Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OSX crash on jamming start #5

Open
na-ji opened this issue Jan 8, 2020 · 26 comments
Open

OSX crash on jamming start #5

na-ji opened this issue Jan 8, 2020 · 26 comments

Comments

@na-ji
Copy link

na-ji commented Jan 8, 2020

Hello,

When I start de jamming after selecting the client, the app crash my whole OS. Here's the OSX report of the crash. I saw a lot of people had this problem, but no issue were created. So here it is.

panic(cpu 6 caller 0xffffff800846520a): Kernel trap at 0xffffff7f89a2dbb8, type 14=page fault, registers:
CR0: 0x0000000080010033, CR2: 0x0000000000004c2c, CR3: 0x0000000201ad8129, CR4: 0x00000000003626e0
RAX: 0x0000000000004c1c, RBX: 0xffffff803b574000, RCX: 0xffffff7f89a2db9c, RDX: 0x0000000000000000
RSP: 0xffffff9230a8ba80, RBP: 0xffffff9230a8ba90, RSI: 0xffffff81fd281a00, RDI: 0xffffff803a370000
R8:  0x0000000000000000, R9:  0x0000000000000000, R10: 0xffffff8008c105d8, R11: 0xffffff8008a42070
R12: 0xffffff9230a8bb84, R13: 0xffffff803f5dce60, R14: 0xffffff81fd281a00, R15: 0xffffff803f5dce60
RFL: 0x0000000000010246, RIP: 0xffffff7f89a2dbb8, CS:  0x0000000000000008, SS:  0x0000000000000010
Fault CR2: 0x0000000000004c2c, Error code: 0x0000000000000000, Fault CPU: 0x6, PL: 0, VF: 1

Backtrace (CPU 6), Frame : Return Address
0xffffff9230a8b4e0 : 0xffffff800833bb1b 
0xffffff9230a8b530 : 0xffffff80084733e5 
0xffffff9230a8b570 : 0xffffff8008464e5e 
0xffffff9230a8b5c0 : 0xffffff80082e2a40 
0xffffff9230a8b5e0 : 0xffffff800833b207 
0xffffff9230a8b6e0 : 0xffffff800833b5eb 
0xffffff9230a8b730 : 0xffffff8008ad24f9 
0xffffff9230a8b7a0 : 0xffffff800846520a 
0xffffff9230a8b920 : 0xffffff8008464f08 
0xffffff9230a8b970 : 0xffffff80082e2a40 
0xffffff9230a8b990 : 0xffffff7f89a2dbb8 
0xffffff9230a8ba90 : 0xffffff7f890bddc4 
0xffffff9230a8bad0 : 0xffffff8008a423f5 
0xffffff9230a8bb30 : 0xffffff7f890bdea8 
0xffffff9230a8bb50 : 0xffffff7f890bd2a0 
0xffffff9230a8bbb0 : 0xffffff7f890bd4ad 
0xffffff9230a8bbf0 : 0xffffff7f89a2dc98 
0xffffff9230a8bc20 : 0xffffff7f89a2db87 
0xffffff9230a8bc40 : 0xffffff80085e77af 
0xffffff9230a8bcd0 : 0xffffff80085d68e4 
0xffffff9230a8bd50 : 0xffffff80085cace2 
0xffffff9230a8bdc0 : 0xffffff80085bbd49 
0xffffff9230a8be20 : 0xffffff80088b7a00 
0xffffff9230a8bee0 : 0xffffff80088b77c0 
0xffffff9230a8bf40 : 0xffffff800899acba 
0xffffff9230a8bfa0 : 0xffffff80082e3206 
      Kernel Extensions in backtrace:
         com.apple.iokit.IONetworkingFamily(3.4)[03C05ADC-CFE0-3B32-9305-5F17640F7B06]@0xffffff7f890aa000->0xffffff7f890d9fff
         com.apple.iokit.IO80211FamilyV2(1200.12.2b1)[B2B1D9BA-37A9-3F11-99DE-753D425C1C42]@0xffffff7f899a4000->0xffffff7f89b05fff
            dependency: com.apple.driver.corecapture(1.0.4)[5C346ED2-633E-32C2-8BD8-604F7D238B2B]@0xffffff7f8971b000
            dependency: com.apple.driver.AppleMobileFileIntegrity(1.0.5)[2FAEE793-59BC-3ADF-A5E2-3BC8760AFE0B]@0xffffff7f89421000
            dependency: com.apple.kec.corecrypto(1.0)[BDC53810-BC66-3B24-8F2B-EE3F9A7CF761]@0xffffff7f8933c000
            dependency: com.apple.iokit.IOSkywalkFamily(1)[402D50B6-F30F-38C5-A7ED-610AA11F2791]@0xffffff7f89799000
            dependency: com.apple.iokit.IONetworkingFamily(3.4)[03C05ADC-CFE0-3B32-9305-5F17640F7B06]@0xffffff7f890aa000

