[kismac] Re: Some interesting tidbits

  • From: "Matthew Watson" <matt.watsonm@xxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Mon, 3 Sep 2007 13:15:25 -0700

WOW, this is good news!
I have a MacBook Pro (Santa Rosa chipset).  I've been thinking of purchasing
a Prism2 based USB wifi adapter but if this is in the works I'll hold off.

REALLY hope that this can be achieved!

Regards,

Matt

On 9/3/07, Michael Miller <1337mail@xxxxxxxxx> wrote:
>
> For those of you who don't know, Apple started including Atheros
> 802.11n chipsets in new Macs(not iMacs, but Macbook Pros, and (I
> think) Mac Pros). These are based around the same HAL(hardware
> abstraction layer) as the Linux (partially open source) Atheros
> driver. Thus, since we know how the HAL works(it is closed source, but
> the interfaces are documented), we can possibly gain
> injection/sniffing on any Atheros chipset. This is a possibility, but
> if it can be done, it will be great.
>
> Now for the good stuff ;). I looked through
> /System/Library/Extensions/IO80211Family.kext/Contents
> /PlugIns/AirPortAtheros.kext/Contents/MacOS/AirPortAtheros.
> The main problem is that the startraw function is missing(I know very
> little about how the HAL works, so please, if you know anything about
> this, let me know.). However, I did manage to get some interesting
> symbols showing that the Mac OS driver is based around the HAL.
> Because the madwifi project is based around it, perhaps we can create
> a wrapper driver with raw capabilities. Now for the interesting
> symbols:
>
> Atheros-related functions(grep _ath):
> __Z21ath_copy_scan_resultsPvPK20ieee80211_scan_entry
> __ZN15IORegistryEntry13childFromPathEPKcPK15IORegistryPlanePcPi
> __ZN15IORegistryEntry17matchPathLocationEPKcPK15IORegistryPlane
> __ZN18AirPort_Athr5424ab19getPktlogClientAddrEP15ath_pktlog_info
> __ZNK15IORegistryEntry16getPathComponentEPcPiPK15IORegistryPlane
> __ZNK15IORegistryEntry7getPathEPcPiPK15IORegistryPlane
> __ZZN18AirPort_Athr5424ab19getPktlogClientAddrEP15ath_pktlog
> _infoE8__func__
> _ath_CCAThreshold
> _ath_add_regclassid
> _ath_addba_ignore
> _ath_aggr_addba_requestprocess
> _ath_aggr_addba_requestsetup
> _ath_aggr_addba_responseprocess
> _ath_aggr_addba_responsesetup
> _ath_aggr_addba_timertimeout
> _ath_aggr_ba_requestsetup
> _ath_aggr_delba_process
> _ath_aggrackMPDU
> _ath_aggraddMPDU
> _ath_aggrcreateMPDU
> _ath_aggrfmax
> _ath_aggrmovebaw
> _ath_aggrqmin
> _ath_aggrresetMPDU
> _ath_ampdu_rxq_postprocess
> _ath_ampdu_rxq_preprocess
> _ath_ampdu_tx_release
> _ath_attach
> _ath_bad_rxbuf
> _ath_bad_rxdesc
> _ath_bar_tx
> _ath_beacon_config
> _ath_beacon_free
> _ath_beacon_proc
> _ath_beaconq_config
> _ath_bgscan
> _ath_calcrxfilter
> _ath_calibrate
> _ath_calinterval
> _ath_chan2flags
> _ath_chan_change
> _ath_countrycode
> _ath_debug
> _ath_desc_free
> _ath_descdma_cleanup
> _ath_descdma_setup
> _ath_detach
> _ath_draintxq
> _ath_dupie
> _ath_ff_always
> _ath_forcebad_rx
> _ath_getchannels
> _ath_hal_6mb_ack
> _ath_hal_additional_swba_backoff
> _ath_hal_attach
> _ath_hal_buildopts
> _ath_hal_chan2wmode
> _ath_hal_checkchannel
> _ath_hal_clksel
> _ath_hal_computetxtime
> _ath_hal_delay
> _ath_hal_dma_beacon_response_time
> _ath_hal_eepromDetach
> _ath_hal_enableTPC
> _ath_hal_ether_sprintf
> _ath_hal_forceBias
> _ath_hal_free
> _ath_hal_getChanNoise
> _ath_hal_getTxQProps
> _ath_hal_get_regdmn
> _ath_hal_getantennareduction
> _ath_hal_getcapability
> _ath_hal_getcc
> _ath_hal_getccstr
> _ath_hal_getdiagstate
> _ath_hal_getnfcheckrequired
> _ath_hal_getuptime
> _ath_hal_getwirelessmodes
> _ath_hal_init_channels
> _ath_hal_is_valid_country_code
> _ath_hal_ispublicsafetysku
> _ath_hal_japan_checkeeprom
> _ath_hal_mac_clks
> _ath_hal_mac_usec
> _ath_hal_malloc
> _ath_hal_maxTPC
> _ath_hal_memcmp
> _ath_hal_memcpy
> _ath_hal_memzero
> _ath_hal_mhz2ieee
> _ath_hal_ppmupdate
> _ath_hal_printf
