GalaxyS6 Support

[trueToastedCode]

I made a costum firmware patch for bcm4358 of my Galaxy s6 G920F and installed it. Because the App does not support the /system/etc/wifi/bcmdhd.bin i pastet it in /vendor/firmware/. Also i installed libfakeioctl.so
Monitor mode is working fine in Hijacker but when attacking my wifi aireplay does not work at all.
Its not sending death codes or capture handshakes.

Doesn't this work because of my firmware or because of the app..?

Is there a way to solve the problem... i can help and do have a replacement motherboard if it get bricked

Device details

• Ultimate Nougat V5.1, 7.0
• Ultimate Kernel 1.3.1
• Hijhacker 1.5 beta 8

[chrisk44]

Well, since monitor mode is working you should be able to inject packets. Test your device by running aireplay manually, from a terminal. If it works from there, but not from the app, then the problem is the app. If it doesn't work from there, I'm afraid I can't help you, it has something to do with your firmware.

[trueToastedCode]

thank you for your answer.... the problem was that i didn't installed the utilities correctly, but i think it is possible to bring the app functions to the s6. I hope that i can get help from you ;D

The s6 has an aarch64 kernel-architecture, so the utilities wich are already included in the app should be compatible... but one thing that is very different to other phones and what is not respected in the app is the different firmware name and i am not not sure but also where it is located...the firmware wich need to be replaced by the nexmon firmware patch has the name bcmdhd_sta.bin. It can be replaced by the bcm4358 7_112_200_17_sta patch. For the location i am not sure... in the function findFirmwarePath (MainActivity) at least as I understood it the app does look for sub-direc. with a file called "bcmdh_sta.bin". I renamed it to bcmdhd_sta.bin but the app did not started the monitor mode. So i think it would be enough to look for both files in every pass, also i am not sure if the app does respect sub/sub/ directories because of the behaviour description above. If that's the case maybe it is possible to make an exception to look also in "/system/etc/wifi" ..?. Ok the dialog that appers is the "not_armv7l" ...

When starting the app it says that the architecture is not supported... but the architecture should be supported so am not sure how the app finds what architecture is used... ok this is the result because the app does not found the firmware file..?

i would be a joy for me if you can help to adjust the app so that maybe it can also work on the file system of the s6

here i made a first example for the MainActivity... with this code the app now recognizes my chip, monitor mode is also working now....
5314-15384/com.hijacker I/HIJACKER/DetectDev: devChipset is 4358a3
before it was just
5314-15384/com.hijacker I/HIJACKER/DetectDev: devChipset is

`static String findFirmwarePath(Shell shell){
    //Blocking function, don't run on main thread
    boolean flag = false;
    if(shell==null){
        flag = true;
        shell = getFreeShell();
    }

    String dirs[] = {
            "/system",
            "/vendor",
            "/system/etc"
    };

    String firmwareNames[] = {
            "fw_bcmdhd.bin",
            "bcmdhd_sta.bin",
    };

    String firmware = null;

    // search firmware, stop when a firmwareName has been found
    boolean con = true;
    for(int i=0; i < dirs.length && con; i++) {

        for(String firmwareName : firmwareNames) {

            firmware = checkDirectoryForFirmware(shell, dirs[i], firmwareName);
            if(firmware != null) {
                con = false;
                break;
            }
        }
    }

    if(flag){
        //Release the shell only if it was obtained by this function
        shell.done();
    }

    return firmware;
}
static String checkDirectoryForFirmware(Shell shell, String directory, String firmwareName){
    String firmware = null;
    shell.run(busybox + " find " + directory + " -type f -name \"" + firmwareName + "\"; echo ENDOFFIND");
    BufferedReader out = shell.getShell_out();
    try{
        String result = out.readLine();
        while(result!=null){
            if(result.equals("ENDOFFIND")) break;
            if(!result.contains("/bac/") && !result.contains("backup")) firmware = result;

            result = out.readLine();
        }
    }catch(IOException e){
        e.printStackTrace();
    }

    return firmware;
}`

[chrisk44]

So, if the app finds the file bcmdhd_sta.bin in the directory /system/etc then everything works fine? Does the code above work perfectly?

[trueToastedCode]

Well i am not 100% what functions does also use the code. When i replace the firmware in /system/etc/wifi/bcmdhd_sta.bin with the nexmon patched the App does start the monitor mode. However when first starting the app it still tells that the architecture is not supported (when i try to install nexmon). The code detects right that the system is aarch64 so i think so as far as I understood the code the error should be between the lines 458-565 but until now i did not understood why this is happening.

[trueToastedCode]

In line 43 in FirstRunDialog it does only check if the archtitecture equals armv7l. Ok so i need also to include the tools for arm64-v8a. So to come back to your question if the code works perfectly i say yes now. But some other code in the app does not fit for example in the function "install" in InstallFirmwareDialog. Also i think it is necessary to adjust the replacement function(?) for the firmware. Or does it crap the name of the firmware wich has been found and transfers the name..?

[trueToastedCode]

i have a question..? the included nexmon firm has the version 7.112.300.14 wich is the newest firmware for this chip (with nexmon patch). On the nexmon page it says that it is used on the Nexus 6P on Android 8. Is it save use this firmware on the s6 wich is on Android 7 and, the original firmware from Samsung has the version 7.112.53.12.

[chrisk44]

I made the change as you requested. Try the latest beta version.

[trueToastedCode]

In MainActivity Line 1837 needs to be "bcmdhd_sta.bin", but otherwise the app now runs smooth ... excellent that supersu is now not only the official supported root solution 👍

[chrisk44]

Oh, my bad. I will change it and it will be included in the next version.