Jump to content

Karma not working on mobile devices


Jmanuel
 Share

Recommended Posts

Has anyone seen Karma in action? It does work on Windows 7, but not on my Galaxy Note II 4.2.2 and iPhone 5s iOS7.

My cellphones can only see the default Pineapple SSID.

I do see their probe request on the logs asking for HomeNet, but the SSID doesn't show on the devices.

KARMA: Probe Request from d8:a2:5e:95:9e:0d for SSID '2WIRE922'
KARMA: Probe Request from d8:a2:5e:95:9e:0d for SSID 'kimchigarden'
KARMA: Probe Request from d8:a2:5e:95:9e:0d for SSID 'Free WiFi'
KARMA: Probe Request from d8:a2:5e:95:9e:0d for SSID 'RESCOMP'
KARMA: Probe Request from d8:a2:5e:95:9e:0d for SSID 'jocelyn'
KARMA: Probe Request from d8:a2:5e:95:9e:0d for SSID 'AirBears'
KARMA: Probe Request from 38:aa:3c:f4:aa:a7 for SSID 'HomeNet'
KARMA: Probe Request from 00:0d:4b:3e:fb:57 for SSID '2WIRE150'
KARMA: Successful association of 50:32:75:a4:f7:2b
KARMA: Checking SSID for start of association, pass through Cisco-7999-guest
KARMA: Probe Request from 50:32:75:a4:f7:2b for SSID '2WIRE095'
KARMA: Successful association of 94:94:26:99:70:11
KARMA: Probe Request from 28:37:37:80:d4:fc for SSID 'Hilltop WiFi'
KARMA: Probe Request from 50:32:75:a4:f7:2b for SSID 'Cisco-7999-guest'
KARMA: Probe Request from 94:94:26:99:70:11 for SSID 'HomeNet'
Link to comment
Share on other sites

Karma is one piece of the puzzle, and it's true some vendors have adapted. Taking a step back and looking at the greater picture however, Karma is only a single component of a much larger concept: Hot-Spot Honey-Pot. Since the introduction of the WiFi Pineapple this has been a primary goal - to capture clients for man-in-the-middle attacks, as well as more recently as a pen-test pivot box.

Karma in its current form is highly effective against a majority of devices. Right now this is done by taking advantage of a trust relationship in only one of the thirteen 802.11 management frames - probes.

Now while 802.11 is a standard, the way in which it's implemented is not - it varies by vendor. Most recently two high profile vendors have changed the way they implement the spec: Google relying less heavily on probes while Apple relying more so. In the case of the former also keep in mind Android is its own hot mess with various vendors implementing the OS in different forms (I'm looking at you Sammy).

What does this mean for the WiFi Pineapple and the wireless hot-spot honey-pot? Quite simply, we adapt. In the game of cat-and-mouse that is hacking, tools and techniques evolve as the ever changing landscape shifts. Build a better mouse, build a better mousetrap.

The core concept of Karma in its current form relies on a rather limited approach to client harvesting. With the next version, or the next tool in our honey-pot arsenal, we'll implement additional approaches as appropriate and as the bare metal as our disposal allows.

We already have some interesting new attacks in testing that have proven quite successful as well as more on the drawing board for later, when it's time to respond again. Once everything is stable and to our liking we'll roll out an update that improves the overall effectiveness of the platform.

Link to comment
Share on other sites

Has anyone seen Karma in action? It does work on Windows 7, but not on my Galaxy Note II 4.2.2 and iPhone 5s iOS7.

My cellphones can only see the default Pineapple SSID.

I do see their probe request on the logs asking for HomeNet, but the SSID doesn't show on the devices.

KARMA: Probe Request from d8:a2:5e:95:9e:0d for SSID '2WIRE922'
KARMA: Probe Request from d8:a2:5e:95:9e:0d for SSID 'kimchigarden'
KARMA: Probe Request from d8:a2:5e:95:9e:0d for SSID 'Free WiFi'
KARMA: Probe Request from d8:a2:5e:95:9e:0d for SSID 'RESCOMP'
KARMA: Probe Request from d8:a2:5e:95:9e:0d for SSID 'jocelyn'
KARMA: Probe Request from d8:a2:5e:95:9e:0d for SSID 'AirBears'
KARMA: Probe Request from 38:aa:3c:f4:aa:a7 for SSID 'HomeNet'
KARMA: Probe Request from 00:0d:4b:3e:fb:57 for SSID '2WIRE150'
KARMA: Successful association of 50:32:75:a4:f7:2b
KARMA: Checking SSID for start of association, pass through Cisco-7999-guest
KARMA: Probe Request from 50:32:75:a4:f7:2b for SSID '2WIRE095'
KARMA: Successful association of 94:94:26:99:70:11
KARMA: Probe Request from 28:37:37:80:d4:fc for SSID 'Hilltop WiFi'
KARMA: Probe Request from 50:32:75:a4:f7:2b for SSID 'Cisco-7999-guest'
KARMA: Probe Request from 94:94:26:99:70:11 for SSID 'HomeNet'

Your devices are too new and secure for Karma to work, only way you 'see' Karma working is if you create a new SSID to connect to on your device. Wifi security got improved in 2012, rendering Karma basicly useless on new devices.

