Install Nexmon Firmware Patches for the Raspberry Pi

In this Raspberry Pi Nexmon tutorial, we will be showing you how you can install the Nexmon firmware patches to your Raspberry Pi.

Raspberry Pi Nexmon

For those who do not know what Nexmon is, it is a series of firmware patches for the Broadcom chip that the Raspberry Pi uses for Wi-Fi connectivity.

These patches provided by Nexmon unlock extra functionality that is not supported in the default Raspberry Pi drivers.

One feature, in particular, the Nexmon firmware unlocks on your Raspberry Pi is the ability to put the inbuilt Wi-Fi chip on the Raspberry Pi 3, Pi Zero and the Pi 3+ into monitor mode.

Monitor mode or also known as RFMON will allow your Raspberry Pi to monitor traffic on a wireless channel. It is handy for networking projects such as a network scanner.

To utilize the Nexmon firmware patches, we require a few things. First is a Raspberry Pi with inbuilt Wi-Fi such as the the models I listed above.

In addition to requiring a Raspberry Pi that has an inbuilt Wi-Fi chip, you will need to be running either a 4.9, 4.14 or 4.19 version of the Raspbian kernel.

Equipment

Below is all the equipment that you will need for installing the Nexmon firmware patches to your Raspberry Pi.

Recommended

Raspberry Pi with inbuilt wireless (3, 3+ or Zero W)

8GB SD Card or Micro SD Card if you’re using a Raspberry Pi 2, 3 or B+

USB Keyboard

USB Mouse

HDMI Cable

Ethernet Cord

Optional

Raspberry Pi Case

Video

The video below will walk you through the steps of setting up the Nexmon firmware patches on a Raspberry Pi 3B running the 4.14 version of the Raspberry Pi kernel.

If you are using a newer Raspberry Pi or are running a different version of the firmware, then you can follow our text instructions underneath the video.

Adblock blocking the video? Support us by subscribing to our ad-free service.

Preparing the Raspberry Pi for Nexmon

1. Before we go ahead and install the Nexmon patches, we need first to upgrade our Raspberry Pi to ensure that we are running the latest available version of the Raspbian operating system.

To update and upgrade Raspbian we need to run the following two commands.

sudo apt-get update
sudo apt-get upgrade

2. Once Raspbian has finished updating we will now need to restart the Raspberry Pi.

Restarting the Pi will ensure that the Nexmon setup scripts can detect the current kernel version, especially if an update occurred in the previous two steps.

To reboot the Raspberry Pi, run the following command.

sudo reboot

3. Before we can continue this tutorial on installing the Nexmon driver patches, we must first ensure we are running on a version of the Kernel supported by the patcher.

We can check the kernel version by running the command below.

uname -r

This command you should return something like “4.14.98-v7+“. As long as you are running a version of the kernel that starts with “4.9“, “4.14“, or “4.19“, then you can proceed with the tutorial.

4. Once your Raspberry Pi has finished rebooting you will need to change your user to be running as the superuser. We do this as all of the following steps will require extra privileges.

To change into the root user for the Raspberry Pi, run the command below.

sudo su

5. Now that we are interacting as the superuser we will need to install all the packages required for compiling the Nexmon kernel patches.

Please note that it can take quite some time for the Raspberry Pi Kernel Headers to be installed to your Raspberry Pi as they contain hundreds of small files.

Run the command below to install all of Nexmon’s required packages.

apt install git libgmp3-dev gawk qpdf bison flex make raspberrypi-kernel-headers

6. With all the required packages for installing Nexmon now installed to our Raspberry Pi lets proceed on to cloning the Nexmon repository.

Run the command below to clone the repository.

git clone https://github.com/seemoo-lab/nexmon.git

As this is a rather large repository, it will take up to 250mb on your Raspberry Pi and will take some time to clone fully.

Compiling the Additional Libraries

1. Now that we have the Nexmon code cloned to our Raspberry Pi we need to proceed to compile two libraries that it requires.

