Jump to content

Markiv: What We Know And What We Don't Know


telot

Recommended Posts

I do this all the time at work - putting all the information about a topic into one place, on one sheet, greatly helps me for reference purposes, reminders, and for memory committal. I thought I'd share - if you guys think its useful please feel free to pin it. I will update it as progress is made and more How To guides are scribbled/typed/filmed :) TBH the project manager inside me wants to setup gant charts for all the to dos, assign roles and team leaders, and bust out some Activity Based Costing...damn I need to get back to work lol...Anyways! Here is the collective knowledge of the last 3 weeks of posts about the markIV.

General Information on the Mark4:

The Mark IV is a new hardware platform based on a beginning-of-life chipset. It runs the recently released Jasager suite which is under heavy development and will continue to be backwards compatible with the MK3. Obvious hardware differences will prevent some features from being available on older hardware but all compatible features will be available on the Mk3 firmware for the foreseeable future.

The Mark IV is based on a customized AP from ALFA. As far as I know we're the first to integrate this board and as of writing it has not yet come to the consumer market. It contains the Atheros AR9331 SoC, two Ethernet ports, 802.11 b/g/n and USB. The clockspeed is a little over double that of the AP51 -- 180 to 400 MHz MIPS. We expect the dual Ethernet to allow us to implement "The Interceptor" aka "Network Monkey" (layer-2 bridge capture / rebroadcast). USB adds potential for a second WiFi radio (imagine an ALFA AWUS036H backpack), storage, GPS and 3G/4G. Also it's black, which adds 50 hacker points.

The MK4 hardware, for now, features 8MB ROM / 32 MB RAM -- which is expandable via USB. The processor architecture changed from Atheros AR23 to AR72, so cross-compiling everything has been required. That said we're well on our way to a stable build and adding features is the primary goal now

Power Specs of MarkIV:

Power: AC adapter accepts 100-240V ~50/60 Hz 0.5A (UK/EU adaptable)

Output: DC 12V 1A

Plug: Barrel 5.5mm OD 2.1mm ID center positive

Observed requirements: Using a USB power pack providing 5V we have observed 1A draw at idle with no WiFi.

1.7A draw with WiFi enabled and 3.5A -5.5A draw with USB 3G/4G modems. Some modems may require a powered hub for reliable continuous operation with 5V supply.

Teeny Tiny USB Stick sold by Hak5 for use on the MarkIV: http://hakshop.myshopify.com/products/sandisk-cruzer-fit-4gb

3G Dongles supported out of the box:

# ZTE MF591 (T-Mobile)

# Novatel MC760 (Virgin)

# Novatel MC760 (Ting)

According to Darren the following list is also supported but untested: http://www.draisberghof.de/usb_modeswitch/device_reference.txt

How TOs Relating to the Mark4:

How To Add a Not-out-of-the-box-supported USB Cellular dongle:

In the web interface click the 3G page then look at the connection script. You'll find it runs lsusb and pipes the output to awk to find product and vendor ID pairs. This is followed by a switch case. You'll notice that if the PID/VID equal that of, say, the Ting modem it'll use uci to set network config options, then usbmodeswitch to "eject" the cdrom, then rmmod and insmod to add the modem to the system, usually they come up as /dev/ttyUSB0. Finally some iptables mojo is done for routing and the rest is done automatically by pppd.

To add a new modem, copy and paste one of the switch cases and replace VID/PID with your values, adjust the modeswitch command, rmmod, insmod, and you should be good to go. For CDMA there isn't really any uci network config stuff to change, the defaults should work. For GSM you'll need to specify the apn and depending on your modem you may also have to specify a pin. I haven't run into this personally, I think it's just for locked devices.

Schmoocon only reset button issue:

If you picked up a MK4 from Shmoocon please do not use the factory reset function on the Advanced page. I discovered a flaw in the firmware that will make the pineapple very unhappy.

The factory reset button executes the commands rm /etc/config/* and cp /etc/config/backup/* /etc/config/

Problem is, the MK4 from Shmoocon doesn't contain a /etc/config/backup directory filled with original configs.

