WiFi monitor mode

[v1da]

thank you man, monitor mode now working on my poco F1, using its module magisk + aircrack-ng

Monitor mode, airodump-ng is working, but it's not fine
I used termux aircrack-ng package, but

aireplay-ng --test wlan0

is not working, meaning packet injection is not working
what aircrack-ng do you use?
Device: mido

 

[KJMuRad]

thank you man, monitor mode now working on my poco F1, using its module magisk + aircrack-ng

Please help me, how did you do that?
On my Poco, When I flash this module, no terminal (both Kali and Andrax) works. They crush.

 

[SPIKELORD]

i got the "invalid command" output, i think my card doesn't support monmod, can someone help me plz?

here is the iwpriv output:

iwpriv
ip_vti0 no private ioctls.

p2p0 no private ioctls.

rmnet_data5 no private ioctls.

lo no private ioctls.

r_rmnet_data0 no private ioctls.

rmnet_data6 no private ioctls.

rmnet_data9 no private ioctls.

wlan0 Available private ioctls :
set11Dstate (0001) : set 1 int & get 0
wowl (0002) : set 1 int & get 0
setPower (0003) : set 1 int & get 0
setMaxAssoc (0004) : set 1 int & get 0
scan_disable (0005) : set 1 int & get 0
inactivityTO (0006) : set 1 int & get 0
wow_ito (005A) : set 1 int & get 0
setMaxTxPower (0007) : set 1 int & get 0
setTxPower (004A) : set 1 int & get 0
setMcRate (0051) : set 1 int & get 0
setTxMaxPower2G (002A) : set 1 int & get 0
setTxMaxPower5G (002B) : set 1 int & get 0
pktlog (002C) : set 11 int & get 0
setTxMaxPower (0007) : set 1 int & get 0
setHDtimTransn (0008) : set 1 int & get 0
setTmLevel (0009) : set 1 int & get 0
setphymode (000A) : set 1 int & get 0
nss (000B) : set 1 int & get 0
ldpc (000C) : set 1 int & get 0
tx_stbc (000D) : set 1 int & get 0
rx_stbc (000E) : set 1 int & get 0
shortgi (000F) : set 1 int & get 0
enablertscts (0010) : set 1 int & get 0
chwidth (0011) : set 1 int & get 0
anienable (0012) : set 1 int & get 0
aniplen (0013) : set 1 int & get 0
anilislen (0014) : set 1 int & get 0
aniofdmlvl (0015) : set 1 int & get 0
aniccklvl (0016) : set 1 int & get 0
cwmenable (0017) : set 1 int & get 0
cts_cbw (0054) : set 1 int & get 0
gtxHTMcs (003E) : set 1 int & get 0
gtxVHTMcs (003F) : set 1 int & get 0
gtxUsrCfg (0040) : set 1 int & get 0
gtxThre (0041) : set 1 int & get 0
gtxMargin (0042) : set 1 int & get 0
gtxStep (0043) : set 1 int & get 0
gtxMinTpc (0044) : set 1 int & get 0
gtxBWMask (0045) : set 1 int & get 0
txchainmask (0018) : set 1 int & get 0
rxchainmask (0019) : set 1 int & get 0
set11NRates (001A) : set 1 int & get 0
set11ACRates (0027) : set 1 int & get 0
ampdu (001B) : set 1 int & get 0
amsdu (001C) : set 1 int & get 0
txpow2g (001D) : set 1 int & get 0
txpow5g (001E) : set 1 int & get 0
dl_loglevel (001F) : set 1 int & get 0
dl_vapon (0020) : set 1 int & get 0
dl_vapoff (0021) : set 1 int & get 0
dl_modon (0022) : set 1 int & get 0
dl_modoff (0023) : set 1 int & get 0
dl_mod_loglevel (0024) : set 1 int & get 0
dl_type (0025) : set 1 int & get 0
dl_report (0028) : set 1 int & get 0
txrx_fw_stats (0026) : set 1 int & get 0
txrx_fw_st_rst (0029) : set 1 int & get 0
paid_match (002D) : set 1 int & get 0
gid_match (002E) : set 1 int & get 0
tim_clear (002F) : set 1 int & get 0
dtim_clear (0030) : set 1 int & get 0
eof_delim (0031) : set 1 int & get 0
mac_match (0032) : set 1 int & get 0
delim_fail (0033) : set 1 int & get 0
nsts_zero (0034) : set 1 int & get 0
rssi_chk (0035) : set 1 int & get 0
5g_ebt (0053) : set 1 int & get 0
htsmps (0037) : set 1 int & get 0
set_qpspollcnt (0038) : set 1 int & get 0
set_qtxwake (0039) : set 1 int & get 0
set_qwakeintv (003A) : set 1 int & get 0
set_qnodatapoll (003B) : set 1 int & get 0
setMccLatency (0046) : set 1 int & get 0
setMccQuota (0047) : set 1 int & get 0
setDbgLvl (0048) : set 1 int & get 0
erx_enable (004B) : set 1 int & get 0
erx_bmiss_val (004C) : set 1 int & get 0
erx_bmiss_smpl (004D) : set 1 int & get 0
erx_slop_step (004E) : set 1 int & get 0
erx_init_slop (004F) : set 1 int & get 0
erx_adj_pause (0050) : set 1 int & get 0
erx_dri_sample (0052) : set 1 int & get 0
dumpStats (0055) : set 1 int & get 0
clearStats (0056) : set 1 int & get 0
startProfile (0057) : set 1 int & get 0
setChanChange (0058) : set 1 int & get 0
setConcSysPref (0059) : set 1 int & get 0
setModDTIM (005B) : set 1 int & get 0
get11Dstate (0001) : set 0 & get 1 int
getwlandbg (0004) : set 0 & get 1 int
getMaxAssoc (0006) : set 0 & get 1 int
getconcurrency (0009) : set 0 & get 1 int
