Skip to main content

Nzyme v1.1.0 "Cherry Bomb" has been released

· 4 min read
Lennart Koopmann
Nzyme Developer

About a month after the initial release of nzyme v1.0.0, I'm happy to announce that v1.1.0 is now generally available.

This release includes new features and bug fixes based on feedback from the community. Please always report bugs or suggest features in the discussion forum, issue tracker or on the nzyme Discord.

The packages are available on the downloads page.

Syslog Uplink#

Previous releases of nzyme already allowed to forward frames in the Graylog Extended Log Format (GELF) and this release adds functionality to send logs in the classic syslog format. This allows you to use a wider range of SIEM and log management systems.

The two new uplink types are for Syslog RFC 5424 and RFC 3164 (this is the obsolete BSD syslog Protocol that some systems still expect) and both use UDP.

The uplinks configuration syntax changed and you should adapt it but nzyme will still parse the old syntax for compatibility. A warning will be printed until you adapt to the new syntax.

Learn how to use the new uplinks in the documentation.

The related GitHub issue is #348. Feature suggested by andrewbeard.

Manual Monitor Mode Configuration#

Nzyme uses the libpcap library for several things, including configuring WiFi interfaces into monitor mode for listening to all frames and not only those directed at the interface specifically. Not all WiFi interfaces support monitor mode and that's why you should use one of the tested and recommended interfaces for nzyme. They are listed in the documentation.

In some cases, the combination of your driver and specific libpcap version can lead to a situation where a WiFi interface that does support monitor mode cannot be configured properly and nzyme falsely reports that it does not support monitor mode. In that case, manual configuration of monitor mode with something like iwconfig [interface] set mode monitor or the aircrack-ng tool chain will usually succeed but nzyme will still fail to start up.

This new feature allows you to set skip_enable_monitor to true and nzyme will simply not attempt to configure monitor mode at all, expecting you to do it manually.

Here is an example:

802_11_monitors: [  {    device: wlx00c0ca971201    channels: [1,2,3,4,5,6,7,8,9,10,11]    channel_hop_command: "sudo /sbin/iwconfig {interface} channel {channel}"    channel_hop_interval: 1    skip_enable_monitor: true  }]

The related GitHub issue is #347. Thank you for the report and assistance steev.

Initial WPA3 Support#

Nzyme now supports properly reporting WPA3, specifically the PSK SHA256 and SAE modes. This is an improvement over the previously missing support, but it will likely still need improvements to properly capture real world scenarios, including WPA2/3 mixed mode. Please report any shortcomings in the in the discussion forum, issue tracker or on the nzyme Discord.

The related GitHub issue is #352. Thank you for the report and assistance andrewbeard.

WiFi Pineapple Mark VII Bandit Definitions#

Bandit definitions for the new WiFi Pineapple Mark VII were added and nzyme detects it as reliably as previous WiFi Pineapple releases. Fun!

Additional Fixes and Changes#

Additional fixes and changes include:

  • Documentation: Clarified how to add multiple fingerprints and monitor interfaces to configuration (#370)
  • Improved seeding of default bandits (#361)
  • Introduced a new FrameProcessor to decouple receiving and parsing frames
  • Upgraded several dependencies
  • Default bandits no longer show created and last updated information in bandits table (#359)

You can find the complete change log on GitHub.

Upgrading#

There are no special steps required for upgrading from v1.0.0. You can simply extract the new release over an existing one and restart nzyme:

$ sudo dpkg -i nzyme-1.1.0.deb$ sudo systemctl daemon-reload$ sudo systemctl restart nzyme
Join the nzyme GitHub Sponsors to support the project and enjoy early access to new developments and behind the scenes content.