Darren Kitchen

The mark IV is out now. Emails went out for first dibs yesterday and I'll be posting the link to the forums in just a bit.

In theory should work. In development I've been using USB to power the Mark IV thought he power supply is a 12v 1A unit so I guess anywhere between 5v 500mAh and 12v 1A will do the trick. Yes, the special pack will be available as a kit for existing MK4 units as well as a bundle. My only fear is that after time enough heat will build up and harm the board -- so this isn't ideal as a wifi submersible. Also, has anyone ever tested WiFi under water? Of course, you guys requested it. Those emails should go out Thursday, then they'll be available to the forums, then the Internet at large. Not enough to be a problem in an hour but I haven't tested over a longer period of time. Can someone recommend a temperature monitor for this? I have a variety of battery packs and cases I've tested. This is a combination of my smallest battery and case. The Trent is living happily in a slightly larger Pelican 1040. I'm evaluating a lot of different battery options. Currently my best lead is something based on the 18650 cells that power most laptops (and the Tesla Roadster). At first glance it looks like an R36, but it isn't. This board is brand new from ALFA and the biggest difference is that it sports an Atheros chipset, rather than the R36's Ralink.

Maybe. The only limitation before was storage. *looks at USB port* :)

Step 8: Tighten the RP-SMA antenna connector Step 9: Test fit your USB battery pack and pineapple PCB with the RP-SMA connector mounted. Step 10: With the battery / PCB mounted grab yourself a pre-paid 3G modem. You know, the kind you can buy out right and top-up with cash. T-Mobile asked me to "write down my name on a sticky note" so you know its secure. This ZTE 591 works flawlessly with the Mark IV. As does the Novatel MC760 on Ting and Virgin. Step 11: Make it all fit... Good luck. I like the pricing of Ting better but the T-Mobile has a swivel USB connector and I didn't have a spare short extension laying around. It's tight, but it fits... Step 12: Marvel at your new custom made WiFi Pineapple Mark IV Tactical Assault Kit. Consider adding breathing holes ;) Step 13: With 3G and Karma enabled, poke around the new web interface on your smartphone. Or enable SSH tunnels and get a shell bounced off your VPS. The Mark IV will be available at hakshop.com by the end of the week. Mark III customers will be receiving a 'first dibs' email later this week. We'll have a more professional Tactical Assault Kit in March. I must say, this thing is a modding delight.

We're pretty much feature complete on the WiFi Pineapple Mark IV now and this afternoon I've been putting a few friendly fruits through some torture tests -- for reliability, stability and all that good stuff. I can't even begin to tell you how proud I am of this project and how many props go out to Robin, Sebastian, Mubix and you guys for the support. The latest firmware is solid and I'm sure you'll be as pleased as I am at how well it "just works". So while I've been here hammering on the things, testing real world battery performance and such I figured I'd break out the 'ol modding gear and put something together for my IT bag of doom. Step 1: Grab an assortment of sharp objects, power tools and spare USB cables and cutting surface. I used an old magazine. Step 2: Cut your USB cable down to the bare plug exposing the four colored cables. Discard all but the red and black. Step the ends for soldering. Step 3: Grab your smallest generic USB battery pack and test the newly Frankensteined cable with an LED, or multimeter if you want to get fancy. Step 4: Find a DC barrel connector with a 5.5mm outer diameter and 2.1mm inner diameter. Get get ours from Digikey. You can skip this completely if you feel comfortable soldering the cable directly to the board - like we did back with the Mark I. Step 5: Solder the Frankencable's red lead to the inner post and black lead to the outer. Be sure to use enough solder that your forum mates will laugh at you for your horrendous soldering job. Or borrow Snubs -- she gets it done with just a dab. Step 6: Get yourself a Pelican Micro 1010 case. I think this little guy is made for iPhones. For our production model of this we're more likely to go with the slightly larger 1040 or 1050 as they'll allow for a larger battery and non-naked pineapple. Step 7: A 1/4" drill bit does the trick....

Also war trying in an incognito windows or clearing cache. A new interface is in the works for the mk4 which will be backported. Also as Seb said, try tailing /tmp/karma.log