As a workaround for your existing stored 'free wifis' you can (if your phone are rooted) edit /data/misc/wifi/wpa_supplicant.conf and add 'scan_ssid=1' to the ssid's config you want Karma to fake/create, Now you can see Karma working on your existing stored SSID's.

While this should be unnecessary for a pen-testing tool and the mentioned update Darren talks about should be higher priority and kicked out the door asap, as it seems people are still unaware about the Pineapple shortcommings and buys this device in good faith as a cool pen-tester tool that doesnt work fully as advertised on the Mark IV.

For Mark V, they skipped the description about Karma and the 'Yes i'm your network' part... so I guess Mark V works fully as advertised.

Although this is the forum of the new Mark V, you can read my thread in the Mark IV forums about Karma and how its useless on new devices : https://forums.hak5.org/index.php?/topic/30411-issues-with-karma-in-mark-iv/

Link to comment
Share on other sites

Agreed rottingsun. I don't think it can be stated any more plainly. The Mark IV is not broken and neither is Karma. It is the device companies who have fixed the security flaw that Karma takes advantage of. It still works just fine against devices that were vulnerable to it when it was created. Apparently some people didn't do their homework before buying the Mk4/5 and they expect Hak5/Darren to develop and implement a fix more quickly because of it.

Link to comment
Share on other sites

Agreed rottingsun. I don't think it can be stated any more plainly. The Mark IV is not broken and neither is Karma. It is the device companies who have fixed the security flaw that Karma takes advantage of. It still works just fine against devices that were vulnerable to it when it was created. Apparently some people didn't do their homework before buying the Mk4/5 and they expect Hak5/Darren to develop and implement a fix more quickly because of it.

I've never said the Mark IV or Karma is broken, i've said it doesnt work as advertised or used to be advertised, as they have removed the text that describes how Karma works on the Mark V now.

I bought the Mark IV in september 2013 and the $129+shipping+tax is well over $200, and Karma doesnt do anything on the devices in and around my home.

No i didnt apparently do my homework, but found several threads about problems with Karma reported by other members here, and few and no responses from the creators on issues reported nearly 1.5 years ago.

So instead of leaving it and forget about it like most other buyers did, I simply wanted to shead some light on the issue and report my findings, and get the developers attention since they've belived everything was ok.

I've got, Samsung Note2, Samsung Galaxy 2, Samsung Galaxy 3, HTC OneX, Nexus 7 tablet, Sony Xperia X10 and Ipad 3 here in my house with stored free wifi's and none of them connected to any Karma created ssid.

So I started downgrading some of my devices until it worked, and found that Karma fooled Android 4.1.x but not 4.2.x

For comparison, selliing the Mark IV with Karma and saying it works perfect in 2013, would be similar to sell a device with Winnuke. Yes Winnuke still works in 2013 and will lock up and display a BSOD on Win95 machines, Win NT and Win 3,.1 thats not patched or have port 139 firewalled :) Problem is nobody uses win95 anymore, and nobody uses android 4.1.x or the equivalent wifi security from pre 2012

Edited by catohagen
Link to comment
Share on other sites

It doesn't work as it "used to be advertised", well of course not... Vendors have started to patch security flaws in their products. The description of the product has evolved with the landscape around it. Do you think that just because it used to work perfectly once that it should continue to do so forever? What happens when the WiFi spec is abolished and WiFi v2 comes out? Then it won't work at all...

I have a Sega Mega Drive upstairs that says cutting edge graphics on the box, but it doesn't deliver that. It's not working as it used to be advertised.

You should be happy that the security in the WiFi landscape is moving forwards yet worried that a *vast* majority of devices out there are still vulnerable.

Link to comment
Share on other sites

Do I even write english ?

@scotthelme Did you buy that Sega Mega Drive new this year ? and did you honest belive it had cutting edge graphics if you bought it new in 2013?

It doesn't work as it "used to be advertised", well of course not...Vendors have started to patch security flaws in their products.

