Qualcomm Monitor mode

Monitor mode is a special mode of the network adapter that allows you to monitor the wireless network bandwidth - in this mode the network card intercepts all packets on a specified frequency. If the network interface allows you to use the capture mode, we can use a number of applications that are used in WiFi penetration testing and obtain useful information.

The qualcomm_android_monitor_mode repository presents a way to activate the monitoring mode on the internal WiFi adapter without having to patch the operating system kernel. The only requirements in this case are a smartphone that uses the appropriate Qualcomm WiFi module and a rooted Android environment . In my case it is a Samsung Galaxy S20 FE SM-G780G phone on which I will run the capture mode and an example using the aircrack-ng package.

We need a Termux application on our smartphone, i.e. a terminal emulator in which we will execute the necessary commands and download applications from the repository.

pkg update
pkg install root-repo
pkg install tsu iw ethtool aircrack-ng

ip link set wlan0 down
echo "4" > /sys/module/wlan/parameters/con_mode
ip link set wlan0 up

Now we can try to run the airodump-ng application , or sniffer, to capture packets circulating in the WLAN.

Running the tcpdump or tshark packet analyzer requires setting the appropriate WiFi channel on the network interface used to capture packets.

 # iwpriv wlan0 setMonChan <channel> <channel width>
 # Valid channel width options: 0=20MHz, 1=40MHz, 2=80MHz
 # Ex: iwpriv wlan0 setMonChan 36 2
 
 iwpriv wlan0 setMonChan 1