get_nss (000B) : set 0 & get 1 int
get_ldpc (000C) : set 0 & get 1 int
get_tx_stbc (000D) : set 0 & get 1 int
get_rx_stbc (000E) : set 0 & get 1 int
get_shortgi (000F) : set 0 & get 1 int
get_rtscts (0010) : set 0 & get 1 int
get_chwidth (0011) : set 0 & get 1 int
get_anienable (0012) : set 0 & get 1 int
get_aniplen (0013) : set 0 & get 1 int
get_anilislen (0014) : set 0 & get 1 int
get_aniofdmlvl (0015) : set 0 & get 1 int
get_aniccklvl (0016) : set 0 & get 1 int
get_cwmenable (0017) : set 0 & get 1 int
get_gtxHTMcs (002F) : set 0 & get 1 int
get_gtxVHTMcs (0030) : set 0 & get 1 int
get_gtxUsrCfg (0031) : set 0 & get 1 int
get_gtxThre (0032) : set 0 & get 1 int
get_gtxMargin (0033) : set 0 & get 1 int
get_gtxStep (0034) : set 0 & get 1 int
get_gtxMinTpc (0035) : set 0 & get 1 int
get_gtxBWMask (0036) : set 0 & get 1 int
get_txchainmask (0018) : set 0 & get 1 int
get_rxchainmask (0019) : set 0 & get 1 int
get_11nrate (001A) : set 0 & get 1 int
get_ampdu (001B) : set 0 & get 1 int
get_amsdu (001C) : set 0 & get 1 int
get_txpow2g (001D) : set 0 & get 1 int
get_txpow5g (001E) : set 0 & get 1 int
get_paid_match (0020) : set 0 & get 1 int
get_gid_match (0021) : set 0 & get 1 int
get_tim_clear (0022) : set 0 & get 1 int
get_dtim_clear (0023) : set 0 & get 1 int
get_eof_delim (0024) : set 0 & get 1 int
get_mac_match (0025) : set 0 & get 1 int
get_delim_fail (0026) : set 0 & get 1 int
get_nsts_zero (0027) : set 0 & get 1 int
get_rssi_chk (0028) : set 0 & get 1 int
get_qpspollcnt (0029) : set 0 & get 1 int
get_qtxwake (002A) : set 0 & get 1 int
get_qwakeintv (002B) : set 0 & get 1 int
get_qnodatapoll (002C) : set 0 & get 1 int
cap_tsf (003A) : set 0 & get 1 int
get_temp (0038) : set 0 & get 1 int
wowlAddPtrn (0001) : set 512 char & get 0
wowlDelPtrn (0002) : set 512 char & get 0
neighbor (0003) : set 512 char & get 0
set_ap_wps_ie (0004) : set 512 char & get 0
setConfig (0005) : set 512 char & get 0
setwlandbg (0001) : set 3 int & get 0
set_dp_trace (0002) : set 3 int & get 0
fw_test (0004) : set 3 int & get 0
get_tsf (0001) : set 0 & get 3 int
set_scan_cfg (0015) : set 3 int & get 0
version (0001) : set 0 & get 2047 char
getStats (0002) : set 0 & get 2047 char
getSuspendStats (0007) : set 0 & get 2047 char
listProfile (000F) : set 0 & get 2047 char
getHostStates (000A) : set 0 & get 2047 char
getConfig (0003) : set 0 & get 2047 char
getRSSI (0006) : set 0 & get 2047 char
getWmmStatus (0004) : set 0 & get 2047 char
getChannelList (0005) : set 0 & get 2047 char
getTdlsPeers (0008) : set 0 & get 2047 char
getPMFInfo (0009) : set 0 & get 2047 char
getIbssSTAs (000B) : set 0 & get 2047 char
getphymode (000C) : set 0 & get 2047 char
getOemDataCap (000D) : set 0 & get 2047 char
getSNR (000E) : set 0 & get 2047 char
ibssPeerInfoAll (000A) : set 0 & get 0
getRecoverStat (0011) : set 0 & get 0
getProfileData (0012) : set 0 & get 0
reassoc (0008) : set 0 & get 0
stop_obss_scan (0013) : set 0 & get 0
ibssPeerInfo (0006) : set 11 int & get 0
setdumplog (0009) : set 11 int & get 0
dumplog (0008) : set 11 int & get 0
pm_cinfo (000F) : set 11 int & get 0
pm_clist (000B) : set 11 int & get 0
pm_dlist (000C) : set 11 int & get 0
pm_dbs (000D) : set 11 int & get 0
pm_pcl (000E) : set 11 int & get 0
pm_ulist (0010) : set 11 int & get 0
pm_query_action (0011) : set 11 int & get 0
pm_query_allow (0012) : set 11 int & get 0
pm_run_scenario (0013) : set 11 int & get 0
pm_set_hw_mode (0014) : set 11 int & get 0
setTdlsConfig (0005) : set 11 int & get 0
setUnitTestCmd (0007) : set 11 int & get 0
halPwrDebug (0004) : set 11 int & get 0
addTspec (8BE9) : set 19 int & get 1 int
delTspec (8BEB) : set 1 int & get 1 int
getTspec (8BED) : set 1 int & get 1 int
setHostOffload (8BF2) : set 24 byte & get 0
getWlanStats (8BF5) : set 0 & get 2047 byte
setKeepAlive (8BF6) : set 32 byte & get 0
setPktFilter (8BF7) : set 103 byte & get 0
setpno (8BF8) : set 2047 char & get 0
SETBAND (8BF9) : set 1 int & get 0
setMCBCFilter (8BFA) : set 0 & get 0
getLinkSpeed (8BFF) : set 18 char & get 5 char
set_smps_param (0001) : set 2 int & get 0
set_dot11p (8BFE) : set 208 byte & get 0
crash_inject (0002) : set 2 int & get 0
log_buffer (0008) : set 2 int & get 0
enableProfile (0004) : set 2 int & get 0
set_hist_intvl (0005) : set 2 int & get 0
set_fw_mode_cfg (0016) : set 2 int & get 0
dump_dp_trace (0003) : set 2 int & get 0
setMonChan (0017) : set 2 int & get 0
hostroamdelay (003B) : set 0 & get 1 int
set_ft_ies (8BF4) : set 384 char & get 0

