Looking for Modern Wi-Fi chipset for hacking
Since we decided to drop Rasbperry Pi board and make new system board from scratch, we need a suitable WiFi chipset that supports all kinds of attacks.
WiFi chip requirements:
Low price $3-5 in a bulk purchase.
SDIO 2.0/3.0 interface — We want to keep USB lines accessible for user, so USB chipset is not recommended. But we can change mind if it will be 100% suitable out of the box.
2.4 GHz and 5GHz in single antenna port
System in Package (SiP) module — This modules already have all RF components like LNA, filters, etc packaged in one tiny PCB covered with metal shield. Usually this modules have Bluetooth too.
Monitor mode — passively listen wireless traffic with RadioTap headers.
Supported by: aircrack-ng/airodump/airplay, reaver, wash, wifite, pixie WPS, PMKID capture.
Currently we are looking on Cypress/Broadcom chipsets + nexmon patches because of complete lack of alternatives. There are many SiP (System in Package) modules based on Cypress/Broadcom chipsets on market: Murata, Ampak, Alinket, Laird, Inventek and many other.
Maybe suitable chipsets:
Less suitable chipsets
Currently our best candidate is Chinese module Ampak APxxxx based on Cypress/Broadcom chipsets. This module has no clear datasheet because of hiding real version of WiFi chipset inside. So we need to test all modules and create our datasheets of these devices.
How can I help?
Ampak modules are used in some Chinese Raspberry Pi clones like Banana Pi, Orange Pi, Nano Pi and so on.
If you have board with one of Ampak module, you can test it against all types of attacks and stability.
How to test my WiFi chipset
- Check the exact version of your chipset by looking on it, check dmesg and firmware version
- Install nexmon patches
- Test airdoump with channel hoping, deauthentication attack, wps attack, PMKID capturing and so on. Keep device in monitor mode for a long time to check stability.
- Post your result here.