Archives July 2024

Turn your OnePlus 12 into a WiFi Sniffer

Turn your OnePlus 12 into a WiFi Sniffer
  • Go to Settings -> About device -> Version, and tap on “Version number” 7 times, this should enable the developer mode.



  • Go to Settings -> Additional settings -> Developer Options, and enable “USB debugging” and “OEM unlocking”.

  • To communicate with the OnePlus phone we will need to install the command-line tool adb (Android Debug Bridge). On a MacOS this can be installed using HomeBrew.

firasshaari@MacBook-Pro-9 ~ % brew install android-platform-tools
  • Connect the device to your laptop using a USB-C to USB-C or USB-C to USB-A cable. Now, you should be able to see your device listed under the connected devices.

firasshaari@MacBook-Pro-9 ~ % adb devices   
List of devices attached
76f80f11	device
  • Reboot the device in the bootloader mode using the below command.

firasshaari@MacBook-Pro-9 ~ % adb reboot bootloader
  • Now in the bootloader mode your device should have a similar screen to the photo below except, its bootloader is still in the locked state.

  • Now using either one of the 2 commands listed below your phone will prompt you that you’re about to unlock the bootloader. Once you accept that, the device will reboot and a message stating that the device cannot be trusted and you will need to set up it again from scratch.

firasshaari@MacBook-Pro-9 ~ % fastboot oem unlock
firasshaari@MacBook-Pro-9 ~ % fastboot flashing unlock
  • After setting up your device, we will need to install the Magisk APK to allow for super user access on the device. Download Magisk-v27.0.apk and push it your device’s SD card using the following command.

firasshaari@MacBook-Pro-9 Downloads % adb push Magisk-v27.0.apk /sdcard/Download/ 
Magisk-v27.0.apk: 1 file pushed, 0 skipped. 42.2 MB/s (12498796 bytes in 0.282s)
  • Use the Files app on the device to install the Magisk APK. In my case you can see that the device is trying to update the already installed APK


  • After installing the APK you should be greeted with a similar screen the one below. The only difference between my screenshot and yours will be that you haven’t installed Magisk yet.

firasshaari@MacBook-Pro-9 ~ % adb push init_boot.img /sdcard/Download/
  • Open Magisk on the device, click on the “Ramdisk” install and “Select and Patch a File” and select the “init_boot.img” file that we pushed to the device in the last step.

  • Using the adb pull command, pull the generated patched “init_boot.img” file from your phone to your laptop.
firasshaari@MacBook-Pro-9 ~ % adb pull /sdcard/Download/magisk_patched-27000_Y3vcR.img
  • Now reboot the device in the bootloader mode and flash the patched image.

firasshaari@MacBook-Pro-9 ~ % adb reboot bootloader
firasshaari@MacBook-Pro-9 ~ % fastboot flash init_boot magisk_patched-27000_Y3vcR.img
  • Reboot the device and if all goes well Magisk should be installed and, at this point and you should have root access on the device. It can be seen in the example below how running iw commands fails at first but after acquiring root privileges using the su command the command is executed successfully.

firasshaari@MacBook-Pro-9 ~ % adb shell
OP595DL1:/ $ iw wlan info 
/system/bin/sh: iw: inaccessible or not found
127|OP595DL1:/ $ su
1|OP595DL1:/ # iw wlan0 info                                                                                                                                                                                                                                               
Interface wlan0
	ifindex 24
	wdev 0x1
	addr 8e:f1:ad:a1:a6:71
	ssid home
	type managed
	wiphy 0
	channel 36 (5180 MHz), width: 80 MHz, center1: 5210 MHz
	txpower 20.00 dBm
OP595DL1:/ # 
  • To turn the OnePlus 12 into sniffer mode, execute the following commands on adb shell.
iw phy phy0 interface add mon0 type monitor 
ip link set wlan0 down 
ip link set mon0 up 
ip link set wlan0 down
iw dev mon0 set channel 36 
tcpdump -i mon0 -envvv 

Useful Links