driver-manager/BUILDING_MODULES.md

Building Custom Kernel Modules & Firmware

This module works out of the box for everything that's native to the Pixel 10 Pro Fold kernel. Some features need extra firmware or kernel modules you build yourself.

What's Already Native (No Build Needed)

Component	Driver	Status
GPU	pvrsrvkm (PowerVR DXT-48-1536)	Built-in, Vulkan 1.4 / GLES 3.x / OpenCL 3.0
WiFi	bcmdhd4390 (Broadcom BCM4390)	Built-in, Wi-Fi 7 / WFD R2 / P2P
Bluetooth	btqca + btbcm + rfcomm + hidp	Built-in
Xbox Controllers	xpad	Built-in (CONFIG_JOYSTICK_XPAD=y)
PS5 DualSense	hid-playstation	Built-in
PS4 DualShock	hid-sony	Built-in
Switch Pro / Joy-Con	hid-nintendo	Built-in
Xbox One (BT)	hid-microsoft	Built-in
Logitech (F310/F710)	hid-logitech + hidpp	Built-in
Steam Controller	hid-steam	Built-in
Wacom Tablets	wacom	Built-in
8BitDo / Generic	hid-generic	Built-in
USB Audio	snd_usb_audio	Built-in
USB Serial (FTDI)	ftdi_sio	Built-in
USB CDC ACM	cdc_acm	Built-in
USB Cameras	uvcvideo	Built-in
WireGuard VPN	wireguard	Built-in

What Needs User Action

1. SDR Devices (RTL-SDR, HackRF, Airspy, LimeSDR)

No kernel modules needed. All SDR devices on Android use userspace USB libraries. The module handles USB permissions automatically.

RTL-SDR + HackRF Driver App (rtl_tcp_andro):

This module includes the source for the Android RTL-SDR/HackRF driver app (rtl_tcp_andro) as a submodule in tools/rtl_tcp_andro/. It implements the rtl_tcp protocol natively on Android via USB OTG — no root needed for the app itself.

To build the APK:

cd tools/rtl_tcp_andro
./gradlew assembleRelease

The APK will be at app/build/outputs/apk/release/app-release-unsigned.apk. Copy it to apk/rtl_tcp_andro.apk and rebuild the module zip — the installer will auto-install it on the device.

Or install directly:

adb install app/build/outputs/apk/release/app-release-unsigned.apk

The app provides an iqsrc:// intent that any SDR client app can use to receive I/Q samples from RTL-SDR, HackRF, or SDRplay hardware.

Supported hardware: RTL-SDR (all versions), HackRF One, SDRplay RSP

Setup in Termux:

pkg update && pkg install -y rtl-sdr hackrf

This gives you: rtl_sdr, rtl_fm, rtl_adsb, rtl_power, rtl_tcp, hackrf_transfer, hackrf_sweep

Android apps that work with USB OTG SDR:

• SDR Touch (RTL-SDR)
• RF Analyzer (RTL-SDR)
• Aerial TV (DVB-T via RTL-SDR)
• SDR++ (if compiled for Android via Termux)

Switching between DVB-T and SDR: There's no kernel conflict on this device (no DVB modules compiled in). Just use the appropriate app — Aerial TV for DVB-T, SDR Touch for scanning.

2. Nexmon WiFi Monitor/Injection Mode

The BCM4390 is a new chip. Nexmon does NOT officially support it yet.

To check for support:

git clone https://github.com/seemoo-lab/nexmon
grep -r "4390" nexmon/

If/when BCM4390 patches become available:

1. Clone nexmon and set up the build environment:

# In Termux or a Linux build machine
git clone https://github.com/seemoo-lab/nexmon
cd nexmon
source setup_env.sh
make

2. Build the patched firmware for BCM4390:

cd patches/bcm4390/<firmware_version>/nexmon
make

3. Copy the firmware files to the module:

# Monitor mode firmware
cp <built_firmware>.bin /data/adb/modules/driver-manager/firmware/fw_bcm4390_monitor.bin

# Injection mode firmware (if separate)
cp <built_firmware_inject>.bin /data/adb/modules/driver-manager/firmware/fw_bcm4390_injection.bin

4. Switch mode via WebUI or manually:

echo "monitor" > /data/adb/modules/driver-manager/config/wifi_mode
sh /data/adb/modules/driver-manager/service.sh

Currently supported Broadcom chips with nexmon: BCM4330, BCM4335b0, BCM4339, BCM43430a1, BCM43439a0, BCM43451b1, BCM43455c0, BCM43436b0, BCM4375b1, BCM4389c1, BCM4398d0

3. Joydev (/dev/input/jsX)

The kernel has CONFIG_INPUT_JOYDEV disabled. Most Android games use evdev (/dev/input/eventX) which works fine. If you need joydev for a specific app:

Option A: Build joydev.ko

You need the kernel source matching your device's kernel version.

