Need A Flashing Tutorial For The Mark3

[allisonmagic]

hopefully we get some new firmware and config files so we can reflash the markIII. let me know when you guys get somethin worked out please. i need to reflash my pineapple but the old firmware and config files aren't working on it.

thanks !

[Mr-Protocol]

This is mentioned in many places. Darren said Monday. No need to make more threads.

[Darren Kitchen]

It isn't as easy as flashing a firmware like the Mark II was. There's a firmware, but once that has been loaded a shit ton of customization, fixes and hacks must be done to get everything happy. It's at least an hour process if you've never done it before, so part of what's holding me up is making the documentation user friendly. As I mentioned Allison, you're welcome to email shop@hak5.org and we will of course honor the warranty, no matter how much you mess with the firmware. We have the tools to wipe even the bootloader from serial :)

[allisonmagic]

This is mentioned in many places. Darren said Monday. No need to make more threads.

sorry

[allisonmagic]

It isn't as easy as flashing a firmware like the Mark II was. There's a firmware, but once that has been loaded a shit ton of customization, fixes and hacks must be done to get everything happy. It's at least an hour process if you've never done it before, so part of what's holding me up is making the documentation user friendly. As I mentioned Allison, you're welcome to email shop@hak5.org and we will of course honor the warranty, no matter how much you mess with the firmware. We have the tools to wipe even the bootloader from serial :)

dude you are awesome

[allisonmagic]

root@root:~# arp -a

Wireless_Broadband_Router.home (192.168.1.1) at 00:26:62:60:92:1c [ether] on wlan0

? (172.16.42.1) at <incomplete> on eth0

root@root:~# nmap 172.16.42.1/25 -sP

Starting Nmap 5.51 ( http://nmap.org ) at 2011-11-19 17:06 EST

Nmap scan report for 172.16.42.42

Host is up.

Nmap done: 128 IP addresses (1 host up) scanned in 5.90 seconds

Starting Nmap 5.51 ( http://nmap.org ) at 2011-11-19 17:06 EST

Nmap scan report for 172.16.42.42

Host is up (0.000050s latency).

Not shown: 999 closed ports

PORT STATE SERVICE

111/tcp open rpcbind

root@root:~# nmap 172.16.42.1

Starting Nmap 5.51 ( http://nmap.org ) at 2011-11-19 17:08 EST

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

Nmap done: 1 IP address (0 hosts up) scanned in 3.32 seconds

[Darren Kitchen]

Yeah dude its borked. Let us ship you our a replacement ASAP. I think I've figured out what did it in and am working on a point release to fix the problem, but after the flash you did theres no easy way of going back.

[httpCRASH]

It isn't as easy as flashing a firmware like the Mark II was. There's a firmware, but once that has been loaded a shit ton of customization, fixes and hacks must be done to get everything happy. It's at least an hour process if you've never done it before, so part of what's holding me up is making the documentation user friendly. As I mentioned Allison, you're welcome to email shop@hak5.org and we will of course honor the warranty, no matter how much you mess with the firmware. We have the tools to wipe even the bootloader from serial :)

but for us that likes to get our hands "dirty" this would be great fun, even only with some notes

the horrible part would be to find an AP51 to play with

uh, and maybe a pinout for serial connecter would also be nice :D

[allisonmagic]

Yah seems my shit is fucked. I'll just send it back to get it fixed. Sucks I have to go that route.

[allisonmagic]

I'd rather try to fix it myself but I guess if there's no firmware to try then there's no hope

[Ghostshell]

so sad, still no firmware available for download

[allisonmagic]

so sad, still no firmware available for download

yah if i had the firmware, i'd do some configurations and hacking of the router myself. i dont need any user friendly guides, i just need the correct firmware

[allisonmagic]

but for us that likes to get our hands "dirty" this would be great fun, even only with some notes

the horrible part would be to find an AP51 to play with

uh, and maybe a pinout for serial connecter would also be nice :D

yah it would be fun. i wouldn't mind if i had the correct firmware to dirty my hands with :D

[Ghostshell]

AGREED!!!

[Ghostshell]

im jonesin man!

c'mon man i just need a lil taste!

[Darren Kitchen]

Like I said in an earlier post it isn't as simple as a firmware flash -- there's a lot involved and it isn't rolled into one bin file. That said if you're really looking to get your hands dirty the easiest way to get started is to grab the latest backfire build, flash it, create a keepalive.sh with the gpioctl commands to appease the watchdog and set a cron job to run it every 4 minutes. Then patch hostapd with digininja's karma, install php and start grabbing the packages for ngrep, dsniff, aircrack, etc. I'll clean up my build notes and post 'em as soon as I get on top of the crazy workload that just fell on my desk. Thanks for your patience.

[Mr-Protocol]

Like I said in an earlier post it isn't as simple as a firmware flash -- there's a lot involved and it isn't rolled into one bin file. That said if you're really looking to get your hands dirty the easiest way to get started is to grab the latest backfire build, flash it, create a keepalive.sh with the gpioctl commands to appease the watchdog and set a cron job to run it every 4 minutes. Then patch hostapd with digininja's karma, install php and start grabbing the packages for ngrep, dsniff, aircrack, etc. I'll clean up my build notes and post 'em as soon as I get on top of the crazy workload that just fell on my desk. Thanks for your patience.

I am really impressed with the changes made, well done. If you get around to a how to patch the hostapd and install php etc, that would be cool. Digininja said he was updating and trying to document but he got hit with a big work load as well as myself :P.

[Ghostshell]

Got a Fon 2100, 2201, Open Mesh 3201A and OMP1 loaded with the following, latest backfire, was already on the OMP1, then installed the following hostapd, php, ngrep, dsniff, aircrack, etc.... now just need to patch hostapd with digininja's karma and get the new PHP UI.