Here's a quick hotfix for the problem.

From the advanced page paste the following into the bottom text field and click "Execute Commands"

mkdir /etc/config/backup/

cp /etc/config/* /etc/config/backup/

As always, MK3 or 4, if you're having problems with your Pineapple that you can't fix yourself please contact shop@hak5.org and we'll take care of you.

Adding Packages to the Pineapple:

opkg is the package manager for openwrt. example command:

opkg update

opkg install ettercap-ng --dest usb

Fixing internet bridge from pineapple to victims (No Internet for Pwnt targets)

Issue /etc/init.d/firewall disable; /etc/init.d/firewall stop from the Execute Commands text area a the bottom of the advanced page

You can also add the command to rc.local to run the command at bootup.

How to make a USB thumbdrive recognizable and usable for the pineapple (EXT4):

Download BT5R1 and burn the .iso to a CD. I use deepburner in windows to accomplish this.

Put it in and boot it up and startx after logging in (uname/pass=root/toor)

Once your in the GUI open a terminal and type:

apt-get install gparted

Then, after its installed, plug in your thumbdrive and type:

gparted &

That will launch the creamy gui of gparted. From the top right dropdown menu select your thumb drive from the list and click the big center box that contains the drive size information. Then click "Delete" button on the top near the left. Then click the "New" button on the top far left. Select Primary and EXT4 from the drop downs. Click OK or whatever and then click "Apply" (the big green checkmark). Enjoy!

!!!!WARNING!!!!

Make sure you select your usb thumb drive!!

You have been warned.

How to capture packets to the USB drive you just formatted with tcpdump:

Get a EXT4 formatted usb stick (see my other post on how to accomplish this).

Plug it into pineapple and fire it up with ICS and karma on and everything

SSH into pineapple

lsusb and make sure your stick is there - you can also verify with a little df -h

cd /usb to get into that dir

opkg update

opkg install --dest usb tcpdump

That will install tcpdump onto your usb stick (which is fine, as the only time you'll be running it is when you have the storage capacity to handle the bigass cap files).

Then whilst still in the /usb dir run this:

tcpdump -i eth0 -w test.pcap -n net 172.16.42.0/24

That will capture any packets where the source or destination network is is in the pineappley range, thereby grabbing all your karma'd victims packets. It will display IP addresses and port numbers.

Theres a million and one ways to use tcpdump, this is just one basic example. Google for best results per your particular situation (size, how long you want to be capping, what info you're looking for, etc).

Here's a quick flashing guide for the MK4 via serial:

Connect a USB TTL Serial console cable to the pin headers next to the USB port. Set your com program (hyperterminal, minicom, screen, gcom) to use these settings:

115200, 8, N, 1, no hardware flow control, no software flow control

minicom -s

Connect ethernet between the PC and the Pineapple's WAN/LAN port. Set a static IP on the PC of 192.168.2.11 / 255.255.255.0

ifconfig eth0 192.168.2.11 netmask 255.255.255.0 up

Configure a TFTP server (Windows: http://tftpd32.jounin.net/ Linux: http://code.google.com/p/tftpgui/)

Download the factory firmware from http://wifipineapple...tory/kernel.bin and http://wifipineapple...tory/rootfs.bin

wget http://wifipineapple.com/mk4/factory/kernel.bin; wget http://wifipineapple.com/mk4/factory/rootfs.bin

Move the two bin files in your tftproot directory

Power on the pineapple. In your com program you will see:

U-Boot 1.1.4 (Sep 29 2011 - 16:39:41)

AP121-8MB (ar9331) U-boot

DRAM: 32 MB

Top of RAM usable for U-Boot at: 82000000

Reserving 248k for U-Boot at: 81fc0000

Reserving 192k for malloc() at: 81f90000

Reserving 44 Bytes for Board Info at: 81f8ffd4

Reserving 36 Bytes for Global Data at: 81f8ffb0

Reserving 128k for boot params() at: 81f6ffb0

Stack Pointer at: 81f6ff98

Now running in RAM - U-Boot at: 81fc0000

id read 0x100000ff

flash size 8388608, sector count = 128

Flash: 8 MB

In: serial

Out: serial

Err: serial

Net: ag7240_enet_initialize...

