Sebkinne Posted November 14, 2013 Share Posted November 14, 2013 Hey everyone, Now that the WiFi Pineapple MKV has been out for just over a month, it is time for the first firmware upgrade. (This is the real deal, sorry about the leaked 1.0.1). While we are able to update and fix a lot of things through the WiFi Pineapple Bar (and have if you have been following the bar releases), not everything can or should be fixed like that. Not only does the WiFi Pineapple MKV firmware version 1.0.1 come with all the latest system infusions already installed, but it also contains the following fixes: Fixing radio0/1 switching after a factory reset Some userinterface functions have been improved Security fixes Smaller bugfixes. We are aware of a few other issues, especially regarding the SD card stability and of course Karma's stability. We want to reassure you that we are working on fixes and they will be coming very soon. In general we have some pretty big things planned for the near future, so keep an eye out for that! A more detailed post of upcoming features, projects and future on the WiFi Pineapple MKV will also be surfacing in the next couple of days. Download: Over the air through the web-interface. (alternatively at https://wifipineapple.com?downloads) MD5: 17e4384a79e7fef9c267f7da34ed4743 Note: To flash this over the web-interface, please make sure your info tile is at version >= 1.4 As usual, please leave any feedback in this thread. Bugs, suggestions can also be left here. We hope you enjoy this release! -The WiFi Pineapple Team Quote Link to comment Share on other sites More sharing options...
thesugarat Posted November 14, 2013 Share Posted November 14, 2013 Nice going for it now... Quote Link to comment Share on other sites More sharing options...
514senica Posted November 14, 2013 Share Posted November 14, 2013 Thanks! Quote Link to comment Share on other sites More sharing options...
DrDinosaur Posted November 14, 2013 Share Posted November 14, 2013 Thanks! Will my Pineapple that got shipped around yesterday already have this update? Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 14, 2013 Share Posted November 14, 2013 Thanks! Will my Pineapple that got shipped around yesterday already have this update? No, it was just released about 10 minutes ago. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted November 14, 2013 Author Share Posted November 14, 2013 Thanks! Will my Pineapple that got shipped around yesterday already have this update? Seeing as it just got released, no ;) It will take a little while till updates make their way to units that are being shipped out. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
thesugarat Posted November 14, 2013 Share Posted November 14, 2013 Just a helpful hint to those challenged few such as me... If you aren't running the default AP name before the flash it's going to default back to it after. So I kept getting this pretty light show of solid green and Red Blue Orange consecutively but my laptop never reconnected to the AP. So I clicked on the wifi icon and it refreshed the list and I then noticed the default AP being broadcasted and once I connected to that it brought me through the initial setup process and the light show ended. I'm just a bit thick tonight but in the event that this helps anyone else from creating a softbrick/mental frustration... I don't mind admitting it. Quote Link to comment Share on other sites More sharing options...
Z4ub4d3 Posted November 14, 2013 Share Posted November 14, 2013 (edited) flashing now. ...... looking forward to the fixes, not to the reconfiguring everything. meh, worth it i am sure. Edited November 14, 2013 by Z4ub4d3 Quote Link to comment Share on other sites More sharing options...
newbi3 Posted November 14, 2013 Share Posted November 14, 2013 When I finally get 10 minutes of free time I'll be sure to boot up my pineapple and update it Quote Link to comment Share on other sites More sharing options...
Z4ub4d3 Posted November 14, 2013 Share Posted November 14, 2013 anddd Flashed, reloading infusions renaming the SSID's etc. looks good so far. i do have one question though, perhaps i missed the answerer, does the ui random mac function now work? Quote Link to comment Share on other sites More sharing options...
hfam Posted November 14, 2013 Share Posted November 14, 2013 (edited) Thanks for all your hard work seb! Upgrade went fine, but unfortunately it looks like something else was introduced? On Android devices (the same ones that worked yesterday flawlessly with the MKV), in order to access the network, i have to actually log into the pineapple before the payload shows up? Target #1, HTC DNA: Before 1.0.1, Karma and RR worked flawlessly. Now, I can connect to Karma SSID the same way (select it and it connects), but when opening a browser, any page presents me with the Pineapple Login, root is already in the username dialog box. if I login, I then get the RandomRoll payload. Target #2 Kindle HD: Before 1.0.1, Karma and RR worked flawlessly. Now, when I connect to Karma SSID, after the "open network" warning, I get another warning indicating I must log into the network before use. I choose OK, and I am presented with the Pineapple Login Page, root is already in the username dialog box. I choose to cancel, shows me as connected to the Karma SSID, and then I open Firefox. Any attempted page presents me with the Pineapple Login, root is already in the dialog box. If I login, I then get the RandomRoll payload. What changed that would cause this? If it's expected behavior, the target rich environment just became target barren. :( Any help would be greatly appreciated, thanks! eta: clarity Edited November 14, 2013 by hfam Quote Link to comment Share on other sites More sharing options...