> _ath_hal_probe
> _ath_hal_process_noisefloor
> _ath_hal_readEepromIntoDataset
> _ath_hal_reg_read
> _ath_hal_reg_write
> _ath_hal_reverseBits
> _ath_hal_setTxQProps
> _ath_hal_setcapability
> _ath_hal_setupratetable
> _ath_hal_setvendor
> _ath_hal_soft_eeprom
> _ath_hal_sort
> _ath_hal_sw_beacon_response_time
> _ath_hal_update_regdomain
> _ath_hal_version
> _ath_hal_vprintf
> _ath_hal_wait
> _ath_init
> _ath_intr
> _ath_ioctl
> _ath_ioctl_pktlog
> _ath_key_alloc
> _ath_key_delete
> _ath_key_set
> _ath_key_update_begin
> _ath_key_update_end
> _ath_keyprint
> _ath_keyset
> _ath_led_blink
> _ath_led_done
> _ath_led_event
> _ath_led_off
> _ath_media_change
> _ath_newassoc
> _ath_newstate
> _ath_node_alloc
> _ath_node_cleanup
> _ath_node_free
> _ath_node_getrssi
> _ath_outdoor
> _ath_pktlog_attach
> _ath_pktlog_detach
> _ath_pktlog_getbuf
> _ath_pktlog_rcfindfunc
> _ath_pktlog_rcupdate
> _ath_pktlog_rx
> _ath_pktlog_text
> _ath_pktlog_text
> _ath_pktlog_txctl
> _ath_pktlog_txstatus
> _ath_postprocess_bf
> _ath_ppmupdate
> _ath_rate_attach
> _ath_rate_detach
> _ath_rate_findrate
> _ath_rate_maprix
> _ath_rate_newassoc
> _ath_rate_newstate
> _ath_rate_node_cleanup
> _ath_rate_node_init
> _ath_rate_setup
> _ath_rate_setupxtxdesc
> _ath_rate_tx_complete
> _ath_recv_mgmt
> _ath_regdomain
> _ath_reset
> _ath_resume
> _ath_rx_proc
> _ath_rxbuf_init
> _ath_rxbuf_shift
> _ath_rxbuftimeout
> _ath_rxnodeq_timeout
> _ath_scan_end
> _ath_scan_start
> _ath_set11dcountry
> _ath_set_channel
> _ath_set_mac_address
> _ath_setcurmode
> _ath_setdefantenna
> _ath_setdefaultcc
> _ath_setpwrsave_state
> _ath_setslottime
> _ath_setup_stationkey
> _ath_shutdown
> _ath_start
> _ath_startrecv
> _ath_stop
> _ath_stop_locked
> _ath_stoprecv
> _ath_suspend
> _ath_sysctl_aggrfmax
> _ath_sysctl_aggrqmin
> _ath_sysctl_ath_CCAThreshold
> _ath_sysctl_athaddbaignore
> _ath_sysctl_athbadrxbuf
> _ath_sysctl_athbadrxdesc
> _ath_sysctl_athbgscan
> _ath_sysctl_athdupie
> _ath_sysctl_athforceBias
> _ath_sysctl_athforcebadrx
> _ath_sysctl_athpowermode
> _ath_sysctl_athppmupdate
> _ath_sysctl_athvendorie
> _ath_sysctl_debug
> _ath_tx_cleanup
> _ath_tx_cleanupq
> _ath_tx_cryptosetup
> _ath_tx_descsetup
> _ath_tx_draintxq
> _ath_tx_proc
> _ath_tx_start
> _ath_tx_stopdma
> _ath_txq_getprops
> _ath_txq_setup
> _ath_txq_update
> _ath_update_ppm
> _ath_update_ps_mode
> _ath_update_txpow
> _ath_updateslot
> _ath_vendorie
> _ath_wme_update
> _ath_xchanmode
> _atheros_setuptable
> _athpowermode
> _ieee80211_add_ath
> _ieee80211_parse_athparams
> _ieee80211_saveath
> _sysctl__debug_athdriver
> _sysctl__net_athCCAThreshold
> _sysctl__net_athaddbaignore
> _sysctl__net_athaggrfmax
> _sysctl__net_athaggrqmin
> _sysctl__net_athbadrxbuf
> _sysctl__net_athbadrxdesc
> _sysctl__net_athbgscan
> _sysctl__net_athdupie
> _sysctl__net_athforceBias
> _sysctl__net_athforcebadrx
> _sysctl__net_athpowermode
> _sysctl__net_athppmupdate
>
> Things possibly relating to monitor mode(grep monitor):
> __ZN16IO80211Interface22monitorModeInputPacketEP6__mbuf
> __ZN18AirPort_Athr5424ab10monitorDLTEP16IO80211Interface
> __ZN18AirPort_Athr5424ab21monitorModeSetEnabledEP16IO80211Interfaceb
> __ZN18AirPort_Athr5424ab25monitorPacketHeaderLengthEP16IO80211Interface
>
> Things having to do with start(grep start):
> _AirPort_Athr5424ab__serviceRestart
> __ZN18AirPort_Athr5424ab5startEP9IOService
> __ZN9IOService13startMatchingEm
> __ZN9IOService14startCandidateEPS_
> __ZN9IOService19start_PM_idle_timerEv
> __ZN9IOService5startEPS_
> __ZZN18AirPort_Athr5424ab5startEP9IOServiceE12__FUNCTION__
> __start
> _adhoc_start
> _ap_restart
> _ap_start
> _ar5212AniRestart
> _ath_scan_start
> _ath_start
> _ath_startrecv
> _ath_tx_start
> _ieee80211_start_scan
> _p_rx_buf_pool_phys_start
> _scan_restart
> _sta_restart
> _sta_start
> _tx99_start
>
>


-- 
Matt Watson | (250) 686-5457

http://mattwatsonm.weebly.com

Other related posts: