Darren Kitchen

I'll start a new thread on the HDK once I've verified the Eagle files I have now are the latest Rev. If you wanna shoot me an email directly with a shipping address I can get you some of our special 14 pin headers.

It won't be. We have a laundry list of features to implement with PineAP. The version we have now is just the beginning. Not everything could be, or even should have been, implemented for this first version.

Source will be updated soon. Our timeline has been non-stop work on 2.0 leading up to DEFCON. Then the massively huge, awesome and insane conference itself, followed by a moment of rest. Seb is currently on his first ever vacation/holiday while I work on backend infrastructure. We have a backlog of releases, including the HDK. It is open hardware. There is much more than a powerpoint slide (Illustrator actually). There are already a small number of sample boards in developers hands now. I was hoping to run into you at DEFCON. HDK Boards are being produced now and we expect to have them in September. That is when the documentation will be live.

Captive portal with indemnity clause. GG no RE

Shoot me an email with an address. Ran out of stickers for a hot sec but got a bunch of new fun ones in.

Ki2k, I cannot reproduce your pineapples behavior. What version does this occur with? If 2.0, have you tried 1.4 and vice versa?

It's a bug in aircrack. Search aircrack + "-1" IIRC you just down the interface before bringing up mon0 and you're right as rain.

/etc/config/* and /etc/pineapple/* cover most the bases.

Before mucking about with dhcp and the config files, can you verify that you can achieve what you're after manually? Based on your first message it does seem the interface comes up, so no sense in lsusb. Wondering what chipset however. What do you get in logread when plugging in the device? Are you able to manually give it an IP address in the range of your desired network? Ie ifconfig eth1 192.168.1.101 netmask 255.255.255.0 up

When you say reach it, how exactly? Over WiFi (from client mode or directly connected to its AP), Ethernet, Serial? If it's over wifi client mode connected to your home network, perhaps a troubleshooting script may be in order. Something that looks over a ping of your home router followed by uptime > /sd/logfile with a 10 second sleep. I'm wondering if it's really the device hanging or just a snafu in the networking.

Sure, most all of this can be done with standard text processing tools such as sed and awk. Or you could rely on the intelligence report from the PineAP tile which does just which you ask. It could be adapted to your own infusions small tile with ease as the PHP and Javascript code is available. Cheers!

What happens when you try a static IP address?

Currently reconnaissance is relying on airodump-ng for the backend frame grabs. Unfortunately it eats up way more CPU then it should. We're writing out own lightweight implementation for the next version. How long are you setting your recon scans for? Do you have continuous checked? Any other heavy infusions like sslstrip going concurrently? Best uptime I've had yet was 3 months on a solar powered rig. Was bummed when I had to recycle the panel for another project.

What settings do you have in /etc/config/dhcp? Have you tested this on any device other than the iPhone? Have you tested on a site for which the device does not have cached, like lalalalalalalalalalalala.com Have you tested on a non-ssl site?

Sure, but the point of reconnaissance being an entire page is that it's a CPU intensive activity that requires priority. Once your target is discovered you may use the information (BSSID or ESSID) in subsequent infusions.

I just verified this with a captive portal encumbered access point. Connected to the MK5 from my phone over wifi, set client mode on the MK5 via wlan2 to the AP and soon after connecting I has the opportunity to accept the EULA from my phone. Worked exactly as expected. Once accepting the license from my phone, all subsequent connections were authorized as they're all initiated from the MK5.

Yes. The settings you seek are in /etc/config/network You're looking to switch from proto static to dhcp.

You mean basically putting the Intelligence Report into a small tile?

There is a python based program to brute force bypass captive portals. I can't remember the name however. Perhaps someone here does. Would make for a handy infusion.

The USB extension is provided for your convenience. With it my MK5 fits nicely in the tactical bag.

I don't follow. Can you elaborate?

Auto Harvester collects Probe Requests and adds them to the SSID Management list Reconnaissance visualizes the WiFi landscape and provides a convenient way to gather ESSIDs for Dogma or BSSIDs for Targeting Dogma uses the list for frame injection either to a specified target (by target BSSID) or broadcast (everyone, ff:ff:ff:ff:ff:ff) Beacon Response reinforces Karma's traditional Probe Response with ~400 automatic targeted beacons (only the probing devices can see these) We'll have proper documentation out soon.

If these steps have been exhausted, I recommend making a request for a replacement unit at hakshop.com/exchange and following up with exchange@hak5.org. Please include your MK5 serial number located on the bottom of the unit. We will ensure that you have a properly working unit. I would like to test your unit for hardware defects if at all possible.

The plan is to have euro distribution for select products in time for the holidays.

Minimize all tiles. Restore them in the order you wish them to be presented. Is not yet persistent across sessions.