 info' script
Code:
(rootkali)-[~]
# iw phy0 info
Wiphy phy0
wiphy index: 0 max # scan SSIDs: 10
max scan IEs length: 2048 bytes
max # sched scan SSIDs: 16 max # match sets: 16
max # scan plans: 2 max scan plan interval: 3600
max scan plan iterations: 10
Retry short limit: 7
Retry long limit: 4
Coverage class: 0 (up to 0m)
Device supports roaming.
Device supports T-DLS.
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* 00-40-96:254
* 00-40-96:255
* CCMP-128 (00-0f-ac:4)
* WPI-SMS4 (00-14-72:1)
* CMAC (00-0f-ac:6)
* GMAC-128 (00-0f-ac:11)
* GMAC-256 (00-0f-ac:12)
* GCMP-128 (00-0f-ac:8)
* GCMP-256 (00-0f-ac:9)
Available Antennas: TX 0 RX 0
Supported interface modes:
* IBSS
* managed
* AP
* monitor
* P2P-client
* P2P-GO
* NAN
Band 1:
Capabilities: 0x90f2
HT20/HT40
Static SM Power Save
RX Greenfield
RX HT20 SGI
RX HT40 SGI
TX STBC
No RX STBC
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
L-SIG TXOP protection
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 16 usec (0x07)
HT Max RX data rate: 300 Mbps
HT TX/RX MCS rate indexes supported: 0-15
VHT Capabilities (0x00000000):
Max MPDU length: 3895
Supported Channel Width: neither 160 nor 80+80
VHT RX MCS set:
1 streams: MCS 0-7
2 streams: MCS 0-7
3 streams: MCS 0-7
4 streams: MCS 0-7
5 streams: MCS 0-7
6 streams: MCS 0-7
7 streams: MCS 0-7
8 streams: MCS 0-7
VHT RX highest supported: 0 Mbps
VHT TX MCS set:
1 streams: MCS 0-7
2 streams: MCS 0-7
3 streams: MCS 0-7
4 streams: MCS 0-7
5 streams: MCS 0-7
6 streams: MCS 0-7
7 streams: MCS 0-7
8 streams: MCS 0-7
VHT TX highest supported: 0 Mbps
Bitrates (non-HT):
* 1.0 Mbps
* 2.0 Mbps
* 5.5 Mbps
* 11.0 Mbps
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 2412 MHz [1] (30.0 dBm)
* 2417 MHz [2] (30.0 dBm)
* 2422 MHz [3] (30.0 dBm)
* 2427 MHz [4] (30.0 dBm)
* 2432 MHz [5] (30.0 dBm)
* 2437 MHz [6] (30.0 dBm)
* 2442 MHz [7] (30.0 dBm)
* 2447 MHz [8] (30.0 dBm)
* 2452 MHz [9] (30.0 dBm)
* 2457 MHz [10] (30.0 dBm)
* 2462 MHz [11] (30.0 dBm)
* 2467 MHz [12] (30.0 dBm)
* 2472 MHz [13] (30.0 dBm)
* 2484 MHz [14] (disabled)
Band 2:
Capabilities: 0x90f2
HT20/HT40
Static SM Power Save
RX Greenfield
RX HT20 SGI
RX HT40 SGI
TX STBC
No RX STBC
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
L-SIG TXOP protection
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 16 usec (0x07)
HT Max RX data rate: 300 Mbps
HT TX/RX MCS rate indexes supported: 0-15
VHT Capabilities (0x03917bfa):
Max MPDU length: 11454
Supported Channel Width: 160 MHz, 80+80 MHz RX LDPC
short GI (80 MHz)
short GI (160/80+80 MHz)
TX STBC
SU Beamformer
SU Beamformee
MU Beamformee
VHT RX MCS set:
1 streams: MCS 0-9
2 streams: MCS 0-9
3 streams: not supported
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT RX highest supported: 866 Mbps
VHT TX MCS set:
1 streams: MCS 0-9
2 streams: MCS 0-9
3 streams: not supported
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT TX highest supported: 866 Mbps
Bitrates (non-HT):
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 5180 MHz [36] (30.0 dBm)
* 5200 MHz [40] (30.0 dBm)
* 5220 MHz [44] (30.0 dBm)
* 5240 MHz [48] (30.0 dBm)
* 5260 MHz [52] (24.0 dBm) (radar detection)
* 5280 MHz [56] (24.0 dBm) (radar detection)
* 5300 MHz [60] (24.0 dBm) (radar detection)
* 5320 MHz [64] (24.0 dBm) (radar detection)
* 5500 MHz [100] (24.0 dBm) (radar detection)
* 5520 MHz [104] (24.0 dBm) (radar detection)
* 5540 MHz [108] (24.0 dBm) (radar detection)
* 5560 MHz [112] (24.0 dBm) (radar detection)
* 5580 MHz [116] (24.0 dBm) (radar detection)
* 5600 MHz [120] (24.0 dBm) (radar detection)
* 5620 MHz [124] (24.0 dBm) (radar detection)
* 5640 MHz [128] (24.0 dBm) (radar detection)
* 5660 MHz [132] (24.0 dBm) (radar detection)
* 5680 MHz [136] (24.0 dBm) (radar detection)
* 5700 MHz [140] (24.0 dBm) (radar detection)
* 5720 MHz [144] (24.0 dBm) (radar detection)
* 5745 MHz [149] (30.0 dBm)
* 5765 MHz [153] (30.0 dBm)
* 5785 MHz [157] (30.0 dBm)
* 5805 MHz [161] (30.0 dBm)
* 5825 MHz [165] (30.0 dBm)
* 5845 MHz [169] (30.0 dBm)
* 5865 MHz [173] (30.0 dBm)