BSD process name corresponding to current thread: JamWiFi
Boot args: chunklist-security-epoch=0 -chunklist-no-rev2-dev

Mac OS version:
19C57

Kernel version:
Darwin Kernel Version 19.2.0: Sat Nov  9 03:47:04 PST 2019; root:xnu-6153.61.1~20/RELEASE_X86_64
Kernel UUID: C3E7E405-C692-356B-88D3-C30041FD1E72
Kernel slide:     0x0000000008000000
Kernel text base: 0xffffff8008200000
__HIB  text base: 0xffffff8008100000
System model name: MacBookPro16,1 (Mac-E1008331FDC96864)
System shutdown begun: NO

System uptime in nanoseconds: 461250761364
last loaded kext at 357313547200: @filesystems.smbfs	3.4 (addr 0xffffff7f8f658000, size 446464)
loaded kexts:
@filesystems.smbfs	3.4
>AudioAUUC	1.70
@kext.AMDRadeonX6000	3.0.4
@kext.AMDRadeonServiceManager	3.0.4
>!AGraphicsDevicePolicy	4.5.21
@fileutil	20.036.15
@AGDCPluginDisplayMetrics	4.5.21
>!AHV	1
|IOUserEthernet	1.0.1
|IO!BSerialManager	7.0.2f4
>!AUpstreamUserClient	3.6.8
>pmtelemetry	1
>AGPM	111.4.1
>!APlatformEnabler	2.7.0d0
>X86PlatformShim	1.0.0
>AGDCBacklightControl	4.5.21
>!A!IKBLGraphics	14.0.3
@Dont_Steal_Mac_OS_X	7.0.0
>!ABacklight	180.1
>BridgeAudioCommunication	6.60
>!AThunderboltIP	3.1.3
>ACPI_SMC_PlatformPlugin	1.0.0
>!AMCCSControl	1.13
>!AFIVRDriver	4.1.0
>!AAVEBridge	6.1
>!AMuxControl2	4.5.21
>!ABridgeAudio!C	6.60
>!AHIDALSService	1
>!AGFXHDA	100.1.422
>!ATopCaseHIDEventDriver	3420.1
>!A!IPCHPMC	2.0.1
>!A!ICFLGraphicsFramebuffer	14.0.3
>!A!ISlowAdaptiveClocking	4.0.0
@filesystems.autofs	3.0
>usb.!UHostBillboardDevice	1.0
>BCMWLANFirmware4355.Hashstore	1
>BCMWLANFirmware4364.Hashstore	1
>BCMWLANFirmware4377.Hashstore	1
>!ABCMWLANBusInterfacePCIe	1
>!AFileSystemDriver	3.0.1
@filesystems.hfs.kext	522.0.9
@BootCache	40
@!AFSCompression.!AFSCompressionTypeDataless	1.0.0d1
@!AFSCompression.!AFSCompressionTypeZlib	1.0.0
>!AVirtIO	1.0
@filesystems.apfs	1412.61.1
@private.KextAudit	1.0
>!ASmartBatteryManager	161.0.0
>!AACPIButtons	6.1
>!ASMBIOS	2.1
>!AACPIEC	6.1
>!AAPIC	1.7
$!AImage4	1
@nke.applicationfirewall	303
$TMSafetyNet	8
@!ASystemPolicy	2.0.0
|EndpointSecurity	1
@kext.AMDRadeonX6100HWLibs	1.0
@kext.AMDRadeonX6000HWServices	3.0.4
|IOAVB!F	800.17
>!ASSE	1.0
>!ABacklightExpert	1.1.0
>!AHDA!C	283.15
|IOHDA!F	283.15
@kext.AMDRadeonX6000Framebuffer	3.0.4
@!AGPUWrangler	4.5.21
>IOPlatformPluginLegacy	1.0.0
>!ASMBus!C	1.0.18d1
>!ASMBusPCI	1.0.14d1
>!AThunderboltEDMSink	4.2.2
>!AThunderboltDPOutAdapter	6.2.4
>!AGraphicsControl	4.5.21
>!AActuatorDriver	3420.2
>!AHIDKeyboard	209
|IONDRVSupport	569.3
>!AHS!BDriver	3420.1
>IO!BHIDDriver	7.0.2f4
>!AMultitouchDriver	3420.2
>!AInputDeviceSupport	3420.4
|IO!BHost!CUARTTransport	7.0.2f4
|IO!BHost!CTransport	7.0.2f4
>!A!ILpssUARTv1	3.0.60
>!A!ILpssUARTCommon	3.0.60
>!AOnboardSerial	1.0
@kext.AMDSupport	3.0.4
@!AGraphicsDeviceControl	4.5.21