# Get kernel version
uname -r

# Clone the kernel source
# For Pixel 10 (rango), the source is in the Android kernel common tree
repo init -u https://android.googlesource.com/kernel/manifest -b android-gs-laguna-<version>
repo sync -c

# Build the module
make ARCH=arm64 modules_prepare
make ARCH=arm64 M=drivers/input/joydev modules

Copy joydev.ko to /data/adb/modules/driver-manager/modules/ and it will be loaded on next boot.

Option B: Use a custom kernel that has joydev compiled in.

4. GPU Driver Updates

The PowerVR GPU driver is updatable via Google Play (Game Update Pack). This module sets ro.gfx.driver.1 to request the updatable driver.

To check current driver version:

dumpsys gpu | grep -i version
# or
getprop ro.gfx.driver.1

To force a specific driver version: If Google hasn't pushed v25.1+ yet, check:

• Settings > System > System Update (driver updates come with security patches)
• The Android 16 QPR3 update bumps the driver to v1.634.2906

5. OpenCL (CUDA Alternative)

There is no CUDA on Android (NVIDIA only). PowerVR supports OpenCL 3.0 instead.

To use OpenCL on Pixel 10:

• PowerVR OpenCL library: /vendor/lib64/libPVROCL.so
• Use compute mode in this module to enable FP16 and max GPU freq
• Vulkan compute shaders are also an option for GPU workloads

Termux OpenCL setup:

pkg install -y clinfo opencl-headers
clinfo  # Should show PowerVR device

Included Reference Projects

These are included as submodules in tools/ to give you a starting point for building custom drivers and firmware. Clone with --recurse-submodules to get them.

monmob — WiFi Monitor Mode on Android

• Path: tools/monmob
• Repo: https://github.com/tuter/monmob
• What: Enables WiFi monitor mode on mobile devices. Useful reference for getting monitor mode working on Broadcom chips without full nexmon.

P4wnP1 — USB Attack Platform

• Path: tools/P4wnP1
• Repo: https://github.com/RoganDawes/P4wnP1
• What: Turns devices into a flexible USB attack/pentest platform. HID injection, network attacks via USB gadget, Bluetooth. Good reference for USB gadget mode drivers and HID attack payloads on Android.

dustcloud-nexmon — Nexmon for Broadcom Chips

• Path: tools/dustcloud-nexmon
• Repo: https://github.com/dgiese/dustcloud-nexmon
• What: Nexmon firmware patches adapted for various Broadcom WiFi chips. Reference for porting nexmon to new chips like the BCM4390.

InternalBlue — Bluetooth Firmware Patching

• Path: tools/internalblue
• Repo: https://github.com/seemoo-lab/internalblue
• What: Bluetooth experimentation framework from the Seemoo Lab (same team behind nexmon). Patches Broadcom/Cypress and some Qualcomm Bluetooth firmware for security research. Supports:
  • Raw HCI access and LMP monitoring
  • Firmware patching on Broadcom BT chips
  • Fuzzing and security testing
  • Works on Android with root (KernelSU)

rtl_tcp_andro — RTL-SDR + HackRF Android Driver

• Path: tools/rtl_tcp_andro
• Repo: https://github.com/signalwareltd/rtl_tcp_andro-
• What: Native Android USB driver for RTL-SDR and HackRF. Implements the rtl_tcp protocol via iqsrc:// intent. Build the APK and any SDR app on Android can use your USB SDR hardware without root.

Kernel Module Loading via KernelSU

KernelSU supports loading .ko files. Place them in:

/data/adb/modules/driver-manager/modules/<name>.ko

The module will insmod any .ko files found at boot.

Important: Modules must be compiled against the exact kernel version running on your device. Mismatched modules will fail to load with "Invalid module format" or segfault.

Check your kernel version:

uname -r
cat /proc/version

USB Device Reference

Device	Vendor:Product	Type
RTL-SDR v1	0bda:2832	Userspace USB
RTL-SDR v3	0bda:2838	Userspace USB
RTL-SDR v4	0bda:2840	Userspace USB
HackRF One	1d50:6089	Userspace USB
Airspy Mini	1d50:60a1	Userspace USB
Airspy HF+	1d50:6108	Userspace USB
LimeSDR Mini	04b4:00f3	Userspace USB
SDRplay RSP1	1df7:2500	Userspace USB
SDRplay RSP2	1df7:3020	Userspace USB
Xbox Controller	045e:028e	Native xpad
PS5 DualSense	054c:0ce6	Native hid-playstation
PS4 DualShock	054c:09cc	Native hid-sony
Switch Pro	057e:2009	Native hid-nintendo
8BitDo	Various	Native hid-generic