Fetching MAC Address from 0x81feb688

Fetching MAC Address from 0x81feb688

: cfg1 0x5 cfg2 0x7114

eth0: 00:c0:ca:5f:6b:5d

eth0 up

: cfg1 0xf cfg2 0x7214

eth1: 00:c0:ca:5f:6b:5e

athrs26_reg_init_lan

ATHRS26: resetting s26

ATHRS26: s26 reset done

eth1 up

eth0, eth1

Please choose the operation:

1: Entr boot command line interface.

2: Load system code then write to Flash via TFTP.

3: Boot system code via Flash (default).

Press 1 to enter the U-Boot CLI

At the ar7240> prompt issue these commands:

setenv bootargs "board=ALFA console=ttyATH0,115200 rootfstype=squashfs,jffs2 noinitrd"

saveenv

tftp 0x80600000 kernel.bin

erase 0x9f650000 +0x190000

cp.b 0x80600000 0x9f650000 d695a

tftp 0x80600000 rootfs.bin

erase 0x9f050000 +0x600000

cp.b 0x80600000 0x9f050000 23d004

bootm 0x9f650000

Once OpenWRT finishes booting press ENTER to active the console. Issue passwd and set a root password. Next start the ssh service /etc/init.d/dropbear start

Move the Ethernet cable from the WAN/LAN port to the PoE LAN port.

From the PC ping 192.168.2.1 to verify a connection. From here you'll need to SCP over the latest MK4 update from http://wifipineapple.com/mk4/firmware

SCP the latest firmware .bin file to the Pineapple's /tmp/ directory (windows: http://winscp.net/eng/index.php linux: you already have scp)

scp firmware.bin root@192.168.2.1:/tmp/

Once the firmware has been copied to the pineapple's /tmp/ directory you're ready to update the factory firmware to the latest version of the Jasager suite. On the pineapple issue:

sysupgrade -n -v /tmp/firmware.bin

The upgrade process takes 2-3 minutes. When complete the Pineapple will reboot and all will be happy again in the land of the pineapple. Continue with normal usage (ie: change your PC's ethernet interface back to DHCP or static it to 172.16.42.42)

Projects on the collective to do list and issues that need attending:

Network Pineapple Monkey - Seb has acknowledged its on his list and will become higher priority after 1.0.1 firmware is released. See this thread:

Adding Alfa AWUS036H to the Mark4: Darren commented: "...adding a 2nd WiFi Adapter, say with an AWUS036H, seems as likely as adding 3G -- so tethering is on the table." Official current status on getting it to work is unknown. During my trials, the Mark4 recognizes the realtek rtl8187 but does not assign it as a wlan adapter. Openwrt should have support for it through kmod-rtl8187

Combining storage and 3G connectivity in one card: "Two birds, one stone". Many 3G usb cards have microSD slots. Novatel U760 is a prime example. Darren and hfam both have these cards and seem to be working on it.

Ngrep is gone now and accessible only via SSH. (See: http://hak5.org/tag/ngrep for information on how to ngrep via terminal)(Sebkinne edit: It is gone. Dead. For now :))

URLsnarf is missing from the UI page, but is also accessible via SSH. Darren's comment on the matter: "We're working on a revised web UI for sniffing which should bring together the power of urlsnarf, ngrep and *ettercap" Swoot!

Reaver is not present on Schmoocon version but will be via firmware update 1.0.1.

Reaver has not yet been proven to work - a proper how to guide is needed. Issue lies with mon.wlan0 - what is it used for? Can we remove it and add a proper mon0? Do we need to? Will it affect Karma as I suspect? (I'm going to try my hand at it today!)