|IOAccelerator!F2	438.2.8
|IOGraphics!F	569.3
|IOSlowAdaptiveClocking!F	1.0.0
>X86PlatformPlugin	1.0.0
>IOPlatformPlugin!F	6.0.0d8
@plugin.IOgPTPPlugin	800.14
|IOEthernetAVB!C	1.1.0
@kext.triggers	1.0
>usb.IOUSBHostHIDDevice	1.2
>usb.cdc.ecm	5.0.0
>usb.cdc.ncm	5.0.0
>usb.cdc	5.0.0
>usb.networking	5.0.0
>usb.!UHostCompositeDevice	1.2
>!ABCMWLANCore	1.0.0
>mDNSOffloadUserClient	1.0.1b8
>IOImageLoader	1.0.0
|IO80211!FV2	1200.12.2b1
>corecapture	1.0.4
|IOSkywalk!F	1
|IOSurface	269.6
@filesystems.hfs.encodings.kext	1
|IOAudio!F	300.2
@vecLib.kext	1.2.0
|IOSerial!F	11
>!AXsanScheme	3
>usb.!UVHCIBCE	1.2
>usb.!UVHCI	1.2
>usb.!UVHCICommonBCE	1.0
>usb.!UVHCICommon	1.0
>!AEffaceableNOR	1.0
|IOBufferCopy!C	1.1.0
|IOBufferCopyEngine!F	1
|IONVMe!F	2.1.0
>!AThunderboltPCIDownAdapter	2.5.2
>!AThunderboltDPInAdapter	6.2.4
>!AThunderboltDPAdapter!F	6.2.4
>!AHPM	3.4.4
>!A!ILpssI2C!C	3.0.60
>!A!ILpssDmac	3.0.60
>!A!ILpssI2C	3.0.60
>!AThunderboltNHI	5.8.1
|IOThunderbolt!F	7.4.7
>usb.!UHostPacketFilter	1.0
|IOUSB!F	900.4.2
>usb.!UXHCIPCI	1.2
>usb.!UXHCI	1.2
>!AEFINVRAM	2.1
>!AEFIRuntime	2.1
>!ASMCRTC	1.0
|IOSMBus!F	1.1
|IOHID!F	2.0.0
$quarantine	4
$sandbox	300.0
@kext.!AMatch	1.0.0d1
>!AKeyStore	2
>!UTDM	489.60.3
|IOSCSIBlockCommandsDevice	422.0.2
>!ACredentialManager	1.0
>KernelRelayHost	1
>!ASEPManager	1.0.1
>IOSlaveProcessor	1
>!AFDEKeyStore	28.30
>!AEffaceable!S	1.0
>!AMobileFileIntegrity	1.0.5
@kext.CoreTrust	1
|CoreAnalytics!F	1
|IOTimeSync!F	800.14
|IONetworking!F	3.4
>DiskImages	493.0.0
|IO!B!F	7.0.2f4
|IO!BPacketLogger	7.0.2f4
|IOUSBMass!SDriver	157.40.7
|IOSCSIArchitectureModel!F	422.0.2
|IO!S!F	2.1
|IOUSBHost!F	1.2
>usb.!UCommon	1.0
>!UHostMergeProperties	1.2
>!ABusPower!C	1.0
|IOReport!F	47
>!AACPIPlatform	6.1
>!ASMC	3.1.9
>watchdog	1
|IOPCI!F	2.9
|IOACPI!F	1.4
@kec.pthread	1
@kec.corecrypto	1.0
@kec.Libm	1

I have a MacBook Pro (16-inch, 2019).

Thanks!

@anonymouz4
Copy link
Collaborator

From the crashlog, it‘s not really possible to see where the error occurrs exactly and I never encountered this issue on the mac‘s I tested it on, so I can‘t do much about it.

So only thing you could do is launch it via xcode (as root!) and set many many breakpoints to identify at which line exactly the problem is.

@sasquelch
Copy link

Also getting the same crash... Will see if I can find anything useful.

@thermogl
Copy link

Issue seems to be with pcap_inject call in ANInterface. Debugging is hard because it detaches after the authentication prompt succeeds.

@anonymouz4
Copy link
Collaborator

@thermogl That why I said "as root!". Since when you launch it via xcode as root, it won't show the elevation prompt as its already root

@thermogl
Copy link

Even just trying to step into pcap_inject results in the crash. Problem with the library perhaps.

