Oli

Since the web interface is (ostensibly) open source, we could really do with it under source control so that we can easily see changes between versions and track down the cause of bugs like these...

OK, so I managed to hack the expansion bus - I couldn't be bothered waiting until DefCon! It was running at 2.5V not 1.8V for the GPIO. I had purchased some caps and 1.8V regulators after Darren's previous post - I guess I'll have to save them for another project! I have tactile switches (i.e. buttons) and LEDs working great on the expansion bus (on my prototype board I have 3x tactile switches and 2x LEDs wired up). I've got 4 logic level shifted gpio pins set up and so the next step is to interface with arduino and add an LCD / OLED display (probably bit banging I2C). There are some cool projects that I have in mind now that I have access to the expansion bus! Should be fairly easy to hook the Pineapple up to a Raspberry Pi, BeagleBone Black, etc. When I have everything up and running I will document what I have done, if there is enough interest.

I'd be more tempted to use an Arduino based emulated keyboard device for this kind of thing (teensy, leonardo,...). That way you have i/o pins so you can make a more robust enrollment program by adding buttons/leds/etc. For example: 1) Wait for drivers. 2) Run first part of enrolment process then pause. 3) User manually chooses network and then clicks button on arduino. 4) Run second part of enrolment process. I suppose you could do this with a ducky by doing the first part of the enrollment on a batch of machines and then changing the payload.

Well good luck with that Cooper - you obviously have a lot of time on your hands! Make sure you run tests actully from the pineapple though so that you have the SD I/O bandwidth and the AR9331 processor / RAM to make it a fair test. If you find a significant deviation from the "buy a class 10 from a decent brand" advice I will be shocked. For anyone else, just buy the ones Seb recommends and support Hak5 or go to Amazon, search "sd class 10" and buy the best rated one with the capacity that is required (should you already have a Pineapple and need a better card than the stock one).

Probably not necessary to drain the battery, but it won't hurt to do so. Just ensure that you have it in your carry on and follow any advice in the TSA link posted by DrDinosaur.

The class of SD card isn't always a true reflection of real world speed, but it is an indicator -> class 10 is typically going to be a lot faster than a class 2. It's the law of diminishing returns. You could have the fastest SD card in the world - but unless you have other hardware to take advantage of it - so what, you are bottlenecked by other components of the system. The AR9331 is only a 400MHZ SOC with pretty limited RAM and probably not the faster protocol for reading/writing to the card. Will spending the rest of your life trying to get an extra percentage point increase in SD card I/O really help much? In my opinion, no. Get a class 10 SD card from a reputable brand and that is good enough. If disk I/O was the bottleneck, the story would be different: for example, old hard drives were the bottleneck in PCs -> hence an SSD drive is a good investment.

In the meantime you could just get hold of, say, an Arduino Leonardo - not as "stealth" but it can emulate a keyboard for a demo of the USB Rubber Ducky attack vector (and much easier to get hold of outside of the US).

I did - I had no problems in US. In Amsterdam they took a close look at the battery and asked a supervisor, but I was allowed to take it. Just make sure that you have it in your carry on.

Awesome! Here is the link for the build guide - currently nothing links to it so it is a bit tricky to find: http://wiki.wifipineapple.com/index.php/Build_guide

All seems a bit futile to me. SD cards are pretty much commodity devices. Get a class 10 SD with a capacity sufficient for what you require from a reputable brand. End of story. Typically I'd bet the SD is not the bottleneck so even if you find the "best" SD card the performance difference over a $10 class 10 SD from Amazon wouldn't be all that great.

No, this is not possible.

The additional parts that I needed have been sourced so I'm looking forward to voiding my MKV warranty over the 3 day weekend! I'll get my scope out and figure out the correct voltage levels etc - fingers crossed I don't brick the thing What do you think would be some killer addons for the pineapple? I'm thinking buzzer, leds, tactile switches, DIP switches, teensy and an OLED screen would be awesome. Anything else obvious that I have missed?