Further 3G Dongle research - Darren's hints for us regarding 3G dongles: "Usually it's just a matter of "ejecting" the USB CD-ROM so that the modem reveals itself, at which point a bunch of uci network commands set the config, pppd does its thing with chat and comgt." - Need to clarify ejecting the usb cd-rom...

Add support for encrypting USB drives using EncryptingFS or perhaps even truecrypt?

Enable airdrop-ng support by installing python and other dependencies to usb drive

telot

Edited by telot
Link to comment
Share on other sites

Great idea Telot ! Why not putting all that stuff on the wiki ?

I can definitely do that - like I said I'm a sucker for the one page to rule them all thing. I'll begin adding stuff today though!

telot

Link to comment
Share on other sites

Very nice aggregation! I've just gotten my IV yesterday and am trying to sort things out still. It's the first already built pineapple I've dealt with so I'm sort of working backwards this time. My first stop was the wiki so that's definitely the place for it. I tend to hit the forums for new ideas and issues as a secondary.

Link to comment
Share on other sites

very nice compilation, telot! Would love to see battery and power related things added! Still waiting on my pineapple as I live in europe and it takes a while to get here, cant wait to apply all that i learnt and try stuff out. Anyways, good read and hope to seefurther expansion :) Deffinitely going in my bookmarks.

Link to comment
Share on other sites

very nice compilation, telot! Would love to see battery and power related things added! Still waiting on my pineapple as I live in europe and it takes a while to get here, cant wait to apply all that i learnt and try stuff out. Anyways, good read and hope to seefurther expansion :) Deffinitely going in my bookmarks.

From the quick start guide:

Power: AC adapter accepts 100-240V ~50/60 Hz 0.5A (UK/EU adaptable)

Output: DC 12V 1A

Plug: Barrel 5.5mm OD 2.1mm ID center positive

Observed requirements: Using a USB power pack providing 5V we have observed 1A draw at idle with no WiFi.

1.7A draw with WiFi enabled and 3.5A -5.5A draw with USB 3G/4G modems. Some modems may require a powered hub for reliable continuous operation with 5V supply.

Hope that helps a bit, Andrei0427. :)

Link to comment
Share on other sites

thanks for that,i was looking at the trent portable battery pack. i do know it is usb, so thats about 5v output with 11kmAH. Does anyone have any thoughts of it?

amazon.co.uk/New-Trent-iCruiser-IMP1000-Blackberry/dp/B004CHMP50/ref=sr_1_1?ie=UTF8&qid=1330873983&sr=8-1

Sorry for going offtopic bdw

Link to comment
Share on other sites

From the quick start guide:

Power: AC adapter accepts 100-240V ~50/60 Hz 0.5A (UK/EU adaptable)

Output: DC 12V 1A

Plug: Barrel 5.5mm OD 2.1mm ID center positive

Observed requirements: Using a USB power pack providing 5V we have observed 1A draw at idle with no WiFi.

1.7A draw with WiFi enabled and 3.5A -5.5A draw with USB 3G/4G modems. Some modems may require a powered hub for reliable continuous operation with 5V supply.

Hope that helps a bit, Andrei0427. :)

The above was added to the list. Thanks very much Drewdroid! And thank you Seb for your edits as well. Anyone, please feel free to post additional information in this thread and I will add it to the master list. And any dev's please feel free to edit at will, as Seb did. Thanks everyone! Glad this is helpful for others as well!

telot

Link to comment
Share on other sites

Great list telot! Also, last time I checked, the wp4.sh script wasn't located on the wiki where the quick start guide said. However, if you change the 4 to 3, that script is there.

Andrei0427: I have that battery pack and I really like it! I'm pretty sure it is also the same one that Darren was using when we got the first pics of the Mk4.

Link to comment
Share on other sites

thanks for that,i was looking at the trent portable battery pack. i do know it is usb, so thats about 5v output with 11kmAH. Does anyone have any thoughts of it?

amazon.co.uk/New-Trent-iCruiser-IMP1000-Blackberry/dp/B004CHMP50/ref=sr_1_1?ie=UTF8&qid=1330873983&sr=8-1

Sorry for going offtopic bdw

I used for Mark III the following one (and will use it for MK IV :P )

Energizer XP8000

It can provide 12V and 5V USB.