Before we compile and install these libraries, we must ensure that you are still running as the “root” user. You should see the “root@raspberrypi” text in your command line and not “pi@raspberrypi“.

If you are no longer running as the root user make sure you run the following command.

sudo su

2. To proceed, we need to check to see if a required library is available to us. To do this, we can just run the “stat” command below to see if the file exists.

stat /usr/lib/arm-linux-gnueabihf/libisl.so.10

If this command returns the text displayed below, then you need to follow step 3 otherwise you can skip to step 4 of this tutorial.

stat: cannot stat '/usr/lib/arm-linux-gnueabihf/libisl.so.10': No such file or directory

3. If the “libisl.so.10” file is unavailable we will have to compile a new version of it using the provided source code from the Nexmon repository.

Follow the steps below to learn how to compile the library from scratch and move it into the correct position.

3a. Let’s begin by first changing into the isl buildtools directory in the Nexmon source code folders.

cd /home/pi/nexmon/buildtools/isl-0.10

3b. Now that we are in the correct directory let’s run the configure script to prepare the isl library for compilation.

./configure

3c. Once the configuration process has completed, we can now compile the library by running the following command.

make

3d. When your Raspberry Pi has finished compiling the required library, we can now run the makefile install command.

make install

3e. Finally, once all of that has finished, we need to create a link between our newly installed library file and the spot where we expect this library file to exist.

To link this file, you need to run the command below.

ln -s /usr/local/lib/libisl.so /usr/lib/arm-linux-gnueabihf/libisl.so.10

4. Our next step is to see if the libmpfr.so.4 library eixsts by running the following command.

stat /usr/lib/arm-linux-gnueabihf/libmpfr.so.4

If you get the following message then you will need to follow step 5 otherwise skip to the next section.

stat: cannot stat '/usr/lib/arm-linux-gnueabihf/libmpfr.so.4': No such file or directory

5a. To compile libmpfr we need to first change into the buildtools directory provided by Nexmon.

cd /home/pi/nexmon/buildtools/mpfr-3.1.4

5b. We need to now run autoreconf to prepare the makefile for the library so that we can compile it on our Raspberry Pi.

autoreconf -f -i

5c. Use the following command to configure the setup scripts for the Raspbian operating system.

./configure

5d. Finally compile and install the library by running the following two commands.

make
make install

5e. The last thing we need to do is create a link between our newly compiled file and the place where the Nexmon script expects it.

ln -s /usr/local/lib/libmpfr.so /usr/lib/arm-linux-gnueabihf/libmpfr.so.4

Installing the Nexmon Patches on your Raspberry Pi

1. With the two libraries we need now installed and available on our Raspberry Pi we can now proceed to compile

To start with, we need to utilize the “source” command and the “source_env.sh” file.

The “source_env.sh” file will set up the current bash session with the environment variables that the Nexmon makefile expects.

cd /home/pi/nexmon
source setup_env.sh

2. With the bash session now configured correctly let’s run the “make” command in the root directory of the nexmon source code.

This command will generate all the required files needed for patching the various versions of the kernel.

make

3. Here things get a little bit more complicated. There are two different folders that you will need to change into depending on what version of the Raspberry Pi that you have.

These folders contain the patches for the current version of the Broadcom chip on our Raspberry Pi.

Raspberry Pi 3 / Raspberry Pi Zero W

cd /home/pi/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/

Raspberry Pi 3+

cd /home/pi/nexmon/patches/bcm43455c0/7_45_154/nexmon/

Also for the Raspberry Pi 3+ You will need to run the following two commands while in this directory due to an issue in the makefile. This fix was provided by WiredLife from GitHub, you can find more about this issue there.

sed -i -e 's/ifeq ($(findstring 4.9,$(shell uname -r)),4.9)/ifeq ($(findstring 4.9.,$(shell uname -r)),4.9.)/g' Makefile
sed -i -e 's/else ifeq ($(findstring 4.14,$(shell uname -r)),4.14)/else ifeq ($(findstring 4.14.,$(shell uname -r)),4.14.)/g' Makefile