rmnet_data3 no private ioctls.

r_rmnet_data5 no private ioctls.

ip6_vti0 no private ioctls.

bond0 no private ioctls.

r_rmnet_data2 no private ioctls.

rmnet_data8 no private ioctls.

rmnet_data2 no private ioctls.

rmnet_data10 no private ioctls.

sit0 no private ioctls.

r_rmnet_data4 no private ioctls.

rmnet_data4 no private ioctls.

r_rmnet_data6 no private ioctls.

r_rmnet_data1 no private ioctls.

dummy0 no private ioctls.

rmnet_ipa0 no private ioctls.

r_rmnet_data8 no private ioctls.

r_rmnet_data3 no private ioctls.

rmnet_data7 no private ioctls.

wlan1 no private ioctls.

r_rmnet_data7 no private ioctls.

ip6tnl0 no private ioctls.

rmnet_data1 no private ioctls.

rmnet_data0 no private ioctls.

 

[theo1001]

I also got "invalid command" for monitor and MonitorModeConf on my Poco F1 but setting con_mode to 4 was enough to enable monitor mode.

This commands seems relevant:
iwpriv wlan0 setMonChan <channel> <channel width>
# Valid channel width options: 0=20MHz, 1=40MHz, 2=80MHz
# Ex: iwpriv wlan0 setMonChan 36 2

but other methods of changing the channel (e.g airmon-ng) also worked.

No packet injection though.

 

[[email protected]]

does this work on any device with qcom chipset?

