Jump to content

fon bomb brainstorming


Recommended Posts

So jasager on the fon is a fun toy but I believe its true potential lies in the form factor. I can sit at a coffee shop and borrow sessions and hijack the wifi but I have to actually do something. I have to be in the area, I have to start my access point and then mess with the pipes. Thats fun and all but what about an application (not software) for automating this task?

Here is my idea of a fon bomb. We take a fon running jasager and enclose it inside a weather proof box. Inside the box we stick a large lipo battery to power the device for at least a few days on end. Stick a pay as you go cell phone inside with a data package for supplying the tubes and again another battery for the phone to keep it running.

Now we would have to automate the task of running say ettercap or MDK3 to sniff the important data out like logins, URLs, AIM, emails, ect. Then setup a cron to push that data from the fon through the internet to a throw away email in order to obtain the goods. That cron would run hourly along with another cron to send a "beacon" email to notify the user that the fon is still alive so you know when to go pick it up.

Attach a good sized battery to the box, paint it like a utility box, and with a pole set it and forget it.

Ok lets take a step back. First of all this is extremely black hat and could get you in some trouble. I still dont have a fon in my hands so this is still just a concept of a wireless terrorist device. The biggest downfall in this device is networking a throw away cellphone to the fon, something I have yet to figure out. Hopefully someone on here could figure that out. Maybe the fon could be setup to connect to another wireless network and share its pipes that way.

I really look forward to your ideas or criticism as this is just a brainstorm. If anyone wants to help me create something like this feel free to PM me.

Link to comment
Share on other sites

Your idea is basically what I see as a white hat pen testing tool.

I like the idea of the phone for data exfiltration, you would have to work out how much data you could store before you could send it out. An alternative is to have two Fons back to back joined on the wired side. The second would be in client mode connected to a wifi network and could send data out through that. Having two devices also doubles your potential processing power so you could use the main AP to do some work then pass the rest off to the second. However if you are sending data out you could probably leave most processing to the offline recipient or, if you have the network connection speed, have that do the processing then send back commands.

I'm already working on running inline packet capture and data matching on traffic as it flows through the device and I'll be having a look at getting mdk or something similar working when I get chance.

Link to comment
Share on other sites

The problem with using a cell phone is getting it connected to the fon. Cheap cell phones dont exactly have ethernet or wifi so getting it connected to the fon without another device is difficult. I really need to get my hands on a fon so I can experiment with this.

Im sure the fon has enough cpu speed to hand out packets and run a sniffing tool. The problem might be the limited ram.

Link to comment
Share on other sites

The problem with using a cell phone is getting it connected to the fon. Cheap cell phones dont exactly have ethernet or wifi so getting it connected to the fon without another device is difficult. I really need to get my hands on a fon so I can experiment with this.

You could get one with wifi then use ics off it to connect through, if you have the fon connect to it periodically then you wouldn't loose much AP connectivity. I don't know the price of phones with wifi but I bet they are coming down in price all the time.

The other option is one of the new Fons with the built in usb port, with that you could easily either tether a cheap phone or external storage. Give the Fon a second AP which you can connect to and use to suck off all the data whenever you are passing.

Im sure the fon has enough cpu speed to hand out packets and run a sniffing tool. The problem might be the limited ram.

Depends on how much you want to process and how busy you network is, but I agree, storage is possibly more of a problem than cpu but more of both wouldn't hurt.

Link to comment
Share on other sites

You can create multiple wireless interfaces using wlanconfig, so that you can have one virtual interface connecting to a nearby AP for internet access, and another interface for jasager. Additionally, if you need a swap partition, or more storage space, you can always do the SD mod.

In my fon setup, i have a 64mb card set up as a swap partition, because ipkg was getting "out of space" errors after i installed jasager, even though i had about 3 or 4 megs left on the flash. The extra overhead is very useful when you want to run programs faster, or install more packages.