4. Now that we are in the correct directory we can go ahead and run the makefile by using the make command.

Running the make command will generate the patched versions of the firmware.

make

5. With the compiled versions of the patched firmware now created let’s go ahead and make a backup of the current firmware by running the command below.

make backup-firmware

6. Now let’s install the firmware by running the following command.

This command will swap out the current firmware. However, we will need to do other changes to make the driver be loaded properly on boot.

make install-firmware

7. The final thing that we need to do is to compile and install Nexmon’s utility tool.

To do this, we must first change into the nexutil directory.

cd /home/pi/nexmon/utilities/nexutil

8. Now that we are in the correct directory we can proceed to compile the utility and install it to our Raspbian operating system.

make
make install

Load the Modified Driver after Reboot

1. For this section, we will need to make a note of the kernel version that we are currently running as there are various versions of the brcmfmac driver that we can utilize.

Run the following command to retrieve the Kernel version and make a note of the first two numbers.

uname -r

2. Now that we know the kernel version we now need to find the path of the default driver.

We can retrieve driver information by utilizing the “modinfo” command.

modinfo brcmfmac

Using this command you can retrieve the directory that the driver is located in, and it should be the first entry in the list.

Below is the location that was generated for our system, notice we also removed the file “brcmfac.ko” from the directory name.

Make a note of this as we will need the directory for the next few steps.

filename: /lib/modules/4.14.98-v7+/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/

3. With the directory in hand, we can now start the process of replacing the brcmfac driver so that our modified version with the Nexmon patches will be loaded on boot.

Before we replace the driver, we should make a backup of the original just in case you ever want to revert to the default driver.

Let’s make a backup of the driver by running the following command. Make sure you replace <kerneldirectory> with the directory we found in step 2 of this section.

mv <kerneldirectory>/brcmfmac.ko <kerneldirectory>/brcmfmac.ko.orig

4. Now that we have made a backup of the default driver we can now proceed to replace the driver with our new one.

Make sure you utilize the correct command for the version of the kernel that you are running. There are two different commands based on whether you are running kernel version “4.9” or “4.14“.

Also, make sure that you select the right directory for the version of the Pi that you are using.

Like the last step make sure that you replace <kerneldirectory> with the directory that you retrieved in step 2 of this section.

Kernel Version 4.9

Raspberry Pi 3 / Raspberry Pi Zero W

cp /home/pi/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac_kernel49/brcmfmac.ko <kerneldirectory>/

Raspberry Pi 3+

cp /home/pi/nexmon/patches/bcm43455c0/7_45_154/nexmon/brcmfmac_4.9.y-nexmon/brcmfmac.ko <kerneldirectory>/

Kernel Version 4.14

Raspberry Pi 3 / Raspberry Pi Zero W

cp /home/pi/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac_4.14.y-nexmon/brcmfmac.ko <kerneldirectory>/

Raspberry Pi 3+

cp /home/pi/nexmon/patches/bcm43455c0/7_45_154/nexmon/brcmfmac_4.14.y-nexmon/brcmfmac.ko <kerneldirectory>/

Kernel Version 4.19

Raspberry Pi 3 / Raspberry Pi Zero W

cp /home/pi/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac_4.19.y-nexmon/brcmfmac.ko <kerneldirectory>/

Raspberry Pi 3+

cp /home/pi/nexmon/patches/bcm43455c0/7_45_154/nexmon/brcmfmac_4.19.y-nexmon/brcmfmac.ko <kerneldirectory>/

5. Once you have copied over the replacement driver that’s been patched using Nexmon we need to run the following command.

This command will use the depmod utility to recreate the list of modules. Doing this will ensure that our modified driver will be loaded in.

depmod -a

6. Once that is complete, reboot the Raspberry Pi using the following command.

sudo reboot

7. One way to check to see if the patch is working as intended is to check whether “monitor” is in the supported interfaces list.

