Analysis updated 2026-05-18
Get WPA3 WiFi working on a 2014 Intel MacBook Pro running Linux without replacing hardware.
Connect to a WPA3-only access point from a machine with a Broadcom BCM4360 chip on Linux.
Study how to add features to a closed binary driver using reverse engineering and link-time hooks.
| unsignedchad/bcm4360-wpa3 | blackcoffee2/prome | ffmpegkit-maintained/ffmpeg | |
|---|---|---|---|
| Stars | 5 | 5 | 6 |
| Language | C | C | C |
| Setup difficulty | hard | moderate | easy |
| Complexity | 5/5 | 4/5 | 2/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires downloading the proprietary Broadcom firmware blob separately, building a kernel module from source, and optionally configuring DKMS.
The BCM4360 is the WiFi chip inside Intel MacBook Pro models from 2014. Apple and Broadcom never updated it to support WPA3, the modern WiFi security standard that replaced WPA2. On Linux, the only driver for this chip is a closed, proprietary binary blob from Broadcom. This project patches that closed driver to add WPA3-SAE authentication and 802.11w Protected Management Frames, the features that protect against certain WiFi attacks like deauthentication floods. It works entirely from host software, without access to the firmware source code. The approach relies on a lucky property of the Broadcom blob: it is a non-stripped, relocatable object file, which means a developer can inspect its internal symbols and redirect specific function calls. The project links new C code against the blob and intercepts the right entry points. The actual WPA3 cryptography runs in wpa_supplicant on the host side, while bridge code connects the Linux networking stack to the driver and installs the resulting keys. Getting the driver to accept WPA3 required three steps: a byte-level patch to the binary so it accepts the SAE handshake algorithm, a tool pass to expose internal blob functions as callable symbols, and a relocation rewrite to redirect specific internal calls to custom hook functions. The result is a WiFi connection that completes a full WPA3 handshake and resists deauthentication flood attacks and management-frame attacks that affect WPA2. To use the driver, you build it from source using GCC, Python, and kernel headers. The Broadcom firmware blob is not included and must be downloaded separately from the Broadcom package. You can load the driver once with a single insmod command or register it with DKMS for automatic rebuilds on kernel upgrades. After loading, NetworkManager drives it like any other driver: pick the network, enter the password, and connect. One caveat noted in the README: access points running in transition mode that mix WPA2 and WPA3 can be unreliable. A pure WPA3 or pure WPA2 network works more consistently. This is research code tested on Linux 6.12 on an Intel MacBook Pro 11,3. It is not a general product but a working demonstration of what targeted reverse engineering of a closed binary driver can produce.
A patched Linux kernel driver that adds WPA3 WiFi security to the Broadcom BCM4360 chip in 2014 MacBook Pros by reverse-engineering and hooking the closed proprietary binary blob.
Mainly C. The stack also includes C, Python, Linux kernel.
The wrapper code is GPL-2.0 (free to use and modify as long as derivatives stay open source), the Broadcom blob has its own separate proprietary license.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.