post_break Posted November 29, 2008 Share Posted November 29, 2008 So jasager on the fon is a fun toy but I believe its true potential lies in the form factor. I can sit at a coffee shop and borrow sessions and hijack the wifi but I have to actually do something. I have to be in the area, I have to start my access point and then mess with the pipes. Thats fun and all but what about an application (not software) for automating this task? Here is my idea of a fon bomb. We take a fon running jasager and enclose it inside a weather proof box. Inside the box we stick a large lipo battery to power the device for at least a few days on end. Stick a pay as you go cell phone inside with a data package for supplying the tubes and again another battery for the phone to keep it running. Now we would have to automate the task of running say ettercap or MDK3 to sniff the important data out like logins, URLs, AIM, emails, ect. Then setup a cron to push that data from the fon through the internet to a throw away email in order to obtain the goods. That cron would run hourly along with another cron to send a "beacon" email to notify the user that the fon is still alive so you know when to go pick it up. Attach a good sized battery to the box, paint it like a utility box, and with a pole set it and forget it. Ok lets take a step back. First of all this is extremely black hat and could get you in some trouble. I still dont have a fon in my hands so this is still just a concept of a wireless terrorist device. The biggest downfall in this device is networking a throw away cellphone to the fon, something I have yet to figure out. Hopefully someone on here could figure that out. Maybe the fon could be setup to connect to another wireless network and share its pipes that way. I really look forward to your ideas or criticism as this is just a brainstorm. If anyone wants to help me create something like this feel free to PM me. Quote Link to comment Share on other sites More sharing options...
digininja Posted November 29, 2008 Share Posted November 29, 2008 Your idea is basically what I see as a white hat pen testing tool. I like the idea of the phone for data exfiltration, you would have to work out how much data you could store before you could send it out. An alternative is to have two Fons back to back joined on the wired side. The second would be in client mode connected to a wifi network and could send data out through that. Having two devices also doubles your potential processing power so you could use the main AP to do some work then pass the rest off to the second. However if you are sending data out you could probably leave most processing to the offline recipient or, if you have the network connection speed, have that do the processing then send back commands. I'm already working on running inline packet capture and data matching on traffic as it flows through the device and I'll be having a look at getting mdk or something similar working when I get chance. Quote Link to comment Share on other sites More sharing options...
post_break Posted November 29, 2008 Author Share Posted November 29, 2008 The problem with using a cell phone is getting it connected to the fon. Cheap cell phones dont exactly have ethernet or wifi so getting it connected to the fon without another device is difficult. I really need to get my hands on a fon so I can experiment with this. Im sure the fon has enough cpu speed to hand out packets and run a sniffing tool. The problem might be the limited ram. Quote Link to comment Share on other sites More sharing options...
digininja Posted November 29, 2008 Share Posted November 29, 2008 The problem with using a cell phone is getting it connected to the fon. Cheap cell phones dont exactly have ethernet or wifi so getting it connected to the fon without another device is difficult. I really need to get my hands on a fon so I can experiment with this. You could get one with wifi then use ics off it to connect through, if you have the fon connect to it periodically then you wouldn't loose much AP connectivity. I don't know the price of phones with wifi but I bet they are coming down in price all the time. The other option is one of the new Fons with the built in usb port, with that you could easily either tether a cheap phone or external storage. Give the Fon a second AP which you can connect to and use to suck off all the data whenever you are passing. Im sure the fon has enough cpu speed to hand out packets and run a sniffing tool. The problem might be the limited ram. Depends on how much you want to process and how busy you network is, but I agree, storage is possibly more of a problem than cpu but more of both wouldn't hurt. Quote Link to comment Share on other sites More sharing options...
ADM1NX Posted November 30, 2008 Share Posted November 30, 2008 You can create multiple wireless interfaces using wlanconfig, so that you can have one virtual interface connecting to a nearby AP for internet access, and another interface for jasager. Additionally, if you need a swap partition, or more storage space, you can always do the SD mod. In my fon setup, i have a 64mb card set up as a swap partition, because ipkg was getting "out of space" errors after i installed jasager, even though i had about 3 or 4 megs left on the flash. The extra overhead is very useful when you want to run programs faster, or install more packages. There is a mod on the dd-wrt forums on how to put 32mb into the fon, but you would have to modify redboot, and the rom file that is needed is now a dead link. Since large SD and MMC cards are a dime a dozen nowadays, you can probably set it up for swap and storage, but it would probably be a bit slow. You might be better off with an NSLU2. Quote Link to comment Share on other sites More sharing options...
digininja Posted November 30, 2008 Share Posted November 30, 2008 I wish I could solder, a Fon with lots of storage seems like a really nice thing to have. Quote Link to comment Share on other sites More sharing options...
post_break Posted November 30, 2008 Author Share Posted November 30, 2008 I wonder if ettercap or wifizoo even runs on the fon because those are the two devices I know of that would be capable of borrowing the goods from the users. Pushing those goods to an email should be pretty simple compared to the rest of this hack. As for using the wifi in the fon to connect to a real network to supply tubes it would have to be setup to connect to any unencrypted network and if it fails to get out try the next available, something I believe dd-wrt does. Quote Link to comment Share on other sites More sharing options...
digininja Posted November 30, 2008 Share Posted November 30, 2008 I wonder if ettercap or wifizoo even runs on the fon because those are the two devices I know of that would be capable of borrowing the goods from the users. Pushing those goods to an email should be pretty simple compared to the rest of this hack. wifizoo doesn't at the moment, stay tuned As for using the wifi in the fon to connect to a real network to supply tubes it would have to be setup to connect to any unencrypted network and if it fails to get out try the next available, something I believe dd-wrt does. I can't remember what its called but there is a great app built on a wrt54g and a huge antenna that you setup and it seeks out whatever internet connection it can find and connects you to it. Quote Link to comment Share on other sites More sharing options...