I'm sure it is legal - due to the hardware bug the solution is to use another USB WIFi interface anyway. Out of interest, what are you trying to do? Perhaps XBEE would be a better route?

HAK5 do not really want to release the source code changes (if any) to OpenWRT - despite the legal obligation under GPL to do so. The interface stuff could be licensed under something non-free - I'm not 100% sure. So, you might not be able to run that on other routers - it depends on whether this is under the same license as the main O/S. Infusions are probably a grey area, You should be able to run the tweaked OpenWRT versions on compatible routers after any modified sources are released. My bet is that there are only a few fairly trivial tweaks to stock OpenWRT.

... also, how can we be sure that the downloads at https://wifipineapple.com/?downloads do not contain any malicious features if we are not allowed to build the firmware ourselves? Maybe I should reword my original question: as per the GPL licence terms, where can I get the modifed OpenWRT source code. As the binaries are distributed, I am legally entitled to a copy. I don't want the web interface stuff - just the modified OpenWRT code. Thanks!

Any progress on this? There is probably some GPL stuff there so any source changes should be made available right? http://en.wikipedia.org/wiki/GNU_General_Public_License I guess I could make a start on reverse engineering the build process and get things properly documented after I've finished messing with the expansion bus :)

Thanks Darren - it is using Arduino and i'm using Python and jinja templates to generate payloads. Looks like the expansion bus is all pretty standard gpio outputs but running at non-standard 2.5v logic levels. A logic level shifter with a voltage bridge to get the 2.5v from the 3.3v pin (for the VL reference) would probably get around this. There isn't an SPI or I2C (or serial, as far as I can tell) on the expansion bus. For the Arduino Yun, the AR9331 is communicated with using the hardware serial, I think. I wonder how official expansion boards will work? Presumably bit banging or connecting to the serial rather than expansion bus? Hopefully the expansion boards won't tie up the only serial on the AR9331!

A low res sneak peek is attached. No time to write up yet. Features: SD Card (w/ mass storage device functionality) Keyboard LEDs (caps lock, scroll lock, num lock - or user definable) 3WAY DIP 3 x Tactile Switches Buzzer I2C bus - currently used for OLED breakout (debug messages, exfiltrated password display) 1 built in Neopixel RGB notification LED + header to chain as many as needed (using Neopixel stick as a breakout) Keyboard LED data transfer protocol A "real" programming language! It has a pretty small footprint and endless customization options :)

Meh, guess I'll just have to fire up the soldering iron this weekend then. The hardware bug means I need another unit in the future anyway. After my ducky broke I built an alternative that was an order of magnitude better (keyboard LEDs, dips, neopixel indicators, tactile switches, LED data transfer protocol, buzzer, etc) and if Hak5 thinks it can behave like Microsoft I'm more than willing to have a crack at an alternative Wifi pineapple hardware too! :)

Yeah - I saw that. Taking a quick look at the AR9331 spec / pinout I think we have 6 GPIOs that are usable (3 might be used for JTAG / serial - hence less than the 9 you'd guess from looking at the PCB). I'm thinking of knocking together an expansion board with a buzzer, LED and two tactile switches leaving 2 pins free to bitbang an I2C HD44780 LCD (and open source the hardware schematics / design of course!).

Irrespective of when official expansion boards are available, I'd still like to see some documentation on the expansion bus, hear about any gotchas and caveats around using the pins, etc. The closed and secretive nature around the expansion bus doesn't really seem to be in the hacker / Hak5 spirit!

