Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by JDL

  1. In this case it is the ability to install packages that seem to be available in the OpenWRT repositories, specifically ebtables and arptables. I am working on porting the principles of the 802.1x bypass capabilities here: nac_bypass as a payload for the squirrel. With the move to a kernel version above 3.2 it is possible to change the group_fwd_mask on the bridge (easily) to forward EAP packets. This brings a very important new capability to the squirrel, if we can get ebtables and arptables installed.
  2. I was upgrading from 1.0. I tried to upgrade to 2.0, 3.0, and 3.1. All failed until I formatted the drive using "reformat_usb". Is this bug known to exist in 1.0 firmware as well?
  3. Sorry to hear that. I am familiar with the Grapeboard, but it is over $200USD, plus a case, and is much larger/ pulls more power. I have a couple other SBCs that are in this ballpark, with the EspressoBIN being the go-to for a bigger option. While I am impressed by the @Hak5 hardware, the software support and stability is lacking across the product line.
  4. root@squirrel:~# opkg update Downloading http://downloads.openwrt.org/releases/packages-19.07/mips_24kc/base/Packages.gz Updated list of available packages in /var/opkg-lists/1907_base Downloading http://downloads.openwrt.org/releases/packages-19.07/mips_24kc/base/Packages.sig Signature check passed. Downloading http://downloads.openwrt.org/releases/packages-19.07/mips_24kc/packages/Packages.gz Updated list of available packages in /var/opkg-lists/1907_packages Downloading http://downloads.openwrt.org/releases/packages-19.07/mips_24kc/packages/Packages.sig Signature check passed. root@squirrel:~# opkg install ebtables Installing ebtables (2018-06-27-48cff25d-1) to root... Downloading http://downloads.openwrt.org/releases/packages-19.07/mips_24kc/base/ebtables_2018-06-27-48cff25d-1_mips_24kc.ipk Collected errors: * satisfy_dependencies_for: Cannot satisfy the following dependencies for ebtables: * kmod-ebtables * opkg_install_cmd: Cannot install package ebtables. root@squirrel:~# opkg install kmod-ebtables Unknown package 'kmod-ebtables'. Collected errors: * opkg_install_cmd: Cannot install package kmod-ebtables. root@squirrel:~# opkg install arptables Installing arptables (2015-05-20-f4ab8f63-1) to root... Downloading http://downloads.openwrt.org/releases/packages-19.07/mips_24kc/base/arptables_2015-05-20-f4ab8f63-1_mips_24kc.ipk Collected errors: * satisfy_dependencies_for: Cannot satisfy the following dependencies for arptables: * kmod-arptables * opkg_install_cmd: Cannot install package arptables. root@squirrel:~# opkg install kmod-arptables Unknown package 'kmod-arptables'. Collected errors: * opkg_install_cmd: Cannot install package kmod-arptables. root@squirrel:~# exit Having the above issue installing software on firmware 3.1. These are some critical packages for the way the Squirrel is used. Any advice / support for this?
  5. +1 for this. Just got mine and trying to upgrade using 2 different flash drives formatted NTFS and EXT4 by two different computers (Windows and Kali/gparted) all failed. (followed directions and verified sha256sum after copy to drive, tried 2.0, 3.0, and 3.1 firmware files) Put a drive in a used "reformat_usb", upgrade to 2.0 worked first time, then upgrade to 3.0 worked first time. Seems like the device is particular about something about the filesystem. If others are having trouble (just boots into arming mode, seemingly ignoring the upgrade file on the flash drive), try this method.
  6. Did you ever solve this? Having a similar problem on 3.1 firmware. Seems like I can not install any useful software from OPKG.
  7. Any way to get NETMODE TRANSPARENT to forward EAPOL traffic?
  8. I am guessing this is because the bridge module uses the standard one, and drops EAPOL traffic. Likely need to follow the process done by 'skip' at DEFCON 19. This requires a rebuild of the kernel module, which I have not done for OpenWRT in a couple years ... maybe something the hak5 team can do in 30 minutes?
  9. Bringing this back up. Any progress?
  10. Any advice on a MT76x2 USB adapter that you have tested and can still be purchased?
  11. With the added support for MT76x2 chipsets, it looks like the NANO becomes a 5Ghz capable platform. (Yay!) Can you recommend an adapter you have tested which is available for sale today? The list of cards supported by OpenWRT is short and none of them seem to be available any more.
  12. I had a similar, but less impactful, experience. I bought the Plunder Bug at launch, emailed a series of technical questions about capabilities, got the response "our support staff will be reviewing this inquiry shortly – typically in 1-2 business days". That was 4.5 months ago. Never got another message.
  13. Did Hak5 support ever respond and get you a replacement? I am considering buying more hardware they just teased for next week, but if this is the support I can expect, money will go elsewhere.
  14. I'm thinking and hoping the same thing. Looks like the NANO went on sale and is all sold out. Maybe they cleared out stock in preparation for the new generation. Fingers crossed.
  15. I see the NANO and TETRA have been on sale, and the NANO is now all sold out. Could it be there is a new Pineapple generation on the horizon? Would anyone form hak5 care to comment?
  16. Another user mentioned that needed to install the driver from the ASIX site:
  17. I got mine today (yay!) and took it apart. (Of course) Inside, it is a stacked design like the packet squirrel with the ethernet switch package on one PCB and the PHYs and the ASIX chips on two sides on the main PCB. The stacking header is 20 pins. The boards are soldered together via the stacking header and there are a couple of other ICs I can't see. The ethernet chip is: MICREL KSZ8895MQXCA The USB to ethernet does have the 3 GPIO broken out to diagnostic pads. ps - Why didn't my "Elite Gear Organizer" come with the Hak5 keychain prominently featured in the product picture?!? That's why I bought the thing in the first place.
  18. I don't think this device contains a MIPS SOC like the packet squirrel, so there is nowhere for the C2 software to run. This is just a network tap and a USB ethernet adapter.
  19. This is a great product. I'm buying one (pending answers to these questions) and I am already encouraging others... Questions: Looking at the tools scripts, there does not appear to currently be capacity to use more than one on a system at a time. The script looks for the first instance of '00:13:37' and manages rules for that interface. Is this something you plan to enhance in the future? Making a guess about the design, we have a 100Mbps switch ASIC with one port connected to each RJ45 and one to the AX887722C, configured to mirror traffic to the port for the AX887722C. So the question is, what are the capabilities of that ASIC aside from span, and can we get at the management plane via the AX887722C? How does this behave with dot1q tagged networks? Is any tag automatically applied to traffic coming in from the AX887722C, is tagged traffic send by the USB connected host sent (flooded?) unmodified, and is this configurable? Does the tap learn MACs and forward like a switch, or flood all traffic sent by the USB host? Assuming it learns, what is the MAC table capacity?
  • Create New...