@thermogl
Copy link

pcap_sendpacket has similar issue. Difference is indefinite hang instead of crash.

@Apprisco
Copy link

Let me put my 2 cent on this issue, the issue only happens with all mac models from 2018 and on. All 2017 and prior models work, so it seems to be a card issue.

@anonymouz4
Copy link
Collaborator

@MayhemGang Probably, bc all my testing Devices are pre 2018. But even the newer one's should technically support monitor mode, so injecting own packages should be possible, generally speaking.

@sanomike
Copy link

@anonymouz4 how can I jam a network and stay connected to the internet. It was possible in the previous version. Is it not on this version?

@DeadlySoft
Copy link

I have this issue on my air 2019. xcode start as root but have a crash osX and restart pc

@BernardoCama
Copy link

Same problem with my macbook pro 2018

@eararipe
Copy link

Having the same issue with T2 MacBook Pro 2018. Click, wait 2 seconds, kernel panic.

@marquarth
Copy link

marquarth commented Apr 4, 2020

Let me put my 2 cent on this issue, the issue only happens with all mac models from 2018 and on. All 2017 and prior models work, so it seems to be a card issue.

@MayhemGang this makes sense.. but if this is a hardware problem then we are doomed.

so i did a little research, for the 2019 MBP entry model, the wifi+bt module according to the iFixit teardown is Murata 1SA 339S00616 SS9521026 this is as far as I found... I can't pull out the datasheet of this chipset, perhaps this is Apple exclusive and the datasheet is not for public use.

@Oppen
Copy link

Oppen commented Apr 4, 2020

It could be a firmware or driver issue, too. In that case, there's hope that Apple pushes a fix eventually.

@marquarth
Copy link

@thermogl which mac yr and model are you running this on?

Even just trying to step into pcap_inject results in the crash. Problem with the library perhaps.

pcap_sendpacket has similar issue. Difference is indefinite hang instead of crash.

I unfortunately could not boot my older mac to try this on... I'm stuck with the 2019 MBP.

@Oppen
Copy link

Oppen commented Apr 4, 2020

I was able to inject with a dumb demo program (read a packet and inject it back), but it wasn't in monitor mode. With JamWiFi I get the crash. I'm not sure the model (I'm quite noob with Mac), but at least I know it's Mojave.

@marquarth
Copy link

I was able to inject with a dumb demo program (read a packet and inject it back), but it wasn't in monitor mode. With JamWiFi I get the crash. I'm not sure the model (I'm quite noob with Mac), but at least I know it's Mojave.

hi @Oppen can you share this demo program with me? thanks!

@acheong08
Copy link

I have the same problem on my MacBook Pro (13-inch, 2019, Four Thunderbolt 3 port) but I will test this on my 2016 MacBook Air soon once this pandemic is over.

@madeyexz
Copy link

@acheong08
It crashed on my MacBook Pro (13-inch, 2019, Four TB3)
but it worked on my friend's MacBook Pro (13-inch, 2017, Four TB3)
tested today

ohh by the way, is the older version(JamWiFi without maintence) not functioning on newer MBP? I tried but the "Do it!" function never worked.

@anonymouz4
Copy link
Collaborator

Guys, If you take a look at the README, it clearly says that devices build 2018 and later seem to crash, so there's no need for everyone to state that individually.
And if you post Kernel Panic Reports, please set your boot-args to keepsyms=1, bc I'm not gonna resolve every symbol manually.

@Oppen
Copy link

Oppen commented Apr 21, 2020

I think it is useful, actually. The developer stated a lack of hardware for testing, so knowing who else may help on testing is definitely useful.

@vrxj81
Copy link

vrxj81 commented Jun 11, 2020

@anonymouz4 let me know if I can help in anyway I have an MBP 15,1

@acheong08
Copy link

I have tested other deauth tools on my MacBook Pro 2018/2019 and all of them crash my computer. Other tools such as Reaver and Pixie Dust which requires packet injection also crashes the computer. It seems like packet injection and deauth won't be working anytime soon for us.

@acheong08
Copy link

This isn't a software issue

@acheong08
Copy link

It's a hardware issue

@hoangnam2261
Copy link

hoangnam2261 commented Jul 28, 2021

From the crashlog, it‘s not really possible to see where the error occurrs exactly and I never encountered this issue on the mac‘s I tested it on, so I can‘t do much about it.

So only thing you could do is launch it via xcode (as root!) and set many many breakpoints to identify at which line exactly the problem is.

I debugged and it crashed by this block

@synchronized (writeBuffer) { [writeBuffer addObject:packet]; }

in file ANWiFiSniffer.m

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests