NetworkingPlus

[esa]

https://github.com/esa101/NetworkingPlus

Nano/Tetra networking module with more options for client AP creation. WPA/WPA2, Disable AP

Installation: Just place the files in /pineapple/modules/NetworkingPlus

**Client AP is also being use by PineAP. So this might disrupt how Pineapple Wifi Works. Reset back to any open AP if you are experiencing issues with other modules.

Not tested thoroughly, please highlight if you are facing issues with this. Will try to debug it for the benefit of the community. 

 

Intention for creating this is to make my life easier when performing Evil Twin against clients on WPA2/WPA protected APs. 

[b0N3z]

I just replace my stock networking tab with this on my nano and ill see what I can do with it.  Looks nice.

[b0N3z]

So when I select Open for Client AP encryption after a refresh or switching tabs, that goes away and the field is blank.

[esa]

6 hours ago, b0N3z said:

So when I select Open for Client AP encryption after a refresh or switching tabs, that goes away and the field is blank.

Thanks for the feedback. Have investigated and fixed the problem. 
Installation: Just place the files in /pineapple/modules/NetworkingPlus

https://github.com/esa101/NetworkingPlus/tree/version-1.2

 

Have also removed the suggestion to replace the original networking module, incase this module screws something up you still have the original networking module to fall back to. 

[esa]

Yet another minor update.

This time i enabled more variety of WPA/WPA2 (TKIP or CCMP or both) networks that can be created. 

https://github.com/esa101/NetworkingPlus/tree/version-1.3

 

On what is TKIP or CCMP, please read the article i linked below. 

https://www.acrylicwifi.com/en/blog/about-wpa-psk-tkip-ccmp-wi-fi-security-information/

 

So why not just a generic WPA, WPA2 network. Earlier on i mentioned that this mod is to make my life easier when performing Evil Twin against clients on WPA2/WPA protected APs. For Evil Twin to work, you will need to create a AP with the same SSID and Encryption type (MAC address spoofing is not necessary).

 

[b0N3z]

hey do you have the stock files for the networking tab?  I dont really want to reset my tetra to get it back and I was not smart enought ( a six pack was involved ) to back it up.

[Sebkinne]

@b0N3z that's simple :)

rm -rf /pineapple/modules/Networking
cp -r /rom/pineapple/modules/Networking /pineapple/modules/

Because we use SquashFS, you'll basically find all original files in the readonly /rom mountpoint.

[esa]

https://github.com/esa101/NetworkingPlus/blob/version-1.4

Updated the module to set the maximum number of clients that can connect to our AP.
This is a very useful feature when you are creating a popular SSID to spoof as.
PineAP cannot support too many clients connecting to it, when there are alot of clients using PineAP, the internet service becomes unusable.

 

Please share your experience on the maximum number of clients that could be connected to your spoofed AP w/o making the internet unusable. 

 

 

Further info on my findings that could help: 

On the number clients that can be supported, i couldnt find an official answer but 8 could be the magic max number.

From: https://wifipineapple.com/pages/nano, we know that nano is using Atheros AR9331 + Atheros AR9271 chipsets. 
By default wlan0 is responsible for creating the spoofed AP.
Running "ethtool -i wlan0" on nano, we can tell that wlan0 is the one using AR9331. 

 

From https://wikidevi.com/wiki/Atheros_AR9331 we know that TP-Link WR741ND also uses Atheros AR9331 chipset.
From a 2yrs old discussion on http://forum.tp-link.com/showthread.php?75905-TL-WR741ND-max-wireless-users, someone suggested the magic number 8. 

 

You might wonder whether it would help to use wlan1 to create the spoofed AP? 
From https://wikidevi.com/wiki/Atheros_AR9271 we know that TP-LINK TL-WN722N is also using the Atheros AR9271 chipsets.
From https://wikidevi.com/wiki/TP-LINK_TL-WN722N "This device supports a maximum of 2 simultaneous AP and 7 clients"
So the performances will roughly be similar. 

[Zylla]

I entered an issue on your github repo. (For your convenience)

The 5GHz channels will not show up as they normally do, when using a Pineapple TETRA.
It only lists up to channel 11.

[esa]

8 hours ago, Zylla said:

I entered an issue on your github repo. (For your convenience)

The 5GHz channels will not show up as they normally do, when using a Pineapple TETRA.
It only lists up to channel 11.

Hi i just assumed Tetra & Nano are sharing the same module. As i do not have a Tetra, is it possible to upload the Tetra's default Networking module.

