Jump to content

Need A Flashing Tutorial For The Mark3


Recommended Posts

It isn't as easy as flashing a firmware like the Mark II was. There's a firmware, but once that has been loaded a shit ton of customization, fixes and hacks must be done to get everything happy. It's at least an hour process if you've never done it before, so part of what's holding me up is making the documentation user friendly. As I mentioned Allison, you're welcome to email shop@hak5.org and we will of course honor the warranty, no matter how much you mess with the firmware. We have the tools to wipe even the bootloader from serial :)

Link to comment
Share on other sites

It isn't as easy as flashing a firmware like the Mark II was. There's a firmware, but once that has been loaded a shit ton of customization, fixes and hacks must be done to get everything happy. It's at least an hour process if you've never done it before, so part of what's holding me up is making the documentation user friendly. As I mentioned Allison, you're welcome to email shop@hak5.org and we will of course honor the warranty, no matter how much you mess with the firmware. We have the tools to wipe even the bootloader from serial :)

dude you are awesome

Link to comment
Share on other sites

root@root:~# arp -a

Wireless_Broadband_Router.home (192.168.1.1) at 00:26:62:60:92:1c [ether] on wlan0

? (172.16.42.1) at <incomplete> on eth0

root@root:~# nmap 172.16.42.1/25 -sP

Starting Nmap 5.51 ( http://nmap.org ) at 2011-11-19 17:06 EST

Nmap scan report for 172.16.42.42

Host is up.

Nmap done: 128 IP addresses (1 host up) scanned in 5.90 seconds

Starting Nmap 5.51 ( http://nmap.org ) at 2011-11-19 17:06 EST

Nmap scan report for 172.16.42.42

Host is up (0.000050s latency).

Not shown: 999 closed ports

PORT STATE SERVICE

111/tcp open rpcbind

root@root:~# nmap 172.16.42.1

Starting Nmap 5.51 ( http://nmap.org ) at 2011-11-19 17:08 EST

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

Nmap done: 1 IP address (0 hosts up) scanned in 3.32 seconds

Link to comment
Share on other sites

It isn't as easy as flashing a firmware like the Mark II was. There's a firmware, but once that has been loaded a shit ton of customization, fixes and hacks must be done to get everything happy. It's at least an hour process if you've never done it before, so part of what's holding me up is making the documentation user friendly. As I mentioned Allison, you're welcome to email shop@hak5.org and we will of course honor the warranty, no matter how much you mess with the firmware. We have the tools to wipe even the bootloader from serial :)

but for us that likes to get our hands "dirty" this would be great fun, even only with some notes :lol:

the horrible part would be to find an AP51 to play with :rolleyes:

uh, and maybe a pinout for serial connecter would also be nice :D

Link to comment
Share on other sites

but for us that likes to get our hands "dirty" this would be great fun, even only with some notes :lol:

the horrible part would be to find an AP51 to play with :rolleyes:

uh, and maybe a pinout for serial connecter would also be nice :D

yah it would be fun. i wouldn't mind if i had the correct firmware to dirty my hands with :D

Link to comment
Share on other sites

Like I said in an earlier post it isn't as simple as a firmware flash -- there's a lot involved and it isn't rolled into one bin file. That said if you're really looking to get your hands dirty the easiest way to get started is to grab the latest backfire build, flash it, create a keepalive.sh with the gpioctl commands to appease the watchdog and set a cron job to run it every 4 minutes. Then patch hostapd with digininja's karma, install php and start grabbing the packages for ngrep, dsniff, aircrack, etc. I'll clean up my build notes and post 'em as soon as I get on top of the crazy workload that just fell on my desk. Thanks for your patience.

Link to comment
Share on other sites

Like I said in an earlier post it isn't as simple as a firmware flash -- there's a lot involved and it isn't rolled into one bin file. That said if you're really looking to get your hands dirty the easiest way to get started is to grab the latest backfire build, flash it, create a keepalive.sh with the gpioctl commands to appease the watchdog and set a cron job to run it every 4 minutes. Then patch hostapd with digininja's karma, install php and start grabbing the packages for ngrep, dsniff, aircrack, etc. I'll clean up my build notes and post 'em as soon as I get on top of the crazy workload that just fell on my desk. Thanks for your patience.

I am really impressed with the changes made, well done. If you get around to a how to patch the hostapd and install php etc, that would be cool. Digininja said he was updating and trying to document but he got hit with a big work load as well as myself :P.

