Jump to content

A wireless hacking computer that can't be hacked

DLSS

By DLSS
in Everything Else

 Share

Recommended Posts

DLSS Newbie

DLSS

Posted
Posted

i want me one of those :P

source = http://www.tgdaily.com/2006/08/30/defcon2006_janus_project/

A wireless hacking computer that can't be hacked

Las Vegas (NV) - If you think seeing a dozen wireless networks makes your computer the ultimate scanning box, think again. A small security firm has made a portable computer that is capable of scanning 300 networks simultaneously. Dubbed the "Janus Project", the computer also has a unique "Instant Off" switch that renders the captured data inaccessible.

The computer is the brain-child of Kyle Williams from the Janus Wireless Security Research Group in Portland, Oregon. We first spotted Williams sitting quietly and sipping Mountain Dew at the recently held Defcon security convention at the Riviera Casino in Las Vegas, Nevada. While it appeared as if Williams wasn't ver busy, the bright yellow Janus computer in front of him was scanning and capturing data from hundreds of wireless networks in range.

At first glance, the Janus computer looks like a laptop, but Williams said it is much more powerful than that. Inside the rugged yellow case sits a mini-computer motherboard powered by a 1.5 GHz VIA C7 processor and an Acer 17" LCD screen. Ubuntu 6.0 Linux runs the eight Atheros a/b/g Gold mini-PCI cards which continuously scan wireless networks. The mini-PCI cards are connected to two four-port PCI to mini-PCI converter boards. The wireless data is stored onto a 20 GB hard drive.

goldy.jpg

Kyle Williams, aka "Goldy", poses with his Janus computer

While the eight Wi-Fi cards are impressive, the Janus box also has two Teletronics 1 watt amplifiers along with external antenna ports in the back of the Pelican case. Williams made every port watertight by sealing them with epoxy and silicone. "When the lid is closed, it is essentially waterproof," said Williams.

So what does all of this wireless firepower provide? The Wi-Fi cards allow Williams to continuously scan and capture traffic from any wireless channel. Williams likes to continuously dump the raw network traffic to the hard drive, while running the Kismet scanner to get a "bird's eye" view of the area. From his Riviera hotel room and using a 1W amplified antenna, Williams said his Janus computer was able to capture data from 300 access points simultaneously. He said over 2000 access points were scanned and 3.5 GB of traffic was captured during the entire convention.

In addition to scanning for wireless traffic, Williams says the computer can break most WEP keys very quickly by focusing all eight wireless cards on the access point. Using a combination of common utilities like airreplay, airdump and aircrack, Willams said, "When I use all 8 radios to focus in on a single access point, [the WEP key] lasts less than five minutes." However, he added that some retail wireless access points will "just die" after being hit with so much traffic.

In addition to the capturing process, the hard drive and memory contents are continuously encrypted with AES 256-bit keys. There is also an "Instant Off" switch that, according to Williams, renders the captured data inaccessible to anyone but him.

Williams and his friend Martin Peck optimized the OS crypto software to take advantage of the C7's hardware crypto engine. During normal operation the operating system loops the XFS file system, along with the swap partition, through the AES 256-bit encryption. For added security, the encryption keys are rotated throughout the entire memory space.

After the Instant Off switch is hit, a USB key with a 2000-bit passkey and a manually entered password are needed to access the computer. Williams said that even if someone managed to grab the USB key, they would still have to "torture or bribe me" to get the password.

Williams is improving the Janus computer to crack wireless networks even faster. He is optimizing software routines to use the C7 chip to crack WPA and WPA2 protected networks without the use of Rainbow tables. He is also working on breaking SHA1 and RSA encryption in a single processor instruction cycle.

Williams told us that he has spent a few thousand dollars building the Janus computer and hopes to make his money back by selling commercial versions to big companies and government organizations. "Maybe one day I could get the military to be a customer," said Williams.

Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted

Way cool!

The 2-port PCI riser card you'd need is about about 25 dollars and the 4-port Mini PCI adapter is available for 65 bucks.

You can probably get both for less if you shopped around a bit.

The rest is just a cryptoloop mounted filesystem and possibly some tuning/custom coding to get the cards to do his bidding.

Link to comment
Share on other sites
metatron Newbie

metatron

Posted
Posted

I run more then one card in my “hacking†laptop for things like setting up fake AP’s/ doing frame injection using one card and running Kismet or lots of other things with the other. Kismet is not that difficult to configure to use more then one source.

Link to comment
Share on other sites
  • 2 weeks later...
macker Newbie

macker

Posted
Posted

Very cool, I wonder how much it would cost to build.

