hostapd-mana MANA Attack, for the Pineapple.

[Zylla]

12 hours ago, KDWIP said:

I've been messing around with trying to get it to work on an SD card. I've read everything you've said about the issue so really im just trying different things to see what outcomes I get. On this latest install it allows me to launch mana. First it will give me error code 6 sslsplit was not launched correctly. Then when ran again it will give me error code 9 net-creds was not launched correctly. 

This goes back and forth, sometimes its sslstrip sometimes its net-creds. Weird part is randomly it will act like its working before failing.

Yes. When the bug occurs/triggers, the SD-card interface will "reset". You can see this happening in dmesg / logread. 
It will usually take a second or two to reset, and when it's done resetting it has a new device-identifier each time. (sda,sdb,sdc,sdd,sde,sdf,sdg, and so on...)
After it's done resetting you will be able to read/write again, until it happens again.

It's this time-frame when the SD-card is "offline" that makes it easy to detect when using this Toolkit, because it's using alot of processes.
When you're doing all the other normal stuff you can do with the Nano, you will usually not detect this bug happening, because it takes only a second or two until it's back up.

As i said above: My first encounter with this issue, was when i purchased the Nano and started using custom stuff, and terminal stuff like wifite.
It would always crash after a little while, with python complaining about not being able to read/write to the SD-card log-directory.

So a quick dive into dmesg revealed that a kernel-module that handles the file-system and journal was crashing when doing stuff on the SD-card.
Even simply scanning the SD-card with this command will trigger the bug every time for me, on several different SD-cards i've tested:

badblocks -e 100 -v /dev/sdcard/sd1

I very much want to release the Mana Toolkit Module to the official Hak5-repositories, and keep on improving it! But this sd-card issue is worrying me.
It gets silly if every Nano-owner needs to insert a thumb-drive to get a Module working.

IF anyone owns a Pineapple Nano and is using a SD-card successfully with the Mana Toolkit, PLEASE REPORT BACK TO ME!
If i don't get any such reports, i need to assume that everyone will get this issue on the Nano.
I don't want that to happen! I really want to keep on improving this for both the Nano and the Tetra.
Utilizing the small size of the Nano to run this attack very stealthy from your pocket, or utilizing the size of the Tetra to run a powerful EAP attack on the 2.4 and 5GHz bands at the same time, this would be awesome.

And just to update you guys: I'm getting some spare-time in a few days. I will be investing those days heavily in improving this Module and Toolkit.
So keep your eyes (and repositories) up for updates! ;)

[RazerBlade]

 

root@Pineapple:~# wget -qO- https://raw.githubusercontent.com/adde88/hostapd-man
a/master/INSTALL.sh | bash -s -- -v -v
Installing: MANA-Toolkit.
Go grab a cup of coffee, this can take a little while...

Downloading https://www.wifipineapple.com/nano/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_pineapple.
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/base/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_base.
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_packages.
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/management/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_management.
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/routing/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_routing.
--2017-06-07 16:09:33--  https://github.com/adde88/hostapd-mana-openwrt/raw/master/bin/ar71xx/packages/base/asleap_2.2-1_ar71xx.ipk
Resolving github.com... 192.30.253.112, 192.30.253.113
Connecting to github.com|192.30.253.112|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.githubusercontent.com/adde88/hostapd-mana-openwrt/master/bin/ar71xx/packages/base/asleap_2.2-1_ar71xx.ipk [following]
--2017-06-07 16:09:34--  https://raw.githubusercontent.com/adde88/hostapd-mana-openwrt/master/bin/ar71xx/packages/base/asleap_2.2-1_ar71xx.ipk
Resolving raw.githubusercontent.com... 151.101.192.133, 151.101.128.133, 151.101.64.133, ...
Connecting to raw.githubusercontent.com|151.101.192.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12093 (12K) [application/octet-stream]
Saving to: 'asleap_2.2-1_ar71xx.ipk'

asleap_2.2-1_ar71xx 100%[===================>]  11.81K  --.-KB/s    in 0.006s

2017-06-07 16:09:34 (2.01 MB/s) - 'asleap_2.2-1_ar71xx.ipk' saved [12093/12093]

--2017-06-07 16:09:34--  https://github.com/adde88/hostapd-mana-openwrt/raw/master/bin/ar71xx/packages/base/hostapd-mana_2.6-3_ar71xx.ipk
Resolving github.com... 192.30.253.113, 192.30.253.112
Connecting to github.com|192.30.253.113|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.githubusercontent.com/adde88/hostapd-mana-openwrt/master/bin/ar71xx/packages/base/hostapd-mana_2.6-3_ar71xx.ipk [following]
--2017-06-07 16:09:36--  https://raw.githubusercontent.com/adde88/hostapd-mana-openwrt/master/bin/ar71xx/packages/base/hostapd-mana_2.6-3_ar71xx.ipk
Resolving raw.githubusercontent.com... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
Connecting to raw.githubusercontent.com|151.101.0.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9458131 (9.0M) [application/octet-stream]
Saving to: 'hostapd-mana_2.6-3_ar71xx.ipk'

hostapd-mana_2.6-3_ 100%[===================>]   9.02M  1.89MB/s    in 4.8s

2017-06-07 16:09:42 (1.88 MB/s) - 'hostapd-mana_2.6-3_ar71xx.ipk' saved [9458131/9458131]

Installing asleap (2.2-1) to sd...
Installing hostapd-mana (2.6-3) to sd...
Installing tinyproxy (1.8.3-2) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/tinyproxy_1.8.3-2_ar71xx.ipk.
Installing stunnel (5.14-1) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/stunnel_5.14-1_ar71xx.ipk.
Installing ip (4.0.0-1) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/base/ip_4.0.0-1_ar71xx.ipk.
Installing python (2.7.9-5) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python_2.7.9-5_ar71xx.ipk.
Installing python-compiler (2.7.9-5) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-compiler_2.7.9-5_ar71xx.ipk.
Installing python-ctypes (2.7.9-5) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-ctypes_2.7.9-5_ar71xx.ipk.
Installing python-db (2.7.9-5) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-db_2.7.9-5_ar71xx.ipk.
Installing python-decimal (2.7.9-5) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-decimal_2.7.9-5_ar71xx.ipk.
Installing python-distutils (2.7.9-5) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-distutils_2.7.9-5_ar71xx.ipk.
Installing python-email (2.7.9-5) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-email_2.7.9-5_ar71xx.ipk.
Installing python-gdbm (2.7.9-5) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-gdbm_2.7.9-5_ar71xx.ipk.
Installing python-logging (2.7.9-5) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-logging_2.7.9-5_ar71xx.ipk.
Installing python-multiprocessing (2.7.9-5) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-multiprocessing_2.7.9-5_ar71xx.ipk.
Installing python-ncurses (2.7.9-5) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-ncurses_2.7.9-5_ar71xx.ipk.
Installing python-pydoc (2.7.9-5) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-pydoc_2.7.9-5_ar71xx.ipk.
Installing python-unittest (2.7.9-5) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-unittest_2.7.9-5_ar71xx.ipk.
Installing python-xml (2.7.9-5) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/python-xml_2.7.9-5_ar71xx.ipk.
Installing sslsplit (0.4.11-1) to sd...
Downloading https://www.wifipineapple.com/nano/packages/sslsplit_0.4.11-1_ar71xx.ipk.
Installing libevent2 (2.0.22-1) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/base/libevent2_2.0.22-1_ar71xx.ipk.
Installing libevent2-openssl (2.0.22-1) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/base/libevent2-openssl_2.0.22-1_ar71xx.ipk.
Installing libevent2-pthreads (2.0.22-1) to sd...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/base/libevent2-pthreads_2.0.22-1_ar71xx.ipk.
Package sslsplit (0.4.11-1) installed in sd is up to date.
Configuring ip.
grep: /usr/lib/opkg/info/ip.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/ip.list': No such file or directory
Configuring libevent2-openssl.
grep: /usr/lib/opkg/info/libevent2-openssl.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/libevent2-openssl.list': No such file or directory
Configuring python-db.
grep: /usr/lib/opkg/info/python-db.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/python-db.list': No such file or directory
Configuring python-decimal.
grep: /usr/lib/opkg/info/python-decimal.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/python-decimal.list': No such file or directory
Configuring python-distutils.
grep: /usr/lib/opkg/info/python-distutils.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/python-distutils.list': No such file or directory
Configuring tinyproxy.
grep: /usr/lib/opkg/info/tinyproxy.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/tinyproxy.list': No such file or directory
Configuring stunnel.
grep: /usr/lib/opkg/info/stunnel.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/stunnel.list': No such file or directory
Configuring python-compiler.
grep: /usr/lib/opkg/info/python-compiler.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/python-compiler.list': No such file or directory
Configuring python-ctypes.
grep: /usr/lib/opkg/info/python-ctypes.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/python-ctypes.list': No such file or directory
Configuring python-email.
grep: /usr/lib/opkg/info/python-email.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/python-email.list': No such file or directory
Configuring python-gdbm.
grep: /usr/lib/opkg/info/python-gdbm.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/python-gdbm.list': No such file or directory
Configuring python-logging.
grep: /usr/lib/opkg/info/python-logging.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/python-logging.list': No such file or directory
Configuring python-multiprocessing.
grep: /usr/lib/opkg/info/python-multiprocessing.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/python-multiprocessing.list': No such file or directory
Configuring python-ncurses.
grep: /usr/lib/opkg/info/python-ncurses.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/python-ncurses.list': No such file or directory
Configuring python-pydoc.
grep: /usr/lib/opkg/info/python-pydoc.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/python-pydoc.list': No such file or directory
Configuring python-unittest.
grep: /usr/lib/opkg/info/python-unittest.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/python-unittest.list': No such file or directory
Configuring python-xml.
grep: /usr/lib/opkg/info/python-xml.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/python-xml.list': No such file or directory
Configuring python.
grep: /usr/lib/opkg/info/python.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/python.list': No such file or directory
Configuring libevent2.
grep: /usr/lib/opkg/info/libevent2.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/libevent2.list': No such file or directory
Configuring libevent2-pthreads.
grep: /usr/lib/opkg/info/libevent2-pthreads.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/libevent2-pthreads.list': No such file or directory
Configuring sslsplit.
grep: /usr/lib/opkg/info/sslsplit.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/sslsplit.list': No such file or directory
Configuring hostapd-mana.
grep: /usr/lib/opkg/info/hostapd-mana.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/hostapd-mana.list': No such file or directory
Configuring asleap.
grep: /usr/lib/opkg/info/asleap.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/asleap.list': No such file or directory
bash: line 40: /etc/init.d/stunnel: No such file or directory
Installation completed!
Launch MANA by typing: 'launch-mana' in the terminal.

Well, fresh install to factory rested pineapple gave this old problem. The trailing to dmesg gave no other problems directly related to the installation. But as soon as I started trailing dmesg, I got these problems:

root@Pineapple:~# tail -f | dmesg
[    0.000000] Linux version 3.18.36 (openwrt@651d0feeed27) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r49403) ) #40 Fri Oct 28 05:42:22 UTC 2016
[    0.000000] MyLoader: sysp=8a14b024, boardp=44b65156, parts=b69f8d32
[    0.000000] bootconsole [early0] enabled
[    0.000000] CPU0 revision is: 00019374 (MIPS 24Kc)
[    0.000000] SoC: Atheros AR9330 rev 1
[    0.000000] Determined physical RAM map:
[    0.000000]  memory: 04000000 @ 00000000 (usable)
[    0.000000] Initrd not found or empty - disabling initrd
[    0.000000] Zone ranges:
[    0.000000]   Normal   [mem 0x00000000-0x03ffffff]
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x00000000-0x03ffffff]
[    0.000000] Initmem setup node 0 [mem 0x00000000-0x03ffffff]
[    0.000000] On node 0 totalpages: 16384
[    0.000000] free_area_init_node: node 0, pgdat 80355cf0, node_mem_map 81000000
[    0.000000]   Normal zone: 128 pages used for memmap
[    0.000000]   Normal zone: 0 pages reserved
[    0.000000]   Normal zone: 16384 pages, LIFO batch:3
[    0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
[    0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[    0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
[    0.000000] pcpu-alloc: [0] 0
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 16256
[    0.000000] Kernel command line:  board=PINEAPPLE-NANO  console=ttyATH0,115200 rootfstype=squashfs,jffs2 noinitrd
[    0.000000] PID hash table entries: 256 (order: -2, 1024 bytes)
[    0.000000] Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
[    0.000000] Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
[    0.000000] Writing ErrCtl register=00000000
[    0.000000] Readback ErrCtl register=00000000
[    0.000000] Memory: 60944K/65536K available (2467K kernel code, 126K rwdata, 528K rodata, 260K init, 188K bss, 4592K reserved)
[    0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[    0.000000] NR_IRQS:51
[    0.000000] Clocks: CPU:400.000MHz, DDR:400.000MHz, AHB:200.000MHz, Ref:25.000MHz
[    0.000000] Calibrating delay loop... 265.42 BogoMIPS (lpj=1327104)
[    0.080000] pid_max: default: 32768 minimum: 301
[    0.080000] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.090000] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.100000] NET: Registered protocol family 16
[    0.100000] MIPS: machine is WiFi Pineapple NANO
[    0.380000] Switched to clocksource MIPS
[    0.380000] NET: Registered protocol family 2
[    0.390000] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[    0.390000] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
[    0.400000] TCP: Hash tables configured (established 1024 bind 1024)
[    0.400000] TCP: reno registered
[    0.410000] UDP hash table entries: 256 (order: 0, 4096 bytes)
[    0.410000] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[    0.420000] NET: Registered protocol family 1
[    0.420000] PCI: CLS 0 bytes, default 32
[    0.420000] futex hash table entries: 256 (order: -1, 3072 bytes)
[    0.440000] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.440000] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    0.450000] msgmni has been set to 119
[    0.460000] io scheduler noop registered
[    0.460000] io scheduler deadline registered (default)
[    0.470000] Serial: 8250/16550 driver, 1 ports, IRQ sharing disabled
[    0.470000] ar933x-uart: ttyATH0 at MMIO 0x18020000 (irq = 11, base_baud = 1562500) is a AR933X UART
[    0.480000] console [ttyATH0] enabled
[    0.490000] bootconsole [early0] disabled
[    0.500000] m25p80 spi0.0: found mx25l12805d, expected m25p80
[    0.500000] m25p80 spi0.0: mx25l12805d (16384 Kbytes)
[    0.520000] 5 tp-link partitions found on MTD device spi0.0
[    0.520000] Creating 5 MTD partitions on "spi0.0":
[    0.520000] 0x000000000000-0x000000020000 : "u-boot"
[    0.530000] 0x000000020000-0x000000134f84 : "kernel"
[    0.540000] 0x000000134f84-0x000000ff0000 : "rootfs"
[    0.540000] mtd: device 2 (rootfs) set to be root filesystem
[    0.550000] 1 squashfs-split partitions found on MTD device rootfs
[    0.550000] 0x000000dc0000-0x000000ff0000 : "rootfs_data"
[    0.560000] 0x000000ff0000-0x000001000000 : "art"
[    0.560000] 0x000000020000-0x000000ff0000 : "firmware"
[    0.590000] libphy: ag71xx_mdio: probed
[    1.190000] ag71xx ag71xx.0: connected to PHY at ag71xx-mdio.1:04 [uid=004dd041, driver=Generic PHY]
[    1.200000] eth0: Atheros AG71xx at 0xb9000000, irq 4, mode:MII
[    1.200000] TCP: cubic registered
[    1.200000] NET: Registered protocol family 17
[    1.210000] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
[    1.220000] 8021q: 802.1Q VLAN Support v1.8
[    1.230000] VFS: Mounted root (squashfs filesystem) readonly on device 31:2.
[    1.240000] Freeing unused kernel memory: 260K (8036f000 - 803b0000)
[    2.620000] init: Console is alive
[    2.620000] init: - watchdog -
[    5.290000] usbcore: registered new interface driver usbfs
[    5.300000] usbcore: registered new interface driver hub
[    5.300000] usbcore: registered new device driver usb
[    5.360000] SCSI subsystem initialized
[    5.370000] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    5.380000] ehci-platform: EHCI generic platform driver
[    5.380000] ehci-platform ehci-platform: EHCI Host Controller
[    5.390000] ehci-platform ehci-platform: new USB bus registered, assigned bus number 1
[    5.400000] ehci-platform ehci-platform: irq 3, io mem 0x1b000000
[    5.420000] ehci-platform ehci-platform: USB 2.0 started, EHCI 1.00
[    5.420000] hub 1-0:1.0: USB hub found
[    5.420000] hub 1-0:1.0: 1 port detected
[    5.430000] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[    5.440000] ohci-platform: OHCI generic platform driver
[    5.450000] uhci_hcd: USB Universal Host Controller Interface driver
[    5.460000] usbcore: registered new interface driver usb-storage
[    5.690000] init: - preinit -
[    5.800000] usb 1-1: new high-speed USB device number 2 using ehci-platform
[    6.390000] random: procd urandom read with 10 bits of entropy available
[    6.390000] hub 1-1:1.0: USB hub found
[    6.400000] hub 1-1:1.0: 4 ports detected
[    6.670000] mount_root: loading kmods from internal overlay
[    6.970000] usb 1-1.1: new high-speed USB device number 3 using ehci-platform
[    7.030000] block: attempting to load /etc/config/fstab
[    7.150000] block: extroot: not configured
[    7.150000] mount_root: no usable overlay filesystem found, using tmpfs overlay
[    7.210000] procd: - early -
[    7.210000] procd: - watchdog -
[    8.000000] procd: - ubus -
[    9.010000] procd: - init -
[   10.710000] Loading modules backported from Linux version v4.4-rc5-1913-gc8fdf68
[   10.710000] Backport generated by backports.git backports-20151218-0-g2f58d9d
[   10.870000] ath: EEPROM regdomain: 0x0
[   10.870000] ath: EEPROM indicates default country code should be used
[   10.870000] ath: doing EEPROM country->regdmn map search
[   10.870000] ath: country maps to regdmn code: 0x3a
[   10.870000] ath: Country alpha2 being used: US
[   10.870000] ath: Regpair used: 0x3a
[   10.880000] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[   10.880000] ieee80211 phy0: Atheros AR9330 Rev:1 mem=0xb8100000, irq=2
[   10.900000] usbcore: registered new interface driver ath9k_htc
[   10.950000] RPC: Registered named UNIX socket transport module.
[   10.950000] RPC: Registered udp transport module.
[   10.950000] RPC: Registered tcp transport module.
[   10.960000] RPC: Registered tcp NFSv4.1 backchannel transport module.
[   11.000000] tun: Universal TUN/TAP device driver, 1.6
[   11.000000] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
[   11.160000] usbcore: registered new interface driver rt2800usb
[   11.170000] usbcore: registered new interface driver rtl8187
[   11.220000] usbcore: registered new interface driver rtl8192cu
[   11.280000] usbcore: registered new interface driver cdc_acm
[   11.290000] cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters
[   11.300000] usbcore: registered new interface driver cdc_wdm
[   11.320000] nf_conntrack version 0.5.0 (956 buckets, 3824 max)
[   11.360000] usbcore: registered new interface driver ums-alauda
[   11.370000] usbcore: registered new interface driver ums-cypress
[   11.380000] usbcore: registered new interface driver ums-datafab
[   11.390000] usbcore: registered new interface driver ums-freecom
[   11.390000] usbcore: registered new interface driver ums-isd200
[   11.400000] usbcore: registered new interface driver ums-jumpshot
[   11.410000] usbcore: registered new interface driver ums-karma
[   11.410000] usbcore: registered new interface driver ums-sddr09
[   11.420000] usbcore: registered new interface driver ums-sddr55
[   11.430000] usbcore: registered new interface driver ums-usbat
[   11.450000] usbcore: registered new interface driver usbserial
[   11.460000] usbcore: registered new interface driver usbserial_generic
[   11.460000] usbserial: USB Serial support registered for generic
[   11.520000] xt_time: kernel timezone is -0000
[   11.530000] usbcore: registered new interface driver asix
[   11.530000] usbcore: registered new interface driver ax88179_178a
[   11.540000] usbcore: registered new interface driver cdc_ether
[   11.550000] ip_tables: (C) 2000-2006 Netfilter Core Team
[   11.580000] usbcore: registered new interface driver pl2303
[   11.580000] usbserial: USB Serial support registered for pl2303
[   11.590000] PPP generic driver version 2.4.2
[   11.600000] NET: Registered protocol family 24
[   11.610000] usbcore: registered new interface driver qmi_wwan
[   11.620000] usbcore: registered new interface driver rndis_host
[   11.630000] usbcore: registered new interface driver sierra_net
[   11.640000] usbcore: registered new interface driver option
[   11.650000] usbserial: USB Serial support registered for GSM modem (1-port)
[   12.050000] usb 1-1.1: device descriptor read/64, error -145
[   12.310000] usb 1-1.1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   12.430000] usb 1-1.2: new high-speed USB device number 4 using ehci-platform
[   12.620000] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[   12.640000] scsi host0: usb-storage 1-1.2:1.0
[   12.720000] usb 1-1.1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   13.200000] ath9k_htc 1-1.1:1.0: ath9k_htc: HTC initialized with 33 credits
[   13.720000] scsi 0:0:0:0: Direct-Access     Generic  STORAGE DEVICE   0933 PQ: 0 ANSI: 6
[   13.720000] sd 0:0:0:0: Attached scsi generic sg0 type 0
[   14.160000] sd 0:0:0:0: [sda] 31257600 512-byte logical blocks: (16.0 GB/14.9 GiB)
[   14.200000] sd 0:0:0:0: [sda] Write Protect is off
[   14.200000] sd 0:0:0:0: [sda] Mode Sense: 21 00 00 00
[   14.200000] sd 0:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[   14.250000]  sda: sda1 sda2
[   14.260000] sd 0:0:0:0: [sda] Attached SCSI removable disk
[   14.280000] ath9k_htc 1-1.1:1.0: ath9k_htc: FW Version: 1.4
[   14.280000] ath9k_htc 1-1.1:1.0: FW RMW support: On
[   14.290000] ath: EEPROM regdomain: 0x0
[   14.290000] ath: EEPROM indicates default country code should be used
[   14.290000] ath: doing EEPROM country->regdmn map search
[   14.290000] ath: country maps to regdmn code: 0x3a
[   14.290000] ath: Country alpha2 being used: US
[   14.290000] ath: Regpair used: 0x3a
[   14.320000] ieee80211 phy1: Atheros AR9271 Rev:1
[   16.490000] usb 1-1.2: USB disconnect, device number 4
[   16.490000] scsi 0:0:0:0: rejecting I/O to offline device
[   16.490000] scsi 0:0:0:0: [sda] killing request
[   16.500000] scsi 0:0:0:0: [sda]
[   16.500000] Result: hostbyte=0x01 driverbyte=0x00
[   16.510000] scsi 0:0:0:0: [sda] CDB:
[   16.510000] cdb[0]=0x28: 28 00 00 00 00 3f 00 00 20 00
[   16.520000] blk_update_request: I/O error, dev sda, sector 63
[   16.520000] Buffer I/O error on dev sda2, logical block 0, async page read
[   16.530000] Buffer I/O error on dev sda2, logical block 1, async page read
[   16.540000] Buffer I/O error on dev sda2, logical block 2, async page read
[   16.540000] Buffer I/O error on dev sda2, logical block 3, async page read
[   19.610000] usb 1-1.2: new high-speed USB device number 5 using ehci-platform
[   19.770000] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[   19.800000] scsi host1: usb-storage 1-1.2:1.0
[   21.110000] scsi 1:0:0:0: Direct-Access     Generic  STORAGE DEVICE   0933 PQ: 0 ANSI: 6
[   21.110000] sd 1:0:0:0: Attached scsi generic sg0 type 0
[   21.390000] sd 1:0:0:0: [sda] 31257600 512-byte logical blocks: (16.0 GB/14.9 GiB)
[   21.440000] sd 1:0:0:0: [sda] Write Protect is off
[   21.440000] sd 1:0:0:0: [sda] Mode Sense: 21 00 00 00
[   21.440000] sd 1:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[   21.510000]  sda: sda1 sda2
[   21.530000] sd 1:0:0:0: [sda] Attached SCSI removable disk
[   22.030000] usb 1-1.2: USB disconnect, device number 5
[   22.030000] scsi 1:0:0:0: rejecting I/O to offline device
[   22.030000] scsi 1:0:0:0: [sda] killing request
[   22.040000] scsi 1:0:0:0: [sda]
[   22.050000] Result: hostbyte=0x01 driverbyte=0x00
[   22.050000] scsi 1:0:0:0: [sda] CDB:
[   22.050000] cdb[0]=0x28: 28 00 00 00 00 00 00 00 20 00
[   22.060000] blk_update_request: I/O error, dev sda, sector 0
[   22.070000] Buffer I/O error on dev sda, logical block 0, async page read
[   25.210000] usb 1-1.2: new high-speed USB device number 6 using ehci-platform
[   25.820000] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[   25.840000] scsi host2: usb-storage 1-1.2:1.0
[   26.910000] scsi 2:0:0:0: Direct-Access     Generic  STORAGE DEVICE   0933 PQ: 0 ANSI: 6
[   26.920000] sd 2:0:0:0: Attached scsi generic sg0 type 0
[   27.200000] sd 2:0:0:0: [sda] 31257600 512-byte logical blocks: (16.0 GB/14.9 GiB)
[   27.210000] sd 2:0:0:0: [sda] Write Protect is off
[   27.210000] sd 2:0:0:0: [sda] Mode Sense: 21 00 00 00
[   27.230000] sd 2:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[   27.270000]  sda: sda1 sda2
[   27.300000] sd 2:0:0:0: [sda] Attached SCSI removable disk
[   28.330000] random: nonblocking pool is initialized
[   28.760000] EXT4-fs (sda1): couldn't mount as ext3 due to feature incompatibilities
[   28.890000] EXT4-fs (sda1): couldn't mount as ext2 due to feature incompatibilities
[   28.950000] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null)
[   28.960000] device eth0 entered promiscuous mode
[   29.750000] Adding 1004024k swap on /dev/sdcard/sd2.  Priority:-1 extents:1 across:1004024k
[   31.940000] eth0: link up (100Mbps/Full duplex)
[   31.980000] br-lan: port 1(eth0) entered forwarding state
[   31.980000] br-lan: port 1(eth0) entered forwarding state
[   33.980000] br-lan: port 1(eth0) entered forwarding state
[   34.440000] device wlan0 entered promiscuous mode
[   34.540000] br-lan: port 2(wlan0) entered forwarding state
[   34.540000] br-lan: port 2(wlan0) entered forwarding state
[   34.620000] device wlan0-1 entered promiscuous mode
[   34.660000] br-lan: port 3(wlan0-1) entered forwarding state
[   34.660000] br-lan: port 3(wlan0-1) entered forwarding state
[   36.540000] br-lan: port 2(wlan0) entered forwarding state
[   36.660000] br-lan: port 3(wlan0-1) entered forwarding state
[   60.470000] jffs2: notice: (2151) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[   63.650000] br-lan: port 3(wlan0-1) entered disabled state
[   63.660000] device wlan0-1 left promiscuous mode
[   63.660000] br-lan: port 3(wlan0-1) entered disabled state
[   63.800000] device wlan0 left promiscuous mode
[   63.810000] br-lan: port 2(wlan0) entered disabled state
[   64.420000] eth0: link down
[   64.700000] br-lan: port 1(eth0) entered disabled state
[   66.140000] device wlan0 entered promiscuous mode
[   66.140000] br-lan: port 2(wlan0) entered forwarding state
[   66.150000] br-lan: port 2(wlan0) entered forwarding state
[   67.420000] eth0: link up (100Mbps/Full duplex)
[   67.420000] br-lan: port 1(eth0) entered forwarding state
[   67.430000] br-lan: port 1(eth0) entered forwarding state
[   68.130000] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[   68.140000] scsi host3: usb-storage 1-1.2:1.0
[   68.150000] br-lan: port 2(wlan0) entered forwarding state
[   69.140000] scsi 3:0:0:0: Direct-Access     Generic  STORAGE DEVICE   0933 PQ: 0 ANSI: 6
[   69.140000] sd 3:0:0:0: Attached scsi generic sg0 type 0
[   69.430000] br-lan: port 1(eth0) entered forwarding state
[   69.430000] sd 3:0:0:0: [sdb] 31257600 512-byte logical blocks: (16.0 GB/14.9 GiB)
[   69.450000] sd 3:0:0:0: [sdb] Write Protect is off
[   69.450000] sd 3:0:0:0: [sdb] Mode Sense: 21 00 00 00
[   69.450000] sd 3:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[   69.470000]  sdb: sdb1 sdb2
[   69.480000] sd 3:0:0:0: [sdb] Attached SCSI removable disk
[   71.350000] EXT4-fs (sdb1): couldn't mount as ext3 due to feature incompatibilities
[   71.360000] EXT4-fs (sdb1): couldn't mount as ext2 due to feature incompatibilities
[   71.390000] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts: (null)
[   71.610000] Adding 1004024k swap on /dev/sdcard/sd2.  Priority:-2 extents:1 across:1004024k
[  132.910000] br-lan: port 2(wlan0) entered disabled state
[  133.290000] device wlan0 left promiscuous mode
[  133.290000] br-lan: port 2(wlan0) entered disabled state
[  146.070000] device wlan0 entered promiscuous mode
[  146.080000] br-lan: port 2(wlan0) entered forwarding state
[  146.080000] br-lan: port 2(wlan0) entered forwarding state
[  146.180000] device wlan0-1 entered promiscuous mode
[  146.190000] br-lan: port 3(wlan0-1) entered forwarding state
[  146.190000] br-lan: port 3(wlan0-1) entered forwarding state
[  146.710000] br-lan: port 3(wlan0-1) entered disabled state
[  146.900000] br-lan: port 3(wlan0-1) entered forwarding state
[  146.910000] br-lan: port 3(wlan0-1) entered forwarding state
[  148.080000] br-lan: port 2(wlan0) entered forwarding state
[  148.910000] br-lan: port 3(wlan0-1) entered forwarding state
[  180.390000] JBD2: Error -5 detected when updating journal superblock for sdb1-8.
[  180.390000] Aborting journal on device sdb1-8.
[  180.400000] JBD2: Error -5 detected when updating journal superblock for sdb1-8.
[  180.740000] EXT4-fs error (device sdb1): ext4_put_super:797: Couldn't clean up the journal
[  180.750000] EXT4-fs (sdb1): Remounting filesystem read-only
[  182.460000] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[  182.490000] scsi host4: usb-storage 1-1.2:1.0
[  183.490000] scsi 4:0:0:0: Direct-Access     Generic  STORAGE DEVICE   0933 PQ: 0 ANSI: 6
[  183.490000] sd 4:0:0:0: Attached scsi generic sg0 type 0
[  183.780000] sd 4:0:0:0: [sdc] 31257600 512-byte logical blocks: (16.0 GB/14.9 GiB)
[  183.790000] sd 4:0:0:0: [sdc] Write Protect is off
[  183.790000] sd 4:0:0:0: [sdc] Mode Sense: 21 00 00 00
[  183.790000] sd 4:0:0:0: [sdc] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[  183.810000]  sdc: sdc1 sdc2
[  183.820000] sd 4:0:0:0: [sdc] Attached SCSI removable disk
[  184.160000] EXT4-fs (sdc1): couldn't mount as ext3 due to feature incompatibilities
[  184.170000] EXT4-fs (sdc1): couldn't mount as ext2 due to feature incompatibilities
[  184.200000] EXT4-fs (sdc1): recovery complete
[  184.200000] EXT4-fs (sdc1): mounted filesystem with ordered data mode. Opts: (null)
[  184.390000] Adding 1004024k swap on /dev/sdcard/sd2.  Priority:-3 extents:1 across:1004024k
[  190.710000]  sdc: sdc1 sdc2
[  190.870000] EXT4-fs (sdc1): couldn't mount as ext3 due to feature incompatibilities
[  190.880000] EXT4-fs (sdc1): couldn't mount as ext2 due to feature incompatibilities
[  190.910000] EXT4-fs (sdc1): mounted filesystem with ordered data mode. Opts: (null)
[  191.080000] Adding 1004024k swap on /dev/sdcard/sd2.  Priority:-3 extents:1 across:1004024k
[  191.410000] EXT4-fs (sdc1): couldn't mount as ext3 due to feature incompatibilities
[  191.420000] EXT4-fs (sdc1): couldn't mount as ext2 due to feature incompatibilities
[  191.440000] EXT4-fs (sdc1): mounted filesystem with ordered data mode. Opts: (null)
[  191.630000] Adding 1004024k swap on /dev/sdcard/sd2.  Priority:-3 extents:1 across:1004024k
[  193.660000] Write-error on swap-device (8:0:8)
[  193.680000] Write-error on swap-device (8:0:16)
[  204.220000] EXT4-fs (sdc1): couldn't mount as ext3 due to feature incompatibilities
[  204.230000] EXT4-fs (sdc1): couldn't mount as ext2 due to feature incompatibilities
[  204.260000] EXT4-fs (sdc1): mounted filesystem with ordered data mode. Opts: (null)

I can just say that I am excited that you will have more time to work on this in the future and a module it would be great! How did your attempt to compile the kernel by yourself to eliminate this bug?

[Zylla]

6 minutes ago, RazerBlade said:

Well, fresh install to factory rested pineapple gave this old problem. The trailing to dmesg gave no other problems directly related to the installation. But as soon as I started trailing dmesg, I got these problems:

I can just say that I am excited that you will have more time to work on this in the future and a module it would be great! How did your attempt to compile the kernel by yourself to eliminate this bug?

When you're installing this Toolkit on the NANO, you can safely ignore all the lines that are looking like this:

grep: /usr/lib/opkg/info/tinyproxy.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/tinyproxy.list': No such file or directory

I'm guessing that the overlay file-system being used on the Nano, seems to fool the package-manager into believing it's missing some files. When it's really not missing them at all.

About the error-messages in your dmesg: It seems that you are using a SD-card. I don't know if that was intended or not, i'm just pointing it out, just in case 
Those error messages are exactly identical to the ones i am getting when using i'm using my SD-cards.

To answer yoru last question:
Here are the GitHub repos for the OpenWRT-SDK used by Hak5 to build firmware/software/kernel for your Pineapple:
https://github.com/WiFiPineapple/openwrt-pineapple-tetra
https://github.com/WiFiPineapple/openwrt-pineapple-nano

It's really just a normal OpenWRT-SDK with a few hardware-specific changes.
The problem with these repos. are that they are not up-to-date. They uploaded this to GitHub in December, but the repo. is older than that, and uses kernel version 3.18.20.
So i took the repo. and simply merged it with upstream OpenWRT, which basically gets it up to date. (You will need to handle conflicts manually though, but there's usually not that many.)

The SDK will basically build a normal OpenWRT firmware-file, for the Pineapples.
They will NOT contain the web-interface for the Pineapples, or any of the custom Hak5 stuff like PineAP, Pinesniffer, etc. As these programs are closed-source.
But can be used to build custom kernels, or other stuff.

If you're interested in testing the Mana Toolkit Module for the Pineapple, it can be found at my GitHub repo. while still being developed:
https://github.com/adde88/ManaToolkit

[Zylla]

To the guy that needed help editing the launch-script, to launch hostapd-mana in "verbose mode":

Start by opening the launch-script in your favourite editor.
It should be located: /usr/sbin/launch-mana

Now go to line number 330. And you will find a bash-function named: hostapd-mana_start
It normally looks like this:

function hostapd-mana_start {
        hostapd-mana "$conf" | tee "$mana_output_file" &
}

Now, edit it. So it looks like this:

function hostapd-mana_start {
        hostapd-mana -d "$conf" | tee "$mana_output_file" &
}

 

The only thing i have changed is that i've added: -d
To make it even more verbose you can use: -dd,  or:  the most verbose setting: -ddd

[Zylla]

Small Update:

Sensepost has decided to use the "SSID-filter patch" on their upstream branch.
This was added to my dev-branch some months ago.
I decided to also add this to my upstream, as i want it to follow the work of Sensepost as much as possible.
Version bumped to: 2.6-4

By default Mana will respond to all probe-requests. This patch allows you to use a whitelist-file, containing the SSID's you want to allow Mana to respond to.
All other probe-requests will be ignored

If you encounter any issues with this version, or with the newest feature, please inform me :)

[m0nk666]

Doh .. I wend to edit the default Hostapd Configuration File in the Mana Module and clicked restore defaults after making a change I didnt want. the Hostapd Configuration File is now empty and looking in the installation directory, the .conf file is empty too. Could someone kindly post the default file for me so I could just paste it back in please , or tell me where I could get it from. I am not sure how much this Pineapple version would differ from the orginal one  and I didnt back my stuff up this time !! ( my bad ) 

Thanks for reading. 

 

[m0nk666]

Ignore above, I found it here : https://github.com/adde88/hostapd-mana/blob/master/files/conf/hostapd-mana.conf

Regards

[Ei8htbits]

This is great. Great work guys!

[sp4z]

Thank you for you work, it is valuable

[zorgos]

at least there is no issues ? (with sd card or not)

 

[saberu]

Hey guys. I signed up to this forum just to post in this thread. After a couple of days of tinkering I managed to get Mana-Toolkit working on the Nano. The only thing I haven't got working is the webpanel side of the Mana-Toolkit module which seems unable to install dependencies and that is most likely an unfixed bug. 

But I will present issues I encountered and each solution for everyone here. This post should save some people potentially hours of research.

1) Mana can't install/ Not enough disk space- This is the most simple issue you may discover and the solution is to expand your storage using RootFS.

Guide for doing this here - https://wiki.openwrt.org/doc/howto/extroot

2) Mana starts with 'device offline' error- This is caused by a lack of physical/virtual memory on the system, something that Zylla has mentioned in this thread before.

The solution for this problem is to make sure you add a swap partition to your external storage. So when formatting your external storage it should look something like this

<swap><------main ext4 partition> - So the swap partition is much smaller than the main partition, just 2-4GB would be adequate- I'm using 4GB.

Then you need to 'enable' the swap partition in the command line with with 'swapon /dev/sdb2' or whatever the partition ID is.

3) Mana starts and gets 80% through it's startup process then you will get errors about log files as well as potentially 'x module could not start' which could be any of the modules but all these errors are caused by the launch-mana process being unable to write to log files- and if you don't mind me saying some pretty shoddy/ poor programming by Zylla- although I still appreciate the effort gone into this.

This can be fixed by adding the Mana-Toolkit 'web' module, which from the opening post of this thread you might think is optional. It's definitely optional but much easier to add it than make all those log directory structures manually.

You can unzip the module after download it's zip file from Github then running 'python -m zipfile -e master.zip Mana-Toolkit/'.

I hope someone found this post useful. Thanks for reading.

[saberu]

After hours of testing different things and generally failing to get anything useful out of this module. I started experimenting with using an evil portal instead of trying to MITM a connection to the real site.

From what I know so far the 'Evil Portal' module is junk now, DNSSpoof module doesn't work anymore because of too slow DNS replies, DNSMasq WILL work for spoofing DNS.

The most useful thing you can do with the Pineapple currently is attempt to spoof DNS and try redirecting clients to an evil portal. This would be much more effective if we can use this Mana module in conjunction with DNSMasq.

From what I understand it should be possible for websites that are not 'prelisted' in the browser's HSTS whitelist such as Facebook/Google, for Mana's spoof HSTS response- that is SSLStrip+..to work.

[sundhaug92]

Sounds like a great idea. Suggestion: Implement support for remote crackapd, that way one can use the performance of a box in AWS or something, which would be much faster than making the poor pineapple do it. I've previously looked into adding that support to stock crackapd, it should be possible. 

[Zylla]

16 hours ago, saberu said:

After hours of testing different things and generally failing to get anything useful out of this module. I started experimenting with using an evil portal instead of trying to MITM a connection to the real site.

From what I know so far the 'Evil Portal' module is junk now, DNSSpoof module doesn't work anymore because of too slow DNS replies, DNSMasq WILL work for spoofing DNS.

The most useful thing you can do with the Pineapple currently is attempt to spoof DNS and try redirecting clients to an evil portal. This would be much more effective if we can use this Mana module in conjunction with DNSMasq.

From what I understand it should be possible for websites that are not 'prelisted' in the browser's HSTS whitelist such as Facebook/Google, for Mana's spoof HSTS response- that is SSLStrip+..to work.

Thank you very much your very constructive response. I'll definetly be having this in the back of my head when working to improve this attack-vector.
If you have any more ideas, please do share them.

[saberu]

4 hours ago, Zylla said:

Thank you very much your very constructive response. I'll definetly be having this in the back of my head when working to improve this attack-vector.
If you have any more ideas, please do share them.

My pleasure. As I mentioned in a previous post I've had difficulty getting it working well on the Nano. I believe the problem lies in resource usage, CPU usage goes to 100% and it seems to crash easily.

I'm going to have another crack at it soon. But I am interested to know if you or other people have got this working successfully on a Nano?

I will be installing Mana Toolkit on Kali soon on my desktop so I will be able to compare the effectiveness. If I can get the original Mana Toolkit working on my desktop I can try and see where I went wrong with the Nano. Hopefully I can debug it on the Nano more easily in future as I'll try running it in verbose mode.

I wish more people would post in this thread though.

[Zylla]

2 minutes ago, saberu said:

My pleasure. As I mentioned in a previous post I've had difficulty getting it working well on the Nano. I believe the problem lies in resource usage, CPU usage goes to 100% and it seems to crash easily.

I'm going to have another crack at it soon. But I am interested to know if you or other people have got this working successfully on a Nano?

I will be installing Mana Toolkit on Kali soon on my desktop so I will be able to compare the effectiveness. If I can get the original Mana Toolkit working on my desktop I can try and see where I went wrong with the Nano. Hopefully I can debug it on the Nano more easily in future as I'll try running it in verbose mode.

I wish more people would post in this thread though.

The NANO has proven to be a bit challenging. Not only to lacking resources, but also an issue regarding SD-cards.
The issue became really apparent when developing this, as alot is going on at the same time.
It's also one of the reasons why development have been a bit slow, as no fix has been pushed out.
Causing Nano users to use a USB-memory stick posing as the SD-card.

I've had placed a limit on the hostapd-mana.conf.
Limiting how many clients it will accept at once, as resource-usage scales with clients connected.

It's also apparent that the python stuff is the main cause of CPU usage, for example: SSLStrip+, etc.
hostapd-mana  itself barely uses any resources.

[saberu]

3 minutes ago, Zylla said:

It's also apparent that the python stuff is the main cause of CPU usage, for example: SSLStrip+, etc.
hostapd-mana  itself barely uses any resources.

Yes I noticed this too when running Top. Is there anything like the CPULimit tool for OpenWRT? I would like to CPU limit the python scripts like SSLStrip+ as it should stop Mana crashing for me when a client connects.

[Zylla]

4 minutes ago, saberu said:

Yes I noticed this too when running Top. Is there anything like the CPULimit tool for OpenWRT? I would like to CPU limit the python scripts like SSLStrip+ as it should stop Mana crashing for me when a client connects.

Look into 'nice'
It's usable on OpenWRT devices as well.
But it will most likely cause things to go alot slower.

[RobinTheKayOh]

Hey, when I try installing the MANA using the command, I get errors on my Nano using SD card:

 

Installing asleap (2.2-1) to sd...
Installing hostapd-mana (2.6-4) to sd...
Package sslsplit (0.4.11-1) installed in sd is up to date.
Configuring asleap.
grep: /usr/lib/opkg/info/asleap.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/asleap.list': No such file or directory
Collected errors:
 * verify_pkg_installable: Only have 1740kb available on filesystem /sd/, pkg hostapd-mana needs 9299
 * opkg_install_cmd: Cannot install package hostapd-mana.
ln: /etc/mana-toolkit: File exists
Installation completed!
Launch MANA by typing: 'launch-mana' in the terminal.
root@Pineapple:~# launch-mana
-ash: launch-mana: not found
root@Pineapple:~#
 

It's an 8GB SD card and it's newly formatted so I don't understand how it doesn't have more than 1740kb available according to the error message!

Thanks for the help

[sundhaug92]

@RobinTheKayOh Seems like what's actually the error is

ln: /etc/mana-toolkit: File exists

Have you tried removing said file/directory?

[Zylla]

1 hour ago, RobinTheKayOh said:

Hey, when I try installing the MANA using the command, I get errors on my Nano using SD card:

 

Installing asleap (2.2-1) to sd...
Installing hostapd-mana (2.6-4) to sd...
Package sslsplit (0.4.11-1) installed in sd is up to date.
Configuring asleap.
grep: /usr/lib/opkg/info/asleap.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/asleap.list': No such file or directory
Collected errors:
 * verify_pkg_installable: Only have 1740kb available on filesystem /sd/, pkg hostapd-mana needs 9299
 * opkg_install_cmd: Cannot install package hostapd-mana.
ln: /etc/mana-toolkit: File exists
Installation completed!
Launch MANA by typing: 'launch-mana' in the terminal.
root@Pineapple:~# launch-mana
-ash: launch-mana: not found
root@Pineapple:~#
 

It's an 8GB SD card and it's newly formatted so I don't understand how it doesn't have more than 1740kb available according to the error message!

Thanks for the help

By the looks of your error message it seems to be trying to install stuff on your internal memory. ^{(Only have 1740kb available on filesystem /sd/, pkg hostapd-mana needs 9299)}
Yes, it is using /sd but that folder doesn't necessarily mean it is mounted to the SD-card.
I would like to take a look at the output you're getting from the following commands:

dmesg
mount
df -h

You could also attempt a factory-reset, then re-format your SD-card right after the factory-reset. Then reboot, and try again fresh.
SD-cards are known to malfunction on the Nano by the way.

[RobinTheKayOh]

27 minutes ago, Zylla said:

By the looks of your error message it seems to be trying to install stuff on your internal memory. ^{(Only have 1740kb available on filesystem /sd/, pkg hostapd-mana needs 9299)}
Yes, it is using /sd but that folder doesn't necessarily mean it is mounted to the SD-card.
I would like to take a look at the output you're getting from the following commands:

dmesg
mount
df -h

You could also attempt a factory-reset, then re-format your SD-card right after the factory-reset. Then reboot, and try again fresh.
SD-cards are known to malfunction on the Nano by the way.

 

I did this "You could also attempt a factory-reset, then re-format your SD-card right after the factory-reset. Then reboot, and try again fresh.
SD-cards are known to malfunction on the Nano by the way." then did the commands.

 

root@Pineapple:~# dmesg
[    0.000000] Linux version 3.18.36 (openwrt@651d0feeed27) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r49403) ) #40 Fri Oct 28 05:42:22 UTC 2016
[    0.000000] MyLoader: sysp=8a14b024, boardp=44b65156, parts=b69f8d32
[    0.000000] bootconsole [early0] enabled
[    0.000000] CPU0 revision is: 00019374 (MIPS 24Kc)
[    0.000000] SoC: Atheros AR9330 rev 1
[    0.000000] Determined physical RAM map:
[    0.000000]  memory: 04000000 @ 00000000 (usable)
[    0.000000] Initrd not found or empty - disabling initrd
[    0.000000] Zone ranges:
[    0.000000]   Normal   [mem 0x00000000-0x03ffffff]
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x00000000-0x03ffffff]
[    0.000000] Initmem setup node 0 [mem 0x00000000-0x03ffffff]
[    0.000000] On node 0 totalpages: 16384
[    0.000000] free_area_init_node: node 0, pgdat 80355cf0, node_mem_map 81000000
[    0.000000]   Normal zone: 128 pages used for memmap
[    0.000000]   Normal zone: 0 pages reserved
[    0.000000]   Normal zone: 16384 pages, LIFO batch:3
[    0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
[    0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[    0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
[    0.000000] pcpu-alloc: [0] 0
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 16256
[    0.000000] Kernel command line:  board=PINEAPPLE-NANO  console=ttyATH0,115200 rootfstype=squashfs,jffs2 noinitrd
[    0.000000] PID hash table entries: 256 (order: -2, 1024 bytes)
[    0.000000] Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
[    0.000000] Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
[    0.000000] Writing ErrCtl register=00000000
[    0.000000] Readback ErrCtl register=00000000
[    0.000000] Memory: 60944K/65536K available (2467K kernel code, 126K rwdata, 528K rodata, 260K init, 188K bss, 4592K reserved)
[    0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[    0.000000] NR_IRQS:51
[    0.000000] Clocks: CPU:400.000MHz, DDR:400.000MHz, AHB:200.000MHz, Ref:25.000MHz
[    0.000000] Calibrating delay loop... 265.42 BogoMIPS (lpj=1327104)
[    0.080000] pid_max: default: 32768 minimum: 301
[    0.080000] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.090000] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.100000] NET: Registered protocol family 16
[    0.100000] MIPS: machine is WiFi Pineapple NANO
[    0.380000] Switched to clocksource MIPS
[    0.380000] NET: Registered protocol family 2
[    0.390000] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[    0.390000] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
[    0.400000] TCP: Hash tables configured (established 1024 bind 1024)
[    0.400000] TCP: reno registered
[    0.410000] UDP hash table entries: 256 (order: 0, 4096 bytes)
[    0.410000] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[    0.420000] NET: Registered protocol family 1
[    0.420000] PCI: CLS 0 bytes, default 32
[    0.420000] futex hash table entries: 256 (order: -1, 3072 bytes)
[    0.440000] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.440000] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    0.450000] msgmni has been set to 119
[    0.460000] io scheduler noop registered
[    0.460000] io scheduler deadline registered (default)
[    0.470000] Serial: 8250/16550 driver, 1 ports, IRQ sharing disabled
[    0.470000] ar933x-uart: ttyATH0 at MMIO 0x18020000 (irq = 11, base_baud = 1562500) is a AR933X UART
[    0.480000] console [ttyATH0] enabled
[    0.490000] bootconsole [early0] disabled
[    0.500000] m25p80 spi0.0: found mx25l12805d, expected m25p80
[    0.500000] m25p80 spi0.0: mx25l12805d (16384 Kbytes)
[    0.520000] 5 tp-link partitions found on MTD device spi0.0
[    0.520000] Creating 5 MTD partitions on "spi0.0":
[    0.520000] 0x000000000000-0x000000020000 : "u-boot"
[    0.530000] 0x000000020000-0x000000134f84 : "kernel"
[    0.540000] 0x000000134f84-0x000000ff0000 : "rootfs"
[    0.540000] mtd: device 2 (rootfs) set to be root filesystem
[    0.550000] 1 squashfs-split partitions found on MTD device rootfs
[    0.550000] 0x000000dc0000-0x000000ff0000 : "rootfs_data"
[    0.560000] 0x000000ff0000-0x000001000000 : "art"
[    0.560000] 0x000000020000-0x000000ff0000 : "firmware"
[    0.590000] libphy: ag71xx_mdio: probed
[    1.190000] ag71xx ag71xx.0: connected to PHY at ag71xx-mdio.1:04 [uid=004dd041, driver=Generic PHY]
[    1.200000] eth0: Atheros AG71xx at 0xb9000000, irq 4, mode:MII
[    1.200000] TCP: cubic registered
[    1.200000] NET: Registered protocol family 17
[    1.210000] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
[    1.220000] 8021q: 802.1Q VLAN Support v1.8
[    1.230000] VFS: Mounted root (squashfs filesystem) readonly on device 31:2.
[    1.240000] Freeing unused kernel memory: 260K (8036f000 - 803b0000)
[    2.620000] init: Console is alive
[    2.620000] init: - watchdog -
[    5.290000] usbcore: registered new interface driver usbfs
[    5.300000] usbcore: registered new interface driver hub
[    5.300000] usbcore: registered new device driver usb
[    5.360000] SCSI subsystem initialized
[    5.370000] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    5.380000] ehci-platform: EHCI generic platform driver
[    5.380000] ehci-platform ehci-platform: EHCI Host Controller
[    5.390000] ehci-platform ehci-platform: new USB bus registered, assigned bus number 1
[    5.400000] ehci-platform ehci-platform: irq 3, io mem 0x1b000000
[    5.420000] ehci-platform ehci-platform: USB 2.0 started, EHCI 1.00
[    5.420000] hub 1-0:1.0: USB hub found
[    5.420000] hub 1-0:1.0: 1 port detected
[    5.430000] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[    5.440000] ohci-platform: OHCI generic platform driver
[    5.450000] uhci_hcd: USB Universal Host Controller Interface driver
[    5.460000] usbcore: registered new interface driver usb-storage
[    5.690000] init: - preinit -
[    5.800000] usb 1-1: new high-speed USB device number 2 using ehci-platform
[    6.390000] random: procd urandom read with 10 bits of entropy available
[    6.390000] hub 1-1:1.0: USB hub found
[    6.400000] hub 1-1:1.0: 4 ports detected
[    6.670000] mount_root: loading kmods from internal overlay
[    6.970000] usb 1-1.1: new high-speed USB device number 3 using ehci-platform
[    7.060000] jffs2: notice: (325) jffs2_build_xattr_subsystem: complete building xattr subsystem, 2 of xdatum (0 unchecked, 2 orphan) and 2 of xref (0 dead, 2 orphan) found.
[    7.080000] block: attempting to load /tmp/jffs_cfg/upper/etc/config/fstab
[    7.090000] block: extroot: not configured
[    7.130000] jffs2: notice: (322) jffs2_build_xattr_subsystem: complete building xattr subsystem, 2 of xdatum (0 unchecked, 2 orphan) and 2 of xref (0 dead, 2 orphan) found.
[    7.260000] block: attempting to load /tmp/jffs_cfg/upper/etc/config/fstab
[    7.270000] block: extroot: not configured
[    7.270000] mount_root: switching to jffs2 overlay
[    7.330000] procd: - early -
[    7.330000] procd: - watchdog -
[    8.050000] procd: - ubus -
[    9.080000] procd: - init -
[   10.750000] Loading modules backported from Linux version v4.4-rc5-1913-gc8fdf68
[   10.750000] Backport generated by backports.git backports-20151218-0-g2f58d9d
[   10.910000] ath: EEPROM regdomain: 0x0
[   10.910000] ath: EEPROM indicates default country code should be used
[   10.910000] ath: doing EEPROM country->regdmn map search
[   10.910000] ath: country maps to regdmn code: 0x3a
[   10.910000] ath: Country alpha2 being used: US
[   10.910000] ath: Regpair used: 0x3a
[   10.930000] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[   10.930000] ieee80211 phy0: Atheros AR9330 Rev:1 mem=0xb8100000, irq=2
[   10.950000] usbcore: registered new interface driver ath9k_htc
[   11.000000] RPC: Registered named UNIX socket transport module.
[   11.000000] RPC: Registered udp transport module.
[   11.000000] RPC: Registered tcp transport module.
[   11.010000] RPC: Registered tcp NFSv4.1 backchannel transport module.
[   11.050000] tun: Universal TUN/TAP device driver, 1.6
[   11.050000] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
[   11.200000] usbcore: registered new interface driver rt2800usb
[   11.220000] usbcore: registered new interface driver rtl8187
[   11.260000] usbcore: registered new interface driver rtl8192cu
[   11.330000] usbcore: registered new interface driver cdc_acm
[   11.340000] cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters
[   11.350000] usbcore: registered new interface driver cdc_wdm
[   11.360000] nf_conntrack version 0.5.0 (956 buckets, 3824 max)
[   11.420000] usbcore: registered new interface driver ums-alauda
[   11.430000] usbcore: registered new interface driver ums-cypress
[   11.440000] usbcore: registered new interface driver ums-datafab
[   11.450000] usbcore: registered new interface driver ums-freecom
[   11.450000] usbcore: registered new interface driver ums-isd200
[   11.460000] usbcore: registered new interface driver ums-jumpshot
[   11.470000] usbcore: registered new interface driver ums-karma
[   11.480000] usbcore: registered new interface driver ums-sddr09
[   11.490000] usbcore: registered new interface driver ums-sddr55
[   11.490000] usbcore: registered new interface driver ums-usbat
[   11.520000] usbcore: registered new interface driver usbserial
[   11.520000] usbcore: registered new interface driver usbserial_generic
[   11.530000] usbserial: USB Serial support registered for generic
[   11.580000] xt_time: kernel timezone is -0000
[   11.590000] usbcore: registered new interface driver asix
[   11.600000] usbcore: registered new interface driver ax88179_178a
[   11.610000] usbcore: registered new interface driver cdc_ether
[   11.620000] ip_tables: (C) 2000-2006 Netfilter Core Team
[   11.640000] usbcore: registered new interface driver pl2303
[   11.650000] usbserial: USB Serial support registered for pl2303
[   11.660000] PPP generic driver version 2.4.2
[   11.670000] NET: Registered protocol family 24
[   11.670000] usbcore: registered new interface driver qmi_wwan
[   11.680000] usbcore: registered new interface driver rndis_host
[   11.690000] usbcore: registered new interface driver sierra_net
[   11.710000] usbcore: registered new interface driver option
[   11.710000] usbserial: USB Serial support registered for GSM modem (1-port)
[   12.050000] usb 1-1.1: device descriptor read/64, error -145
[   12.310000] usb 1-1.1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   12.430000] usb 1-1.2: new high-speed USB device number 4 using ehci-platform
[   12.660000] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[   12.690000] scsi host0: usb-storage 1-1.2:1.0
[   13.440000] usb 1-1.1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   13.640000] ath9k_htc 1-1.1:1.0: ath9k_htc: HTC initialized with 33 credits
[   13.690000] scsi 0:0:0:0: Direct-Access     Generic  STORAGE DEVICE   0933 PQ: 0 ANSI: 6
[   13.700000] sd 0:0:0:0: Attached scsi generic sg0 type 0
[   13.940000] ath9k_htc 1-1.1:1.0: ath9k_htc: FW Version: 1.4
[   13.950000] ath9k_htc 1-1.1:1.0: FW RMW support: On
[   13.950000] ath: EEPROM regdomain: 0x0
[   13.950000] ath: EEPROM indicates default country code should be used
[   13.950000] ath: doing EEPROM country->regdmn map search
[   13.950000] ath: country maps to regdmn code: 0x3a
[   13.950000] ath: Country alpha2 being used: US
[   13.950000] ath: Regpair used: 0x3a
[   13.970000] ieee80211 phy1: Atheros AR9271 Rev:1
[   15.910000] sd 0:0:0:0: [sda] Spinning up disk...
[   17.150000] ...
[   23.690000] device eth0 entered promiscuous mode
[   25.990000] eth0: link up (100Mbps/Full duplex)
[   26.040000] br-lan: port 1(eth0) entered forwarding state
[   26.040000] br-lan: port 1(eth0) entered forwarding state
[   26.770000] .
[   28.040000] br-lan: port 1(eth0) entered forwarding state
[   29.910000] .
[   30.760000] device wlan0 entered promiscuous mode
[   30.850000] br-lan: port 2(wlan0) entered forwarding state
[   30.850000] br-lan: port 2(wlan0) entered forwarding state
[   30.930000] device wlan0-1 entered promiscuous mode
[   30.940000] br-lan: port 3(wlan0-1) entered forwarding state
[   30.940000] br-lan: port 3(wlan0-1) entered forwarding state
[   31.730000] br-lan: port 3(wlan0-1) entered disabled state
[   32.650000] eth0: link down
[   32.730000] br-lan: port 1(eth0) entered disabled state
[   32.850000] br-lan: port 2(wlan0) entered forwarding state
[   33.060000] .
[   33.080000] br-lan: port 3(wlan0-1) entered forwarding state
[   33.090000] br-lan: port 3(wlan0-1) entered forwarding state
[   33.810000] eth0: link up (100Mbps/Full duplex)
[   33.840000] br-lan: port 1(eth0) entered forwarding state
[   33.840000] br-lan: port 1(eth0) entered forwarding state
[   35.090000] br-lan: port 3(wlan0-1) entered forwarding state
[   35.840000] br-lan: port 1(eth0) entered forwarding state
[   36.100000] ...
[   43.340000] random: nonblocking pool is initialized
root@Pineapple:~# mount
rootfs on / type rootfs (rw)
/dev/root on /rom type squashfs (ro,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,noatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,noatime)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noatime)
/dev/mtdblock3 on /overlay type jffs2 (rw,noatime)
overlayfs:/overlay on / type overlay (rw,noatime,lowerdir=/,upperdir=/overlay/upper,workdir=/overlay/work)
tmpfs on /dev type tmpfs (rw,nosuid,relatime,size=512k,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,mode=600)
debugfs on /sys/kernel/debug type debugfs (rw,noatime)
root@Pineapple:~# df -h
Filesystem                Size      Used Available Use% Mounted on
rootfs                    2.2M    256.0K      1.9M  11% /
/dev/root                12.5M     12.5M         0 100% /rom
tmpfs                    29.9M     96.0K     29.8M   0% /tmp
/dev/mtdblock3            2.2M    256.0K      1.9M  11% /overlay
overlayfs:/overlay        2.2M    256.0K      1.9M  11% /
tmpfs                   512.0K         0    512.0K   0% /dev
root@Pineapple:~#
 

[Zylla]

1 minute ago, RobinTheKayOh said:

 

I did this "You could also attempt a factory-reset, then re-format your SD-card right after the factory-reset. Then reboot, and try again fresh.
SD-cards are known to malfunction on the Nano by the way." then did the commands.

 

root@Pineapple:~# dmesg

As suspected, your SD-card is not mounted. The kernel doesn't even seem to detect it. I have no idea why though. :(

[RobinTheKayOh]

2 minutes ago, Zylla said:

As suspected, your SD-card is not mounted. The kernel doesn't even seem to detect it. I have no idea why though. :(

I assume it's "impossible" to install MANA on internal storage?

 

EDIT: I re-inserted the SD card and it popped up.

/dev/sdcard/sd1           6.2G     50.2M      5.8G   1% /sd
 

Do I just proceed as normal or do I have to do something with the SD card?

[Zylla]

I imagine the hostapd-mana process itself would fit perfectly on the internal-storage without any issues.
The stuff that takes up space is the python libraries and programs. (So NO, it will not fit)

I'am actually in the process of updating this, and have been considering splitting the packages a bit.
For instance, making hostapd-mana simply contain hostapd-mana. (For some attacks it can be enough.)

But we'll see. What do you guys think about splitting the IPKs?
This would of course mean that a module built around this would also have to take that into consideration.
Like making a toggle in the module that simply turns on hostapd-mana.
Then another toggle for the other software.... I think you get where i'm going with it.
Sounds like an improvement?
Or should it just be a simple script that launces the same attack each time?