explaingit

unsignedchad/bcm4360-wpa3

Analysis updated 2026-05-18

5CAudience · developerComplexity · 5/5LicenseSetup · hard

TLDR

A patched Linux kernel driver that adds WPA3 WiFi security to the Broadcom BCM4360 chip in 2014 MacBook Pros by reverse-engineering and hooking the closed proprietary binary blob.

Mindmap

mindmap
  root((bcm4360-wpa3))
    What it does
      Adds WPA3 to BCM4360
      Patches closed driver blob
      Blocks deauth attacks
    How it works
      Byte-patches binary
      Links new C to blob
      Rewrites relocations
    Tech Stack
      C kernel module
      Python script
      wpa_supplicant
      Ghidra
    Setup
      Build with GCC
      Load with insmod
      DKMS for persistence
    Audience
      Linux kernel devs
      Mac Linux users
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Get WPA3 WiFi working on a 2014 Intel MacBook Pro running Linux without replacing hardware.

USE CASE 2

Connect to a WPA3-only access point from a machine with a Broadcom BCM4360 chip on Linux.

USE CASE 3

Study how to add features to a closed binary driver using reverse engineering and link-time hooks.

What is it built with?

CPythonLinux kernelDKMSGCCGhidrawpa_supplicant

How does it compare?

unsignedchad/bcm4360-wpa3blackcoffee2/promeffmpegkit-maintained/ffmpeg
Stars556
LanguageCCC
Setup difficultyhardmoderateeasy
Complexity5/54/52/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires downloading the proprietary Broadcom firmware blob separately, building a kernel module from source, and optionally configuring DKMS.

The wrapper code is GPL-2.0 (free to use and modify as long as derivatives stay open source), the Broadcom blob has its own separate proprietary license.

In plain English

The BCM4360 is the WiFi chip inside Intel MacBook Pro models from 2014. Apple and Broadcom never updated it to support WPA3, the modern WiFi security standard that replaced WPA2. On Linux, the only driver for this chip is a closed, proprietary binary blob from Broadcom. This project patches that closed driver to add WPA3-SAE authentication and 802.11w Protected Management Frames, the features that protect against certain WiFi attacks like deauthentication floods. It works entirely from host software, without access to the firmware source code. The approach relies on a lucky property of the Broadcom blob: it is a non-stripped, relocatable object file, which means a developer can inspect its internal symbols and redirect specific function calls. The project links new C code against the blob and intercepts the right entry points. The actual WPA3 cryptography runs in wpa_supplicant on the host side, while bridge code connects the Linux networking stack to the driver and installs the resulting keys. Getting the driver to accept WPA3 required three steps: a byte-level patch to the binary so it accepts the SAE handshake algorithm, a tool pass to expose internal blob functions as callable symbols, and a relocation rewrite to redirect specific internal calls to custom hook functions. The result is a WiFi connection that completes a full WPA3 handshake and resists deauthentication flood attacks and management-frame attacks that affect WPA2. To use the driver, you build it from source using GCC, Python, and kernel headers. The Broadcom firmware blob is not included and must be downloaded separately from the Broadcom package. You can load the driver once with a single insmod command or register it with DKMS for automatic rebuilds on kernel upgrades. After loading, NetworkManager drives it like any other driver: pick the network, enter the password, and connect. One caveat noted in the README: access points running in transition mode that mix WPA2 and WPA3 can be unreliable. A pure WPA3 or pure WPA2 network works more consistently. This is research code tested on Linux 6.12 on an Intel MacBook Pro 11,3. It is not a general product but a working demonstration of what targeted reverse engineering of a closed binary driver can produce.

Copy-paste prompts

Prompt 1
I have a 2014 MacBook Pro with a BCM4360 WiFi chip on Linux. Walk me through building and loading the bcm4360-wpa3 driver so I can connect to a WPA3 network.
Prompt 2
The bcm4360-wpa3 driver loads but my transition-mode access point is unreliable. How do I configure NetworkManager to force WPA3-only or WPA2-only mode for this connection?
Prompt 3
I want to port bcm4360-wpa3 to a different Broadcom chip. What should I look for in Ghidra to find the auth-alg clamp, join FSM, and key-insert functions?
Prompt 4
My kernel panics when loading the patched wl.ko. How do I stream dmesg over SSH to a second machine to capture the oops before the reboot?

Frequently asked questions

What is bcm4360-wpa3?

A patched Linux kernel driver that adds WPA3 WiFi security to the Broadcom BCM4360 chip in 2014 MacBook Pros by reverse-engineering and hooking the closed proprietary binary blob.

What language is bcm4360-wpa3 written in?

Mainly C. The stack also includes C, Python, Linux kernel.

What license does bcm4360-wpa3 use?

The wrapper code is GPL-2.0 (free to use and modify as long as derivatives stay open source), the Broadcom blob has its own separate proprietary license.

How hard is bcm4360-wpa3 to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is bcm4360-wpa3 for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub unsignedchad on gitmyhub

Verify against the repo before relying on details.