I will do a code comparison and would likely be able to "fix" it if the changes is not too significant.

[Zylla]

Yeah, given that some of the "main-modules" have checks for what device you are running, one would assume that it's the same module.
Here's some diffs for you.
(Btw, it looks like the coloring-scheme in my terminal made its way to the uploaded patch files. Just try to ignore them if possible)

module.html

--- Networking_NANO/module.html         2016-08-15 10:34:32.000000000 +0200
+++ Networking_TETRA/module.html        2016-08-15 09:23:13.000000000 +0200
@@ -57,7 +57,7 @@
                         <label class="col-sm-3 control-label">Access Point Channel</label>
                         <div class="col-sm-5">
                             <select class="form-control" ng-model="apConfig['selectedChannel']">
-                                <option ng-repeat="channel in [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]">{{ channel }}</option>
+                                <option ng-repeat="channel in apConfig['availableChannels']">{{ channel }}</option>
                             </select>
                         </div>
                     </div>

api/module.php

--- Networking_NANO/api/module.php      2016-09-29 05:55:36.000000000 +0200
+++ Networking_TETRA/api/module.php     2016-10-26 04:06:39.000000000 +0200
@@ -143,7 +143,7 @@

         $uciID = $this->getUciID(substr($interface, 1, -1));
         $radio = $this->getRadioID(substr($interface, 1, -1));
-        if ($this->uciGet("wireless.@wifi-iface[{$uciID}].network") === 'wan') {
+        if ($this->uciGet("wireless.@wifi-iface[{$uciID}].network") === 'wwan') {
             $this->uciSet("wireless.@wifi-iface[{$uciID}].network", 'lan');
             exec("wifi up $radio");
             sleep(2);
@@ -168,7 +168,7 @@
                 continue;
             }

-            $accessPoint['channel'] = intval(substr(trim($apData[2]), -2));
+            $accessPoint['channel'] = intval(substr(trim($apData[2]), 23));

             $signalString = explode("  ", trim($apData[3]));
             $accessPoint['signal'] = substr($signalString[0], 8);
@@ -254,7 +254,7 @@
                 $encryption = "";
         }

-        $this->uciSet("wireless.@wifi-iface[{$uciID}].network", 'wan');
+        $this->uciSet("wireless.@wifi-iface[{$uciID}].network", 'wwan');
         $this->uciSet("wireless.@wifi-iface[{$uciID}].mode", 'sta');
         $this->uciSet("wireless.@wifi-iface[{$uciID}].ssid", $this->request->ap->ssid);
         $this->uciSet("wireless.@wifi-iface[{$uciID}].encryption", $encryption);
@@ -330,6 +330,10 @@
             return;
         }
         $this->uciSet('wireless.radio0.channel', $config->selectedChannel);
+        if ($config->selectedChannel > 14) {
+            $this->uciSet('wireless.radio0.hwmode', '11n');
+        }
+
         $this->uciSet('wireless.@wifi-iface[0].ssid', $config->openSSID);
         $this->uciSet('wireless.@wifi-iface[0].hidden', $config->hideOpenAP);
         $this->uciSet('wireless.@wifi-iface[1].ssid', $config->managementSSID);
@@ -341,8 +345,12 @@

     private function getAPConfig()
     {
+        exec("iwinfo phy0 freqlist", $output);
+        preg_match_all("/\(Channel (\d+)\)$/m", implode("\n", $output), $channelList);
+
         $this->response = array(
             "selectedChannel" => $this->uciGet("wireless.radio0.channel"),
+            "availableChannels" => $channelList[1],
             "openSSID" => $this->uciGet("wireless.@wifi-iface[0].ssid"),
             "hideOpenAP" => $this->uciGet("wireless.@wifi-iface[0].hidden"),
             "managementSSID" => $this->uciGet("wireless.@wifi-iface[1].ssid"),

js/module.js

--- Networking_NANO/js/module.js        2016-08-23 10:34:07.000000000 +0200
+++ Networking_TETRA/js/module.js       2016-10-26 04:06:39.000000000 +0200
@@ -53,7 +53,9 @@
 registerController('NetworkingAccessPointsController', ['$api', '$scope', '$timeout', function($api, $scope, $timeout) {
     $scope.apConfigurationSaved = false;
     $scope.apConfigurationError = "";
+    $scope.apAvailableChannels = [];
     $scope.apConfig = {
+        availableChannels: [],
         selectedChannel: "1",
         openSSID: "",
         hideOpenAP: false,