I bought the Mark IV in September this year...we're in October now...one month ago the Hak5 shop had descriptions about the Mark IV and about Karma telling 'Yes, i'm your network' etc......how where I suppose to know ofcourse it doesnt work ? See the hak5 shop I was reading in september when I ordered the Mark IV :

QTIMBAv.png?1

I posted in the Mark IV forums that Karma should be updated or the Hak5 shop description should be changed and maybe mention that Karma doesnt work well with newish devices....

And vendors havent 'just' started patching...the 'patching' that gave Karma problems started mid 2012....thats 1.5 years ago, and you can search in the forums and find reports dripping in here around that time:

https://forums.hak5.org/index.php?/topic/30113-clients-not-probingconnecting-to-karma-in-mk4-with-fw-281/?hl=karma

https://forums.hak5.org/index.php?/topic/29973-karma-issues-with-android-fw-281-or-300/?hl=karma

https://forums.hak5.org/index.php?/topic/29055-convert-probes-to-fake-networks/?hl=karma

Look, Darren and Sebkinne have both confimed what I wrote about the Karma, both here and in the Mark V Google Hangout, linked here : http://www.youtube.com/watch?v=L-wCTAZAB9I&t=64m45s

It just surprises me when more new customers ask or mention problems with Karma, people jump down my throat when I say the same thing Darren is posting here in the forums, I just say it straight out without the purple filter

Edited by catohagen
Link to comment
Share on other sites

Well, you kind of proved my point really. If I had bought it this year, it would still say that on the packaging wouldn't it, because that's what the packaging says! Much like you've bought an older pineapple, it still bears the same packaging it had at release. Packaging isn't generally updated for a product through it's lifetime because that would be incredibly cost inefficient.

Also, the very first sentence of the advert you linked says "most wireless devices", which is still true. Most wireless devices do still fall for karma.

No one is jumping down your throat, I'm just pointing out that you say "it doesn't work as it used to be advertised" but nothing does once time has passed by.

Link to comment
Share on other sites

Well, you kind of proved my point really. If I had bought it this year,

But you didnt buy your sega this year...?

All I wanted was to get focus on this issue, as new customers are still asking about Karma, as orginal poster of this thread, it didnt work on his Win 7, Galaxy Note 2 and Iphone....yet he belived it would.

The speech about 'landcape have evolved, vendors have adapted' should be mentioned in the Hak5 shop description about the Wifi Pineapple so people will know this before they order the device.

Edited by catohagen
Link to comment
Share on other sites

But you didnt buy your sega this year...?

All I wanted was to get focus on this issue, as new customers are still asking about Karma, as orginal poster of this thread, it didnt work on his Win 7, Galaxy Note 2 and Iphone....yet he belived it would.

The speech about 'landcape have evolved, vendors have adapted' should be mentioned in the Hak5 shop description about the Wifi Pineapple so people will know this before they order the device.

You need to read the original post a few times :)

I said that it DOES work with Windows 7, but not on android 4.2.2 or iOS7, and I clearly selected Darren's post as the Best Answer.

The pineapple has evolve to something bigger than just Karma. Read the "Best Answer" and move on. :P

Link to comment
Share on other sites

Also, the very first sentence of the advert you linked says "most wireless devices", which is still true. Most wireless devices do still fall for karma.

You are out of context, it says most 'Most wireless devices have network software to automatically connects to access points they remember', that refers to the operating system installed on the 'victim' devices, and has nothing to do with Karma.

You'll see that the last 4 lines refers to the Karma bit, or atleast I do...

Link to comment
Share on other sites

You need to read the original post a few times :)

I said that it DOES work with Windows 7, but not on android 4.2.2 or iOS7, and I clearly selected Darren's post as the Best Answer.

The pineapple has evolve to something bigger than just Karma. Read the "Best Answer" and move on. :P

Yeah, sorry about that misreading :)

Link to comment
Share on other sites

The pineapple has evolve to something bigger than just Karma. Read the "Best Answer" and move on. :P

Totally agree, but Karma or Jasager is one of the main features of the device, without it you cant really use any of the other stuff on the device, as you have to rely on people actually connecting manually to a new unknown open network.

Link to comment
Share on other sites

Much like you've bought an older pineapple, it still bears the same packaging it had at release. Packaging isn't generally updated for a product through it's lifetime because that would be incredibly cost inefficient.

I didnt buy an older pineapple, I bought it last month and started this thread the same month : https://forums.hak5.org/index.php?/topic/30411-issues-with-karma-in-mark-iv/

At that time, last month the Mark IV was the current model and the Hak5 shop did have the description i included in post #14

Your are really nitpicking and taking things out of context, you are comparing me buying a current model of a product to your sega mega drive upstairs as the same....

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...