Jump to content

[Release] 1.0.1 - Codename: The Real Deal


Sebkinne

Recommended Posts

Hey everyone,

Now that the WiFi Pineapple MKV has been out for just over a month, it is time for the first firmware upgrade. (This is the real deal, sorry about the leaked 1.0.1).

While we are able to update and fix a lot of things through the WiFi Pineapple Bar (and have if you have been following the bar releases), not everything can or should be fixed like that.

Not only does the WiFi Pineapple MKV firmware version 1.0.1 come with all the latest system infusions already installed, but it also contains the following fixes:

  • Fixing radio0/1 switching after a factory reset
  • Some userinterface functions have been improved
  • Security fixes
  • Smaller bugfixes.
We are aware of a few other issues, especially regarding the SD card stability and of course Karma's stability. We want to reassure you that we are working on fixes and they will be coming very soon. In general we have some pretty big things planned for the near future, so keep an eye out for that!
A more detailed post of upcoming features, projects and future on the WiFi Pineapple MKV will also be surfacing in the next couple of days.
Download: Over the air through the web-interface. (alternatively at https://wifipineapple.com?downloads)
MD5: 17e4384a79e7fef9c267f7da34ed4743
Note: To flash this over the web-interface, please make sure your info tile is at version >= 1.4
As usual, please leave any feedback in this thread.
Bugs, suggestions can also be left here.
We hope you enjoy this release!
-The WiFi Pineapple Team
Link to comment
Share on other sites

Just a helpful hint to those challenged few such as me... If you aren't running the default AP name before the flash it's going to default back to it after. So I kept getting this pretty light show of solid green and Red Blue Orange consecutively but my laptop never reconnected to the AP. So I clicked on the wifi icon and it refreshed the list and I then noticed the default AP being broadcasted and once I connected to that it brought me through the initial setup process and the light show ended.

I'm just a bit thick tonight but in the event that this helps anyone else from creating a softbrick/mental frustration... I don't mind admitting it.

Link to comment
Share on other sites

flashing now. ...... looking forward to the fixes, not to the reconfiguring everything. meh, worth it i am sure.

Edited by Z4ub4d3
Link to comment
Share on other sites

anddd Flashed, reloading infusions renaming the SSID's etc. looks good so far. i do have one question though, perhaps i missed the answerer, does the ui random mac function now work?

Link to comment
Share on other sites

Thanks for all your hard work seb!

Upgrade went fine, but unfortunately it looks like something else was introduced?

On Android devices (the same ones that worked yesterday flawlessly with the MKV), in order to access the network, i have to actually log into the pineapple before the payload shows up?

Target #1, HTC DNA: Before 1.0.1, Karma and RR worked flawlessly. Now, I can connect to Karma SSID the same way (select it and it connects), but when opening a browser, any page presents me with the Pineapple Login, root is already in the username dialog box. if I login, I then get the RandomRoll payload.

Target #2 Kindle HD: Before 1.0.1, Karma and RR worked flawlessly. Now, when I connect to Karma SSID, after the "open network" warning, I get another warning indicating I must log into the network before use. I choose OK, and I am presented with the Pineapple Login Page, root is already in the username dialog box. I choose to cancel, shows me as connected to the Karma SSID, and then I open Firefox. Any attempted page presents me with the Pineapple Login, root is already in the dialog box. If I login, I then get the RandomRoll payload.

What changed that would cause this? If it's expected behavior, the target rich environment just became target barren. :(

Any help would be greatly appreciated, thanks!

eta: clarity

Edited by hfam
Link to comment
Share on other sites

i am getting the same behavior as hfam.

is this possibly an infusion compatibility issue with the new version? trying to figure out were to start looking.

Edited by Z4ub4d3
Link to comment
Share on other sites

Thanks for all your hard work seb!

Upgrade went fine, but unfortunately it looks like something else was introduced?

On Android devices (the same ones that worked yesterday flawlessly with the MKV), in order to access the network, i have to actually log into the pineapple before the payload shows up?

Target #1, HTC DNA: Before 1.0.1, Karma and RR worked flawlessly. Now, I can connect to Karma SSID the same way (select it and it connects), but when opening a browser, any page presents me with the Pineapple Login, root is already in the username dialog box. if I login, I then get the RandomRoll payload.

Target #2 Kindle HD: Before 1.0.1, Karma and RR worked flawlessly. Now, when I connect to Karma SSID, after the "open network" warning, I get another warning indicating I must log into the network before use. I choose OK, and I am presented with the Pineapple Login Page, root is already in the username dialog box. I choose to cancel, shows me as connected to the Karma SSID, and then I open Firefox. Any attempted page presents me with the Pineapple Login, root is already in the dialog box. If I login, I then get the RandomRoll payload.

What changed that would cause this? If it's expected behavior, the target rich environment just became target barren. :(

Any help would be greatly appreciated, thanks!

eta: clarity

Yikes, that sounds like a serious bug. I think I'll wait to update until Seb comments on this.

Link to comment
Share on other sites

There's always going to be something craig, dive in....

A few observations so far:

After flashing/install complete I reformated my sd card via the proper tile. Then proceeded to "reinstall" infusions. Found out later that my sd card wasn't formatted as all my unique files were still where I left them. I was in the process of using scp when I found this out... No need to copy to the sd card what was already there.

dnsspoof (both internal spoofing and external) and urlsnarf worked right away. Mine were working before so this seems ok.

But, sslstrip (which was working before) was now broken. I went through various steps and believe I have that working again.

