Piranha Firmware

[NFG]

How hard would it be to add the Karma patches to the Piranha Firmware? He already has MDK3 and aircrack-ng working on the fon. I haven't had a chance to test this firmware yet on my FON2 but I probably will over Christmas. It would probably work better then using the gargoyle firmware that is currently needed for the fon+ or the fon2.

[digininja]

looks like it is just openwrt with a few extra tools bundled by default. If so then to add karma I'd just need access to their madwifi package before it is built.

I've posted a comment on his site, see if I get anything back.

[NFG]

Cool if there is anything I can do to help let me know.

[schuchwun]

o0o0 this looks like fun hopefully something comes of it.

the wireless switchblade.

[digininja]

I've had a message back from orange who does the firmware so I'll get in touch and see where it goes.

[NFG]

If you don't hear back from orange I do have the latest openwrt trunk with the mdk3 pakage setup. It runs the same as his other than I have a newer build.

[ADM1NX]

there's an ipkg for mdk3 here http://fon.testbox.dk/packages/NEW/mdk3_v2-1_mips.ipk

[schuchwun]

Wouldn't it be possible to install MeltyBloods firmware and then just install Jasager as per normal?

Or do it our way and then just wget all the packages aircrack, mdk3, cifs etc etc and install them along side jasager. (i'm trying it this way right now and will edit again if it works)

[NFG]

As Orange said in his post about the new firmware

legend is unfortunately outdated and obviously unmaintained or at least not actively developed - don't get me wrong, it works great, but OpenWrt as well as aircrack-ng have seen some great steps forward since last year

Also it would be nice to have something that would work on all the different fons.

[schuchwun]

I know Orange is busy but it would be nice to see something sooner rather then later. Hopefully Digi and Orange can colaborate soon and bring us something really kickass.

[digininja]

I'm talking with Orange and will let know you whats happening when I know something.

[or4n9e]

I'm talking with Orange and will let know you whats happening when I know something.

@digininja

You're still interested in collaborating? I'm currently setting up a new OpenWrt buildroot to work on the next Piranha and I'm interested to integrate Jasager into it. Please tell me what we'd need to do, i.e. some more insight into Jasager would be great as I honestly never used it before. Not sure how long it will take for the next Piranha to appear, but I'd like to offer collaboration at least if you're still interested. Let me know please.

@all

I started two Piranha Brainstorming threads at http://piranha.klashed.net/2009/04/26/piranha-brainstorming/ and http://www.fonerahacks.com/forums/viewtopi...p?f=3&t=320

Any ideas would be much appreciated. I'd like to open Piranha as much as possible to the community and I'm especially interested in contributions from a technical perspective - my vision always was and still is to make Piranha a community effort. I'm currently waiting for an OpenWrt port of autoap, which should be one of the kickass features of the next Piranha, I hope for Jasager integration, latest aircrack-ng and mdk3 will be on board as usual and some other ideas. The next Piranha will be based on OpenWrt 8.09.

I'm really looking forward to your input!

Thanks in advance,

orange

[digininja]

I'm happy collaberate. As you know I've sorted out my own firmware with Jasager pre-installed but it would be better if it was rolled with other useful tools rather than just on its own.

I'll PM you my email address so we can talk about it.

[jdogherman]

Digininja: So how are the madwifi drivers patched?

Do the patched madwifi drivers support injection?

[digininja]

Digininja: So how are the madwifi drivers patched?

I created the patch for the openwrt version of the drivers, added it to the list of patches the buildtree uses then did a build. That created a package which I released.

Do the patched madwifi drivers support injection?

If you mean the aircrack patch set then no, that isn't included.

[jdogherman]

Are they mutually exclusive in nature (patched madwifi vs aircrack injection support) or have they just not been built together?

Is it possible to just take your patch and apply it to another madwifi driver set. maybe one that supports aircrack injection already?

Did you release the patch code?

Thanks man.

[digininja]

They will work together and HDM has put them together in the patch set he released as part of Karmetasploit. This is my openwrt 8.09 karma patch. To use it just drop it into the patches directory in the openwrt build system and it will automatically get added in. To add the injection patch you'd need to get a fully patched madwifi (with all the openwrt stuff) then add the injection code, work out a patch between yours and the fully patched then add that as a new patch.

