Darren Kitchen

The MK4 is slated for release in February and it'll really wow ya. If you can pickup a cheap Fonera or Open Mesh Mini it'll flash the MK3 firmware just fine and that platform still has legs. The AP51 is discontinued so getting 'em is difficult - even for us.

If you picked up a MK4 from Shmoocon please do not use the factory reset function on the Advanced page. I discovered a flaw in the firmware that will make the pineapple very unhappy. The factory reset button executes the commands rm /etc/config/* and cp /etc/config/backup/* /etc/config/ Problem is, the MK4 from Shmoocon doesn't contain a /etc/config/backup directory filled with original configs. Here's a quick hotfix for the problem. From the advanced page paste the following into the bottom text field and click "Execute Commands" mkdir /etc/config/backup/ cp /etc/config/* /etc/config/backup/ As always, MK3 or 4, if you're having problems with your Pineapple that you can't fix yourself please contact shop@hak5.org and we'll take care of you. And if you're not up to speed on the mk4 details please see http://forums.hak5.org/index.php?showtopic=25448

The paper refers to the actual MK3 Quick Start Guide print-out. I see the problems with it and I'll refine the documentation when the MK4 becomes available. The problem with the mk3.sh in Ubuntu is that it begins with #!/bin/sh instead of #!/bin/bash. I'll update the version on wifipineapple.com as this fix works in both Ubuntu and BT5. If you picked up a mk4 at Shmoocon expect hot fixes and updates on the wiki and forums soon.

Here's some history on the project which should outline the road-map including the WiFi Pineapple Mark IV. Hardware and Software: The Jasager suite constitutes the drivers, web interface and software toolkit. The mark number specifies hardware platform combined with Jasager suite. The Mk1 and Mk2 platforms were based on the Fon 2100 and Open-Mesh Mini, respectively, coupled with the Jasager 1.0 firmware. This firmware was based on madwifi-ng and is deprecated. The Mk3 is based on the the ALFA AP51 and a new Jasager suite. This version of Jasager introduced a hostapd based Karma driver and a redesigned interface, configuration and tool-set intended to make internet connection sharing and basic sniffing easier. The WiFi Pineapple: The "WiFi Pineapple", introduced in September of 2008 on Hak5 episode 4x01, is the Hak5 implementation of Jasager. At Shmoocon 2009 a WiFi Pineapple was donated to J0nny Long as silent auction item raising over $400 for Hackers for Charity. Subsequent iterations have been donated to benefit HFC. Originally there was no commercial intention with the project. Eventually by late 2009 and after many requests the WiFi Pineapple found its first release in the HakShop with a hand full of custom commissioned Mark I's (inside plastic pineapple case), then generally available with the Mark II. As always we're committed to open source and compatible hardware should be able to run the Jasager suite. The Jasager forums are the best place to find help. The OM1P is a good example of a 3rd party board with Jasager compatibility. The Mark III: The Mark III came about when the Mark II hardware was no longer available. It introduced the redesigned Jasager suite which is backwards compatible with previous hardware. It found an increase in demand coupled with a lack of supply due to the end-of-life of the AR2315 chipset. The HakShop unexpectedly ran out of the Mk3 in early December 2011, bumping up development of the then pending MK4. Firmware updates will continue for the MK3. The Mark IV: The Mark IV is a new hardware platform based on a beginning-of-life chipset. It runs the recently released Jasager suite which is under heavy development and will continue to be backwards compatible with the MK3. Obvious hardware differences will prevent some features from being available on older hardware but all compatible features will be available on the Mk3 firmware for the foreseeable future. The Mark IV is based on a customized AP from ALFA. As far as I know we're the first to integrate this board and as of writing it has not yet come to the consumer market. It contains the Atheros AR9331 SoC, two Ethernet ports, 802.11 b/g/n and USB. The clockspeed is a little over double that of the AP51 -- 180 to 400 MHz MIPS. We expect the dual Ethernet to allow us to implement "The Interceptor" aka "Network Monkey" (layer-2 bridge capture / rebroadcast). USB adds potential for a second WiFi radio (imagine an ALFA AWUS036H backpack), storage, GPS and 3G/4G. Also it's black, which adds 50 hacker points. Going forward: At Shmoocon 2012 we brought a small number of MK4 "Beta" units. The boards are hardware feature-complete and run a slightly modified version of the MK3's 1.9 Jasager firmware (see Seb's release). We have been soliciting feedback and feature requests, which Shmoocon proved to be a perfect venue for. The boards won't be available in the HakShop until end of February, by which time we hope to have a significant set of features ready for a one-point-oh. We are very excited about what the new hardware capabilities offer and we hope you understand the quick and unavoidable release time between MK3 and 4. While we don't have the logistical resources between Shannon, Paul and myself to run a trade-in program we are evaluating options to honor our loyal HakShop customers. The project is under development by Robin Wood (Digininja), Sebastian (Sebkinne) and I with your valued feedback and testing. It will continue to be by-hackers for-hackers, with a hacker price-point as well as community editions. It'll never be an expensive locked down black box security appliance -- if anything the addition of USB alone will catapult homebrew development. I'm confident with your help Jasager will continue to evolve as a powerful and easy to use WiFi-focused pen testing platform.

I wrote a long follow-up to this which Seb suggested could use its own pinned thread for now, so see that here: http://forums.hak5.org/index.php?showtopic=25448 In short: MK3 hardware end-of-life - sad, we know... MK4 around teh corner with extra leetness, backwards compatibility, moar entropy bunny. Love, The Jasager Team

Shmoocon starts tomorrow. I've played with the tp-link and it's a decent but of kit, but no mk4.

I have. It's a cute novelty. It works and I like how to ducky lights up. Not the most practical case but hey - we're Hak5 - nothing wrong with a little fun in hacking. Quack!

Derbycon amazed me thoroughly. We will return for sure. The atmosphere was so welcoming. Shmoocon holds a special place in my heart, as does Toorcon. Heidi and Geo know how to throw a party. And Defcon, what's there to say? Massive energy from that crowd. I can't pick just on but that's my top 4. The other non hacker cons like CES, E3 and NAB just don't compare.

We used to drink more on the show when we lived at the studio. Also when yuengling was readily available... ;-)

The bootloader on these guys are pretty resilient. What method did you use to flash before and what firmware version? If nothing else the HakShop will take care of you but you should be able to get the latest version on your pineapple which will solve your problem and add functionality.

Beats me. Sounds like some idiots over at Hak5 underestimated demand and built a product on an end of life chip. Noobs. ...oh :(

Nice! Of course. Thanks :)

Telot hit the nail on the head. Sure your laptop can do the same thing, but it may not be purpose built for this function, small enough to conceal or as portable. If the rumors are correct the Mark 4 should make it absolutely clear which is the more convenient attack platform. We'll find out at Shmoocon ;)

If you have any doubts as to Karma's usefulness take the pineapple to a coffee shop or other target rich environment and be amazed. Another way to know for sure its working is to add an SSID to your computer or phone. I use "ImGettingPwned" on my Android - works every time.

The only thing that comes to mind would be perhaps a rooted android tablet running backtrack 5 for arm with usb host mode and a usb to ethernet adapter, but that's a bit of a cludge. There are some off-beat android tablets that sport ethernet ports, but no idea if they'll work with bt5 arm. Shame the MiFi type devices don't do ethernet either. Agreed it would be beautiful to take the laptop out of the mix. Something we'll work on for the next version of the hardware I'm sure.

Airdrop-ng is an excellent tool for deauthing as is supports black and white listing. When pairing Karma on the Pineapple with an Airdrop-ng script configured to kill everything in sight that isn't connected to the Pineapple you have a winning combo. I really wanted to implement this feature on the MK3 but there just isn't enough room on the device to install all of the Airdrop-ng dependencies. =/

Cheers to Seb and Digininja. Wish I had been able to get involved in this release but a family emergency had me tied up in Virginia. Looking forward to testing the latest builds and getting some more feature goodness on this little guy. Love the new hostapd_cli based management! Thanks everyone for testing / providing feedback.