Haven't tried Random Roll yet but that's next.

Link to comment
Share on other sites

i am getting the same behavior as hfam.is this possibly an infusion compatibility issue with the new version? trying to figure out were to start looking.

Could be, but consider this: Target #2 is prompting me to actually log into the network when choosing the Karma SSID, using the same pineapple login page, with root already populated. This is before attempting to open a browser and actually get a redirected request.

Even though both ask for auth when opening a site, it seems it's the network asking for authentication, not a faulty redirect because once you log in, the request is redirected and you get the payload.

Also, confirmed there are no rogue chars in the spoofhost file.

It'll be interesting to find out what's going on though. Can't do anymore fussing with it til tomorrow though.

eta: clarity

Edited by hfam
Link to comment
Share on other sites

Hey everyone,

Let me clear a few things up:

  1. SSLStrip: I know many of you are having issues. The easiest way to resolve them is build the fixes (uninstalling some python libraries, creating symlinks, installing sslstrip, etc) right into the SSLStrip infusion, at least right now. What I'll be doing this week, is adding a postinstall script to the SSLStrip package. That means it will run all of these fixes for you upon install. However, this is NOT a bug in the firmware. It is a bug in SSLStrip, at least with newer libraries. However, as we haven't changed SSLStrip or anything to do with it in 1.0.1, I'm not sure what is going wrong.
  2. Randomroll: The reason randomroll is broken is because of our recent security fixes. The fixes and the result were intentional though. What happens is that ANY file that is not in the /www/ folder has a file prepended and appended. Those check if you are logged in or not and potentially do a few different things in the future. The issue here is that Foxtrot is using symlinks, like he should, as the files are too large. So, the issue is that the files aren't actually in /www/ but rather in a subfolder of /sd/. So, the script we wrote will automatically protect any .php files there.

    So, how can we fix it? I'm sure Foxtrot will be pushing this as an update later, but for now, install randomroll as you normally would. Before setting it set up, SSH in and edit the following file: /sd/infusions/randomroll/assets/files/index.php. Go to the VERY end of the file and add <?php exit(); ?> to it. This needs to be the last entry in the file. Once you have completed that step, proceed setting up randomroll (especially the enable index.php). If you have already set up randomroll, first disable index.php and then do the above changes. Then re-enable it.

Karma has in no way changed. It was just brought up in the context of the broken randomroll. I just wanted to clarify this as people might otherwise be deterred from upgrading.

So, if overall the only complain is randomroll, I think it was a successful upgrade.

Best Regards,

Sebkinne

Link to comment
Share on other sites

I never used the word "bug". I said broken and fixable.... I completely agree the update was a great success! Thanks for all your efforts and hard work. I know we bug you a lot but you always seem to be working on everything at once in the background. And then out of the blue a firmware update. :)

Link to comment
Share on other sites

Hey everyone,

Let me clear a few things up:

  1. SSLStrip: I know many of you are having issues. The easiest way to resolve them is build the fixes (uninstalling some python libraries, creating symlinks, installing sslstrip, etc) right into the SSLStrip infusion, at least right now. What I'll be doing this week, is adding a postinstall script to the SSLStrip package. That means it will run all of these fixes for you upon install. However, this is NOT a bug in the firmware. It is a bug in SSLStrip, at least with newer libraries. However, as we haven't changed SSLStrip or anything to do with it in 1.0.1, I'm not sure what is going wrong.
  2. Randomroll: The reason randomroll is broken is because of our recent security fixes. The fixes and the result were intentional though. What happens is that ANY file that is not in the /www/ folder has a file prepended and appended. Those check if you are logged in or not and potentially do a few different things in the future. The issue here is that Foxtrot is using symlinks, like he should, as the files are too large. So, the issue is that the files aren't actually in /www/ but rather in a subfolder of /sd/. So, the script we wrote will automatically protect any .php files there.

    So, how can we fix it? I'm sure Foxtrot will be pushing this as an update later, but for now, install randomroll as you normally would. Before setting it set up, SSH in and edit the following file: /sd/infusions/randomroll/assets/files/index.php. Go to the VERY end of the file and add <?php exit(); ?> to it. This needs to be the last entry in the file. Once you have completed that step, proceed setting up randomroll (especially the enable index.php). If you have already set up randomroll, first disable index.php and then do the above changes. Then re-enable it.

Karma has in no way changed. It was just brought up in the context of the broken randomroll. I just wanted to clarify this as people might otherwise be deterred from upgrading.

So, if overall the only complain is randomroll, I think it was a successful upgrade.

Best Regards,

Sebkinne

I had a feeling that it was something along these lines. For my part, I carefully and intentionally worded my post so I never indicated a "bug", but that something was introduced, and perhaps expected behavior. This was an upgrade after all with improvements at the security level, and I had a suspicion this was the side effect of an improvement pushed in the new update and not unexpected.

I'm glad to know what the issue is, fix it up, and get on with it, thanks again for taking such good care of us seb! We love you brother! :)

Link to comment
Share on other sites

Hey!
A silly question! When I have flashed the unit and lights blink like when you did the first time .. is it ok to restart the device (unplug the power)? or it restarts by it self?

Link to comment
Share on other sites

Hey!

A silly question! When I have flashed the unit and lights blink like when you did the first time .. is it ok to restart the device (unplug the power)? or it restarts by it self?

At that point connect to 172.16.42.1:1471

It should prompt you to continue setup

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...