Or, to say it another way, you can't just patch the raw source as that will be worked on by another 20+ patches before it gets to yours so your patch will probably be wrong by that point.

[or4n9e]

Piranha 2 alpha1 is up at http://piranha.klashed.net/pub/2.0/alpha1/

Please visit http://www.fonerahacks.com/forums/viewtopi...amp;t=320#p1766 for more information. Jasager will (most likely) be introduced with Piranha 2 alpha2 - digininja and myself are currently working on this.

Any input from the community is certainly still much appreciated!

Stay tuned,

orange

[jdogherman]

;)

replace "hacking" with Penetration Testing.

NOW its PC! (policaly correct) not personal computer.

[or4n9e]

Piranha 2 alpha2 is released - it's up at http://piranha.klashed.net/pub/2.0/alpha2/

The package repository at http://piranha.klashed.net/pub/2.0/packages/ is updated to Piranha 2 alpha2

Piranha 2 alpha1 at http://piranha.klashed.net/pub/2.0/alpha1/ has been taken down in favour of alpha2

Changelog is at http://www.fonerahacks.com/forums/viewtopi...mp;p=1788#p1788

Jasager integration is unfortunately not yet completed, but we're certainly still working on this!

replace "hacking" with Penetration Testing

I'll take this into account...

[or4n9e]

JFYI, Piranha 2 alpha3 is released. The full changelog can be found here http://www.fonerahacks.com/forums/viewtopi...mp;p=1823#p1823

best,

orange

[ZesteR]

done with finals, got my fon+ ready to hack and looking forward to the release of jasager on piranha!

I'm going to try out Alpha 3 later today.

This firmware seems promising having all complied together!

Great job guys!

[jdogherman]

What if I have never let the fon talk to the mothership. The mac is not registered with the FON HQ and the heartbeat wont do anything then.

Orange... do you have a way to get fons on that have never been connected to "the collective"?

[or4n9e]

Orange... do you have a way to get fons on that have never been connected to "the collective"?

Yes and no. In any case you need a fonera with stock firmware on it to register whatever other fonera (not registered yet - e.g. the piranha one) you'd like. It might be possible to register also with a stock openwrt fonera assumed you have chillispot installed but this is untested and thus cannot be supported by myself.

Here is what you need to do with a stock fonera though:

1st Step - Login via SSH and paste the following to the root prompt

/usr/sbin/chilli_radconfig -c /dev/null --radiusserver1=radius01.fon.com --radiussecret=garrafon --adminuser=chillispot --adminpasswd=chillispot --radiusnasid=xx-xx-xx-xx-xx-xx --dhcpif xx-xx-xx-xx-xx-xx

replace xx-xx-xx-xx-xx-xx with the WLAN MAC address of the fonera you'd like to register

2nd Step - You'll get approx. 20 lines of code. You need to copy the line

uamserver https://www.fon.com/login/gateway/sec/9c3370131faaxxxxxxxxxxxxxxxxxxxx

The important information is the 32-digit string after .../sec/

3rd Step - Login to your other fonera (to be registered - e.g. the piranha one) and do

thinclient start
/etc/init.d/cron start

Starting cron could also be substituted by a reboot as cron starts automatically as soon as /etc/crontabs/root is not empty anymore. The mothership just needs to get at least one heartbeat before you'll be able to proceed with Step 4.

4th Step - Open a webbrowser of your choice and navigate to

https://www.fon.com/login/gateway/sec/9c3370131faaxxxxxxxxxxxxxxxxxxxx

replace 9c3370131faaxxxxxxxxxxxxxxxxxxxx with your 32-digit string from Step 2 here. You should see the fon login portal now followed by some error messages, but don't care about them (not sure if you need to click "register" somwhere at the portal - it has been too long since I tried it last time, but afaik even that's not needed). Now just login to your fon account and you should be presented with a form to register the fonera.

I'd be interested in the outcome while trying this with a stock openwrt fonera and chillispot installed. If anyone tests it, please report back.

Have fun!

[jdogherman]

1st Step - Login via SSH and paste the following to the root prompt

so first I need to break the firmware to allow ssh access?