Link to above patch-files:
module.html.patch
module.php.patch
module.js.patch

Link to archived Module-folders:
Networking (NANO)
Networking (TETRA)

I guess the reason there's a function to check what channels to use on the Tetra is because the 5GHz-band often have some more "advanced regulatory functions".
Take my main router at home, which should support up to channel 180. But i'm limited to like 4-6 channels to chose from!
But i wonder; if the Tetra Module works on the Nano... It seems like the function only checks what channels are available, and if used on the Nano it should report back the 2,4GHz channels. But i'm not 100% sure. I just took a quick glanse at the code. :)

[Sebkinne]

1 hour ago, Zylla said:

I guess the reason there's a function to check what channels to use on the Tetra is because the 5GHz-band often have some more "advanced regulatory functions".

Correct

1 hour ago, Zylla said:

It seems like the function only checks what channels are available, and if used on the Nano it should report back the 2,4GHz channels. But i'm not 100% sure. I just took a quick glanse at the code. :)

It should work, yeah.

I haven't had the chance, but the TETRA and NANO codebases will be merged once I pick development back up. I'll also throw it all up on GitHub so that others can contribute :)

[esa]

Experimental version which should work on both a Nano or Tetra. Once again w/o a Tetra to test with, i will need the community to help test this out. 
If this "combined" module doesnt work, the easier solution would be to create separate NetworkingPlus modules for Nano & Tetra. 

https://github.com/esa101/NetworkingPlus/tree/version-1.5

 

Technique used to differential between a Nano & Tetra

By observing the diff results. It seems that Nano uses "wan" whereas Tetra uses "wwan"

My guess is that Tetra's firewall rule should have wwan interface configured. So basically i check if /etc/config/firewall contains any info related to wwan, if it exist then this must be a tetra else it must be a nano. 

 

[Zylla]

5 hours ago, esa said:

Technique used to differential between a Nano & Tetra

By observing the diff results. It seems that Nano uses "wan" whereas Tetra uses "wwan"

My guess is that Tetra's firewall rule should have wwan interface configured. So basically i check if /etc/config/firewall contains any info related to wwan, if it exist then this must be a tetra else it must be a nano. 

 

There are several ways to diff between them.
This one works great: (as a function within your API file)

protected function getDevice()
{
	return trim(exec("cat /proc/cpuinfo | grep machine | awk -F: '{print $2}'"));
}

The TETRA will output: "tetra", and if the output is anything else it must be a NANO. :)

[esa]

5 hours ago, Zylla said:

There are several ways to diff between them.
This one works great: (as a function within your API file)

protected function getDevice()
{
	return trim(exec("cat /proc/cpuinfo | grep machine | awk -F: '{print $2}'"));
}

The TETRA will output: "tetra", and if the output is anything else it must be a NANO. :)

Thanks this is definitely a better way to differential between NANO and Tetra. 

Updated to use this code instead.

https://github.com/esa101/NetworkingPlus

[kingzark]

For me i have a nano and after i followed the instructions i checked the managment console and NetworkingPlus is there but all the drop down menus are blanked out and when i click update access point it says "networking plus module does not exist or is incorrectly defined" can someone help?

I just replaced the files in the pineapple with ones downloaded off github and made a backup of the originals just in case.

Fixed the issue by renaming the folder NetworkingPlus lol

[kingzark]

This is probably a dumb question but whats the purpose of this? I want to make an evil twin but if set the client ap to be locked wont they not be able to connect to it without the password even if their device try's to connect to it because its an exact clone? Can i sniff the info they input if it asks for a password?

[Just_a_User]

On 12/9/2017 at 3:47 AM, kingzark said:

This is probably a dumb question but whats the purpose of this? I want to make an evil twin but if set the client ap to be locked wont they not be able to connect to it without the password even if their device try's to connect to it because its an exact clone? Can i sniff the info they input if it asks for a password?

Evil Twin imitates the AP including its password (when talking about wep/wpa-psk/wpa2-psk). i.e. you obtained the password previously by other means - physical USB attack or 4way handshake crack etc.

[Parzos]

Good evening, sorry for the question a little stupid and go back the project, but the module works it with the Tetra in its current version (2.4.2) ? Thank you

[b0N3z]

this module was created on an older firmware and might not work so well now

[Parzos]

It's a shame, this module would have convinced me to buy a Pineapple: it could have used me to amplify a secure signal during a demonstration. Is it possible, by chance to downgrade the firmware to make this module accounting and then again install the latest version later ?  Otherwise I will have to find motivated people and interesting to update the code of the lol module lol. Thank you b0N3z!