Link to comment
Share on other sites

That looks pretty cool. How many mAh is it? My New Trent is 11000mAh and it lasts forever! I can charge my phone from 5% to full 3 times and about another half charge!

8000mAh :) Not too shabby!

telot

Link to comment
Share on other sites

Telot, were now putting covers on all the TPS reports...you didn't get the memo? B) :P

This is a GREAT idea, thanks a bunch Telot!

Mods, can we get a sticky on this? The wiki is also a great idea for this info!!

Loving how the MK4 community is gelling and where this project is headed!!

Link to comment
Share on other sites

The MK4 hardware, for now, features 8MB ROM / 32 MB RAM -- which is expandable via USB. The processor architecture changed from Atheros AR23 to AR72, so cross-compiling everything has been required. That said we're well on our way to a stable build and adding features is the primary goal now

Download the factory firmware from http://wifipineapple...tory/kernel.bin and http://wifipineapple...tory/rootfs.bin

wget http://wifipineapple.com/mk4/factory/kernel.bin; wget http://wifipineapple.com/mk4/factory/rootfs.bin

and From the PC ping 192.168.2.1 to verify a connection. From here you'll need to SCP over the latest MK4 update from http://wifipineapple.com/mk4/firmware

Thanks for the info and the links!!! I guess I'll have to buy a t-shirt. :-))

Edited by csystem
Link to comment
Share on other sites

How to make a USB thumbdrive recognizable and usable for the pineapple (EXT4):

Download BT5R1 and burn the .iso to a CD. I use deepburner in windows to accomplish this.

Put it in and boot it up and startx after logging in (uname/pass=root/toor)

Once your in the GUI open a terminal and type:

apt-get install gparted

Then, after its installed, plug in your thumbdrive and type:

gparted &

.....

While I'm waiting for my mk4 to arrive, I have a question. Is hashalot or any other filesystem encryption supported by the mk4 to read/write encrypted USB drives?

Link to comment
Share on other sites

While I'm waiting for my mk4 to arrive, I have a question. Is hashalot or any other filesystem encryption supported by the mk4 to read/write encrypted USB drives?

Wouter, it looks like not at the moment. There's been work on the OpenWRT base to get it fully functioning and at the moment it would seem that you'd need to compile your own version with that baked in. https://dev.openwrt.org/ticket/8784 <- This ticket is referencing the issues still encountered with Encrypted FS support. From the reports you can mount the filesystem but that's about it. I might have missed where someone has something working on the boards so if I did, please someone add the corrections.

Link to comment
Share on other sites

Wouter, it looks like not at the moment. There's been work on the OpenWRT base to get it fully functioning and at the moment it would seem that you'd need to compile your own version with that baked in. https://dev.openwrt.org/ticket/8784 <- This ticket is referencing the issues still encountered with Encrypted FS support. From the reports you can mount the filesystem but that's about it. I might have missed where someone has something working on the boards so if I did, please someone add the corrections.

Drewdroid, Thanks for the quick reply. I'll keep that ticket under close observation!

Wouter

Link to comment
Share on other sites

Great idea Telot ! Why not putting all that stuff on the wiki ?

Most of it is now :) I put up my recent how-to's (ext4 formatting and getting tcpdump working on the pineapple) and some specs. I will add stuff as we update this thread and others - so lets start crossing some more stuff off the list of to-dos and get this pineapple humming!

telot

Link to comment
Share on other sites

I edited the main post to include How-TO add Not-supported-out-of-the-box Cell dongles and also put in a entry on the TO DO list about encrypting the contents of a usb thumbdrive.

telot

Edited by telot
Link to comment
Share on other sites

I also keep an ongoing list of any questions that are emailed to the HakShop here: http://hakshop.myshopify.com/pages/item-faq

I'm always adding new info on this page that I think is important to the Mark IV and such.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...