Link to comment
Share on other sites

Like I said in an earlier post it isn't as simple as a firmware flash -- there's a lot involved and it isn't rolled into one bin file. That said if you're really looking to get your hands dirty the easiest way to get started is to grab the latest backfire build, flash it, create a keepalive.sh with the gpioctl commands to appease the watchdog and set a cron job to run it every 4 minutes. Then patch hostapd with digininja's karma, install php and start grabbing the packages for ngrep, dsniff, aircrack, etc. I'll clean up my build notes and post 'em as soon as I get on top of the crazy workload that just fell on my desk. Thanks for your patience.

GIVE ME, GIVE ME, GIVE ME......lol

Darren, you are doing an awesome job and your work is appreciated. Damn, I still remember stumbling onto your videos back in season 1 with Wess. You have come a long way and I also look forward to new videos.

Link to comment
Share on other sites

I am sure he will release it when it's ready. Instead of giving you something now that is potentially buggy and then complaining about bugs... be patient.

I was just being a smartass.... I am not even ready to start thinking a flashing until I learn more of what I am doing.

Link to comment
Share on other sites

hey guys, i know it's been said and done. and im still gonna get a trade in on my pineapple cause it seems to be strait fucked.. but when i set it up tonight and was playing with the ip's of the router and things. it came up with this

From 172.16.42.42 icmp_seq=6 Destination Host Unreachable

From 172.16.42.42 icmp_seq=7 Destination Host Unreachable

^C

--- 172.16.42.1 ping statistics ---

9 packets transmitted, 0 received, +6 errors, 100% packet loss, time 8025ms

, pipe 3

root@root:~# ping 172.16.42.42

PING 172.16.42.42 (172.16.42.42) 56(84) bytes of data.

64 bytes from 172.16.42.42: icmp_seq=1 ttl=64 time=0.152 ms

64 bytes from 172.16.42.42: icmp_seq=2 ttl=64 time=0.088 ms

64 bytes from 172.16.42.42: icmp_seq=3 ttl=64 time=0.089 ms

64 bytes from 172.16.42.42: icmp_seq=4 ttl=64 time=0.089 ms

64 bytes from 172.16.42.42: icmp_seq=5 ttl=64 time=0.088 ms

the host being me from what im guessing.. and the router being 42.1 ?

Input IP Address of Host PC [or ENTER for 172.16.42.42]:

Input IP Address of Pineapple [or ENTER for 172.16.42.1]:

i guess it's still fucked...

Desktop wp3.sh

root@root:~# ./wp3.sh

Input Pineapple Netmask [or ENTER for 255.255.255.0]:

Input Pineapple Network [or ENTER for 172.16.42.0/24]:

Input Interface between PC and Pineapple [or ENTER for eth0]:

Input Interface between PC and Internet [or ENTER for wlan0]:

Input Internet Gateway [or ENTER for 192.168.1.1]:

Input IP Address of Host PC [or ENTER for 172.16.42.42]:

Input IP Address of Pineapple [or ENTER for 172.16.42.1]:

Pineapple connected to: eth0

Internet connection from: wlan0

Internet connection gateway: 192.168.1.1

Host Computer IP: 172.16.42.42

Pineapple IP: 172.16.42.1

Network: 172.16.42.0/24

Netmask: 255.255.255.0

IP Forwarding enabled. /proc/sys/net/ipv4/ip_forward set to 1

iptables chains and rules cleared

IP Forwarding Enabled

Default route removed

Pineapple Default Gateway Configured

PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data.

From 172.16.42.42 icmp_seq=1 Destination Host Unreachable

From 172.16.42.42 icmp_seq=2 Destination Host Unreachable

From 172.16.42.42 icmp_seq=3 Destination Host Unreachable

--- 172.16.42.1 ping statistics ---

3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2015ms

, pipe 3

Browse to http://172.16.42.1/pineapple -- Happy Hacking!

Link to comment
Share on other sites

root@root:~# nmap 172.16.42.1 -P0 -vv

Starting Nmap 5.51 ( http://nmap.org ) at 2011-11-23 18:21 EST

Initiating Parallel DNS resolution of 1 host. at 18:21

Completed Parallel DNS resolution of 1 host. at 18:21, 0.06s elapsed

Initiating SYN Stealth Scan at 18:21

Scanning 172.16.42.1 [1000 ports]

Discovered open port 554/tcp on 172.16.42.1

Discovered open port 7070/tcp on 172.16.42.1

Completed SYN Stealth Scan at 18:21, 11.23s elapsed (1000 total ports)

Nmap scan report for 172.16.42.1

Host is up (0.0050s latency).

Scanned at 2011-11-23 18:21:37 EST for 11s

Not shown: 998 filtered ports

PORT STATE SERVICE

554/tcp open rtsp

7070/tcp open realserver

Read data files from: /usr/local/share/nmap

Nmap done: 1 IP address (1 host up) scanned in 11.54 seconds

Raw packets sent: 3005 (132.220KB) | Rcvd: 9 (396B)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...