We're working on mounting code and making some headway. Here's dmesg from a recent firmware: [ 4661.755299] usb 1-1.2: new full speed USB device using ehci_hcd and address 4 [ 4661.854875] usb 1-1.2: configuration #1 chosen from 1 choice [ 4661.855754] scsi5 : SCSI emulation for USB Mass Storage devices [ 4661.856022] usb-storage: device found at 4 [ 4661.856030] usb-storage: waiting for device to settle before scanning [ 4661.900678] usbcore: registered new interface driver hiddev [ 4661.901204] usbcore: registered new interface driver usbhid [ 4661.901207] usbhid: v2.6:USB HID core driver [ 4661.905127] input: Apple Inc. Keyboard as /devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.1/input/input9 [ 4661.905256] apple 0003:05AC:0220.0001: input,hidraw0: USB HID v1.11 Keyboard [Apple Inc. Keyboard] on usb-0000:00:1a.0-1.2/input1 [ 4666.849882] usb-storage: device scan complete [ 4687.938594] usb 1-1.2: reset full speed USB device using ehci_hcd and address 4 [ 4708.908606] usb 1-1.2: reset full speed USB device using ehci_hcd and address 4 [ 4729.882600] usb 1-1.2: reset full speed USB device using ehci_hcd and address 4 [ 4750.856640] usb 1-1.2: reset full speed USB device using ehci_hcd and address 4 [ 4750.951003] scsi: killing requests for dead queue As you can see still some bugs to work out but we're getting there. Hopefully soon there won't be a need for a microsd to USB adapter.

Sounds interesting. How exactly are the sites cloned? I once put together a quick and dirty PHP script similar to the redirect that ships on the MK3 which would serve up a nearly blank HTML document with a background image set as a slightly modified version of the website. Then an absolute div would place the html form elements for login. The PHP script would specify the jpg to use as well as the X and Y for username, password and login button. Cheap, I know, but very quick to make very basic phishing sites. I had picked the top 10 sites on alexa and was working on getting the top 100 done before I got distracted by another project.

This might be of use: http://wiki.openwrt.org/doc/howto/wireless.hotspot.nodogsplash

I can't apologize enough for the delay in the source code release. We've worked out a license issue and hopefully now we can get some of the wanted features sorted. The source code can be found on GitHub. We've also moved the Wiki there so go ahead and post findings and payloads there. usbrubberducky.com now forwards there. https://github.com/hak5darren/USB-Rubber-Ducky/wiki The code is in C and you'll need ATMEL's ARV Studio to work with the project file. You can snag that here: atmel.com/avrstudio -- be sure to agree to their license When it comes to programming the Duck you'll need these resources for Windows: http://hak5.org/Duck%20Programming.zip . It's pretty simple, just execute "program.bat newfirmware.hex" *On the Windows side you may need JRE FLIP from http://www.atmel.com/tools/FLIP.aspx and be sure to use the drivers in the Programming.zip On the *nix side I must give props to contributor Kenny who wrote these nice shell scripts to dump existing and program new firmware. I've mirrored these scripts here: http://www.usbrubberducky.com/files/dfu-linux/ Kenny wrote: Thanks for sending these by Kenny! As these scripts evolve they should find their way back up to the git repo. Edit (midnitesnake): Community Edition Firmware source code is available at http://code.google.com/p/ducky-decode

There is a script for aircrack-ng called airdrop-ng which will deauth based on rules. For example, all devices with an Apple OUI, or all devices that aren't connected to, say, our pineapple :) We're working on getting that to run but resources are tight on the MK3 and it requires Python, which is rather large. For now using Airdrop-ng from a laptop is a good alternative. Here's an episode on the tool: http://hak5.org/episodes/episode-626 Also Karma != Jasager. Jasager is the name we gave 'Karma on the Fon' which eventually evolved into the suite of tools we install on the portable device. The device can be a Fon, Open-Mesh or AP51 -- something we've pre-installed and marketed as the WiFi Pineapple MK1, 2 and 3. That's a bit of a nit pick really, the long and short of it is -- if you've flashed the Jasager firmware on your own or bought a WiFi Pineapple you have the tools, including Karma.

Awesome stuff reflex! Thanks for contributing to the project :)