You can do this by first retrieving the physical id of the wlan interface by using the command below.

iw dev

Make a note of the physical number for your wlan0 interface, in our case, this was “phy#0

8. With the physical id now available. Run the following command to retrieve all information about that device.

Make sure you replace phy0 with the correct one for your wlan0 interface.

iw phy0 info

This command will dump a ton of information about your wireless interface. However, there is only one section that we want to investigate.

That section is the “Supported interfaces modes:” section. In here you want to see whether “*monitor” is there.

If the text is there, then that indicates that the Nexmon firmware patches are working as intended and has allowed the Raspberry Pi’s wireless to enter monitor mode.

I hope that this tutorial into Raspberry Pi Nexmon has been helpful and that you now have the firmware patches installed. If you have anything else to add or want to leave feedback, then please don’t hesitate to leave a comment below.

13 Comments

  1. ikhwan on

    do we have nexmon patches for raspberry pi 4 model b?

    1. Emmet on

      Hi Ikhwan,

      Nexmon does not officially support the Raspberry Pi 4.

      You can try using the Raspberry Pi 3+ patches but they will likely not work.

      Cheers,
      Emmet

  2. Doug Almquist on

    These instructions fail for the Raspberry Pi 3B+
    Kernal 4.19.66-v7+

    1. Gus on

      As stated in the tutorial, you need to be on the 4.9 or 4.14 version of the Raspbian kernel.

  3. Jac Cremers on

    Hi Gus,
    Two questions:
    1. I came till step 5 from section 2 … “dpemod -a” result … “dpemod: command not found”. You know how to solved this? what i did wrong?
    2. Just to be sure … is the filename in step 2 including the final “/”?
    Thanks, Jac

    1. Jac on

      Sorry for bothering regarding point 1. I found the cause .. a typo … depmod -a was executed without any problem.

    2. Gus on

      Thank you for picking up the typo.

      Yes, The final / is correct, normally it will have the filename after the last slash. eg. /brcmfac.ko but we removed it.

    3. Jac on

      Regarding point 2 i should have been cleared 🙁 sorry. The final ‘/’ will cause ‘//’ to appear in the cmd’s mentioned at 3/4 of the final section. f.i. look at…
      mv /brcmfmac.ko /brcmfmac.ko.orig
      mv /lib/modules/4.14.98-v7+/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac//brcmfmac.ko /lib/modules/4.14.98-v7+/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac//brcmfmac.ko.orig

    4. Gus on

      Sorry, yeah it should only be a single /

  4. Ron on

    Pi 3B+, Same issues as stephane, however I am not a coder so I don’t know how to apply her solution. As of right now I have a Pi with no WIFI so I need to know how to fix this project or return my Pi back to the original settings.

    Thanks fot any help.

    1. Gus on

      Hi Ron,

      First off you may have to roll back to the original driver before you can apply the correct patches.

      Running the following command should copy the backup file back over the kernel and revert you back to the non modified version.
      Of course you will have to replace with the correct directory to roll this back. (As fgrom the tutorial you can retrieve the correct directory by using “modinfo brcmfmac“)

      cp /brcmfmac.ko.orig /brcmfmac.ko

      Afterwards you will need to run depmod again and restart the Raspberry pi.
      depmod -a
      sudo reboot

      ——————————————————

      Basing this off that github solution, starting from step 6 of the “Installing Nexmon to the Raspberry Pi”

      Once you are within the correct directory at the end of that step you should be able to run the following two commands.

      sed -i -e 's/ifeq ($(findstring 4.9,$(shell uname -r)),4.9)/ifeq ($(findstring 4.9.,$(shell uname -r)),4.9.)/g' Makefile
      sed -i -e 's/else ifeq ($(findstring 4.14,$(shell uname -r)),4.14)/else ifeq ($(findstring 4.14.,$(shell uname -r)),4.14.)/g' Makefile

      Then proceed with the rest of the tutorial, this should install the correctly patched version

      Im going to make adjustments to the tutorial until they make a fix in the actual repository.

Leave a Reply

Your email address will not be published. Required fields are marked *