Z4ub4d3 Posted November 14, 2013 Share Posted November 14, 2013 (edited) i am getting the same behavior as hfam. is this possibly an infusion compatibility issue with the new version? trying to figure out were to start looking. Edited November 14, 2013 by Z4ub4d3 Quote Link to comment Share on other sites More sharing options...
craig131 Posted November 14, 2013 Share Posted November 14, 2013 Thanks for all your hard work seb! Upgrade went fine, but unfortunately it looks like something else was introduced? On Android devices (the same ones that worked yesterday flawlessly with the MKV), in order to access the network, i have to actually log into the pineapple before the payload shows up? Target #1, HTC DNA: Before 1.0.1, Karma and RR worked flawlessly. Now, I can connect to Karma SSID the same way (select it and it connects), but when opening a browser, any page presents me with the Pineapple Login, root is already in the username dialog box. if I login, I then get the RandomRoll payload. Target #2 Kindle HD: Before 1.0.1, Karma and RR worked flawlessly. Now, when I connect to Karma SSID, after the "open network" warning, I get another warning indicating I must log into the network before use. I choose OK, and I am presented with the Pineapple Login Page, root is already in the username dialog box. I choose to cancel, shows me as connected to the Karma SSID, and then I open Firefox. Any attempted page presents me with the Pineapple Login, root is already in the dialog box. If I login, I then get the RandomRoll payload. What changed that would cause this? If it's expected behavior, the target rich environment just became target barren. :( Any help would be greatly appreciated, thanks! eta: clarity Yikes, that sounds like a serious bug. I think I'll wait to update until Seb comments on this. Quote Link to comment Share on other sites More sharing options...
thesugarat Posted November 14, 2013 Share Posted November 14, 2013 There's always going to be something craig, dive in.... A few observations so far: After flashing/install complete I reformated my sd card via the proper tile. Then proceeded to "reinstall" infusions. Found out later that my sd card wasn't formatted as all my unique files were still where I left them. I was in the process of using scp when I found this out... No need to copy to the sd card what was already there. dnsspoof (both internal spoofing and external) and urlsnarf worked right away. Mine were working before so this seems ok. But, sslstrip (which was working before) was now broken. I went through various steps and believe I have that working again. Haven't tried Random Roll yet but that's next. Quote Link to comment Share on other sites More sharing options...
hfam Posted November 14, 2013 Share Posted November 14, 2013 (edited) i am getting the same behavior as hfam.is this possibly an infusion compatibility issue with the new version? trying to figure out were to start looking.Could be, but consider this: Target #2 is prompting me to actually log into the network when choosing the Karma SSID, using the same pineapple login page, with root already populated. This is before attempting to open a browser and actually get a redirected request. Even though both ask for auth when opening a site, it seems it's the network asking for authentication, not a faulty redirect because once you log in, the request is redirected and you get the payload. Also, confirmed there are no rogue chars in the spoofhost file. It'll be interesting to find out what's going on though. Can't do anymore fussing with it til tomorrow though. eta: clarity Edited November 14, 2013 by hfam Quote Link to comment Share on other sites More sharing options...
Z4ub4d3 Posted November 14, 2013 Share Posted November 14, 2013 Haven't tried Random Roll yet but that's next. looking forward to your results. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted November 14, 2013 Author Share Posted November 14, 2013 Hey everyone, Let me clear a few things up: SSLStrip: I know many of you are having issues. The easiest way to resolve them is build the fixes (uninstalling some python libraries, creating symlinks, installing sslstrip, etc) right into the SSLStrip infusion, at least right now. What I'll be doing this week, is adding a postinstall script to the SSLStrip package. That means it will run all of these fixes for you upon install. However, this is NOT a bug in the firmware. It is a bug in SSLStrip, at least with newer libraries. However, as we haven't changed SSLStrip or anything to do with it in 1.0.1, I'm not sure what is going wrong. Randomroll: The reason randomroll is broken is because of our recent security fixes. The fixes and the result were intentional though. What happens is that ANY file that is not in the /www/ folder has a file prepended and appended. Those check if you are logged in or not and potentially do a few different things in the future. The issue here is that Foxtrot is using symlinks, like he should, as the files are too large. So, the issue is that the files aren't actually in /www/ but rather in a subfolder of /sd/. So, the script we wrote will automatically protect any .php files there. So, how can we fix it? I'm sure Foxtrot will be pushing this as an update later, but for now, install randomroll as you normally would. Before setting it set up, SSH in and edit the following file: /sd/infusions/randomroll/assets/files/index.php. Go to the VERY end of the file and add <?php exit(); ?> to it. This needs to be the last entry in the file. Once you have completed that step, proceed setting up randomroll (especially the enable index.php). If you have already set up randomroll, first disable index.php and then do the above changes. Then re-enable it. Karma has in no way changed. It was just brought up in the context of the broken randomroll. I just wanted to clarify this as people might otherwise be deterred from upgrading. So, if overall the only complain is randomroll, I think it was a successful upgrade. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
Lockon Posted November 14, 2013 Share Posted November 14, 2013 Come on Seb, you know that RandomRoll is kind of a big deal. :D Quote Link to comment Share on other sites More sharing options...
