Main Donate Github Blog

Wi-Fi chip with SPI/SDIO interface that supports monitoring and packet injection

Or another approach is to try rtl8812au driver and RTL8821AS module.
Like this one.
https://www.alibaba.com/product-detail/Realtek-RTL8821AS-WIFI-MODULE-with-SDIO_60612759287.html

But it’s a completely untested approach.

I have three modules in my lab and I can confirm that they have a backward compatibility.
Also these modules can work through USB hub.

Maybe you know some Atheros wifi modules in SiP formfactor?

Like this one?

https://www.8devices.com/products/blue-bean

https://www.8devices.com/products/red-bean

These are fine also.

It looks interesting, but when I googled “QCA9377 monitor mode” the are only issues with monitor mode and packet injection.

We should look closer at Qualcomm QCA9377 chip family. During to this datasheet there are three versions of this chip with different connection interfaces:

  • QCA9377-3
    supports a low-power SDIO 3.0 interface for WLAN and a UART/PCM interface for Bluetooth

  • QCA9377-5
    Supports a low-power PCIe 2.1 (with L1 sub-state) interfaces for WLAN and a USB 1.1 interface for Bluetooth

  • QCA9377-7
    supports a low-power USB 2.0 interface for WLAN and a USB 1.1 interface for Bluetooth

Here is the discussion about monitor mode on official forum https://developer.qualcomm.com/forum/qdn-forums/hardware/qca9377/34827 with controversial information about the topic. Vendor suggest to use proprietary driver QDN and tells that it supports monitor mode and packet injection but anyone can’t prove this.

Here is the announce of patch for QCA9377-3 (SDIO version) support in ath10k driver https://www.silextechnology.com/unwired/ath10k-sdio-wi-fi-patch-for-qca9377-3-available

But there is still not clear if QCA9377-3 really support monitor/injection or not.
@klukonin can you please help to figure out this?
We will buy dev kits of 8devices boards and test it, but maybe you have more information.

Another SDIO modules based on QCA9377-3:
https://www.silextechnology.com/connectivity-solutions/embedded-wireless/sx-sdmac-plus

Strange chinese module https://www.alibaba.com/product-detail/Low-Cost-5GHz-WiFi-Module-With_60833937153.html
on official website it marked as QCA1023 based module http://www.fn-link.com/product/25.html Fn-link tells:

Qca9377 is same with Qca1023, but qualcomm name it different for china market only.

Noname chinese module WCT8830 https://www.alibaba.com/product-detail/dual-band-iot-5g-combo-wifi_60708398983.html

LTM8830 https://www.arrow.com/en/products/ltm8830/shenzhen-longsys-electronics-co-ltd

@klukonin Thank you for point me to ath10k-ct driver. Have you tried it?
Am I right that this driver works only with Candela pathced qualcomm’s firmware?

Raspberry Pi 3B+ have CYW43455XKUBG chip that marked as bcm43455c0 in nexmon table. Seems that AMPAK AP6255 have the same chip.

Ampak AP6212 — BCM43438KUBG

AP6212 without A letter installed on Orange Pi zero Plus2.
Supports only 2.4G band. Too old and not stable.

Ampak AP6255 — BCM43454HKUBG

802.11ac, 5GHz support, bluetooth 4.2
Installed on Orange Pi Lite 2. Internet tells that this is bcm43455c0 but i’m not sure.
On Armbian it have the save firmware as Raspbian 7.45.154.

$ dmesg | grep brc

bluetooth hci1: Direct firmware load for brcm/BCM4345C0.hcd failed with error -2
Bluetooth: hci1: BCM: Patch brcm/BCM4345C0.hcd not found
brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.xunlong,orangepi-lite2.txt failed with error -2
brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Feb 27 2018 03:15:32 version 7.45.154 (r684107 CY) FWID 01-4fbe0b04