There is a mod on the dd-wrt forums on how to put 32mb into the fon, but you would have to modify redboot, and the rom file that is needed is now a dead link. Since large SD and MMC cards are a dime a dozen nowadays, you can probably set it up for swap and storage, but it would probably be a bit slow. You might be better off with an NSLU2.

Link to comment
Share on other sites

I wonder if ettercap or wifizoo even runs on the fon because those are the two devices I know of that would be capable of borrowing the goods from the users. Pushing those goods to an email should be pretty simple compared to the rest of this hack.

As for using the wifi in the fon to connect to a real network to supply tubes it would have to be setup to connect to any unencrypted network and if it fails to get out try the next available, something I believe dd-wrt does.

Link to comment
Share on other sites

I wonder if ettercap or wifizoo even runs on the fon because those are the two devices I know of that would be capable of borrowing the goods from the users. Pushing those goods to an email should be pretty simple compared to the rest of this hack.

wifizoo doesn't at the moment, stay tuned

As for using the wifi in the fon to connect to a real network to supply tubes it would have to be setup to connect to any unencrypted network and if it fails to get out try the next available, something I believe dd-wrt does.

I can't remember what its called but there is a great app built on a wrt54g and a huge antenna that you setup and it seeks out whatever internet connection it can find and connects you to it.

Link to comment
Share on other sites

You could just crack a wep network nearby and just put in the key.

Also, if you install a second antenna, you can set up antenna diversity, so that one is doing all the dirty work, and the other one is connecting to home base, or another AP in the area.

I also found an ettercap ipkg, but I'm not sure if it's fully functional. You can get it here: http://fon.testbox.dk/packages/ipkg-new-in....7.3-1_mips.ipk

Link to comment
Share on other sites

To be honest I dont know much about ettercap other than what I have read in the man page. I printed the sucker off while researching airbase-ng and wifizoo. From what I read it has the capability to log usernames and passwords (correct me if I am wrong).

I wonder how hard it would be to add another r-sma jack on there. One thing I hate about wifi parts is how expensive they are and scarce. Seems like you can only get them from some shady shop on ebay.

Link to comment
Share on other sites

If someone had Jasager running on the LaFonera with the sdcard mod I am sure that would work well too, i am not sure if drives exist for sdhc cards though(will check)

La Fonera 2.0 Beta

The Fonera 2.0 is intended to be a Liberator of your desktop computers by being able to both execute applications that you usually need to run in background on your computers and to help you share USB devices between the notebooks connected to your Fonera 2.0, like USB Disks, USB Scanners, USB Printers or Webcams (Not all USB Devices supported).

This could be used in conjunction with a large(8-16GB) flash drive to store logs. The antenna is detachable, so a larger, better one could be used. It has an Atheros processor running @ 180MHz and an Atheros SoC wifichip set. Also has 8MB of flash and 32MB or RAM, more than the Fon you guys are currently working with. And Redboot does come installed off the shelf.

I would live to help out more, but i cant seem to get the funds together for an extra router atm. Maybe in the future when this becomes an obsolete means for attack auditing then I'll mess around with it :). I have a bunch of old PC133 sdram laying around as well, to swap out the stock ram with.

BTW Fon has a 802.11n spec router that should be coming out by the end of this year. *Crossed fingers

Links

Fonera 2.0 Wiki

Fonboard.de Diagrams, from what i can tell they are talking about power consumption(Deutsche)

Rebranding Maybe?

Fonera SD Card Hack

Great Picture

Link to comment
Share on other sites

Ok lets take a step back. How about instead of an external application we take this inhouse.

162522lgha2.jpg

Now I have one of these Id be willing to sacrifice for the sake of this experiment. Im thinking I could squeeze the fon's motherboard inside there but powering it off of that connection will be a challenge. The beauty of this attack is that there is seemingly no reason why it would be discovered physically. If I can get the power adapter working like normal as well as powering the fon then I doubt it would be tossed. Added that the device screws into the socket keeps you from simply pulling it off of the wall too.

The more I look at that picture the more I smile inside thinking of what it could be doing.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...