Here's a quick flashing guide for the MK4 via serial: Connect a USB TTL Serial console cable to the pin headers next to the USB port. Set your com program (hyperterminal, minicom, screen, gcom) to use these settings: 115200, 8, N, 1, no hardware flow control, no software flow control minicom -s Connect ethernet between the PC and the Pineapple's WAN/LAN port. Set a static IP on the PC of 192.168.2.11 / 255.255.255.0 ifconfig eth0 192.168.2.11 netmask 255.255.255.0 up Configure a TFTP server (Windows: http://tftpd32.jounin.net/ Linux: http://code.google.com/p/tftpgui/) Download the factory firmware from http://wifipineapple.com/mk4/factory/kernel.bin and http://wifipineapple.com/mk4/factory/rootfs.bin wget http://wifipineapple.com/mk4/factory/kernel.bin; wget http://wifipineapple.com/mk4/factory/rootfs.bin Move the two bin files in your tftproot directory Power on the pineapple. In your com program you will see: U-Boot 1.1.4 (Sep 29 2011 - 16:39:41) AP121-8MB (ar9331) U-boot DRAM: 32 MB Top of RAM usable for U-Boot at: 82000000 Reserving 248k for U-Boot at: 81fc0000 Reserving 192k for malloc() at: 81f90000 Reserving 44 Bytes for Board Info at: 81f8ffd4 Reserving 36 Bytes for Global Data at: 81f8ffb0 Reserving 128k for boot params() at: 81f6ffb0 Stack Pointer at: 81f6ff98 Now running in RAM - U-Boot at: 81fc0000 id read 0x100000ff flash size 8388608, sector count = 128 Flash: 8 MB In: serial Out: serial Err: serial Net: ag7240_enet_initialize... Fetching MAC Address from 0x81feb688 Fetching MAC Address from 0x81feb688 : cfg1 0x5 cfg2 0x7114 eth0: 00:c0:ca:5f:6b:5d eth0 up : cfg1 0xf cfg2 0x7214 eth1: 00:c0:ca:5f:6b:5e athrs26_reg_init_lan ATHRS26: resetting s26 ATHRS26: s26 reset done eth1 up eth0, eth1 Please choose the operation: 1: Entr boot command line interface. 2: Load system code then write to Flash via TFTP. 3: Boot system code via Flash (default). Press 1 to enter the U-Boot CLI At the ar7240> prompt issue these commands: setenv bootargs "board=ALFA console=ttyATH0,115200 rootfstype=squashfs,jffs2 noinitrd" saveenv tftp 0x80600000 kernel.bin erase 0x9f650000 +0x190000 cp.b 0x80600000 0x9f650000 d695a tftp 0x80600000 rootfs.bin erase 0x9f050000 +0x600000 cp.b 0x80600000 0x9f050000 23d004 bootm 0x9f650000 Once OpenWRT finishes booting press ENTER to active the console. Issue passwd and set a root password. Next start the ssh service /etc/init.d/dropbear start Move the Ethernet cable from the WAN/LAN port to the PoE LAN port. From the PC ping 192.168.2.1 to verify a connection. From here you'll need to SCP over the latest MK4 update from http://wifipineapple.com/mk4/firmware SCP the latest firmware .bin file to the Pineapple's /tmp/ directory (windows: http://winscp.net/eng/index.php linux: you already have scp) scp firmware.bin root@192.168.2.1:/tmp/ Once the firmware has been copied to the pineapple's /tmp/ directory you're ready to update the factory firmware to the latest version of the Jasager suite. On the pineapple issue: sysupgrade -n -v /tmp/firmware.bin The upgrade process takes 2-3 minutes. When complete the Pineapple will reboot and all will be happy again in the land of the pineapple. Continue with normal usage (ie: change your PC's ethernet interface back to DHCP or static it to 172.16.42.42)

Running ettercap and sslstrip together is tricky. A new version of ettercap was released which solves this problem, kinda-sorta. The project hadn't had an update in years and was recently taken over buy a couple of hackers. Met 'em at Shmoocon. Unexpected results are, um, to be expected. =/

Fon 2100, Open Mesh Mini or Alfa AP51 for the MK3.

I really wish I could help. I wanted to include a Mac tutorial in the quick start guide but to be honest I've never used a mac for any substantial period of time. Even when I did as a sysadmin it was mainly in the terminal.

What feature from webif are you specifically looking for?

eeffaabb, please contact shop@hak5.org. If you used the factory reset button before applying the above hot fix we're going to have to reflash your pineapple (unless you have a serial console cable)

Nice idea hfam. Also adding a 2nd WiFi Adapter, say with an AWUS036H, seems as likely as adding 3G -- so tethering is on the table.

Getting SSLStrip on the pineapple is definitely a goal.

We'll have a firmware update for the MK4's that launched at Shmoocon this week. Good to hear you're up and running MF_berry. We're not ready for 3G out-of-the-box yet, but we're on our way. I'll post my findings as I have working configs. Right now I'm focusing on the Novatel MC760 as it's widely supported in Linux. That's the Virgin Mobile dongle I had at the booth. About a hundred bucks at a Best Buy and the unlimited 3G refill cards at $50. Both can be bought with cash ;)

That's a nice little antenna you've found there. :)

The WR703N won't run the MK4 firmware as it only has 4 MB ROM. I have experimented with the device and it is a neat board, weak wifi signal aside, though it cannot be sold in the US or Europe since it does not have FCC, CE and ROHS certifications.

That's the exact battery I use for my Mk4 development boards and it gets ~8-10 hours. Here's the USB cable I use to power it off this pack: http://www.amazon.com/gp/product/B003MQO96U Eventually we'll have a Premium WiFi Pineapple "Tactical Assault" kit available in the HakShop but really this platform is so versatile I expect homebrew development go nuts. Bring on the 50,000 mah car batteries and transformer lunch boxes!!!1

The MK4 hardware, for now, features 8MB ROM / 32 MB RAM -- which is expandable via USB. The processor architecture changed from Atheros AR23 to AR72, so cross-compiling everything has been required. That said we're well on our way to a stable build and adding features is the primary goal now. Stay tuned - it's only getting better from here :)