$ grep "" /sys/class/mmc_host/mmc1/mmc1\:0001/mmc1\:0001\:*/{class,device,vendor}
/sys/class/mmc_host/mmc1/mmc1:0001/mmc1:0001:1/class:0x00
/sys/class/mmc_host/mmc1/mmc1:0001/mmc1:0001:2/class:0x00
/sys/class/mmc_host/mmc1/mmc1:0001/mmc1:0001:3/class:0x02
/sys/class/mmc_host/mmc1/mmc1:0001/mmc1:0001:1/device:0xa9bf
/sys/class/mmc_host/mmc1/mmc1:0001/mmc1:0001:2/device:0xa9bf
/sys/class/mmc_host/mmc1/mmc1:0001/mmc1:0001:3/device:0xa9bf
/sys/class/mmc_host/mmc1/mmc1:0001/mmc1:0001:1/vendor:0x02d0
/sys/class/mmc_host/mmc1/mmc1:0001/mmc1:0001:2/vendor:0x02d0
/sys/class/mmc_host/mmc1/mmc1:0001/mmc1:0001:3/vendor:0x02d0

$ cat /sys/kernel/debug/brcmfmac/mmc1\:0001\:1/revinfo
vendorid: 0x14e4
deviceid: 0x43ab
radiorev: 0.88.3.11
chipnum: 17221 (4345)
chiprev: 6
chippkg: 2
corerev: 54
boardid: 0x06e4
boardvendor: 0x14e4
boardrev: P304
driverrev: 7.45.18
ucoderev: 0
bus: 0
phytype: 11
phyrev: 20
anarev: 0
nvramrev: 00079ac5

Ampak AP6256 — BCM43456XKUBG

Chipset: BCM43456XKUBG
802.11ac, bluetooth 5
Installed on Orange Pi 3. Not listed in nexmon supported hardware. Maybe can be suitable.
Uses this firmware brcmfmac4356-sdio.bin

![photo_2020-02-10-17.51.512|690x319]
(upload://oBPBAobM96lEkHm2gyiOOYSDIP8.jpeg)

# dmesg | grep brcm
brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43456-sdio for chip BCM4345/9
brcmfmac mmc0:0001:1: Direct firmware load for brcm/brcmfmac43456-sdio.xunlong,orangepi-3.txt failed with error -2
brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43456-sdio for chip BCM4345/9
brcmfmac: brcmf_c_process_clm_blob: no clm_blob available (err=-2), device may have limited channels available
brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/9 wl0: Jun 16 2017 12:38:26 version 7.45.96.2 (66c4e21@sh-git) (r) FWID 01-1813af84


 /sys/bus/sdio/devices/mmc0:0001:1/vendor:0x02d0
 /sys/bus/sdio/devices/mmc0:0001:1/device:0xa9bf

What do you think about STM32WB55xx?
It looks very new and based on this haven’t proved software support, but showing good abilities for future.
Datasheet: https://www.st.com/resource/en/datasheet/stm32wb55cc.pdf

As a red-eyed sviborg I prefer to work with another tools and take part in another projects.

We can’t use modules like esp82/32 and so on, because it have built in MCU and it cannot be connected as native wireless interface on Linux.

Some chipsets from Mediatek (formerly Ralink) looks very interesting. Driver mt76 support monitor mode and injection.

MT7668

No drivers in mainline kernel, only strange mentions here https://github.com/petegriffin/linux-1/commit/78c166546b39db930c87b040977ee2b83eeb65b5

  • MT7668AUN - USB device fully compliant with USB v3.0 specification
  • MT7668AEN - PCIe devices are fully compliant with the PCIe v2.1 specification
  • MT7668ASN - SDIO devices are fully compliant with the SDIO v3.0 specification

MT7668AUN_MT7668AEN_MT7668ASN_Datasheet.1.pdf (4.6 MB)

Chinese SiP module Fn-link F12ASUM13 based on RTL8812AU
USB interface
2 antennas


MT76 and RTL8821AU is the best choice. They have well-described documentation and low power consumption.

Not all MT67* are the same. For example MT7668 with SDIO interface is not supported by MT76 driver and not documented at all. I had to buy a datasheet for MT7668 on chinese forum. Also there is no public available driver for tis chip. I only found this one for android kernel https://github.com/petegriffin/linux-1/tree/poplar-android-4.9/drivers/net/wireless/mediatek/mt7668

I’m also looking at MT7612AU with USB interface, but there a very poor information on google about this chip. I can find only Alfa AWUS036ACM device with this chip.

I had the same thought regarding the MediaTek MT7612AU.

There are definitely some experienced wlan developer who are working atm on this particular driver

As the RTL8811AU is still unstable, power hungry and difficult to setup, is a look into the ac section definitely hard.

ESP8266/32 Does not support 5GHz unfortunately. I spoke with a rep at Espressif and they did say they are working on one but the prototypes won’t be out until EOY