thesugarat Posted November 14, 2013 Share Posted November 14, 2013 I never used the word "bug". I said broken and fixable.... I completely agree the update was a great success! Thanks for all your efforts and hard work. I know we bug you a lot but you always seem to be working on everything at once in the background. And then out of the blue a firmware update. :) Quote Link to comment Share on other sites More sharing options...
hfam Posted November 14, 2013 Share Posted November 14, 2013 Hey everyone, Let me clear a few things up: SSLStrip: I know many of you are having issues. The easiest way to resolve them is build the fixes (uninstalling some python libraries, creating symlinks, installing sslstrip, etc) right into the SSLStrip infusion, at least right now. What I'll be doing this week, is adding a postinstall script to the SSLStrip package. That means it will run all of these fixes for you upon install. However, this is NOT a bug in the firmware. It is a bug in SSLStrip, at least with newer libraries. However, as we haven't changed SSLStrip or anything to do with it in 1.0.1, I'm not sure what is going wrong. Randomroll: The reason randomroll is broken is because of our recent security fixes. The fixes and the result were intentional though. What happens is that ANY file that is not in the /www/ folder has a file prepended and appended. Those check if you are logged in or not and potentially do a few different things in the future. The issue here is that Foxtrot is using symlinks, like he should, as the files are too large. So, the issue is that the files aren't actually in /www/ but rather in a subfolder of /sd/. So, the script we wrote will automatically protect any .php files there. So, how can we fix it? I'm sure Foxtrot will be pushing this as an update later, but for now, install randomroll as you normally would. Before setting it set up, SSH in and edit the following file: /sd/infusions/randomroll/assets/files/index.php. Go to the VERY end of the file and add <?php exit(); ?> to it. This needs to be the last entry in the file. Once you have completed that step, proceed setting up randomroll (especially the enable index.php). If you have already set up randomroll, first disable index.php and then do the above changes. Then re-enable it. Karma has in no way changed. It was just brought up in the context of the broken randomroll. I just wanted to clarify this as people might otherwise be deterred from upgrading. So, if overall the only complain is randomroll, I think it was a successful upgrade. Best Regards, Sebkinne I had a feeling that it was something along these lines. For my part, I carefully and intentionally worded my post so I never indicated a "bug", but that something was introduced, and perhaps expected behavior. This was an upgrade after all with improvements at the security level, and I had a suspicion this was the side effect of an improvement pushed in the new update and not unexpected. I'm glad to know what the issue is, fix it up, and get on with it, thanks again for taking such good care of us seb! We love you brother! :) Quote Link to comment Share on other sites More sharing options...
hfam Posted November 14, 2013 Share Posted November 14, 2013 Come on Seb, you know that RandomRoll is kind of a big deal. :D KIND OF?? Hell yeahyeahyeahyeah, yeahyeahyeah yeahyeahyeah...whoahohohohoooooo it is!! :) Quote Link to comment Share on other sites More sharing options...
masler77 Posted November 14, 2013 Share Posted November 14, 2013 Hey!A silly question! When I have flashed the unit and lights blink like when you did the first time .. is it ok to restart the device (unplug the power)? or it restarts by it self? Quote Link to comment Share on other sites More sharing options...
hfam Posted November 14, 2013 Share Posted November 14, 2013 Hey! A silly question! When I have flashed the unit and lights blink like when you did the first time .. is it ok to restart the device (unplug the power)? or it restarts by it self? At that point connect to 172.16.42.1:1471 It should prompt you to continue setup Quote Link to comment Share on other sites More sharing options...
masler77 Posted November 14, 2013 Share Posted November 14, 2013 haha! I thought wrong! clear that so it would be! When I had the unit connected to my network so it had a different ip thanks for the help Quote Link to comment Share on other sites More sharing options...
hfam Posted November 14, 2013 Share Posted November 14, 2013 (edited) edited: local browser issue. Otherwise, except the SSLstrip issue, everything else seems to be working just fine!! Nice job seb and all! Edited November 14, 2013 by hfam Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.