ADM1NX Posted November 30, 2008 Share Posted November 30, 2008 You could just crack a wep network nearby and just put in the key. Also, if you install a second antenna, you can set up antenna diversity, so that one is doing all the dirty work, and the other one is connecting to home base, or another AP in the area. I also found an ettercap ipkg, but I'm not sure if it's fully functional. You can get it here: http://fon.testbox.dk/packages/ipkg-new-in....7.3-1_mips.ipk Quote Link to comment Share on other sites More sharing options...
post_break Posted November 30, 2008 Author Share Posted November 30, 2008 To be honest I dont know much about ettercap other than what I have read in the man page. I printed the sucker off while researching airbase-ng and wifizoo. From what I read it has the capability to log usernames and passwords (correct me if I am wrong). I wonder how hard it would be to add another r-sma jack on there. One thing I hate about wifi parts is how expensive they are and scarce. Seems like you can only get them from some shady shop on ebay. Quote Link to comment Share on other sites More sharing options...
colforbin Posted December 1, 2008 Share Posted December 1, 2008 Look here for your parts. They're reliable. That is to say I've never had any problems with ordering and receiving parts from them. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted December 1, 2008 Share Posted December 1, 2008 If someone had Jasager running on the LaFonera with the sdcard mod I am sure that would work well too, i am not sure if drives exist for sdhc cards though(will check) La Fonera 2.0 Beta The Fonera 2.0 is intended to be a Liberator of your desktop computers by being able to both execute applications that you usually need to run in background on your computers and to help you share USB devices between the notebooks connected to your Fonera 2.0, like USB Disks, USB Scanners, USB Printers or Webcams (Not all USB Devices supported). This could be used in conjunction with a large(8-16GB) flash drive to store logs. The antenna is detachable, so a larger, better one could be used. It has an Atheros processor running @ 180MHz and an Atheros SoC wifichip set. Also has 8MB of flash and 32MB or RAM, more than the Fon you guys are currently working with. And Redboot does come installed off the shelf. I would live to help out more, but i cant seem to get the funds together for an extra router atm. Maybe in the future when this becomes an obsolete means for attack auditing then I'll mess around with it :). I have a bunch of old PC133 sdram laying around as well, to swap out the stock ram with. BTW Fon has a 802.11n spec router that should be coming out by the end of this year. *Crossed fingers Links Fonera 2.0 Wiki Fonboard.de Diagrams, from what i can tell they are talking about power consumption(Deutsche) Rebranding Maybe? Fonera SD Card Hack Great Picture Quote Link to comment Share on other sites More sharing options...
digininja Posted December 1, 2008 Share Posted December 1, 2008 If there are any soldering gurus coming to Shmoocon I'll happily drinks (afterwards) for mod'ing my fon's. I've also got some ideas for my eee as well, that would be extra drinks. Quote Link to comment Share on other sites More sharing options...
post_break Posted December 2, 2008 Author Share Posted December 2, 2008 Ok lets take a step back. How about instead of an external application we take this inhouse. Now I have one of these Id be willing to sacrifice for the sake of this experiment. Im thinking I could squeeze the fon's motherboard inside there but powering it off of that connection will be a challenge. The beauty of this attack is that there is seemingly no reason why it would be discovered physically. If I can get the power adapter working like normal as well as powering the fon then I doubt it would be tossed. Added that the device screws into the socket keeps you from simply pulling it off of the wall too. The more I look at that picture the more I smile inside thinking of what it could be doing. Quote Link to comment Share on other sites More sharing options...
colforbin Posted December 2, 2008 Share Posted December 2, 2008 I like this. Quote Link to comment Share on other sites More sharing options...
diemonkey Posted December 2, 2008 Share Posted December 2, 2008 Nice, but if you can't get it all of the fon to fit inside maybe something like the socket "safe" might work as an alternative. http://www.thinkgeek.com/gadgets/security/855d/ Quote Link to comment Share on other sites More sharing options...
digininja Posted December 2, 2008 Share Posted December 2, 2008 I'd like to know where the person with the safe was in this photo: http://www.thinkgeek.com/gadgets/security/855d/images/1653/ Why would you need to lock up your toothbrush??? Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted December 2, 2008 Share Posted December 2, 2008 I live in the dorms and i keep a fake toothbrush in the bathroom so that if my roommate decides to comb his pubes with it i dont use it.. people are crazy Quote Link to comment Share on other sites More sharing options...
X3N Posted December 2, 2008 Share Posted December 2, 2008 another good way to hide it is inside a battery backup ups or a surge strip. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted December 2, 2008 Share Posted December 2, 2008 Bathroom celling tiles Quote Link to comment Share on other sites More sharing options...
digininja Posted December 2, 2008 Share Posted December 2, 2008 another good way to hide it is inside a battery backup ups or a surge strip. What, your toothbrush :-) Quote Link to comment Share on other sites More sharing options...
ADM1NX Posted December 3, 2008 Share Posted December 3, 2008 You should try to hide it in a fake plant, or an existing home appliance or household object that has a little extra room in it. You could also hollow out a book, and put it in there. Quote Link to comment Share on other sites More sharing options...
post_break Posted December 3, 2008 Author Share Posted December 3, 2008 Im trying to think of devices that need power anyways so I can mask the fact that it is just a host of a parasitic fon. The idea of running on battery is just not optimal. Quote Link to comment Share on other sites More sharing options...
diemonkey Posted December 4, 2008 Share Posted December 4, 2008 What about using PoE? It might be useful in some situations. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.