Darren Kitchen

Thanks! Added to the wiki.

First boards just started to be made and we've published what we have so far schematic, cad and documentation wise. Expect more soon. http://wifipineapple.com/hdk

Initial thought is it's a power supply problem. How is the MK5 being powered now -- the stock wall adapter, a USB lead? Do you have another compatible 9-12v PSU to test? We also shouldn't rule out software. Does it exhibit the same behavior when in factory reset mode? That is to say, does it do this reboot when DIPs are in the up, up, up, up, down configuration (from left to right). Have you contacted support@hak5.org ?

Awww. <3 <3 <3 /rummages around for his redbox :)

It conveniently links two MK5s together over Ethernet allowing them to work together to simultaneously run Karma + PineAP + Client Mode + Deauth - all modules that require discrete interfaces. Moreover, PineAP allows for the configuration of a source BSSID, so having two MK5s running in tandem means they can both reinforce the Karma AP with two instances of Dogma running. It's sort of experimental right now as you'll need to manually change the IP of the second MK5 from 172.16.42.1 to 172.16.42.2 and configure them through, say, two browser tabs. We hope to soon have this baked into a future firmware with a DIP configuration.

Using mine to kick off ardronepwn or dim all lights when used in conjunction with the ominous box.

PineAP uses different interface for different modules. wlan0 Karma and Harvester. Advantage: better signal for connecting clients, greater ability to harvest ESSIDs. wlan1 Dogma and Beacon Reply. Advantage: better signal for targeted or response beacons. Increased reconnaissance range. wlan2 (optional) Client Mode. Advantage: greater signal to nearby AP. Depending on what you're going for it could be any of the three. For me the use cases for enhancing wlan0 is gathering more clients.

Per our email correspondence jerome is working on accessing the MK5 via serial. If that doesn't do the trick we'll see about a warranty replacement. Thanks for the unbricking advice folks!

Nice find!

I haven't seen this behavior before. What device, OS and version is reporting the APs as WPA? Do other devices show this as well?

Tell us about your laptop as you seem to have narrowed down the issue.

And if you run the route command? What is your Internet connection method?

Have you set up your MK5 AP as encrypted?

I only have a first generation iPad but I was unable to reproduce this with MK5 2.0.3. What's showing in your logs upon enabling Karma?

We're all good! Thanks

Interesting concept. It may be possible to identify potential clients by OUI (first 3 octets of the BSSID) and tailor an attack. It would be difficult but not impossible. The WiFi driver itself is a very tight loop and timing is everything. Forking helps and we're lucky to have such formidable hardware for PineAP. Discerning between iOS and non-ios devices would be the first step. That said our focus thus far has been on implementing an attack that covers most the bases. If the landscape diverges considerably in the future we should be able to adapt in this regard.

When we implemented the function there was the possibility of the web form breaking if the card wasn't formatted in a short enough period of time. I believe with the current process forking this no longer true. That said much of what the WiFi Pineapple does could be considered experimental ;-)

Are you saying PineAP's Dogma is beaconing WPA-PSK networks? I don't understand.

Under normal conditions with the stock psu it should not be rebooting like that. Change variables like the power and software and that could change - but a vanilla MK5 setup will handle several clients with little load. The exact problem is difficult to diagnose here, but if we got it back in the shop I'm sure we could give it a deeper look. HakShop.com/exchange is setup to replace your pineapple with ease at no cost in this instance. We'll get you back up and running.

Ha! Glad you got back up and running. Cache clearing does wonders ;) Similar to known_hosts post-flash

Was there something in particular you were looking for from the slides?

Auto Harvester currently only captures ESSIDs from Probe Requests. To add an ESSID from a Beacon, you may either manually add it from Recon Mode or from the PineAP infusion directly. In the future, as we rewrite Recon to use our own engine, we will offer the ability for Auto Harvester to capture either Probed ESSIDs, Beaconed ESSIDs, or both. Our goal is to make PineAP very configurable and modular. It's a seachange from Karma - which was a simple on and off. I know we have a lot of documentation to do. A lot of videos to make. A lot of usability tweaks to make. A hell of a lot of coding and engine optimization to do - so let me be the first to thank you all for bringing up these questions as they help guide the project.

netentity, My deepest apologies. I haven't seen your email or issue until following up on the forums now - and I must say this is an absolute fluke. Our QA process intense, and you should have never received a dud. Please email Sara and I directy - sara@hak5.org and darren@hak5.org. We will get you a working unit in short order at no cost to you. Post DEFCON the MK5 has changed considerably, and we're amidst a re-documentation phase. All MK5s that leave the shop are pre-flashed with 1.2.0 - which means there is no more need for flashing an update.bin file from the SD card. I am absolutely sincere when I give you my deepest apology. We pride ourselves on our little pineapple, and the experience you've documented gets me in the gut. Please reach out with you're order # or shipping address and we'll make this right immediately. Darren

Exactly Damavox. It's meant to allow developers to mock up prototype accessories - which then could become completed, enclosed accessories.