Posts

How did I figure Pixel 6 could sniff WIFI?

 I just wrote a quick post on how to sniff WIFI packets with Pixel 6 Pro in monitor mode.  But, how did I figure it out?  I'm not a WIFI engineer, and only really pretend to know how it works, but I have been hacking on Android phones for the last 13 years, starting with the Motorola Droid (Eclair launch device, OMAP3) and especially Motorola Cliq (launched on Cupcake, MSM72xx). I started by flashing the aosp_raven-userdebug build, because I knew I wanted root access for tcpdump etc., and it was pretty easy to do it this way. From here, I started with tcpdump on wlan0, which works but you can't sniff and it's not monitor mode.  I naively started searching the phone for an "iwconfig" or "iw" or other tools that might help me reconfigure the chip.  I neglected to find /system/bin/iw which was right there, but instead I stumbled into: raven:/vendor/bin # ls -ld *w* -rwxr-xr-x 1 root shell 147400 2009-01-01 00:00 awk lrwxr-xr-x 1 root shell 13 2009-01-01

Getting the BCM4389 in Pixel 6 into monitor mode for tcpdump/Wireshark WIFI sniffing

A little side project to debug a WIFI 6E TP-Link mesh network in my house, went from "This sounds easy!" to "This is impossible!" to "It can't be this easy, can it?" Anyway: since I couldn't find any online instructions to sniff WIFI packets on my Pixel 6 Pro, I figured I should do a quick writeup for others to follow.  I feel sure that the firmware and binaries used here could be leveraged in a custom ROM for Pixel 6 and maybe even pilfered for monitor mode on other devices that use BCM4389. Here's how I got my Pixel 6 Pro (raven) to sniff WIFI packets, specifically beacons coming from my AP.  The same directions will work on Pixel 6, and probably Bluejay (6a).  It seems likely to work on Pixel 7 but I don't have one to try. Prerequisites:   Platform Tools from Android, for ADB, installed on your PC.  You might also want to install Wireshark, but you don't strictly need it.