 

[nasim7500]

Someone please help me,,
I am very intrested to enable monitor mode in redmi note 3 pro (kenzo) "wlan0" means without external adepter
Please help me,,,

 

[vidyasagar kamthane]

Thx dude

I am using poco f1, that module removing busybox when I reinstated busybox, that module not working,
Help me to work both busybox and qcmon.zip together ?

 

[theo1001]

I am using poco f1, that module removing busybox when I reinstated busybox, that module not working,
Help me to work both busybox and qcmon.zip together ?

All that module does is copy the files (monen, mondis, iwpriv) from qcmon.zip/system/xbin to /system/xbin so you can just do that manually using a file manager.

You also need to give them "exec" permission, either through the file manager (properties->permissions) or by running
chmod +x /system/xbin/monen
chmod +x /system/xbin/mondis
chmod +x /system/xbin/iwpriv
on the terminal.

 

[vidyasagar kamthane]

All that module does is copy the files (monen, mondis, iwpriv) from qcmon.zip/system/xbin to /system/xbin so you can just do that manually using a file manager.

You also need to give them "exec" permission, either through the file manager (properties->permissions) or by running
chmod +x /system/xbin/monen
chmod +x /system/xbin/mondis
chmod +x /system/xbin/iwpriv
on the terminal.

No charge I did same ,
When I rebooted all files are deleted.

 

[[email protected]]

Might you copied to /sbin.

 

[vidyasagar kamthane]

All that module does is copy the files (monen, mondis, iwpriv) from qcmon.zip/system/xbin to /system/xbin so you can just do that manually using a file manager.

You also need to give them "exec" permission, either through the file manager (properties->permissions) or by running
chmod +x /system/xbin/monen
chmod +x /system/xbin/mondis
chmod +x /system/xbin/iwpriv
on the terminal.

I did same but no charge
When I rebooted all files are deleted

 

[vidyasagar kamthane]

I have created a teligram group if anyone is interested about nethunter in poco f1 please join this group
https://t.me/joinchat/L1ITDxZ4O06lX-HAvUp09g

 

[ottjoshua]

Did y'all ever get injection working?

 

[Majd-52]

I need to fix this Please !

I tried enable monitor mode in xiaomi redmi note 5 i put iwpriv in /data/local/tmp/ and execute echo 4 > /sys/module/wlan/parameters/con_mode and airmon-ng start wlan0
and all its ok .
but ! i couldn,t to change the channel of the monitor mode .
it always 0
i apply some commands to solve it but it doesn,t work
any one could help

 

[darkzatan11]

I tried enable monitor mode in xiaomi redmi note 5 i put iwpriv in /data/local/tmp/ and execute echo 4 > /sys/module/wlan/parameters/con_mode and airmon-ng start wlan0
and all its ok .
but ! i couldn,t to change the channel of the monitor mode .
it always 0
i apply some commands to solve it but it doesn,t work
any one could help

You can change channels by typing ''iw dev wlan0 channel (channel)'' or ''iw dev mon0 set freq (freq)''
Test on my OnePLus 6t work perfect!

 

[darkzatan11]

Full tutorial!
1. Root you phone.
2. Install Termux
3. In termux install packages "apt install root-repo tsudo iw aircrack-ng"
4.Done, now test.

Enter termux and enable monitor mode " tsudo echo 4 > /sys/module/wlan/parametrs/con_mode"
And finally "tsudo airodump-ng wlan0"

 

[Mohamed Ab M]

When excuting monen or mondis error comes up
"Wlan0 no private ioctls"

 

[pion_sekolah]

horeee
my case : ioctl(SIOCSIWMODE) failed
mydevice : kenzo
my solution : edit source kernel in /driver/staging/prima/CORE/HDD/src/wlan_hdd_wext.c.txt

bla bla bla....

static const iw_handler we_handler[] =
{
(iw_handler) iw_set_commit, /* SIOCSIWCOMMIT */
(iw_handler) iw_get_name, /* SIOCGIWNAME */
(iw_handler) NULL, /* SIOCSIWNWID */
(iw_handler) NULL, /* SIOCGIWNWID */
(iw_handler) iw_set_freq, /* SIOCSIWFREQ */
(iw_handler) iw_get_freq, /* SIOCGIWFREQ */
(iw_handler) NULL, /* SIOCSIWMODE */
(iw_handler) NULL, /* SIOCGIWMODE */
(iw_handler) NULL, /* SIOCSIWSENS */
(iw_handler) NULL, /* SIOCGIWSENS */
......
bla bla bla....
and compile again. tanks for monen