[Mother]

Like I said in an earlier post it isn't as simple as a firmware flash -- there's a lot involved and it isn't rolled into one bin file. That said if you're really looking to get your hands dirty the easiest way to get started is to grab the latest backfire build, flash it, create a keepalive.sh with the gpioctl commands to appease the watchdog and set a cron job to run it every 4 minutes. Then patch hostapd with digininja's karma, install php and start grabbing the packages for ngrep, dsniff, aircrack, etc. I'll clean up my build notes and post 'em as soon as I get on top of the crazy workload that just fell on my desk. Thanks for your patience.

GIVE ME, GIVE ME, GIVE ME......lol

Darren, you are doing an awesome job and your work is appreciated. Damn, I still remember stumbling onto your videos back in season 1 with Wess. You have come a long way and I also look forward to new videos.

[Mr-Protocol]

GIVE ME, GIVE ME, GIVE ME......lol

I am sure he will release it when it's ready. Instead of giving you something now that is potentially buggy and then complaining about bugs... be patient.

[Mother]

I am sure he will release it when it's ready. Instead of giving you something now that is potentially buggy and then complaining about bugs... be patient.

I was just being a smartass.... I am not even ready to start thinking a flashing until I learn more of what I am doing.

[allisonmagic]

It all comes together enentually. I'm sending mine back on Monday for an exchange. The firmware and config on mine is fucked

[allisonmagic]

hey guys, i know it's been said and done. and im still gonna get a trade in on my pineapple cause it seems to be strait fucked.. but when i set it up tonight and was playing with the ip's of the router and things. it came up with this

From 172.16.42.42 icmp_seq=6 Destination Host Unreachable

From 172.16.42.42 icmp_seq=7 Destination Host Unreachable

^C

--- 172.16.42.1 ping statistics ---

9 packets transmitted, 0 received, +6 errors, 100% packet loss, time 8025ms

, pipe 3

root@root:~# ping 172.16.42.42

PING 172.16.42.42 (172.16.42.42) 56(84) bytes of data.

64 bytes from 172.16.42.42: icmp_seq=1 ttl=64 time=0.152 ms

64 bytes from 172.16.42.42: icmp_seq=2 ttl=64 time=0.088 ms

64 bytes from 172.16.42.42: icmp_seq=3 ttl=64 time=0.089 ms

64 bytes from 172.16.42.42: icmp_seq=4 ttl=64 time=0.089 ms

64 bytes from 172.16.42.42: icmp_seq=5 ttl=64 time=0.088 ms

the host being me from what im guessing.. and the router being 42.1 ?

Input IP Address of Host PC [or ENTER for 172.16.42.42]:

Input IP Address of Pineapple [or ENTER for 172.16.42.1]:

i guess it's still fucked...

Desktop wp3.sh

root@root:~# ./wp3.sh

Input Pineapple Netmask [or ENTER for 255.255.255.0]:

Input Pineapple Network [or ENTER for 172.16.42.0/24]:

Input Interface between PC and Pineapple [or ENTER for eth0]:

Input Interface between PC and Internet [or ENTER for wlan0]:

Input Internet Gateway [or ENTER for 192.168.1.1]:

Input IP Address of Host PC [or ENTER for 172.16.42.42]:

Input IP Address of Pineapple [or ENTER for 172.16.42.1]:

Pineapple connected to: eth0

Internet connection from: wlan0

Internet connection gateway: 192.168.1.1

Host Computer IP: 172.16.42.42

Pineapple IP: 172.16.42.1

Network: 172.16.42.0/24

Netmask: 255.255.255.0

IP Forwarding enabled. /proc/sys/net/ipv4/ip_forward set to 1

iptables chains and rules cleared

IP Forwarding Enabled

Default route removed

Pineapple Default Gateway Configured

PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data.

From 172.16.42.42 icmp_seq=1 Destination Host Unreachable

From 172.16.42.42 icmp_seq=2 Destination Host Unreachable

From 172.16.42.42 icmp_seq=3 Destination Host Unreachable

--- 172.16.42.1 ping statistics ---

3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2015ms

, pipe 3

Browse to http://172.16.42.1/pineapple -- Happy Hacking!

[allisonmagic]

root@root:~# nmap 172.16.42.1 -P0 -vv

Starting Nmap 5.51 ( http://nmap.org ) at 2011-11-23 18:21 EST

Initiating Parallel DNS resolution of 1 host. at 18:21

Completed Parallel DNS resolution of 1 host. at 18:21, 0.06s elapsed

Initiating SYN Stealth Scan at 18:21

Scanning 172.16.42.1 [1000 ports]

Discovered open port 554/tcp on 172.16.42.1

Discovered open port 7070/tcp on 172.16.42.1

Completed SYN Stealth Scan at 18:21, 11.23s elapsed (1000 total ports)

Nmap scan report for 172.16.42.1

Host is up (0.0050s latency).

Scanned at 2011-11-23 18:21:37 EST for 11s

Not shown: 998 filtered ports

PORT STATE SERVICE

554/tcp open rtsp

7070/tcp open realserver

Read data files from: /usr/local/share/nmap

Nmap done: 1 IP address (1 host up) scanned in 11.54 seconds

Raw packets sent: 3005 (132.220KB) | Rcvd: 9 (396B)

[Darren Kitchen]

Allison, you flashed your mk3 with the mk2 firmware. Don't expect it to be on a 172.16, if anything it will be 192.168.1.1, and even still simply email shop@hak5.org and we'll get you out a replacement asap.