Foxtrot, your infusions sound really useful but they illustrate my point: All MK V hardware is the same - why do I need your infusion to further configure something so basic to the platform as the DIP switches (the same goes for infusions for LEDs, the radios, etc)? Why do I need your notepad infusion? The bigger picture is that it would be hugely advantageous for the entire community if the MK V supported editing of plain text files on the filesystem. This way you can have notepad functionality but also the ability to edit, say, the config files. These are basic things that everybody needs and should be core and not an infusion. I think that the best use-case for infusions is for things that are so bespoke that only a few people would need them. Things so core should be rolled into the mainline. I really like the ability to execute arbitrary shell commands from the UI. It has some quick win enhancents that could be easily coded (say remembering previous command, stderr support with colorizing, etc). I could make an infusion for the community but would it not be better to be able the pull the code, make the enhancements and then submit a pull request. I didn't make myself clear w.r.t. Karma and 'real' pentesters so please don't insult me. The point I was trying to make is that the historical selling point of the pineapple was Karma - this was the focus of the pineapple site until recently and heavily promoted in the Hak5 videos. If I had bought the pineapple for this purpose then I would be dissapointed as it is 'broken' due to the landscape changing. The pineapple offers so much more and the real value-add propositions of the platform as a honeypot/dropbox are not being fully exploited by the UI. As it stands there is so much 'friction' that it is easier to just ssh in than to use the web interface which is a shame.

Please pipe your gibberish question to /dev/null and patiently await our detailed answers!

There are plenty of web resources out there. 'Hacking' is more of a mindset applicable to any discipline and you can't really learn it. My advice: start with all past Hak5 episodes, Eli the Computer Guy lessons and then read as much technical information in the areas that interest you the most! Many things seem esoteric, but after a while they seem relatively straight forward!

So, I'm a little confused about the concept of infusions... There are four infusion developers and over 75% of infusions are written by one contributor - whistlemaster. All infusions seem to be pretty central to the core concept of a "WiFi Pineapple" pentest platform. None of the infusions are so bespoke (or so large in size) that most people wouldn't feasibly be able to find a use for them. The MKV hardware doesn't have the same storage limitations as the previous hardware generations (now with a 2GB SD card out of the box). Hak5 (whilst awesome!) is not Apple or Microsoft with the need for "App Stores". They don't have to support a plethora of users and purposes. All infusions are (essentially) wrappers around relatively basic Linux commands. 'Infusions' are limited in terms of functionality due to the API that they must conform to. Overhead and developer cycles are currently going into providing the 'infusion' infrastructure and bandwidth w.r.t. hosting on the wifiepinapple.com site. "Real" pentesters would typically just use the command line where an entire infusion could be replicated in just a few lines of code. If I was a 'script kiddie' I would be really mad! Say what!!!! The traditional main selling point ot the pineapple (Karma) is broken and the successor is vapourware!!!! What is the USP of the pineapple? And I can't client mode connect to my access point! As per https://forums.hak5....munity-project/ why isn't the web interface open and why aren't people contributing to the core product? I would rather just pull head revs from (e.g.) github and have the latest functionality than deal with the infusion/bar paradigm? I have some ideas (that I genuinely think would enhance the product) which I would like to code up and share but I am struggling to work out why to conform with the current paradigms rather than spawn a completely different web interface project that includes all existing infusions functionality as "first class citizens"... If we are not careful the MKV landscape will become fragmented like the USB Rubber Ducky. I'd understand if the core web interface was full featured and robust, but I am a software engineer / web developer and (from experience) the core web interface is ignoring many "best practice" principles (robust code, error handling, input validation, cross-browser compatibility, support for browsers without javascript, asynchronous jquery approach, proper test scripts, etc) I apologize if I sound negative - I'm not - Hak5 are doing an amazing job with the limited budget/size and the hardware has great potential, but I'm struggling to understand why they are not fully embracing community involvement? Why aren't we enhancing the pineapple together and for the benefit of Hak5 and the wider community? The software is free and the money is spent in support of the show and on the hardware rather than the software... If we all enhance the software together then it is a win-win situation for everybody - we all get an awesome experience out-of-the-box and Hak5 has the de facto pentest hardware that it sells, advertises and markets - after all, the hardware is unparalleled in terms of features/price/potential. There is so much 'low hanging fruit' that we are failing to take advantage of. Seriously, $99 is an amazing pricepoint. The hardware is really something to be proud of. But, as an IT professional I feel that the USP is currently lacking. I believe that the infusion community has the answer. Am I missing something?