Edit:

Pelican 1520 Case = $165.50

EPIA EN 15000G C7 Mini-ITX Board = $232.20

BUFFALO DDR2 1GB (533) =$112.99

Maxtor 40GB Harddrive = $39.99

8 X 802.11a+b+g 65 mW Wireless miniPCI Card = $392

RouterBOARD 18 Eight-Slot miniPCI Adapter = $120

7cm Flexible PCI Riser Cable $17.10

2 X a/b/g 1watt amplifiers = $500

Kensington SlimType Keyboard = $39.99

Acer 17†LCD Monitor = $159.99

PSU’s, cables and connecters = £120

Total cost =$1899.89 or £1,011.88

Link to comment
Share on other sites
macker Newbie

macker

Posted
Posted

Rat on October 21, 2003

http://www.spy.org.uk/ratblog/2003/10/satu...h_box_wifi.html

Saturday....Lunch box WiFi....

So she asked can it be bodged?....after careful consideration I said yes....

They didn`t have time to get a "Linux/Unix/BSD etc" team on it, to spend months or so working together to set it up...."their" words not mine.....

Saturday....Lunch box WiFi....

I get a phone call asking if I can make a pigtail for a WiFi card....it`s really urgent and needs to be on the way to Amersterdam on Monday ie, 48 hours...

The owner turns up with a box of bits and says that the all the bits are going into a lunch box, I said to get the components for the pigtail it will take 48 hours from Monday as the suppliers are shut at the weekend.

So she asked can it be bodged?....after careful consideration I said yes....good can you make three she asks? yes I say,.....annnndd.....is it possible you could fit all these components into the boxes, and can you do it? as their person who was going to build it is stuck in Russia with red tape B**locks getting his passport renewed without the right amount of bribes!!! ,....aaaghhh....leave it with me over night I will have a look....

So I have a pile of bits :- WiFi card, lunch box, mini ITX motherboard, a couple of webcam batteries, antenna, a few battery holders and some bits and pieces.

Bits on my desk

I build them into the box, after a few mods I end up making three reverse female SMA connectors out of a lot of patience and a bit of wire, soldering iron and 3 non reverse SMA`s these are to go on to the end of the cable now soldered straight to the board inside the WiFi card and allows me to connect to an external antenna.

The next morning I am woken up at midday by a friend of mine who is also involved with this project on the software side and I had had only 4 hours sleep and was not intending to be disturbed until at least 14:00 hr`s, telling me the woman had forgotten to give me the mini ATX power supply also to be built into the box,

(I must admit I was puzzled how they were going to run ATX power from 12 volts) can I go over to the workshop and work from there as all the other bit`s are there as well?...Car turns up, I am transported, ok I go.

The workshop is usually kitted out quite well, but at the moment all the important stuff like multimeters and other bits are all stuck in Russia, I did bring a few tools but did expect to find the other basics there :-(

finished part 1

finished part 2

Power supply

Anyway I get the damn' thing built when I get presented with yet another bit...a 500Mb Flash card and reader with ribbon cable to be fitted in to the box...grrrrr.

It`s now four in the morning and the box is built and it comes up on the monitor :-) Thats my bit done....

Monitored Victory

But....the software guys are having kittens, they have had to install Doze 98 and then get all the drivers to work and get VNC up and running...but true to tradition everything keeps crashing which is nothing new to 98, and something they don`t need in a middle of a show, also there is a camera attached to the box but the drivers don`t work for 98 or 2k,

I did suggest using a back door trojan or something if they couln`t get the r3m0t3 4cc355 working :-)

But, Heh, that`s software for you, at least my hardware worked, but I only had time to work out and complete one box...But I did prepare, ie, cut outs etc, the other boxes, so that by copying the box I built they would be able to complete them really quickly, I got driven home and given forty quid for my effort....

They didn`t have time to get a "Linux/Unix/BSD etc" team on it, to spend months or so working together to set it up...."their" words not mine.....

I also got fed...isn`t it strange what people eat? Rollmop Herrings, raw Herring fillets pickled in vinegar with a few herbs rolled around a gerkin and pinned into shape with a couple of wooden spikes and they don`t even take off the skin,(which seemed to be most of the content, all bar the gerkin)....it was different...but at least I tried it....if it`s all that`s on offer I reckon I can tolerate it :-)

It turns out these things we are building are going to be WiFi cameras being swung around by three Cyberpunk type women on roller blades whilst transmitting the images to a screen all in the name of art to be accessible by VNC Hmmm,

It could have been done a lot cheaper using a device that already transmits pictures via WiFi on sale all over the place at about half the price and still create the same effect, personally I think it was a waste of good computer bits, but the customer is *usually* right :-P

That it`s for now, take it easy.

Wegone, +:-)

finished%20part%201.jpg

finished%20part%202.jpg

Restripped%20for%20power.jpg

monitored%20victory.jpg

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...