Gibbon, totalnub, anyone else with similar issues. Here's some basic Pineapple troubleshooting and solutions. Step 1: Diagnose problem If you are able to connect to the pineapple though a service (such as Karma, urlsnarf, etc) is not functioning properly begin by searching the forums. If no solution is found post a new thread on the topic. If you are unable to connect to the pineapple continue to network troubleshooting. Indications that a Pineapple isn't functioning properly: 1. No wireless network with SSID of "pineapple", "internet" or "pineapple3c" being broadcast. 2. No IP address assigned from DHCP via Ethernet. 3. No route to host when assigning a static IP of 172.16.42.42 with netmask 255.255.255.0 and pinging 172.16.42.1. Step 2: Troubleshoot connection While this varies from OS to OS the idea is the same. Either configure your network interface to obtain an IP address automatically from the Pineapple's DHCP server and connect an Ethernet between host PC and Pineapple, or assign your host PC a static IP address in the 172.16.42.0 range (172.16.42.42 is preferred) with a netmask off 255.255.255.0 On most *nix hosts this can be achieved by issuing "ifconfig eth0 down; ifconfig eth0 172.16.42.42 netmask 255.255.255.0 up" (where eth0 is your network interface). Now begin a constant ping while powering up the pineapple. For example on most *nix hosts this would be "ping 172.16.42.1" while on Windows this is achieved by issuing "ping 172.16.42.1 -t". After a brief boot-up sequence (1-2 minutes) you should receive ping replies. If this is the first time booting the pineapple ever keep in mind that first-boot setup scripts are initiated and you may be able to connect to the device for 3-4 minutes. Depending on the network interface of your host PC you may also try connecting a 10/100 Ethernet switch or hub in between the PC and Pineapple. Step 3: Flash firmware Most MK3 pineapples from the HakShop include either stock 1.0 firmware or Seb's 1.9 firmware. This will be indicated on the about page. New firmware includes bug fixes and features and are recommended if you're having trouble with the device. Flashing guides are pinned to the Jasager forums, so please consult those threads on the specifics for your OS. The basics of it are this: 1. Download the latest firmware which consist of kernel and a filesystem images. 2. Prep your firmware flashing setup by connecting an Ethernet cable between your host PC and Pineapple (Or in some cases with a 10/100 Ethernet switch or hub in between) and leave the pineapple unplugged. 3. Run the flashing software for your OS. The Freifunk utility is recommended. This software will interface with redboot - the bootloader on the pineapple. Think of it as the pineapple's BIOS. 4. Specify the kernel and filesystem images and network interface, start the flashing tool and power up the pineapple. 5. Wait 10-15 minutes. Have some cookies. Step 4: Contact HakShop If you're unsuccessful in connecting to the Pineapple after a firmware flash, or you're uncomfortable with the procedure, please contact the HakShop. We will happily exchange or flash your device into a working state. While the steps above can be used to bring most any Pineapple back to life there may be circumstances where a manual tftp flash over serial is necessary, or an exchange is required. Simply email shop@hak5.org with your order number and Shannon will take care of you.

I've run into this issue attempting to flash before. Don't worry - you're not going to brick it. Just throw a switch in there. Not the one you use for your home LAN but a spare if you have one. This has to do with auto negotiating ethernet ports. When we flash 'em at the HakShop half the laptops we use can go straight ethernet while the other laptops require a switch in between. What you'll need is something that looks like this: [PC running Freifunk] ====ethernet==== [Cheap 10/100 Switch] ====ethernet==== [pineapple]

Soon after Derbycon we ran out of the first small run of ducks. It took so time to get them back in the shop as we switched from a board house on the East coast to one here in the bay area. Since they were going to a new house we did some minor revision work to the board layout - namely switching SD card slot and moving the button from one side to the other. Also Red PCB just because it looks sexy. Functionally the first ducks and these, let's say, 1.1 versions are identical. As for the shop and wiki, I removed mention of the firmware and cross-platform because as we've learned version 1.0 of the firmware wasn't Mac & Linux compatible. This is being addressed with version 2.0 which is a complete rewrite. At that time we'll have source available. I have had and still have every intention of making this open source, but unfortunately licensing terms related to the version 1.0 firmware have prevented us from doing so. My deepest apologies for any confusion this has created and the new firmware delay. Turns out switching from ascii to unicode isn't as simple as it sounds. I'll update the shop and wiki to explain this -- I just didn't want to advertise open source until source is truly available. Thanks again for your patience and understanding.

depends. The mk2 and mk3 handle this kn different manners. I think what you're looking for is a captive portal. Nocatauth. Comes to mind. Not sure if its available as an openwrt package but worth a look. Of not km sure there is bound to be something.

Jm confused as you mentioned both webif and the SSID Internet.... are you on a mk2 or a mk3? If the later and your network and dhcp configurations are st for he 172 range, km at a loss. I don't know where else dhcp might he specified...

Cool, nice tip. Will see about adding this as a feature to the next version of the firmware. Cheers, Darren

Change the first line from #!/bin/sh to #!/bin/bash I believe.

Absolutely B)