digininja

I think you can get madwifi to work as both a client and an AP so you should be able to. You'd just use wlanconfig to create two VAPs then treat them as separate devices and run them in the same way you would ath0 and eth0.

Very nice! And if you open it up you can find a way to run the power directly in so remove the need for external wires.

No, these instructions are specific to the Fon, some bits will be similar but others are different. For good info on getting openwrt on the WRT see PaulDotCom's site or his book, that covers it in full detail.

This is a link to an article on Cafe Latte/

With iwconfig, you just set the MAC address of the AP you want to connect to, use the ap parameter.

WEP, WPA, WPA2 don't send their passwords across the network, they exchange information which they encrypt and send send back to prove the both know the passwords. The only way I know to get a WEP key without packet capturing from the real network is to use the cafe latte attack (from the guys are Airtight I think). Do you mean on that is associated to Jasager? If so, use the Kick MAC function, if you mean from a different AP then that would mean sniffing networks for other connections which wouldn't work too well with the card being in AP mode.

You need to set up a dhcp system, I use the dhcp server on the fon. I would point you at the guide on the openwrt site but their wiki is down at the moment so I can't. When it comes up just search for it, you should find it. I configured my dhcp server using webif, you don't have to worry about command line stuff then.

I don't know which wifi card the WRT range have in them, I think they have Buffalo but not sure. You need an Atheros based card so that you can use the patched madwifi drivers. I'm happy to take any donations!

Well beyond any level of soldering I can do. If someone wants to volunteer to do me an upgrade at Toorcon I'll provide the Fon.

At the moment all it logs is the ssid, ip and date and time of connection. What passwords would you want to collect? Web, ldap, imap...

Ye, that's kind of where I was going but my plan was to allow metasploit to be anywhere and have a way of having Jasager call it through the interface rather than you having to launch metasploit as a separate app.

It can be integrated and I'm working on a way to do it, the only problem is that the Fon I have only has 8M of memory/disk which is no where near enough to cope with metasploit (~63M). You can run Jasager on a laptop if you tweak it.

Probably, but there wouldn't be much difference here with doing an association DOS on a normal AP, i.e. send loads of fake assoc packets with different MAC addresses and use that to fill the buffers. It may be a bit different in terms of buffer sizes but would probably do the same thing. Especially on a device with only 8M memory+disk.

Just fixed another install script bug. It will get better when I get a fon that I can use the package manager on!

Not really, it would be hard to make it undetectable without stopping it doing its job of replying to every request. Anyone looking for it would be aware enough to know if there was a real AP around with the SSID that they received, i.e. getting their home SSID sitting in an airport should be a give away.

Whatever you do, read the jail break instructions first, if you don't and you plug the device into the internet before you should you'll get the new firmware then have a real problem getting anything else on it.

Yes Yes It doesn't do it at the moment, but my suggestion is to limit all access to the device to the wired network only, when that is implemented then no. I'm not sute, it doesn't send out beacons, just probe responses. If the network manager just listens to beacons then no, if it detects probe responses (which I doubt) then yes They would It is easier than that, just send out a batch of probe requests for random SSIDs, if most or all come back then you can be pretty sure that it is some version of Karma replying. If you want to be stealthier with Jasager you could use white listing to restrict the SSIDs that you respond to. I reckon that if you did tmobile, linksys and whatever your local coffee shop uses then you'd still get a good connection rate.

I'll have a look at these but just may try to pick a couple up when I go to Toorcon. The one I have was sent over by Darren and it has the US plug on it but the adaptor is switchable so I just plugged it into a travel converter and it worked fine.

I've just added an RSS feed to the site, you can subscribe through: http://www.digininja.org/rss.xml

I've fixed the but and put a new package up and also updated the install notes to say that you have to reboot after the install

The chown messages are a bug, I changed the host directory but didn't fix the install scripts, I'll fix them now, the second was, I guess, because you installed the madwifi drivers but still had the old ones running, the reboot would have replaced the old ones with the new in memory so enabling karma.

I will do a re-install at some point but seeing as I only have a single Fon I didn't want to risk re-flashing it and having something go wrong before launch. I'm going to get hold of some spares so that I can make sure I always have a working one and then play with the others.

I wonder if we could organise a mass shipment from the US to the UK? Get a load shipped in in bulk then distribute them.

Depends on whether legend has done any of its own patches to the madwifi drivers. Mubix suggested I look at legend but I never got round to it. Best option is to look at the files in the madwifi tarball, backup those files then overwrite them with mine and test everything, if it still works then you have success, if not then let me know and I'll look at trying to get legend working on something so I can see what the differences are. Looks like I may need some extra Fon's!

This release is aimed at the AP market, I have plans to do a laptop version which will function slightly differently to improve security. This version can be made to run on a laptop with some tweaking and I can point people in the right direction if enough want to know but for now I'm leaving it as AP based.