Supported commands:
* new_interface
* set_interface
* new_key
* start_ap
* new_station
* set_bss
* join_ibss
* set_pmksa
* del_pmksa
* flush_pmksa
* remain_on_channel
* frame
* frame_wait_cancel
* set_channel
* tdls_mgmt
* tdls_oper
* start_sched_scan
* testmode
* connect
* disconnect
* channel_switch
* update_connect_params
* update_ft_ies
Supported TX frame types:
* IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
Supported RX frame types:
* IBSS: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* managed: 0x40 0xb0 0xd0
* AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* P2P-client: 0x40 0xd0
* P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
WoWLAN support:
* wake up on anything (device continues operating normally)
* wake up on disconnect
* wake up on magic packet
* wake up on pattern match, up to 4 patterns of 6-64 bytes,
maximum packet offset 0 bytes
* can do GTK rekeying
* wake up on GTK rekey failure
* wake up on EAP identity request
* wake up on 4-way handshake
* wake up on rfkill release
software interface modes (can always be added):
valid interface combinations:
* #{ managed } <= 3,
total <= 3, #channels <= 2
* #{ managed } <= 1, #{ IBSS } <= 1,
total <= 2, #channels <= 2
* #{ AP } <= 3,
total <= 3, #channels <= 2
* #{ P2P-client } <= 1, #{ P2P-GO } <= 1,
total <= 2, #channels <= 2
* #{ managed } <= 2, #{ AP } <= 2,
total <= 4, #channels <= 2, STA/AP BI must match * #{ managed } <= 2, #{ P2P-client, P2P-GO } <= 2, total <= 4, #channels <= 2, STA/AP BI must match * #{ managed } <= 2, #{ P2P-GO } <= 1, #{ AP } <= 1,
total <= 4, #channels <= 2, STA/AP BI must match * #{ managed } <= 1, #{ P2P-client, P2P-GO } <= 1, #{ AP } <= 1,
total <= 3, #channels <= 2, STA/AP BI must match * #{ managed } <= 1, #{ P2P-client, P2P-GO } <= 2, total <= 3, #channels <= 2, STA/AP BI must match * #{ monitor } <= 3,
total <= 3, #channels <= 2
Device supports HT-IBSS.
Device has client inactivity timer.
Device accepts cell base station regulatory hints.
Device supports SAE with AUTHENTICATE command
Device supports scan flush.
Device supports per-vif TX power setting
Driver/device bandwidth changes during BSS lifetime (AP/GO mode)
Device supports randomizing MAC-addr in scans.
Device supports randomizing MAC-addr in sched scans.
Maximum associated stations in AP mode: 32
Supported extended features:
* [ VHT_IBSS ]: VHT-IBSS
* [ BEACON_RATE_LEGACY ]: legacy beacon rate setting
* [ BEACON_RATE_HT ]: HT beacon rate setting
* [ BEACON_RATE_VHT ]: VHT beacon rate setting
* [ MGMT_TX_RANDOM_TA ]: randomized TA while not associated
* [ SCHED_SCAN_RELATIVE_RSSI ]: sched_scan for BSS with better RSSI report
* [ FILS_SK_OFFLOAD ]: FILS shared key authentication offload
* [ FILS_MAX_CHANNEL_TIME ]: FILS max channel attribute override with dwell time
* [ ACCEPT_BCAST_PROBE_RESP ]: accepts broadcast probe response
* [ OCE_PROBE_REQ_HIGH_TX_RATE ]: probe request TX at high rate (at least 5.5Mbps)
* [ OCE_PROBE_REQ_DEFERRAL_SUPPRESSION ]: probe request tx deferral and suppression
* [ LOW_SPAN_SCAN ]: low span scan
* [ LOW_POWER_SCAN ]: low power scan
* [ HIGH_ACCURACY_SCAN ]: high accuracy scan
* [ DFS_OFFLOAD ]: DFS offload
(rootkali)-[~]Airmon-ng output
Code:
(root㉿kali)-[~] └─# airmon-ng
PHY Interface Driver Chipset
phy0 p2p0 icnss Not pci, usb, or sdio
phy0 wlan0 icnss Not pci, usb, or sdio
(root㉿kali)-[~]Method I use to enable monitor mode and the error that I get.
Method 1 (Root Kali Terminal)
Code:
(rootkali)-[~]
# ifconfig wlan0 down
(rootkali)-[~]
# iwconfig wlan0 mode monitor
Error for wireless request "Set Mode" (8B06) :
SET failed on device wlan0 ; Operation not supported.
(rootkali)-[~]
# ifconfig wlan0 up
SIOCSIFFLAGS: Resource temporarily unavailable
(rootkali)-[~]Method 2 (Termux)
Code:
:/ # ip link set wlan0 down
:/ # echo "4" > /sys/module/wlan/parameters/con_mode
1|:/ # ip link set wlan0 up
:/ #That's all I can think of right now. Please let me know if u need any other info about anything else.
Phone Specs:-
ROM - Project Elixir Android 12
Last edited:
