In this Raspberry Pi Nexmon tutorial, we will be showing you how you can install the Nexmon firmware patches to your Raspberry Pi.
For those who do not know what Nexmon is, it is a series of firmware patches for the Broadcom chip that the Raspberry Pi uses for Wi-Fi connectivity.
These patches provided by Nexmon unlock extra functionality that is not supported in the default Raspberry Pi drivers.
One feature, in particular, the Nexmon firmware unlocks on your Raspberry Pi is the ability to put the inbuilt Wi-Fi chip on the Raspberry Pi 3, Pi Zero and the Pi 3+ into monitor mode.
Monitor mode or also known as RFMON will allow your Raspberry Pi to monitor traffic on a wireless channel. It is handy for networking projects such as a network scanner.
To utilize the Nexmon firmware patches, we require a few things. First is a Raspberry Pi with inbuilt Wi-Fi such as the the models I listed above.
In addition to requiring a Raspberry Pi that has an inbuilt Wi-Fi chip, you will need to be running either a 4.9 or 4.14 version of the Raspbian kernel.
Below is all the equipment that you will need for installing the Nexmon firmware patches to your Raspberry Pi.
Raspberry Pi with inbuilt wireless (3, 3+ or Zero W)
8GB SD Card or Micro SD Card if you’re using a Raspberry Pi 2, 3 or B+
Raspberry Pi Case
The video below will walk you through the steps of setting up the Nexmon firmware patches on a Raspberry Pi 3B running the 4.14 version of the Raspberry Pi kernel.
If you are using a newer Raspberry Pi or are running a different version of the firmware, then you can follow our text instructions underneath the video.
Can’t see the video? Please support us by disabling your adblocker.
Preparing the Raspberry Pi for Nexmon
1. Before we go ahead and install the Nexmon patches, we need first to upgrade our Raspberry Pi to ensure that we are running the latest available version of the Raspbian operating system.
To update and upgrade Raspbian we need to run the following two commands.
sudo apt-get update sudo apt-get upgrade
2. Once Raspbian has finished updating we will now need to restart the Raspberry Pi.
Restarting the Pi will ensure that the Nexmon setup scripts can detect the current kernel version, especially if an update occurred in the previous two steps.
To reboot the Raspberry Pi, run the following command.
3. Before we can continue this tutorial on installing the Nexmon driver patches, we must first ensure we are running on a version of the Kernel supported by the patcher.
We can check the kernel version by running the command below.
This command you should return something like “4.14.98-v7+“. As long as you are running a version of the kernel that starts with “4.9” or “4.14“, then you can proceed with the tutorial.
4. Once your Raspberry Pi has finished rebooting you will need to change your user to be running as the superuser. We do this as all of the following steps will require extra privileges.
To change into the root user for the Raspberry Pi, run the command below.
5. Now that we are interacting as the superuser we will need to install all the packages required for compiling the Nexmon kernel patches.
Please note that it can take quite some time for the Raspberry Pi Kernel Headers to be installed to your Raspberry Pi as they contain hundreds of small files.
Run the command below to install all of Nexmon’s required packages.
apt install git libgmp3-dev gawk qpdf bison flex make raspberrypi-kernel-headers
6. With all the required packages for installing Nexmon now installed to our Raspberry Pi lets proceed on to cloning the Nexmon repository.
Run the command below to clone the repository.
git clone https://github.com/seemoo-lab/nexmon.git
As this is a rather large repository, it will take up to 250mb on your Raspberry Pi and will take some time to clone fully.
Installing Nexmon to the Raspberry Pi
1. Now that we have the Nexmon code cloned to our Raspberry Pi we can now proceed onto compiling the patches and installing the modified kernel to Raspbian.
If you are no longer running as the root user make sure you run the following command.
2. To proceed, we need to check to see if a required library is available to us. To do this, we can just run the “stat” command below to see if the file exists.
If this command returns the text displayed below, then you need to follow step 3otherwise you can skip to step 4 of this tutorial.
stat: cannot stat '/usr/lib/arm-linux-gnueabihf/libisl.so.10': No such file or directory
3. If the “libisl.so.10” file is unavailable we will have to compile a new version of it using the provided source code from the Nexmon repository.
Follow the steps below to learn how to compile the library from scratch and move it into the correct position.
3a. Let’s begin by first changing into the isl buildtools directory in the Nexmon source code folders.
3b. Now that we are in the correct directory let’s run the configure script to prepare the isl library for compilation.
3c. Once the configuration process has completed, we can now compile the library by running the following command.
3d. When your Raspberry Pi has finished compiling the required library, we can now run the makefile install command.
3e. Finally, once all of that has finished, we need to create a link between our newly installed library file and the spot where we expect this library file to exist.
To link this file, you need to run the command below.
ln -s /usr/local/lib/libisl.so /usr/lib/arm-linux-gnueabihf/libisl.so.10
4. Now that we have ensured that we have the “libisl.so.10” file now exists we can proceed to prepare the Nexmon patches for our Raspberry Pi’s kernel.
To start with, we need to utilize the “source” command and the “source_env.sh” file.
The “source_env.sh” file will set up the current bash session with the environment variables that the Nexmon makefile expects.
cd /home/pi/nexmon source setup_env.sh
5. With the bash session now configured correctly let’s run the “make” command in the root directory of the nexmon source code.
This command will generate all the required files needed for patching the various versions of the kernel.
6. Here things get a little bit more complicated. There are two different folders that you will need to change into depending on what version of the Raspberry Pi that you have.
These folders contain the patches for the current version of the Broadcom chip on our Raspberry Pi.
Raspberry Pi 3 / Raspberry Pi Zero W
Raspberry Pi 3+
7. Now that we are in the correct directory we can go ahead and run the makefile by using the make command.
Running the make command will generate the patched versions of the firmware.
8. With the compiled versions of the patched firmware now created let’s go ahead and make a backup of the current firmware by running the command below.
9. Now let’s install the firmware by running the following command.
This command will swap out the current firmware. However, we will need to do other changes to make the driver be loaded properly on boot.
10. The final thing that we need to do is to compile and install Nexmon’s utility tool.
To do this, we must first change into the nexutil directory.
11. Now that we are in the correct directory we can proceed to compile the utility and install it to our Raspbian operating system.
make make install
Load the Modified Driver after Reboot
1. For this section, we will need to make a note of the kernel version that we are currently running as there are various versions of the brcmfmac driver that we can utilize.
Run the following command to retrieve the Kernel version and make a note of the first two numbers.
2. Now that we know the kernel version we now need to find the path of the default driver.
We can retrieve driver information by utilizing the “modinfo” command.
Using this command you can retrieve the directory that the driver is located in, and it should be the first entry in the list.
Below is the location that was generated for our system, notice we also removed the file “brcmfac.ko” from the directory name.
Make a note of this as we will need the directory for the next few steps.
3. With the directory in hand, we can now start the process of replacing the brcmfac driver so that our modified version with the Nexmon patches will be loaded on boot.
Before we replace the driver, we should make a backup of the original just in case you ever want to revert to the default driver.
Let’s make a backup of the driver by running the following command. Make sure you replace <kerneldirectory> with the directory we found in step 2 of this section.
mv <kerneldirectory>/brcmfmac.ko <kerneldirectory>/brcmfmac.ko.orig
4. Now that we have made a backup of the default driver we can now proceed to replace the driver with our new one.
Make sure you utilize the correct command for the version of the kernel that you are running. There are two different commands based on whether you are running kernel version “4.9” or “4.14“.
Also, make sure that you select the right directory for the version of the Pi that you are using.
Like the last step make sure that you replace <kerneldirectory> with the directory that you retrieved in step 2 of this section.
Kernel Version 4.9
Raspberry Pi 3 / Raspberry Pi Zero W
cp /home/pi/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac_kernel49/brcmfmac.ko <kerneldirectory>/
Raspberry Pi 3+
cp /home/pi/nexmon/patches/bcm43455c0/7_45_154/nexmon/brcmfmac_4.9.y-nexmon/brcmfmac.ko <kerneldirectory>/
Kernel Version 4.14
Raspberry Pi 3 / Raspberry Pi Zero W
cp /home/pi/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac_4.14.y-nexmon/brcmfmac.ko <kerneldirectory>/
Raspberry Pi 3+
cp /home/pi/nexmon/patches/bcm43455c0/7_45_154/nexmon/brcmfmac_4.14.y-nexmon/brcmfmac.ko <kerneldirectory>/
5. Once you have copied over the replacement driver that’s been patched using Nexmon we need to run the following command.
This command will use the depmod utility to recreate the list of modules. Doing this will ensure that our modified driver will be loaded in.
6. Once that is complete, reboot the Raspberry Pi using the following command.
7. One way to check to see if the patch is working as intended is to check whether “monitor” is in the supported interfaces list.
You can do this by first retrieving the physical id of the wlan interface by using the command below.
Make a note of the physical number for your wlan0 interface, in our case, this was “phy#0”
8. With the physical id now available. Run the following command to retrieve all information about that device.
Make sure you replace phy0 with the correct one for your wlan0 interface.
iw phy0 info
This command will dump a ton of information about your wireless interface. However, there is only one section that we want to investigate.
That section is the “Supported interfaces modes:” section. In here you want to see whether “*monitor” is there.
If the text is there, then that indicates that the Nexmon firmware patches are working as intended and has allowed the Raspberry Pi’s wireless to enter monitor mode.
I hope that this tutorial into Raspberry Pi Nexmon has been helpful and that you now have the firmware patches installed. If you have anything else to add or want to leave feedback, then please don’t hesitate to leave a comment below.